diff --git a/cmd/operator/kodata/eventing-source/1.21/ceph/ceph.yaml b/cmd/operator/kodata/eventing-source/1.21/ceph/ceph.yaml index d17a3cf64c..6af00d49af 100644 --- a/cmd/operator/kodata/eventing-source/1.21/ceph/ceph.yaml +++ b/cmd/operator/kodata/eventing-source/1.21/ceph/ceph.yaml @@ -464,7 +464,7 @@ spec: containers: - name: controller terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/controller@sha256:2e45fa321d1c15c741a16a6075e9fc0c8c3fdcc55f3f791de0ee0bcbc810af01 + image: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/controller@sha256:e87fef399640adb4ed5ff846201c1eecd51c524e94971e7a60bad997b8a28abb resources: requests: cpu: 100m @@ -481,7 +481,7 @@ spec: - name: METRICS_DOMAIN value: knative.dev/sources - name: CEPH_SOURCE_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/receive_adapter@sha256:cbf05b9a9f84b4b2a7dd2a0220cf349cf3968257b92badbf3810d775c8e79efb + value: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/receive_adapter@sha256:32d04b7648c205c340acc5bf636247a74c8b0bad723cf27501c873cd5cd39791 - name: POD_NAME valueFrom: fieldRef: @@ -620,7 +620,7 @@ spec: containers: - name: cephsource-webhook terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/webhook@sha256:4925067cb142e23e9c160c82b589a04dd3cd12719b5f4d56b95234232c50cc31 + image: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/webhook@sha256:49b2e405e61ba6f728eaf37568ad133085f869b85862220d469824694214863c env: - name: SYSTEM_NAMESPACE valueFrom: diff --git a/cmd/operator/kodata/eventing-source/1.21/github/github.yaml b/cmd/operator/kodata/eventing-source/1.21/github/github.yaml index 48793febbe..2f9c032989 100644 --- a/cmd/operator/kodata/eventing-source/1.21/github/github.yaml +++ b/cmd/operator/kodata/eventing-source/1.21/github/github.yaml @@ -17,7 +17,7 @@ kind: Namespace metadata: name: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" --- # Copyright 2019 The Knative Authors @@ -40,7 +40,7 @@ metadata: name: github-controller-manager namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" --- # Copyright 2019 The Knative Authors @@ -63,7 +63,7 @@ metadata: name: github-webhook namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" --- # Copyright 2019 The Knative Authors @@ -85,7 +85,7 @@ kind: ClusterRole metadata: name: eventing-sources-github-controller labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" rules: # Sources admin - apiGroups: @@ -204,7 +204,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-github-addressable-resolver labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" subjects: - kind: ServiceAccount name: github-controller-manager @@ -236,7 +236,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-github-controller labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" subjects: - kind: ServiceAccount name: github-controller-manager @@ -266,7 +266,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-github-podspecable-binding labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" subjects: - kind: ServiceAccount name: github-webhook @@ -296,7 +296,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-github-webhook labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" subjects: - kind: ServiceAccount name: github-webhook @@ -326,7 +326,7 @@ kind: ClusterRole metadata: name: github-webhook labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" rules: # Sources admin - apiGroups: @@ -473,7 +473,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" name: githubbindings.bindings.knative.dev @@ -526,7 +526,7 @@ kind: CustomResourceDefinition metadata: name: githubsources.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" @@ -791,7 +791,7 @@ metadata: name: github-controller namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" control-plane: github-controller-manager spec: selector: @@ -821,7 +821,7 @@ metadata: name: github-controller-manager namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" control-plane: github-controller-manager spec: selector: @@ -834,7 +834,7 @@ spec: spec: serviceAccountName: github-controller-manager containers: - - image: gcr.io/knative-releases/knative.dev/eventing-github/cmd/controller@sha256:14f0a99d3aebc7dcea91add05b344ff627e03fdb64bac9da86f724c9d21574c8 + - image: gcr.io/knative-releases/knative.dev/eventing-github/cmd/controller@sha256:17ccfb5f9217599b5b7dc8bec5a808a8f8fcfea1d6e5b695dfe054f38a40260f name: manager env: - name: SYSTEM_NAMESPACE @@ -850,7 +850,7 @@ spec: - name: METRICS_DOMAIN value: knative.dev/sources - name: GH_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-github/cmd/receive_adapter@sha256:eeb237db4886ec8e098ab1ddb696103e1fb66ba5a3e75ed1272f5d2c676b5e37 + value: gcr.io/knative-releases/knative.dev/eventing-github/cmd/receive_adapter@sha256:4ed8b745e3c5df75b1a47ef7fc019f779d3d7d8f828141fee3de5199dfe2c0a0 resources: requests: cpu: 100m @@ -880,7 +880,7 @@ kind: MutatingWebhookConfiguration metadata: name: defaulting.webhook.github.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" webhooks: - admissionReviewVersions: - v1beta1 @@ -897,7 +897,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.github.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" webhooks: - admissionReviewVersions: - v1beta1 @@ -932,7 +932,7 @@ metadata: name: github-webhook-certs namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" # The data is populated at install time. --- @@ -956,7 +956,7 @@ metadata: name: github-webhook namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" spec: replicas: 1 selector: @@ -973,7 +973,7 @@ spec: containers: - name: github-webhook terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-github/cmd/webhook@sha256:bc093b41fed7f43bb29c332ada384af2518dc69c84cbb2491d5f659df0040226 + image: gcr.io/knative-releases/knative.dev/eventing-github/cmd/webhook@sha256:9d5b07dece11e27a2e69d2fab191fbfd219a842f399d808bcdf595f5a0c535d1 env: - name: SYSTEM_NAMESPACE valueFrom: @@ -1037,7 +1037,7 @@ metadata: name: config-leader-election-github namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" data: # An inactive but valid configuration follows; see example. resourceLock: "leases" diff --git a/cmd/operator/kodata/eventing-source/1.21/gitlab/gitlab.yaml b/cmd/operator/kodata/eventing-source/1.21/gitlab/gitlab.yaml index 5b0c429999..0866710b61 100644 --- a/cmd/operator/kodata/eventing-source/1.21/gitlab/gitlab.yaml +++ b/cmd/operator/kodata/eventing-source/1.21/gitlab/gitlab.yaml @@ -17,7 +17,7 @@ kind: Namespace metadata: name: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" --- # Copyright 2020 The Knative Authors @@ -40,7 +40,7 @@ metadata: name: gitlab-controller-manager namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" --- apiVersion: v1 kind: ServiceAccount @@ -48,7 +48,7 @@ metadata: name: gitlab-webhook namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" --- # Copyright 2020 The Knative Authors @@ -70,7 +70,7 @@ kind: ClusterRole metadata: name: gitlabsource-manager-role labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" rules: - apiGroups: - sources.knative.dev @@ -143,7 +143,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: eventing-contrib-gitlab-source-observer labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" duck.knative.dev/source: "true" rules: - apiGroups: @@ -175,7 +175,7 @@ kind: ClusterRoleBinding metadata: name: gitlabsource-manager-rolebinding labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -190,7 +190,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-gitlab-addressable-resolver labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" subjects: - kind: ServiceAccount name: gitlab-controller-manager @@ -207,7 +207,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-gitlab-webhook labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" subjects: - kind: ServiceAccount name: gitlab-webhook @@ -237,7 +237,7 @@ kind: ClusterRole metadata: name: gitlab-webhook labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" rules: # Sources admin - apiGroups: @@ -387,7 +387,7 @@ kind: CustomResourceDefinition metadata: name: gitlabbindings.bindings.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" spec: @@ -514,7 +514,7 @@ kind: CustomResourceDefinition metadata: name: gitlabsources.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" @@ -775,7 +775,7 @@ apiVersion: v1 kind: Service metadata: labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" control-plane: gitlab-controller-manager name: gitlab-controller-manager-service namespace: knative-sources @@ -791,7 +791,7 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" control-plane: gitlab-controller-manager name: gitlab-controller-manager namespace: knative-sources @@ -819,12 +819,12 @@ spec: - name: METRICS_DOMAIN value: knative.dev/sources - name: GL_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/receive_adapter@sha256:11eb8c8fab0f03c60c1ed855bbb80e7c6cec4ea38d9138c702245a9bf85ff67f + value: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/receive_adapter@sha256:fed7815c616a6c07fcb15ff1b85e63a1a4efadd6f71fb0ad1a2c5f5d89044287 - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - image: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/controller@sha256:10c9c22a83fd597a81f57a019a75e4e5aa90b23891de82aad499dbc8093cbf8f + image: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/controller@sha256:65eb1f30ab2937e629283db448899935c5e079618f6793ea5c7779296f194aa8 resources: limits: cpu: 100m @@ -854,7 +854,7 @@ kind: MutatingWebhookConfiguration metadata: name: defaulting.webhook.gitlab.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" webhooks: - admissionReviewVersions: - v1beta1 @@ -871,7 +871,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.gitlab.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" webhooks: - admissionReviewVersions: - v1beta1 @@ -888,7 +888,7 @@ kind: MutatingWebhookConfiguration metadata: name: gitlabbindings.webhook.gitlab.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" webhooks: - admissionReviewVersions: - v1beta1 @@ -921,14 +921,14 @@ metadata: name: gitlab-webhook-certs namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" # The data is populated at install time. --- apiVersion: v1 kind: Service metadata: labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" role: webhook name: gitlab-webhook namespace: knative-sources @@ -946,7 +946,7 @@ metadata: name: gitlab-webhook namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" spec: replicas: 1 selector: @@ -961,7 +961,7 @@ spec: containers: - name: gitlab-webhook terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/webhook@sha256:02057d1185ab82d7fd2116b6dad3b99248b8710cb75e72fd68434ed53953ee32 + image: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/webhook@sha256:530fae98b61f1ad7ddde98b7b488ec76fb5606cc1a707728f30ea3ca4d2aed15 env: - name: SYSTEM_NAMESPACE valueFrom: diff --git a/cmd/operator/kodata/eventing-source/1.21/kafka/eventing-kafka-controller.yaml b/cmd/operator/kodata/eventing-source/1.21/kafka/eventing-kafka-controller.yaml index 483b627e88..bdb782d787 100644 --- a/cmd/operator/kodata/eventing-source/1.21/kafka/eventing-kafka-controller.yaml +++ b/cmd/operator/kodata/eventing-source/1.21/kafka/eventing-kafka-controller.yaml @@ -17,7 +17,7 @@ metadata: name: kafka-broker-config namespace: knative-eventing labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" data: default.topic.partitions: "10" default.topic.replication.factor: "3" @@ -43,7 +43,7 @@ metadata: name: kafka-channel-config namespace: knative-eventing labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" data: bootstrap.servers: "my-cluster-kafka-bootstrap.kafka:9092" @@ -67,7 +67,7 @@ kind: CustomResourceDefinition metadata: name: kafkachannels.messaging.knative.dev labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" @@ -707,7 +707,7 @@ kind: CustomResourceDefinition metadata: creationTimestamp: null labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" knative.dev/crd-install: "true" name: consumers.internal.kafka.eventing.knative.dev spec: @@ -763,7 +763,7 @@ kind: CustomResourceDefinition metadata: creationTimestamp: null labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" knative.dev/crd-install: "true" name: consumergroups.internal.kafka.eventing.knative.dev spec: @@ -834,7 +834,7 @@ metadata: labels: duck.knative.dev/addressable: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" spec: group: eventing.knative.dev names: @@ -1030,7 +1030,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" @@ -1930,7 +1930,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: eventing-kafka-source-observer labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" duck.knative.dev/source: "true" rules: - apiGroups: @@ -1963,7 +1963,7 @@ metadata: name: config-kafka-source-defaults namespace: knative-eventing labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" annotations: knative.dev/example-checksum: "b6ed351d" data: @@ -2023,7 +2023,7 @@ metadata: name: config-kafka-autoscaler namespace: knative-eventing labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" data: class: "keda.autoscaling.knative.dev" min-scale: "0" @@ -2089,7 +2089,7 @@ apiVersion: v1 kind: ConfigMap metadata: labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" name: config-kafka-leader-election namespace: knative-eventing annotations: @@ -2155,7 +2155,7 @@ metadata: name: kafka-config-logging namespace: knative-eventing labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" data: config.xml: | @@ -2216,7 +2216,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-kafka-addressable-resolver labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" duck.knative.dev/addressable: "true" # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -2259,7 +2259,7 @@ kind: ClusterRole metadata: name: knative-kafka-channelable-manipulator labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" duck.knative.dev/channelable: "true" # Do not use this role directly. These rules will be added to the "channelable-manipulator" role. rules: @@ -2296,7 +2296,7 @@ kind: ClusterRole metadata: name: kafka-controller labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" rules: - apiGroups: - "" @@ -2586,7 +2586,7 @@ metadata: name: kafka-controller namespace: knative-eventing labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" --- # Copyright 2020 The Knative Authors @@ -2607,7 +2607,7 @@ kind: ClusterRoleBinding metadata: name: kafka-controller labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" subjects: - kind: ServiceAccount name: kafka-controller @@ -2622,7 +2622,7 @@ kind: ClusterRoleBinding metadata: name: kafka-controller-addressable-resolver labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" subjects: - kind: ServiceAccount name: kafka-controller @@ -2653,7 +2653,7 @@ metadata: namespace: knative-eventing labels: app: kafka-controller - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" app.kubernetes.io/component: kafka-controller app.kubernetes.io/name: knative-eventing spec: @@ -2665,7 +2665,7 @@ spec: name: kafka-controller labels: app: kafka-controller - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" app.kubernetes.io/component: kafka-controller app.kubernetes.io/name: knative-eventing spec: @@ -2691,7 +2691,7 @@ spec: weight: 100 containers: - name: controller - image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/kafka-controller@sha256:1fd4d4bd57144b4eb7b29fe2ac62325d9b132ded9cbe8df34559b9b646b9286e + image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/kafka-controller@sha256:d8447b40bef7d16f5ec5c8bcdc09d6f717951d8c0a921959e2cbf396b83d0a00 imagePullPolicy: IfNotPresent env: - name: BROKER_DATA_PLANE_CONFIG_MAP_NAMESPACE @@ -2840,7 +2840,7 @@ kind: ClusterRole metadata: name: kafka-webhook-eventing labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" rules: # For watching logging configuration and getting certs. - apiGroups: @@ -2946,7 +2946,7 @@ metadata: name: kafka-webhook-eventing namespace: knative-eventing labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" --- # Copyright 2020 The Knative Authors @@ -2967,7 +2967,7 @@ kind: ClusterRoleBinding metadata: name: kafka-webhook-eventing labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" subjects: - kind: ServiceAccount name: kafka-webhook-eventing @@ -2997,7 +2997,7 @@ kind: MutatingWebhookConfiguration metadata: name: defaulting.webhook.kafka.eventing.knative.dev labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -3029,7 +3029,7 @@ kind: MutatingWebhookConfiguration metadata: name: pods.defaulting.webhook.kafka.eventing.knative.dev labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" webhooks: # Dispatcher pods webhook config. - admissionReviewVersions: ["v1", "v1beta1"] @@ -3083,7 +3083,7 @@ metadata: name: kafka-webhook-eventing-certs namespace: knative-eventing labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" # The data is populated at install time. --- @@ -3106,7 +3106,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.kafka.eventing.knative.dev labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -3140,7 +3140,7 @@ metadata: namespace: knative-eventing labels: app: kafka-webhook-eventing - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" app.kubernetes.io/component: kafka-webhook-eventing app.kubernetes.io/name: knative-eventing spec: @@ -3151,7 +3151,7 @@ spec: metadata: labels: app: kafka-webhook-eventing - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" app.kubernetes.io/component: kafka-webhook-eventing app.kubernetes.io/name: knative-eventing spec: @@ -3171,7 +3171,7 @@ spec: containers: - name: kafka-webhook-eventing terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/webhook-kafka@sha256:0001209f25912d84ca0964d7a99c675663ea9542735739c3c0bd49f7ececdc34 + image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/webhook-kafka@sha256:2102166dc7bdacac534e3e4e92fbb3bb5f1802891f3a6bd9b43297e3ee35997d resources: requests: cpu: 20m @@ -3241,7 +3241,7 @@ metadata: namespace: knative-eventing labels: app: kafka-webhook-eventing - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" app.kubernetes.io/component: kafka-webhook-eventing app.kubernetes.io/name: knative-eventing spec: diff --git a/cmd/operator/kodata/eventing-source/1.21/kafka/eventing-kafka-post-install.yaml b/cmd/operator/kodata/eventing-source/1.21/kafka/eventing-kafka-post-install.yaml index e3d8a03b09..c321b40c40 100644 --- a/cmd/operator/kodata/eventing-source/1.21/kafka/eventing-kafka-post-install.yaml +++ b/cmd/operator/kodata/eventing-source/1.21/kafka/eventing-kafka-post-install.yaml @@ -16,7 +16,7 @@ kind: ClusterRole metadata: name: knative-kafka-controller-post-install labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" rules: null --- @@ -39,7 +39,7 @@ metadata: name: knative-kafka-controller-post-install namespace: knative-eventing labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" --- # Copyright 2020 The Knative Authors @@ -61,7 +61,7 @@ kind: ClusterRole metadata: name: knative-kafka-storage-version-migrator labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" rules: # Storage version upgrader needs to be able to patch CRDs. - apiGroups: @@ -144,14 +144,14 @@ metadata: name: knative-kafka-storage-version-migrator namespace: knative-eventing labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: knative-kafka-storage-version-migrator labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" subjects: - kind: ServiceAccount name: knative-kafka-storage-version-migrator @@ -180,7 +180,7 @@ kind: ClusterRoleBinding metadata: name: knative-kafka-controller-post-install labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" subjects: - kind: ServiceAccount name: knative-kafka-controller-post-install @@ -212,7 +212,7 @@ metadata: namespace: knative-eventing labels: app: kafka-controller-post-install - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 @@ -220,7 +220,7 @@ spec: metadata: labels: app: kafka-controller-post-install - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" sidecar.istio.io/inject: "false" annotations: sidecar.istio.io/inject: "false" @@ -229,7 +229,7 @@ spec: restartPolicy: OnFailure containers: - name: post-install - image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/post-install@sha256:958652ebcfc75f14e74ca63bfc414b113dd3ee11a625e749a3ea97b6ca7ae110 + image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/post-install@sha256:ec9e8abf49ce3799243377283e2bf6ae82e544eef4917560513802cf2108f25a env: - name: SYSTEM_NAMESPACE valueFrom: @@ -269,7 +269,7 @@ metadata: namespace: knative-eventing labels: app: "knative-kafka-storage-version-migrator" - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 @@ -277,7 +277,7 @@ spec: metadata: labels: app: "knative-kafka-storage-version-migrator" - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" sidecar.istio.io/inject: "false" annotations: sidecar.istio.io/inject: "false" @@ -286,7 +286,7 @@ spec: restartPolicy: OnFailure containers: - name: migrate - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:d547cd93685c771fd8b1c251e41ddffa1f19c94a5b7354654c07fd2621e9c4e4 + image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:f6ec800d3dac0221f2dad1cc02a1e4ac36ae70bdbe34b968c3b63b05b51f1e86 env: - name: IGNORE_NOT_FOUND value: "true" diff --git a/cmd/operator/kodata/eventing-source/1.21/kafka/eventing-kafka-source.yaml b/cmd/operator/kodata/eventing-source/1.21/kafka/eventing-kafka-source.yaml index 0208abdfd9..dbdb5f3aa9 100644 --- a/cmd/operator/kodata/eventing-source/1.21/kafka/eventing-kafka-source.yaml +++ b/cmd/operator/kodata/eventing-source/1.21/kafka/eventing-kafka-source.yaml @@ -17,7 +17,7 @@ metadata: name: config-kafka-source-data-plane namespace: knative-eventing labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" annotations: knative.dev/example-checksum: "8157ecb1" data: @@ -178,7 +178,7 @@ kind: ClusterRole metadata: name: knative-kafka-source-data-plane labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" rules: - apiGroups: - "" @@ -215,7 +215,7 @@ metadata: name: knative-kafka-source-data-plane namespace: knative-eventing labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" --- # Copyright 2021 The Knative Authors @@ -236,7 +236,7 @@ kind: ClusterRoleBinding metadata: name: knative-kafka-source-data-plane labels: - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" subjects: - kind: ServiceAccount name: knative-kafka-source-data-plane @@ -267,7 +267,7 @@ metadata: namespace: knative-eventing labels: app: kafka-source-dispatcher - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" app.kubernetes.io/component: kafka-source-dispatcher app.kubernetes.io/name: knative-eventing spec: @@ -281,7 +281,7 @@ spec: name: kafka-source-dispatcher labels: app: kafka-source-dispatcher - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" app.kubernetes.io/component: kafka-channel-dispatcher app.kubernetes.io/name: knative-eventing app.kubernetes.io/kind: kafka-dispatcher @@ -308,7 +308,7 @@ spec: runAsUser: 1001 containers: - name: kafka-source-dispatcher - image: gcr.io/knative-releases/knative-kafka-broker-dispatcher-loom@sha256:47f18508be1536180dabcaa58b08178b4b34d5fb59842cb46aa99b737cd38424 + image: gcr.io/knative-releases/knative-kafka-broker-dispatcher-loom@sha256:16d8ab2c39171126b79439f08ced580a6ec84695a86b7d0a521c520979b90463 imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /etc/config diff --git a/cmd/operator/kodata/eventing-source/1.21/rabbitmq/rabbitmq-source.yaml b/cmd/operator/kodata/eventing-source/1.21/rabbitmq/rabbitmq-source.yaml index 8ce8b9484f..4f5c2d6f0b 100644 --- a/cmd/operator/kodata/eventing-source/1.21/rabbitmq/rabbitmq-source.yaml +++ b/cmd/operator/kodata/eventing-source/1.21/rabbitmq/rabbitmq-source.yaml @@ -17,7 +17,7 @@ kind: Namespace metadata: name: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" --- # Copyright 2020 The Knative Authors @@ -40,7 +40,7 @@ metadata: name: rabbitmq-controller-manager namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" secrets: - name: rabbitmq-source-key --- @@ -73,7 +73,7 @@ kind: ClusterRole metadata: name: rabbitmq-webhook labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" rules: # For watching logging configuration and getting certs. - apiGroups: @@ -157,7 +157,7 @@ kind: ClusterRole metadata: name: eventing-sources-rabbitmq-controller labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" rules: - apiGroups: - sources.knative.dev @@ -270,14 +270,14 @@ metadata: name: rabbitmq-webhook namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: rabbitmq-webhook labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" subjects: - kind: ServiceAccount name: rabbitmq-webhook @@ -307,7 +307,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-rabbitmq-controller labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" subjects: - kind: ServiceAccount name: rabbitmq-controller-manager @@ -322,7 +322,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-rabbitmq-controller-addressable-resolver labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" subjects: - kind: ServiceAccount name: rabbitmq-controller-manager @@ -552,7 +552,7 @@ metadata: name: rabbitmq-controller namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" control-plane: rabbitmq-controller-manager spec: selector: @@ -580,7 +580,7 @@ apiVersion: v1 kind: Service metadata: labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" role: rabbitmq-source-webhook name: rabbitmq-source-webhook namespace: knative-sources @@ -613,7 +613,7 @@ metadata: name: rabbitmq-controller-manager namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" control-plane: rabbitmq-controller-manager spec: replicas: 1 @@ -627,7 +627,7 @@ spec: serviceAccountName: rabbitmq-controller-manager containers: - name: manager - image: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/controller/source@sha256:a594a430169001a0f121dd2fd59be872c42214cf934d8b05c2dabd9b755ba051 + image: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/controller/source@sha256:b5a0d84b9b216ba2250aee912d56c9c42c5d9a633d3668f8f938a723cb2c27ff imagePullPolicy: IfNotPresent env: - name: SYSTEM_NAMESPACE @@ -639,7 +639,7 @@ spec: - name: CONFIG_OBSERVABILITY_NAME value: config-observability - name: RABBITMQ_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/receive_adapter@sha256:0005987e978181de63ef7df8e9a395063bff7d9cf1f31e68b615e73d1c4eeafd + value: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/receive_adapter@sha256:2e767e9d7bfd07ba22bee2997326d83691c50244c11da804c0e08f0dc9db09d0 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -675,7 +675,7 @@ kind: ValidatingWebhookConfiguration metadata: name: config.webhook.rabbitmq.sources.knative.dev labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -711,7 +711,7 @@ kind: MutatingWebhookConfiguration metadata: name: webhook.rabbitmq.sources.knative.dev labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -743,7 +743,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.rabbitmq.sources.knative.dev labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -776,7 +776,7 @@ metadata: name: rabbitmq-webhook-certs namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" # The data is populated at install time. --- @@ -799,7 +799,7 @@ kind: MutatingWebhookConfiguration metadata: name: sinkbindings.webhook.sources.knative.dev labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -832,7 +832,7 @@ metadata: name: rabbitmq-webhook namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" spec: replicas: 1 selector: @@ -860,7 +860,7 @@ spec: terminationMessagePolicy: FallbackToLogsOnError # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/webhook/source@sha256:2381b1641e02102bc7c6c7a7989d653385b7d18d42a732f74676519a9a6d2d76 + image: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/webhook/source@sha256:c147e69334f8f4d25ce2b9e3e3d22c663be4dd4792cd2f1878a98f5cf62496c3 resources: requests: # taken from serving. @@ -916,7 +916,7 @@ apiVersion: v1 kind: Service metadata: labels: - rabbitmq.eventing.knative.dev/release: "v1.21.0" + rabbitmq.eventing.knative.dev/release: "v1.21.1" role: rabbitmq-webhook name: rabbitmq-webhook namespace: knative-sources diff --git a/cmd/operator/kodata/eventing-source/1.21/redis/redis-source.yaml b/cmd/operator/kodata/eventing-source/1.21/redis/redis-source.yaml index f677240858..75b2611485 100644 --- a/cmd/operator/kodata/eventing-source/1.21/redis/redis-source.yaml +++ b/cmd/operator/kodata/eventing-source/1.21/redis/redis-source.yaml @@ -201,7 +201,7 @@ kind: ClusterRole metadata: name: redis-webhook labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" rules: # For watching logging configuration and getting certs. - apiGroups: @@ -656,7 +656,7 @@ metadata: name: redis-controller-manager namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" control-plane: redis-controller-manager spec: selector: @@ -669,7 +669,7 @@ spec: spec: serviceAccountName: redis-controller-manager containers: - - image: gcr.io/knative-releases/knative.dev/eventing-redis/cmd/source/controller@sha256:55792077e32e50f5574a8ad687e378600ca7393484446414e1b413985b449a64 + - image: gcr.io/knative-releases/knative.dev/eventing-redis/cmd/source/controller@sha256:6205d85c3ad24867d8cfb91c8669388815186306ed111e12ba271ae3091b021f name: manager env: - name: SYSTEM_NAMESPACE @@ -685,7 +685,7 @@ spec: - name: CONFIG_LEADERELECTION_NAME value: config-leader-election-redis - name: STREAMSOURCE_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-redis/cmd/source/receive_adapter@sha256:1ee227568b6868cd8e04e6f4192c682418a933d2a5753047945b5aee739b93a1 + value: gcr.io/knative-releases/knative.dev/eventing-redis/cmd/source/receive_adapter@sha256:7daee3de93521503afe70dddf3674ae4af7d8d4a0a6e6a7dddd7de1b38484c6c - name: CONFIG_REDIS_NUMCONSUMERS value: config-redis - name: SECRET_TLS_TLSCERTIFICATE @@ -713,7 +713,7 @@ metadata: name: config-leader-election-redis namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.21.0" + contrib.eventing.knative.dev/release: "v1.21.1" data: # An inactive but valid configuration follows; see example. resourceLock: "leases" diff --git a/cmd/operator/kodata/eventing-source/1.22/ceph/ceph.yaml b/cmd/operator/kodata/eventing-source/1.22/ceph/ceph.yaml index 7290118018..ad8e939ce0 100644 --- a/cmd/operator/kodata/eventing-source/1.22/ceph/ceph.yaml +++ b/cmd/operator/kodata/eventing-source/1.22/ceph/ceph.yaml @@ -464,7 +464,7 @@ spec: containers: - name: controller terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/controller@sha256:a305ff049949bd1e170e8da2fc34d03627687accd923887939a9b4d0e9803472 + image: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/controller@sha256:abfaa821ddfe4e420f222f2c09c7ba0bba40c2162295fdacd4843de2e06927fc resources: requests: cpu: 100m @@ -481,7 +481,7 @@ spec: - name: METRICS_DOMAIN value: knative.dev/sources - name: CEPH_SOURCE_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/receive_adapter@sha256:fa7e10cf3a34d5e3629b528401f1ffdb67a0fe5899103e21bb16ed5a1b2a9933 + value: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/receive_adapter@sha256:21c71939dc43a72f371a94f83028e1aac20579e9b6ff7114889cf36e135b79db - name: POD_NAME valueFrom: fieldRef: @@ -620,7 +620,7 @@ spec: containers: - name: cephsource-webhook terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/webhook@sha256:8d32a8b1a8d10ae19da219b1ffe82da1a4935ce119f9be16f741fb1695e43c0c + image: gcr.io/knative-releases/knative.dev/eventing-ceph/cmd/webhook@sha256:faff03daf2543d0f0e016e10a4a5043704247a56b1d4afecdbc50c4815607e05 env: - name: SYSTEM_NAMESPACE valueFrom: diff --git a/cmd/operator/kodata/eventing-source/1.22/github/github.yaml b/cmd/operator/kodata/eventing-source/1.22/github/github.yaml index f2e49c736a..0a9a2f6462 100644 --- a/cmd/operator/kodata/eventing-source/1.22/github/github.yaml +++ b/cmd/operator/kodata/eventing-source/1.22/github/github.yaml @@ -17,7 +17,7 @@ kind: Namespace metadata: name: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" --- # Copyright 2019 The Knative Authors @@ -40,7 +40,7 @@ metadata: name: github-controller-manager namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" --- # Copyright 2019 The Knative Authors @@ -63,7 +63,7 @@ metadata: name: github-webhook namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" --- # Copyright 2019 The Knative Authors @@ -85,7 +85,7 @@ kind: ClusterRole metadata: name: eventing-sources-github-controller labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" rules: # Sources admin - apiGroups: @@ -204,7 +204,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-github-addressable-resolver labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" subjects: - kind: ServiceAccount name: github-controller-manager @@ -236,7 +236,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-github-controller labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" subjects: - kind: ServiceAccount name: github-controller-manager @@ -266,7 +266,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-github-podspecable-binding labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" subjects: - kind: ServiceAccount name: github-webhook @@ -296,7 +296,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-github-webhook labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" subjects: - kind: ServiceAccount name: github-webhook @@ -326,7 +326,7 @@ kind: ClusterRole metadata: name: github-webhook labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" rules: # Sources admin - apiGroups: @@ -473,7 +473,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" name: githubbindings.bindings.knative.dev @@ -526,7 +526,7 @@ kind: CustomResourceDefinition metadata: name: githubsources.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" @@ -791,7 +791,7 @@ metadata: name: github-controller namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" control-plane: github-controller-manager spec: selector: @@ -821,7 +821,7 @@ metadata: name: github-controller-manager namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" control-plane: github-controller-manager spec: selector: @@ -834,7 +834,7 @@ spec: spec: serviceAccountName: github-controller-manager containers: - - image: gcr.io/knative-releases/knative.dev/eventing-github/cmd/controller@sha256:4b44330b8233bacaf680cc2c441983523233837d1186b444d2b0814b27f01b19 + - image: gcr.io/knative-releases/knative.dev/eventing-github/cmd/controller@sha256:182139e2e76dc4398df0176d912912f8e6222c585b14c749ee5f42f8088d7214 name: manager env: - name: SYSTEM_NAMESPACE @@ -850,7 +850,7 @@ spec: - name: METRICS_DOMAIN value: knative.dev/sources - name: GH_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-github/cmd/receive_adapter@sha256:f777c89598afeca9f1e18a1c1ec00308c485d6394de800198ea1d56e0f6e4eab + value: gcr.io/knative-releases/knative.dev/eventing-github/cmd/receive_adapter@sha256:5e72d4c480ae42b50bb52c42aabaeb35a4538a3188acae12a1df1c88b0b95b46 resources: requests: cpu: 100m @@ -880,7 +880,7 @@ kind: MutatingWebhookConfiguration metadata: name: defaulting.webhook.github.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" webhooks: - admissionReviewVersions: - v1beta1 @@ -897,7 +897,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.github.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" webhooks: - admissionReviewVersions: - v1beta1 @@ -932,7 +932,7 @@ metadata: name: github-webhook-certs namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" # The data is populated at install time. --- @@ -956,7 +956,7 @@ metadata: name: github-webhook namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" spec: replicas: 1 selector: @@ -973,7 +973,7 @@ spec: containers: - name: github-webhook terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-github/cmd/webhook@sha256:3c614c87fa9e0c43f5652952b3aaf8bfd6f06c3c45ddeba268288d6d4d6683c2 + image: gcr.io/knative-releases/knative.dev/eventing-github/cmd/webhook@sha256:ca16c6876b618ff6f057b85bb0469148d526327045b54e007a096f8b6ed3a709 env: - name: SYSTEM_NAMESPACE valueFrom: @@ -1037,7 +1037,7 @@ metadata: name: config-leader-election-github namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" data: # An inactive but valid configuration follows; see example. resourceLock: "leases" diff --git a/cmd/operator/kodata/eventing-source/1.22/gitlab/gitlab.yaml b/cmd/operator/kodata/eventing-source/1.22/gitlab/gitlab.yaml index 0decaca408..6b5776aaa6 100644 --- a/cmd/operator/kodata/eventing-source/1.22/gitlab/gitlab.yaml +++ b/cmd/operator/kodata/eventing-source/1.22/gitlab/gitlab.yaml @@ -17,7 +17,7 @@ kind: Namespace metadata: name: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" --- # Copyright 2020 The Knative Authors @@ -40,7 +40,7 @@ metadata: name: gitlab-controller-manager namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" --- apiVersion: v1 kind: ServiceAccount @@ -48,7 +48,7 @@ metadata: name: gitlab-webhook namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" --- # Copyright 2020 The Knative Authors @@ -70,7 +70,7 @@ kind: ClusterRole metadata: name: gitlabsource-manager-role labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" rules: - apiGroups: - sources.knative.dev @@ -143,7 +143,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: eventing-contrib-gitlab-source-observer labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" duck.knative.dev/source: "true" rules: - apiGroups: @@ -175,7 +175,7 @@ kind: ClusterRoleBinding metadata: name: gitlabsource-manager-rolebinding labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -190,7 +190,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-gitlab-addressable-resolver labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" subjects: - kind: ServiceAccount name: gitlab-controller-manager @@ -207,7 +207,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-gitlab-webhook labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" subjects: - kind: ServiceAccount name: gitlab-webhook @@ -237,7 +237,7 @@ kind: ClusterRole metadata: name: gitlab-webhook labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" rules: # Sources admin - apiGroups: @@ -387,7 +387,7 @@ kind: CustomResourceDefinition metadata: name: gitlabbindings.bindings.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" spec: @@ -514,7 +514,7 @@ kind: CustomResourceDefinition metadata: name: gitlabsources.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" @@ -775,7 +775,7 @@ apiVersion: v1 kind: Service metadata: labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" control-plane: gitlab-controller-manager name: gitlab-controller-manager-service namespace: knative-sources @@ -791,7 +791,7 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" control-plane: gitlab-controller-manager name: gitlab-controller-manager namespace: knative-sources @@ -819,12 +819,12 @@ spec: - name: METRICS_DOMAIN value: knative.dev/sources - name: GL_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/receive_adapter@sha256:56bf66a09e089abb4d029ef364ce9a194596a18566e687e37de5595ca5373145 + value: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/receive_adapter@sha256:f756abba1c41c4447c314e7218a04778aafdbcfbe4c23efeb8fef261d3c694e6 - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - image: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/controller@sha256:ecd335aedfc9ba41ecc79ccc34b49968e70a86fcb521479ee3e79836dd32f375 + image: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/controller@sha256:71323187d6a8142dbc8c8b95407b9eb1b4a7108f657aa947db32d65102a5f6eb resources: limits: cpu: 100m @@ -854,7 +854,7 @@ kind: MutatingWebhookConfiguration metadata: name: defaulting.webhook.gitlab.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" webhooks: - admissionReviewVersions: - v1beta1 @@ -871,7 +871,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.gitlab.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" webhooks: - admissionReviewVersions: - v1beta1 @@ -888,7 +888,7 @@ kind: MutatingWebhookConfiguration metadata: name: gitlabbindings.webhook.gitlab.sources.knative.dev labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" webhooks: - admissionReviewVersions: - v1beta1 @@ -921,14 +921,14 @@ metadata: name: gitlab-webhook-certs namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" # The data is populated at install time. --- apiVersion: v1 kind: Service metadata: labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" role: webhook name: gitlab-webhook namespace: knative-sources @@ -946,7 +946,7 @@ metadata: name: gitlab-webhook namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" spec: replicas: 1 selector: @@ -961,7 +961,7 @@ spec: containers: - name: gitlab-webhook terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/webhook@sha256:2ad5ee2dfd523921ae653316a952eeacf7afe9efd44831bf3fab72ec92887f27 + image: gcr.io/knative-releases/knative.dev/eventing-gitlab/cmd/webhook@sha256:a501d4c474c85ef86a7463ad4be19dced0547e6e64fec45b83a4004bd743d04c env: - name: SYSTEM_NAMESPACE valueFrom: diff --git a/cmd/operator/kodata/eventing-source/1.22/kafka/eventing-kafka-controller.yaml b/cmd/operator/kodata/eventing-source/1.22/kafka/eventing-kafka-controller.yaml index f54f76c534..5bbef910f5 100644 --- a/cmd/operator/kodata/eventing-source/1.22/kafka/eventing-kafka-controller.yaml +++ b/cmd/operator/kodata/eventing-source/1.22/kafka/eventing-kafka-controller.yaml @@ -17,7 +17,7 @@ metadata: name: kafka-broker-config namespace: knative-eventing labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" data: default.topic.partitions: "10" default.topic.replication.factor: "3" @@ -43,7 +43,7 @@ metadata: name: kafka-channel-config namespace: knative-eventing labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" data: bootstrap.servers: "my-cluster-kafka-bootstrap.kafka:9092" @@ -67,7 +67,7 @@ kind: CustomResourceDefinition metadata: name: kafkachannels.messaging.knative.dev labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" @@ -707,7 +707,7 @@ kind: CustomResourceDefinition metadata: creationTimestamp: null labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" knative.dev/crd-install: "true" name: consumers.internal.kafka.eventing.knative.dev spec: @@ -763,7 +763,7 @@ kind: CustomResourceDefinition metadata: creationTimestamp: null labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" knative.dev/crd-install: "true" name: consumergroups.internal.kafka.eventing.knative.dev spec: @@ -834,7 +834,7 @@ metadata: labels: duck.knative.dev/addressable: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" spec: group: eventing.knative.dev names: @@ -1030,7 +1030,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" @@ -1930,7 +1930,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: eventing-kafka-source-observer labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" duck.knative.dev/source: "true" rules: - apiGroups: @@ -1963,7 +1963,7 @@ metadata: name: config-kafka-source-defaults namespace: knative-eventing labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" annotations: knative.dev/example-checksum: "b6ed351d" data: @@ -2023,7 +2023,7 @@ metadata: name: config-kafka-autoscaler namespace: knative-eventing labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" data: class: "keda.autoscaling.knative.dev" min-scale: "0" @@ -2089,7 +2089,7 @@ apiVersion: v1 kind: ConfigMap metadata: labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" name: config-kafka-leader-election namespace: knative-eventing annotations: @@ -2155,7 +2155,7 @@ metadata: name: kafka-config-logging namespace: knative-eventing labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" data: config.xml: | @@ -2216,7 +2216,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-kafka-addressable-resolver labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" duck.knative.dev/addressable: "true" # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -2259,7 +2259,7 @@ kind: ClusterRole metadata: name: knative-kafka-channelable-manipulator labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" duck.knative.dev/channelable: "true" # Do not use this role directly. These rules will be added to the "channelable-manipulator" role. rules: @@ -2296,7 +2296,7 @@ kind: ClusterRole metadata: name: kafka-controller labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" rules: - apiGroups: - "" @@ -2586,7 +2586,7 @@ metadata: name: kafka-controller namespace: knative-eventing labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" --- # Copyright 2020 The Knative Authors @@ -2607,7 +2607,7 @@ kind: ClusterRoleBinding metadata: name: kafka-controller labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" subjects: - kind: ServiceAccount name: kafka-controller @@ -2622,7 +2622,7 @@ kind: ClusterRoleBinding metadata: name: kafka-controller-addressable-resolver labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" subjects: - kind: ServiceAccount name: kafka-controller @@ -2653,7 +2653,7 @@ metadata: namespace: knative-eventing labels: app: kafka-controller - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/component: kafka-controller app.kubernetes.io/name: knative-eventing spec: @@ -2665,7 +2665,7 @@ spec: name: kafka-controller labels: app: kafka-controller - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/component: kafka-controller app.kubernetes.io/name: knative-eventing spec: @@ -2691,7 +2691,7 @@ spec: weight: 100 containers: - name: controller - image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/kafka-controller@sha256:15f0d3efc6db0cb82c8937f97bc4d21a150fae4509e9c98b35c524b8b5832f7c + image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/kafka-controller@sha256:72561e1e84343b7e3d005388c3032a308aad8d538e04e94ae34497b5e7228bbd imagePullPolicy: IfNotPresent env: - name: BROKER_DATA_PLANE_CONFIG_MAP_NAMESPACE @@ -2840,7 +2840,7 @@ kind: ClusterRole metadata: name: kafka-webhook-eventing labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" rules: # For watching logging configuration and getting certs. - apiGroups: @@ -2946,7 +2946,7 @@ metadata: name: kafka-webhook-eventing namespace: knative-eventing labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" --- # Copyright 2020 The Knative Authors @@ -2967,7 +2967,7 @@ kind: ClusterRoleBinding metadata: name: kafka-webhook-eventing labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" subjects: - kind: ServiceAccount name: kafka-webhook-eventing @@ -2997,7 +2997,7 @@ kind: MutatingWebhookConfiguration metadata: name: defaulting.webhook.kafka.eventing.knative.dev labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -3029,7 +3029,7 @@ kind: MutatingWebhookConfiguration metadata: name: pods.defaulting.webhook.kafka.eventing.knative.dev labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" webhooks: # Dispatcher pods webhook config. - admissionReviewVersions: ["v1", "v1beta1"] @@ -3083,7 +3083,7 @@ metadata: name: kafka-webhook-eventing-certs namespace: knative-eventing labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" # The data is populated at install time. --- @@ -3106,7 +3106,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.kafka.eventing.knative.dev labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -3140,7 +3140,7 @@ metadata: namespace: knative-eventing labels: app: kafka-webhook-eventing - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/component: kafka-webhook-eventing app.kubernetes.io/name: knative-eventing spec: @@ -3151,7 +3151,7 @@ spec: metadata: labels: app: kafka-webhook-eventing - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/component: kafka-webhook-eventing app.kubernetes.io/name: knative-eventing spec: @@ -3171,7 +3171,7 @@ spec: containers: - name: kafka-webhook-eventing terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/webhook-kafka@sha256:d9bc655a4fd6dd4ee895d7f840d47c72a7dbef45ee55b1bdeee4f3f2e0e3477d + image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/webhook-kafka@sha256:7378b273c5e92afb8889a3cdc08ef8c95fdecdfd79d31f9539f3bdb92f0c18a0 resources: requests: cpu: 20m @@ -3241,7 +3241,7 @@ metadata: namespace: knative-eventing labels: app: kafka-webhook-eventing - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/component: kafka-webhook-eventing app.kubernetes.io/name: knative-eventing spec: diff --git a/cmd/operator/kodata/eventing-source/1.22/kafka/eventing-kafka-post-install.yaml b/cmd/operator/kodata/eventing-source/1.22/kafka/eventing-kafka-post-install.yaml index 78b35fd763..886619a2b6 100644 --- a/cmd/operator/kodata/eventing-source/1.22/kafka/eventing-kafka-post-install.yaml +++ b/cmd/operator/kodata/eventing-source/1.22/kafka/eventing-kafka-post-install.yaml @@ -16,7 +16,7 @@ kind: ClusterRole metadata: name: knative-kafka-controller-post-install labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" rules: null --- @@ -39,7 +39,7 @@ metadata: name: knative-kafka-controller-post-install namespace: knative-eventing labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" --- # Copyright 2020 The Knative Authors @@ -61,7 +61,7 @@ kind: ClusterRole metadata: name: knative-kafka-storage-version-migrator labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" rules: # Storage version upgrader needs to be able to patch CRDs. - apiGroups: @@ -144,14 +144,14 @@ metadata: name: knative-kafka-storage-version-migrator namespace: knative-eventing labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: knative-kafka-storage-version-migrator labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" subjects: - kind: ServiceAccount name: knative-kafka-storage-version-migrator @@ -180,7 +180,7 @@ kind: ClusterRoleBinding metadata: name: knative-kafka-controller-post-install labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" subjects: - kind: ServiceAccount name: knative-kafka-controller-post-install @@ -212,7 +212,7 @@ metadata: namespace: knative-eventing labels: app: kafka-controller-post-install - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 @@ -220,7 +220,7 @@ spec: metadata: labels: app: kafka-controller-post-install - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" sidecar.istio.io/inject: "false" annotations: sidecar.istio.io/inject: "false" @@ -229,7 +229,7 @@ spec: restartPolicy: OnFailure containers: - name: post-install - image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/post-install@sha256:384b01d650fe7cacbfe9a3aacfcd6d84e2af2953376cd6dc4f0c671ac7953458 + image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/post-install@sha256:9aed718eb86eea8ea9ed8c4e9a5f2cd37199832c7cad6e807875f66e86c097d1 env: - name: SYSTEM_NAMESPACE valueFrom: @@ -269,7 +269,7 @@ metadata: namespace: knative-eventing labels: app: "knative-kafka-storage-version-migrator" - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 @@ -277,7 +277,7 @@ spec: metadata: labels: app: "knative-kafka-storage-version-migrator" - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" sidecar.istio.io/inject: "false" annotations: sidecar.istio.io/inject: "false" @@ -286,7 +286,7 @@ spec: restartPolicy: OnFailure containers: - name: migrate - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:3251489b1e27cf54ed0c83e8e2d9a2f4eae28bd400f08174a1c41b10388eff3f + image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:fa50f73000a0abce4170fb47854bef6b4626a201b221b567fec3a6f291f11d3e env: - name: IGNORE_NOT_FOUND value: "true" diff --git a/cmd/operator/kodata/eventing-source/1.22/kafka/eventing-kafka-source.yaml b/cmd/operator/kodata/eventing-source/1.22/kafka/eventing-kafka-source.yaml index f018cc8100..cf5d48d0b4 100644 --- a/cmd/operator/kodata/eventing-source/1.22/kafka/eventing-kafka-source.yaml +++ b/cmd/operator/kodata/eventing-source/1.22/kafka/eventing-kafka-source.yaml @@ -17,7 +17,7 @@ metadata: name: config-kafka-source-data-plane namespace: knative-eventing labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" annotations: knative.dev/example-checksum: "8157ecb1" data: @@ -177,7 +177,7 @@ kind: ClusterRole metadata: name: knative-kafka-source-data-plane labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" rules: - apiGroups: - "" @@ -214,7 +214,7 @@ metadata: name: knative-kafka-source-data-plane namespace: knative-eventing labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" --- # Copyright 2021 The Knative Authors @@ -235,7 +235,7 @@ kind: ClusterRoleBinding metadata: name: knative-kafka-source-data-plane labels: - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" subjects: - kind: ServiceAccount name: knative-kafka-source-data-plane @@ -266,7 +266,7 @@ metadata: namespace: knative-eventing labels: app: kafka-source-dispatcher - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/component: kafka-source-dispatcher app.kubernetes.io/name: knative-eventing spec: @@ -280,7 +280,7 @@ spec: name: kafka-source-dispatcher labels: app: kafka-source-dispatcher - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/component: kafka-channel-dispatcher app.kubernetes.io/name: knative-eventing app.kubernetes.io/kind: kafka-dispatcher @@ -307,7 +307,7 @@ spec: runAsUser: 1001 containers: - name: kafka-source-dispatcher - image: gcr.io/knative-releases/knative-kafka-broker-dispatcher-loom@sha256:a186d65097071e8b787c4c62212950e2d1dcab96a09af8063c8680bb0b453633 + image: gcr.io/knative-releases/knative-kafka-broker-dispatcher-loom@sha256:c0c6904f33d767d4c7255781085ebac2fbc72b88dc5f34d3588bb183bb825721 imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /etc/config diff --git a/cmd/operator/kodata/eventing-source/1.22/rabbitmq/rabbitmq-source.yaml b/cmd/operator/kodata/eventing-source/1.22/rabbitmq/rabbitmq-source.yaml index 369d3f3a72..c7c654727e 100644 --- a/cmd/operator/kodata/eventing-source/1.22/rabbitmq/rabbitmq-source.yaml +++ b/cmd/operator/kodata/eventing-source/1.22/rabbitmq/rabbitmq-source.yaml @@ -17,7 +17,7 @@ kind: Namespace metadata: name: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" --- # Copyright 2020 The Knative Authors @@ -40,7 +40,7 @@ metadata: name: rabbitmq-controller-manager namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" secrets: - name: rabbitmq-source-key --- @@ -73,7 +73,7 @@ kind: ClusterRole metadata: name: rabbitmq-webhook labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" rules: # For watching logging configuration and getting certs. - apiGroups: @@ -157,7 +157,7 @@ kind: ClusterRole metadata: name: eventing-sources-rabbitmq-controller labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" rules: - apiGroups: - sources.knative.dev @@ -270,14 +270,14 @@ metadata: name: rabbitmq-webhook namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: rabbitmq-webhook labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" subjects: - kind: ServiceAccount name: rabbitmq-webhook @@ -307,7 +307,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-rabbitmq-controller labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" subjects: - kind: ServiceAccount name: rabbitmq-controller-manager @@ -322,7 +322,7 @@ kind: ClusterRoleBinding metadata: name: eventing-sources-rabbitmq-controller-addressable-resolver labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" subjects: - kind: ServiceAccount name: rabbitmq-controller-manager @@ -552,7 +552,7 @@ metadata: name: rabbitmq-controller namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" control-plane: rabbitmq-controller-manager spec: selector: @@ -580,7 +580,7 @@ apiVersion: v1 kind: Service metadata: labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" role: rabbitmq-source-webhook name: rabbitmq-source-webhook namespace: knative-sources @@ -613,7 +613,7 @@ metadata: name: rabbitmq-controller-manager namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" control-plane: rabbitmq-controller-manager spec: replicas: 1 @@ -627,7 +627,7 @@ spec: serviceAccountName: rabbitmq-controller-manager containers: - name: manager - image: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/controller/source@sha256:c80d69e00c3def055c6925b7d0c311962fa9e5b8965cf6870a5eaa79cc6d52a8 + image: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/controller/source@sha256:64c3de771165033603cf3e787a07e9ff108af59460a8c2cb71cf5c0386914566 imagePullPolicy: IfNotPresent env: - name: SYSTEM_NAMESPACE @@ -639,7 +639,7 @@ spec: - name: CONFIG_OBSERVABILITY_NAME value: config-observability - name: RABBITMQ_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/receive_adapter@sha256:320864fd53ae86c2ffa0116a07012cbe485fd5116bdac11c7139172bb098b416 + value: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/receive_adapter@sha256:d31a466dbc4ff39cf839329d0a34b6c4584ceeb6dea249884c9f58856b3a8d17 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -675,7 +675,7 @@ kind: ValidatingWebhookConfiguration metadata: name: config.webhook.rabbitmq.sources.knative.dev labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -711,7 +711,7 @@ kind: MutatingWebhookConfiguration metadata: name: webhook.rabbitmq.sources.knative.dev labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -743,7 +743,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.rabbitmq.sources.knative.dev labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -776,7 +776,7 @@ metadata: name: rabbitmq-webhook-certs namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" # The data is populated at install time. --- @@ -799,7 +799,7 @@ kind: MutatingWebhookConfiguration metadata: name: sinkbindings.webhook.sources.knative.dev labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -832,7 +832,7 @@ metadata: name: rabbitmq-webhook namespace: knative-sources labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" spec: replicas: 1 selector: @@ -860,7 +860,7 @@ spec: terminationMessagePolicy: FallbackToLogsOnError # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/webhook/source@sha256:d8283fc9d9bc8e86704e0c867fbd8c5ca2962661d3d785a06d29e7d50accbadb + image: gcr.io/knative-releases/knative.dev/eventing-rabbitmq/cmd/webhook/source@sha256:9a413dd965aa0cc3d8a7e8835d8d7af7377656202eebcfee4e2e4c99f523358a resources: requests: # taken from serving. @@ -916,7 +916,7 @@ apiVersion: v1 kind: Service metadata: labels: - rabbitmq.eventing.knative.dev/release: "v1.22.0" + rabbitmq.eventing.knative.dev/release: "v1.22.1" role: rabbitmq-webhook name: rabbitmq-webhook namespace: knative-sources diff --git a/cmd/operator/kodata/eventing-source/1.22/redis/redis-source.yaml b/cmd/operator/kodata/eventing-source/1.22/redis/redis-source.yaml index bf12b733a7..49f15f7cea 100644 --- a/cmd/operator/kodata/eventing-source/1.22/redis/redis-source.yaml +++ b/cmd/operator/kodata/eventing-source/1.22/redis/redis-source.yaml @@ -201,7 +201,7 @@ kind: ClusterRole metadata: name: redis-webhook labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" rules: # For watching logging configuration and getting certs. - apiGroups: @@ -656,7 +656,7 @@ metadata: name: redis-controller-manager namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" control-plane: redis-controller-manager spec: selector: @@ -669,7 +669,7 @@ spec: spec: serviceAccountName: redis-controller-manager containers: - - image: gcr.io/knative-releases/knative.dev/eventing-redis/cmd/source/controller@sha256:cd17a59bccd790fa618c865d47dcf55ca8fd5ed00bfba71efaa2efe1ac8d063e + - image: gcr.io/knative-releases/knative.dev/eventing-redis/cmd/source/controller@sha256:fc1ffd4bd575668de728cf981e341287e6bf736aef1a46b50193fc6c3fe760a1 name: manager env: - name: SYSTEM_NAMESPACE @@ -685,7 +685,7 @@ spec: - name: CONFIG_LEADERELECTION_NAME value: config-leader-election-redis - name: STREAMSOURCE_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing-redis/cmd/source/receive_adapter@sha256:f59cd4a1d3ad143c49d50f1a207b24b129d082bda4040f25fd5ffb68af5d0e79 + value: gcr.io/knative-releases/knative.dev/eventing-redis/cmd/source/receive_adapter@sha256:039975e4107dd447f67c8edaa5d884780973ff931818f3e6f6b1e32dae8645b9 - name: CONFIG_REDIS_NUMCONSUMERS value: config-redis - name: SECRET_TLS_TLSCERTIFICATE @@ -713,7 +713,7 @@ metadata: name: config-leader-election-redis namespace: knative-sources labels: - contrib.eventing.knative.dev/release: "v1.22.0" + contrib.eventing.knative.dev/release: "v1.22.1" data: # An inactive but valid configuration follows; see example. resourceLock: "leases" diff --git a/cmd/operator/kodata/ingress/1.21/contour/net-contour.yaml b/cmd/operator/kodata/ingress/1.21/contour/net-contour.yaml index f190389c61..80cf9f215d 100644 --- a/cmd/operator/kodata/ingress/1.21/contour/net-contour.yaml +++ b/cmd/operator/kodata/ingress/1.21/contour/net-contour.yaml @@ -8,7 +8,7 @@ metadata: networking.knative.dev/ingress-provider: contour app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" serving.knative.dev/controller: "true" rules: - apiGroups: ["projectcontour.io"] @@ -38,7 +38,7 @@ metadata: networking.knative.dev/ingress-provider: contour app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" data: _example: | ################################ @@ -111,7 +111,7 @@ metadata: networking.knative.dev/ingress-provider: contour app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" spec: replicas: 1 selector: @@ -123,14 +123,14 @@ spec: app: net-contour-controller app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" spec: serviceAccountName: controller containers: - name: controller # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-contour/cmd/controller@sha256:5d5626a44c6a122b5933d17355508b91405155d0373352f8db4b65641e801f60 + image: gcr.io/knative-releases/knative.dev/net-contour/cmd/controller@sha256:ca06d987ccc090f1f712d7d7972db7ac9212ad9d85bda2ae14f5526dcaa12ff5 resources: requests: cpu: 40m @@ -174,7 +174,7 @@ metadata: networking.knative.dev/ingress-provider: contour app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" spec: delegations: - secretName: routing-serving-certs diff --git a/cmd/operator/kodata/ingress/1.21/gateway-api/net-gateway-api.yaml b/cmd/operator/kodata/ingress/1.21/gateway-api/net-gateway-api.yaml index 3644c21df5..12ddc99e2f 100644 --- a/cmd/operator/kodata/ingress/1.21/gateway-api/net-gateway-api.yaml +++ b/cmd/operator/kodata/ingress/1.21/gateway-api/net-gateway-api.yaml @@ -20,7 +20,7 @@ metadata: networking.knative.dev/ingress-provider: net-gateway-api app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" aggregationRule: clusterRoleSelectors: - matchLabels: @@ -36,7 +36,7 @@ metadata: networking.knative.dev/ingress-provider: net-gateway-api app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" rules: - apiGroups: ["gateway.networking.k8s.io"] resources: ["httproutes", "referencegrants", "referencepolicies"] @@ -68,7 +68,7 @@ metadata: labels: networking.knative.dev/ingress-provider: net-gateway-api app.kubernetes.io/component: net-gateway-api - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" app.kubernetes.io/name: knative-serving spec: replicas: 1 @@ -95,7 +95,7 @@ spec: - name: controller # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-gateway-api/cmd/controller@sha256:dc6c099778b06152e25aa60d5de6b287948d40035bcb817e09705a6db545e21c + image: gcr.io/knative-releases/knative.dev/net-gateway-api/cmd/controller@sha256:bca54560b1e1d50e8dbad2662c41c016a60b789f759cb5e3555ac7361603dc07 resources: requests: cpu: 100m @@ -152,7 +152,7 @@ metadata: labels: app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" networking.knative.dev/ingress-provider: gateway-api spec: selector: @@ -166,14 +166,14 @@ spec: role: net-gateway-api-webhook app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" spec: serviceAccountName: controller containers: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-gateway-api/cmd/webhook@sha256:c42118b5c156b232bdde5541e2111501dcd2e4c2677fb375545aabab7c98a776 + image: gcr.io/knative-releases/knative.dev/net-gateway-api/cmd/webhook@sha256:9c95ceca00dd3c1e33a9cfc0997c9214689c326beb51aacd42f7c710abd7df7e resources: requests: cpu: 20m @@ -251,7 +251,7 @@ metadata: labels: app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" networking.knative.dev/ingress-provider: gateway-api --- @@ -278,7 +278,7 @@ metadata: role: net-gateway-api-webhook app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" networking.knative.dev/ingress-provider: gateway-api spec: ports: @@ -317,7 +317,7 @@ metadata: labels: app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" networking.knative.dev/ingress-provider: gateway-api webhooks: - admissionReviewVersions: @@ -359,7 +359,7 @@ metadata: networking.knative.dev/ingress-provider: net-gateway-api app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" data: _example: | ################################ diff --git a/cmd/operator/kodata/ingress/1.21/istio/net-istio.yaml b/cmd/operator/kodata/ingress/1.21/istio/net-istio.yaml index 4776a01a1b..c519bc4501 100644 --- a/cmd/operator/kodata/ingress/1.21/istio/net-istio.yaml +++ b/cmd/operator/kodata/ingress/1.21/istio/net-istio.yaml @@ -1,4 +1,4 @@ -# Generated when HEAD was b93bad5f0fa640e86586ad5438358b6bebcd4124 +# Generated when HEAD was 4b7e514fef326a70791e751f317bb39c0de1a2be # # Copyright 2019 The Knative Authors # @@ -22,7 +22,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" serving.knative.dev/controller: "true" networking.knative.dev/ingress-provider: istio rules: @@ -54,7 +54,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" networking.knative.dev/ingress-provider: istio spec: selector: @@ -93,7 +93,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" networking.knative.dev/ingress-provider: istio spec: selector: @@ -114,7 +114,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" networking.knative.dev/ingress-provider: istio experimental.istio.io/disable-gateway-port-translation: "true" spec: @@ -152,7 +152,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" networking.knative.dev/ingress-provider: istio data: # TODO(nghia): Extract the .svc.cluster.local suffix into its own config. @@ -262,7 +262,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" networking.knative.dev/ingress-provider: istio spec: selector: @@ -280,7 +280,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" networking.knative.dev/ingress-provider: istio spec: selector: @@ -313,7 +313,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" networking.knative.dev/ingress-provider: istio spec: selector: @@ -329,14 +329,14 @@ spec: app: net-istio-controller app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" spec: serviceAccountName: controller containers: - name: controller # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:9c9ef8806ee3c1e3ee07c68c32b6277a282ac46c4d2d8be75f8a9ebcca5abb5c + image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:f1280364f8cf74641b796c61feb28e3cce4b9431ccc9ff97028f00c280682ddc resources: requests: cpu: 30m @@ -415,7 +415,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" networking.knative.dev/ingress-provider: istio spec: selector: @@ -429,14 +429,14 @@ spec: role: net-istio-webhook app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" spec: serviceAccountName: controller containers: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:67cf11f38020390d0c4c6a4951d547d14b9a5a53be07f6dce5a39891a33ab804 + image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:48e554607a1c367536c75f88b893515b1293e011b86648b1d7555e160521148f resources: requests: cpu: 20m @@ -514,7 +514,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" networking.knative.dev/ingress-provider: istio --- @@ -541,7 +541,7 @@ metadata: role: net-istio-webhook app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" networking.knative.dev/ingress-provider: istio spec: ports: @@ -580,7 +580,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" networking.knative.dev/ingress-provider: istio webhooks: - admissionReviewVersions: @@ -619,7 +619,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/version: "1.21.4" networking.knative.dev/ingress-provider: istio webhooks: - admissionReviewVersions: diff --git a/cmd/operator/kodata/ingress/1.21/kourier/kourier.yaml b/cmd/operator/kodata/ingress/1.21/kourier/kourier.yaml index 71cd6d59e6..71a1a1c312 100644 --- a/cmd/operator/kodata/ingress/1.21/kourier/kourier.yaml +++ b/cmd/operator/kodata/ingress/1.21/kourier/kourier.yaml @@ -20,7 +20,7 @@ metadata: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/name: knative-serving app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" --- # Copyright 2020 The Knative Authors @@ -45,7 +45,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" app.kubernetes.io/name: knative-serving data: envoy-bootstrap.yaml: | @@ -174,7 +174,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" app.kubernetes.io/name: knative-serving data: _example: | @@ -325,7 +325,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" app.kubernetes.io/name: knative-serving --- apiVersion: rbac.authorization.k8s.io/v1 @@ -335,7 +335,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" app.kubernetes.io/name: knative-serving rules: - apiGroups: [""] @@ -367,7 +367,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" app.kubernetes.io/name: knative-serving roleRef: apiGroup: rbac.authorization.k8s.io @@ -401,7 +401,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" app.kubernetes.io/name: knative-serving spec: strategy: @@ -423,7 +423,7 @@ spec: app: net-kourier-controller spec: containers: - - image: gcr.io/knative-releases/knative.dev/net-kourier/cmd/kourier@sha256:1dfd7339e6d59db29a5375eb5e5ff3bfb0f5d28e076d1e665c9ac9ada45931cd + - image: gcr.io/knative-releases/knative.dev/net-kourier/cmd/kourier@sha256:964ac95786974ebacaf3c67563fb358f4e848712b72b36da0b23cc4a4b451f78 name: controller env: # CERTS_SECRET_NAMESPACE and CERTS_SECRET_NAME can also be configured from a ConfigMap. @@ -493,7 +493,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" app.kubernetes.io/name: knative-serving spec: ports: @@ -532,7 +532,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" app.kubernetes.io/name: knative-serving spec: strategy: @@ -653,7 +653,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" app.kubernetes.io/name: knative-serving spec: ports: @@ -677,7 +677,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" app.kubernetes.io/name: knative-serving spec: ports: @@ -701,7 +701,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" app.kubernetes.io/name: knative-serving spec: minReplicas: 1 @@ -727,7 +727,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.21.0" + app.kubernetes.io/version: "1.21.1" app.kubernetes.io/name: knative-serving spec: minAvailable: 80% diff --git a/cmd/operator/kodata/ingress/1.22/contour/net-contour.yaml b/cmd/operator/kodata/ingress/1.22/contour/net-contour.yaml index 51d65ad8bc..a9df184c0d 100644 --- a/cmd/operator/kodata/ingress/1.22/contour/net-contour.yaml +++ b/cmd/operator/kodata/ingress/1.22/contour/net-contour.yaml @@ -8,7 +8,7 @@ metadata: networking.knative.dev/ingress-provider: contour app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" serving.knative.dev/controller: "true" rules: - apiGroups: ["projectcontour.io"] @@ -38,7 +38,7 @@ metadata: networking.knative.dev/ingress-provider: contour app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" data: _example: | ################################ @@ -111,7 +111,7 @@ metadata: networking.knative.dev/ingress-provider: contour app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" spec: replicas: 1 selector: @@ -123,14 +123,14 @@ spec: app: net-contour-controller app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" spec: serviceAccountName: controller containers: - name: controller # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-contour/cmd/controller@sha256:9aabab23f9f73a0628aa87a264e49f0445bb0a1f9f428c16340eecb8a266cd9d + image: gcr.io/knative-releases/knative.dev/net-contour/cmd/controller@sha256:e8cbd83de03a0e82c50d7e213821be2022d7e4ce57224ac6cca1f59a1538d6bc resources: requests: cpu: 40m @@ -174,7 +174,7 @@ metadata: networking.knative.dev/ingress-provider: contour app.kubernetes.io/component: net-contour app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" spec: delegations: - secretName: routing-serving-certs diff --git a/cmd/operator/kodata/ingress/1.22/gateway-api/net-gateway-api.yaml b/cmd/operator/kodata/ingress/1.22/gateway-api/net-gateway-api.yaml index ee287e9c21..d82081bd2c 100644 --- a/cmd/operator/kodata/ingress/1.22/gateway-api/net-gateway-api.yaml +++ b/cmd/operator/kodata/ingress/1.22/gateway-api/net-gateway-api.yaml @@ -20,7 +20,7 @@ metadata: networking.knative.dev/ingress-provider: net-gateway-api app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" aggregationRule: clusterRoleSelectors: - matchLabels: @@ -36,7 +36,7 @@ metadata: networking.knative.dev/ingress-provider: net-gateway-api app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" rules: - apiGroups: ["gateway.networking.k8s.io"] resources: ["httproutes", "referencegrants", "referencepolicies"] @@ -68,7 +68,7 @@ metadata: labels: networking.knative.dev/ingress-provider: net-gateway-api app.kubernetes.io/component: net-gateway-api - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/name: knative-serving spec: replicas: 1 @@ -95,7 +95,7 @@ spec: - name: controller # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-gateway-api/cmd/controller@sha256:11cbac3379c748a43d72ff04e9e12ccc403d1a45a2b2204d4950692f37a1e515 + image: gcr.io/knative-releases/knative.dev/net-gateway-api/cmd/controller@sha256:4bb78651dbf77cdbbc82571e9e48e9ac63dbe02b44bddf731a2b7aed46d2ad83 resources: requests: cpu: 100m @@ -168,7 +168,7 @@ metadata: labels: app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: gateway-api spec: selector: @@ -182,14 +182,14 @@ spec: role: net-gateway-api-webhook app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" spec: serviceAccountName: controller containers: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-gateway-api/cmd/webhook@sha256:94ce0ee4c10e3889f3870bea6512384f026b72c0628fbd5390c850bafb1ff2a8 + image: gcr.io/knative-releases/knative.dev/net-gateway-api/cmd/webhook@sha256:295ea080a33b4fa82449df710420564c4c0fff7026a4e0ddad431acd8e1c7a33 resources: requests: cpu: 20m @@ -268,7 +268,7 @@ metadata: labels: app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: gateway-api --- @@ -295,7 +295,7 @@ metadata: role: net-gateway-api-webhook app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: gateway-api spec: ports: @@ -334,7 +334,7 @@ metadata: labels: app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: gateway-api webhooks: - admissionReviewVersions: @@ -376,7 +376,7 @@ metadata: networking.knative.dev/ingress-provider: net-gateway-api app.kubernetes.io/component: net-gateway-api app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" data: _example: | ################################ diff --git a/cmd/operator/kodata/ingress/1.22/istio/net-istio.yaml b/cmd/operator/kodata/ingress/1.22/istio/net-istio.yaml index e5aec2ab2d..d1e3a4b0e9 100644 --- a/cmd/operator/kodata/ingress/1.22/istio/net-istio.yaml +++ b/cmd/operator/kodata/ingress/1.22/istio/net-istio.yaml @@ -1,4 +1,4 @@ -# Generated when HEAD was e85e79ad04b5b84518a1f842623fa36f2f49e018 +# Generated when HEAD was 572837849cb1d418e7d8a4e613b9f959a523a573 # # Copyright 2019 The Knative Authors # @@ -22,7 +22,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" serving.knative.dev/controller: "true" networking.knative.dev/ingress-provider: istio rules: @@ -59,7 +59,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: istio spec: selector: @@ -103,7 +103,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: istio spec: selector: @@ -124,7 +124,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: istio experimental.istio.io/disable-gateway-port-translation: "true" spec: @@ -162,7 +162,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: istio data: # TODO(nghia): Extract the .svc.cluster.local suffix into its own config. @@ -288,7 +288,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: istio spec: selector: @@ -306,7 +306,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: istio spec: selector: @@ -339,7 +339,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: istio spec: selector: @@ -356,14 +356,14 @@ spec: app: net-istio-controller app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" spec: serviceAccountName: controller containers: - name: controller # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:d849c758f269bf651bd2dd6a973a11d4029ecc2ba4c3bc0fd07b86252d5ab087 + image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:61d0004be98355e09a13a8aa1b8006f2cbd91a45944e9e088b45d06901b372f6 resources: requests: cpu: 30m @@ -442,7 +442,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: istio spec: selector: @@ -456,14 +456,14 @@ spec: role: net-istio-webhook app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" spec: serviceAccountName: controller containers: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:2563f60b712dbba6cb4f67a0925437c2841ce57433d9733528cfdfd566106995 + image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:d2b95b499d71107060f9c8d523314bb26d8f95e7c558c2472d2e61a3ce2d1462 resources: requests: cpu: 20m @@ -541,7 +541,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: istio --- @@ -568,7 +568,7 @@ metadata: role: net-istio-webhook app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: istio spec: ports: @@ -607,7 +607,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: istio webhooks: - admissionReviewVersions: @@ -646,7 +646,7 @@ metadata: labels: app.kubernetes.io/component: net-istio app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" networking.knative.dev/ingress-provider: istio webhooks: - admissionReviewVersions: diff --git a/cmd/operator/kodata/ingress/1.22/kourier/kourier.yaml b/cmd/operator/kodata/ingress/1.22/kourier/kourier.yaml index e387e33dec..e298f2d136 100644 --- a/cmd/operator/kodata/ingress/1.22/kourier/kourier.yaml +++ b/cmd/operator/kodata/ingress/1.22/kourier/kourier.yaml @@ -20,7 +20,7 @@ metadata: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/name: knative-serving app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" --- # Copyright 2020 The Knative Authors @@ -45,7 +45,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/name: knative-serving data: envoy-bootstrap.yaml: | @@ -174,7 +174,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/name: knative-serving data: _example: | @@ -325,7 +325,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/name: knative-serving --- apiVersion: rbac.authorization.k8s.io/v1 @@ -335,7 +335,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/name: knative-serving rules: - apiGroups: [""] @@ -367,7 +367,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/name: knative-serving roleRef: apiGroup: rbac.authorization.k8s.io @@ -401,7 +401,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/name: knative-serving spec: strategy: @@ -423,7 +423,7 @@ spec: app: net-kourier-controller spec: containers: - - image: gcr.io/knative-releases/knative.dev/net-kourier/cmd/kourier@sha256:a2e8f568a4bf68ef6391bc3afea956d11a8698f6a22c4be50844b1da4f8bcc74 + - image: gcr.io/knative-releases/knative.dev/net-kourier/cmd/kourier@sha256:01abd2070ccf8680885c47990e42c05c09e30bc8595d9246f4dcd37f2220a2a2 name: controller env: # CERTS_SECRET_NAMESPACE and CERTS_SECRET_NAME can also be configured from a ConfigMap. @@ -493,7 +493,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/name: knative-serving spec: ports: @@ -532,7 +532,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/name: knative-serving spec: strategy: @@ -653,7 +653,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/name: knative-serving spec: ports: @@ -677,7 +677,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/name: knative-serving spec: ports: @@ -701,7 +701,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/name: knative-serving spec: minReplicas: 1 @@ -727,7 +727,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "1.22.0" + app.kubernetes.io/version: "1.22.1" app.kubernetes.io/name: knative-serving spec: minAvailable: 80% diff --git a/cmd/operator/kodata/knative-eventing/1.21.3/1-eventing-crds.yaml b/cmd/operator/kodata/knative-eventing/1.21.3/1-eventing-crds.yaml new file mode 100644 index 0000000000..d2f69d691a --- /dev/null +++ b/cmd/operator/kodata/knative-eventing/1.21.3/1-eventing-crds.yaml @@ -0,0 +1,5118 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + annotations: + # TODO add schemas + registry.knative.dev/eventTypes: | + [ + { + "type": "dev.knative.apiserver.resource.add", + "description": "CloudEvent type used for add operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.delete", + "description": "CloudEvent type used for delete operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.update", + "description": "CloudEvent type used for update operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.ref.add", + "description": "CloudEvent type used for add operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.delete", + "description": "CloudEvent type used for delete operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.update", + "description": "CloudEvent type used for update operations when in Reference mode" + } + ] + name: apiserversources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - resources + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + mode: + description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` + type: string + owner: + description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. + type: object + properties: + apiVersion: + description: APIVersion - the API version of the resource to watch. + type: string + kind: + description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + resources: + description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. + type: array + items: + type: object + properties: + apiVersion: + description: APIVersion - the API version of the resource to watch. + type: string + kind: + description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + selector: + description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. + type: string + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + namespaceSelector: + description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string + namespaces: + description: Namespaces show the namespaces currently watched by the ApiServerSource + type: array + items: + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + categories: + - all + - knative + - sources + kind: ApiServerSource + plural: apiserversources + singular: apiserversource + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: brokers.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' + type: object + properties: + spec: + description: Spec defines the desired state of the Broker. + type: object + properties: + config: + description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + delivery: + description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + status: + description: Status represents the current state of the Broker. This data may be out of date. + type: object + properties: + address: + description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Broker is Addressable. It exposes the endpoints as URIs to get events delivered into the Broker mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: Class + type: string + priority: 1 + jsonPath: '.metadata.annotations.eventing\.knative\.dev/broker\.class' + names: + kind: Broker + plural: brokers + singular: broker + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: channels.messaging.knative.dev + labels: + knative.dev/crd-install: "true" + messaging.knative.dev/subscribable: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: messaging.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + schema: + openAPIV3Schema: + description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' + type: object + properties: + spec: + description: Spec defines the desired state of the Channel. + type: object + properties: + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + type: object + x-kubernetes-preserve-unknown-fields: true + delivery: + description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + subscribers: + description: This is the list of subscriptions for this subscribable. + type: array + items: + type: object + properties: + delivery: + description: DeliverySpec contains options controlling the event delivery + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + generation: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + name: + description: The name of the subscription + type: string + replyUri: + description: ReplyURI is the endpoint for the reply + type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string + subscriberUri: + description: SubscriberURI is the endpoint for the subscriber + type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + status: + description: Status represents the current state of the Channel. This data may be out of date. + type: object + properties: + address: + description: Channel is Addressable. It exposes the endpoint as an URI to get events delivered into the Channel mesh. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Channel is Addressable. It exposes the endpoints as URIs to get events delivered into the Channel mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + channel: + description: Channel is an KReference to the Channel CRD backing this Channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + deadLetterChannel: + description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscribers: + description: This is the list of subscription's statuses for this channel. + type: array + items: + type: object + properties: + message: + description: A human readable message indicating details of Ready status. + type: string + observedGeneration: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + ready: + description: Status of the subscriber. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + names: + kind: Channel + plural: channels + singular: channel + categories: + - all + - knative + - messaging + - channel + shortNames: + - ch + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + name: containersources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' + type: object + properties: + spec: + type: object + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. + template: + type: object + x-kubernetes-preserve-unknown-fields: true + description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + categories: + - all + - knative + - sources + kind: ContainerSource + plural: containersources + singular: containersource + scope: Namespaced + +--- +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventpolicies.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + description: Spec defines the desired state of the EventPolicy. + type: object + properties: + from: + description: From is the list of sources or oidc identities, which are allowed to send events to the targets (.spec.to). + type: array + items: + type: object + properties: + ref: + description: Ref contains a direct reference to a resource which is allowed to send events to the target. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + sub: + description: Sub sets the OIDC identity name to be allowed to send events to the target. It is also possible to set a glob-like pattern to match any suffix. + type: string + to: + description: To lists all resources for which this policy applies. Resources in this list must act like an ingress and have an audience. The resources are part of the same namespace as the EventPolicy. An empty list means it applies to all resources in the EventPolicies namespace + type: array + items: + type: object + properties: + ref: + description: Ref contains the direct reference to a target + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + selector: + description: Selector contains a selector to group targets + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + filters: + description: 'Filters is an array of SubscriptionsAPIFilters that evaluate to true or false. If any filter expression in the array evaluates to false, the event will not continue pass the ingress of the target resources of the policy' + type: array + items: + type: object + properties: + all: + description: 'All evaluates to true if all the nested expressions evaluate to true. It must contain at least one filter expression' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + any: + description: 'Any evaluates to true if any of the nested expressions evaluate to true. It must contain at least one filter expression' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + cesql: + description: 'CESQL is a CloudEvents SQL v1 expression that will evaluate to true or false for each CloudEvent.' + type: string + exact: + description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all exactly match with the associated value string specified (case sensitive)' + type: object + x-kubernetes-preserve-unknown-fields: true + not: + description: 'Not evaluates to true if the nested expression evaluates to false.' + type: object + x-kubernetes-preserve-unknown-fields: true + prefix: + description: 'Prefix evaluates to true if the values of the matching CloudEvents attributes all start with the associated value string specified (case sensitive)' + type: object + x-kubernetes-preserve-unknown-fields: true + suffix: + description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all end with the associated value string specified (case sensitive)' + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status represents the current state of the EventPolicy. This data may be out of date. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + from: + description: From is the list of resolved oidc identities from .spec.from + type: array + items: + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: EventPolicy + plural: eventpolicies + singular: eventpolicy + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2025 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventtransforms.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + description: Spec defines the desired state of the EventTransform. + type: object + properties: + jsonata: + type: object + properties: + expression: + description: Expression is the JSONata expression (https://jsonata.org/). + type: string + reply: + description: | + Reply is the configuration on how to handle responses from Sink. It can only be set if Sink is set. + Only one "type" can be used. + The used type must match the top-level transformation, if you need to mix transformation types, use compositions and chain transformations together to achieve your desired outcome. + type: object + properties: + jsonata: + type: object + properties: + expression: + description: Expression is the JSONata expression (https://jsonata.org/). + type: string + discard: + description: | + Discard discards responses from Sink and return empty response body. + When set to false, it returns the exact sink response body. + When set to true, Discard is mutually exclusive with EventTransformations in the reply + section, it can either be discarded or transformed. + Default: false. + type: boolean + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink. If not present, the transformation will send back the transformed event as response, this is useful to leverage the built-in Broker reply feature to re-publish a transformed event back to the broker. ' + type: object + properties: + CACerts: + description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any. + type: string + audience: + description: Audience is the OIDC audience. This need only be set, if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. In case the Addressable specifies an Audience too, the Destinations Audience takes preference. + type: string + ref: + description: Ref points to an Addressable. + type: object + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + status: + description: Status represents the current state of the EventTransform. This data may be out of date. + type: object + properties: + address: + description: Address is a single Addressable address. If Addresses is present, Address will be ignored by clients. + type: object + required: + - url + properties: + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + addresses: + description: Addresses is a list of addresses for different protocols (HTTP and HTTPS) If Addresses is present, Address must be ignored by clients. + type: array + items: + type: object + required: + - url + properties: + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth defines the attributes that provide the generated service account name in the resource status. + type: object + required: + - serviceAccountName + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. This list can have len() > 1, when the component uses multiple identities (e.g. in case of a Parallel). + type: array + items: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + jsonata: + description: JsonataTransformationStatus is the status associated with JsonataEventTransformationSpec. + type: object + properties: + deployment: + type: object + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. + type: integer + format: int32 + collisionCount: + description: Count of hash collisions for the Deployment. The Deployment controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ReplicaSet. + type: integer + format: int32 + conditions: + description: Represents the latest available observations of a deployment's current state. + type: array + items: + type: object + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + lastUpdateTime: + description: The last time this condition was updated. + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of deployment condition. + type: string + observedGeneration: + description: The generation observed by the deployment controller. + type: integer + format: int64 + readyReplicas: + description: readyReplicas is the number of pods targeted by this Deployment with a Ready Condition. + type: integer + format: int32 + replicas: + description: Total number of non-terminated pods targeted by this deployment (their labels match the selector). + type: integer + format: int32 + unavailableReplicas: + description: Total number of unavailable pods targeted by this deployment. This is the total number of pods that are still required for the deployment to have 100% available capacity. They may either be pods that are running but not yet available or pods that still have not been created. + type: integer + format: int32 + updatedReplicas: + description: Total number of non-terminated pods targeted by this deployment that have the desired template spec. + type: integer + format: int32 + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkAudience: + description: SinkAudience is the OIDC audience of the sink. + type: string + sinkCACerts: + description: SinkCACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: ".status.address.url" + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: EventTransform + plural: eventtransforms + singular: eventtransform + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventtypes.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1beta3 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + address: + description: 'Address points to a specific Address Name' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + attributes: + description: "CloudEvent attribute and extension attributes." + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: "Name of the CloudEvent attribute." + required: + type: boolean + description: "Indicates whether the attribute is required." + value: + type: string + description: "Value of the attribute. May be a template string using curly brackets {} to represent variable sections of the string." + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.attributes[?(@.name=='type')].value" + - name: Source + type: string + jsonPath: ".spec.attributes[?(@.name=='source')].value" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + broker: + type: string + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + address: + description: 'Address points to a specific Address Name' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + schema: + description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' + type: string + schemaData: + description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' + type: string + source: + description: 'Source is a URI, it represents the CloudEvents source.' + type: string + type: + description: 'Type represents the CloudEvents type. It is authoritative.' + type: string + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.type" + - name: Source + type: string + jsonPath: ".spec.source" + - name: Schema + type: string + jsonPath: ".spec.schema" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + broker: + type: string + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + address: + description: 'Address points to a specific Address Name' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + schema: + description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' + type: string + schemaData: + description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' + type: string + source: + description: 'Source is a URI, it represents the CloudEvents source.' + type: string + type: + description: 'Type represents the CloudEvents type. It is authoritative.' + type: string + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.type" + - name: Source + type: string + jsonPath: ".spec.source" + - name: Schema + type: string + jsonPath: ".spec.schema" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + # This indicates the v1beta1 version of the custom resource is deprecated. + # API requests to this version receive a warning header in the server response. + deprecated: true + # This overrides the default warning returned to API clients making v1beta1 API requests. + deprecationWarning: "eventing.knative.dev/v1beta1 EventType is deprecated; see https://knative.dev/docs/eventing/event-registry/ for instructions to migrate to eventing.knative.dev/v1beta2 EventType" + # v1beta1 schema is identical to the v1beta2 schema + names: + kind: EventType + plural: eventtypes + singular: eventtype + categories: + - all + - knative + - eventing + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: integrationsinks.sinks.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: sinks.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'IntegrationSink sends events to generic event sink' + type: object + properties: + spec: + description: Spec defines the desired state of the IntegrationSink. + type: object + properties: + log: + type: object + properties: + loggerName: + type: string + title: Logger Name + description: Name of the logging category to use + default: log-sink + level: + type: string + title: Log Level + description: Logging level to use + default: INFO + logMask: + type: boolean + title: Log Mask + description: Mask sensitive information like password or passphrase in the log + default: false + marker: + type: string + title: Marker + description: An optional Marker name to use + multiline: + type: boolean + title: Multiline + description: If enabled then each information is outputted on a newline + default: false + showAllProperties: + type: boolean + title: Show All Properties + description: Show all of the exchange properties (both internal and custom) + default: false + showBody: + type: boolean + title: Show Body + description: Show the message body + default: true + showBodyType: + type: boolean + title: Show Body Type + description: Show the body Java type + default: true + showExchangePattern: + type: boolean + title: Show Exchange Pattern + description: Shows the Message Exchange Pattern (or MEP for short) + default: true + showHeaders: + type: boolean + title: Show Headers + description: Show the headers received + default: false + showProperties: + type: boolean + title: Show Properties + description: Show the exchange properties (only custom). Use showAllProperties to show both internal and custom properties. + default: false + showStreams: + type: boolean + title: Show Streams + description: Show the stream bodies (they may not be available in following steps) + default: false + showCachedStreams: + type: boolean + title: Show Cached Streams + description: Whether Camel should show cached stream bodies or not. + default: true + aws: + type: object + properties: + s3: + type: object + properties: + arn: + type: string + title: Bucket Name + description: The S3 Bucket name or Amazon Resource Name (ARN). + deleteAfterRead: + type: boolean + title: Auto-delete Objects + description: Specifies to delete objects after consuming them. + default: true + moveAfterRead: + type: boolean + title: Move Objects After Delete + description: Move objects from S3 bucket to a different bucket after they have been retrieved. + default: false + destinationBucket: + type: string + title: Destination Bucket + description: Define the destination bucket where an object must be moved when moveAfterRead is set to true. + destinationBucketPrefix: + type: string + title: Destination Bucket Prefix + description: Define the destination bucket prefix to use when an object must be moved, and moveAfterRead is set to true. + destinationBucketSuffix: + type: string + title: Destination Bucket Suffix + description: Define the destination bucket suffix to use when an object must be moved, and moveAfterRead is set to true. + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateBucket: + type: boolean + title: Autocreate Bucket + description: Specifies to automatically create the S3 bucket. + default: false + prefix: + type: string + title: Prefix + description: The AWS S3 bucket prefix to consider while searching. + example: folder/ + ignoreBody: + type: boolean + title: Ignore Body + description: If true, the S3 Object body is ignored. Setting this to true overrides any behavior defined by the `includeBody` option. If false, the S3 object is put in the body. + default: false + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + forcePathStyle: + type: boolean + title: Force Path Style + description: Forces path style when accessing AWS S3 buckets. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected bucket. + default: 500 + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: Gets the maximum number of messages as a limit to poll at each polling. Gets the maximum number of messages as a limit to poll at each polling. The default value is 10. Use 0 or a negative number to set it as unlimited. + default: 10 + sqs: + type: object + properties: + arn: + type: string + title: Queue Name + description: The SQS Queue Name or ARN + deleteAfterRead: + type: boolean + title: Auto-delete Messages + description: Delete messages after consuming them + default: true + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateQueue: + type: boolean + title: Autocreate Queue + description: Setting the autocreation of the SQS queue. + default: false + host: + type: string + title: AWS Host + description: The hostname of the Amazon AWS cloud. + default: amazonaws.com + protocol: + type: string + title: Protocol + description: The underlying protocol used to communicate with SQS + default: https + example: http or https + queueURL: + type: string + title: Queue URL + description: The full SQS Queue URL (required if using KEDA) + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected stream + default: 500 + greedy: + type: boolean + title: Greedy Scheduler + description: If greedy is enabled, then the polling will happen immediately again, if the previous run polled 1 or more messages. + default: false + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: The maximum number of messages to return. Amazon SQS never returns more messages than this value (however, fewer messages might be returned). Valid values 1 to 10. Default 1. + default: 1 + waitTimeSeconds: + type: integer + title: Wait Time Seconds + description: The duration (in seconds) for which the call waits for a message to arrive in the queue before returning. If a message is available, the call returns sooner than WaitTimeSeconds. If no messages are available and the wait time expires, the call does not return a message list. + visibilityTimeout: + type: integer + title: Visibility Timeout + description: The duration (in seconds) that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request. + sns: + type: object + properties: + arn: + type: string + title: Topic Name + description: The SNS topic name name or Amazon Resource Name (ARN). + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateTopic: + type: boolean + title: Autocreate Topic + description: Setting the autocreation of the SNS topic. + default: false + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + auth: + description: 'Auth configurations' + type: object + properties: + secret: + description: 'Auth secret' + type: object + properties: + ref: + description: | + Secret reference. + type: object + required: + - name + properties: + name: + description: 'Secret name' + type: string + serviceAccountName: + description: 'Optional ServiceAccount to assign to pod. This enables the pod default credentials to be used instead of the auth secret.' + type: string + status: + description: Status represents the current state of the IntegrationSink. This data may be out of date. + type: object + properties: + address: + description: IntegrationSink is Addressable. It exposes the endpoints as URIs to get events delivered into the used Kamelet. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: IntegrationSink is Addressable. It exposes the endpoints as URIs to get events delivered into the used Kamelet. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: IntegrationSink + plural: integrationsinks + singular: integrationsink + categories: + - all + - knative + - eventing + - sink + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + name: integrationsources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'IntegrationSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' + type: object + properties: + spec: + type: object + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + timer: + type: object + properties: + period: + type: integer + title: Period + description: The interval (in milliseconds) to wait between producing the next message. + default: 1000 + message: + type: string + title: Message + description: The message to generate. + example: hello world + contentType: + type: string + title: Content Type + description: The content type of the generated message. + default: text/plain + repeatCount: + type: integer + title: Repeat Count + description: Specifies a maximum limit of number of fires + aws: + type: object + properties: + s3: + type: object + properties: + arn: + type: string + title: Bucket Name + description: The S3 Bucket name or Amazon Resource Name (ARN). + deleteAfterRead: + type: boolean + title: Auto-delete Objects + description: Specifies to delete objects after consuming them. + default: true + moveAfterRead: + type: boolean + title: Move Objects After Delete + description: Move objects from S3 bucket to a different bucket after they have been retrieved. + default: false + destinationBucket: + type: string + title: Destination Bucket + description: Define the destination bucket where an object must be moved when moveAfterRead is set to true. + destinationBucketPrefix: + type: string + title: Destination Bucket Prefix + description: Define the destination bucket prefix to use when an object must be moved, and moveAfterRead is set to true. + destinationBucketSuffix: + type: string + title: Destination Bucket Suffix + description: Define the destination bucket suffix to use when an object must be moved, and moveAfterRead is set to true. + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateBucket: + type: boolean + title: Autocreate Bucket + description: Specifies to automatically create the S3 bucket. + default: false + prefix: + type: string + title: Prefix + description: The AWS S3 bucket prefix to consider while searching. + example: folder/ + ignoreBody: + type: boolean + title: Ignore Body + description: If true, the S3 Object body is ignored. Setting this to true overrides any behavior defined by the `includeBody` option. If false, the S3 object is put in the body. + default: false + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + forcePathStyle: + type: boolean + title: Force Path Style + description: Forces path style when accessing AWS S3 buckets. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected bucket. + default: 500 + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: Gets the maximum number of messages as a limit to poll at each polling. Gets the maximum number of messages as a limit to poll at each polling. The default value is 10. Use 0 or a negative number to set it as unlimited. + default: 10 + sqs: + type: object + properties: + arn: + type: string + title: Queue Name + description: The SQS Queue Name or ARN + deleteAfterRead: + type: boolean + title: Auto-delete Messages + description: Delete messages after consuming them + default: true + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateQueue: + type: boolean + title: Autocreate Queue + description: Setting the autocreation of the SQS queue. + default: false + host: + type: string + title: AWS Host + description: The hostname of the Amazon AWS cloud. + default: amazonaws.com + protocol: + type: string + title: Protocol + description: The underlying protocol used to communicate with SQS + default: https + example: http or https + queueURL: + type: string + title: Queue URL + description: The full SQS Queue URL (required if using KEDA) + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected stream + default: 500 + greedy: + type: boolean + title: Greedy Scheduler + description: If greedy is enabled, then the polling will happen immediately again, if the previous run polled 1 or more messages. + default: false + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: The maximum number of messages to return. Amazon SQS never returns more messages than this value (however, fewer messages might be returned). Valid values 1 to 10. Default 1. + default: 1 + waitTimeSeconds: + type: integer + title: Wait Time Seconds + description: The duration (in seconds) for which the call waits for a message to arrive in the queue before returning. If a message is available, the call returns sooner than WaitTimeSeconds. If no messages are available and the wait time expires, the call does not return a message list. + visibilityTimeout: + type: integer + title: Visibility Timeout + description: The duration (in seconds) that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request. + ddbStreams: + type: object + properties: + table: + type: string + title: Table + description: The name of the DynamoDB table. + region: + type: string + title: AWS Region + description: The AWS region to access. + streamIteratorType: + type: string + title: Stream Iterator Type + description: Defines where in the DynamoDB stream to start getting records. There are two enums and the value can be one of FROM_LATEST and FROM_START. Note that using FROM_START can cause a significant delay before the stream has caught up to real-time. + default: FROM_LATEST + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll from the database. + default: 500 + auth: + description: 'Auth configurations' + type: object + properties: + secret: + description: 'Auth secret' + type: object + properties: + ref: + description: | + Secret reference. + type: object + required: + - name + properties: + name: + description: 'Secret name' + type: string + serviceAccountName: + description: 'Optional ServiceAccount to assign to pod. This enables the pod default credentials to be used instead of the auth secret.' + type: string + template: + type: object + x-kubernetes-preserve-unknown-fields: true + description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: ".metadata.creationTimestamp" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + categories: + - all + - knative + - sources + kind: IntegrationSource + plural: integrationsources + singular: integrationsource + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: jobsinks.sinks.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: sinks.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'JobSink triggers long-running jobs when an event occur.' + type: object + properties: + spec: + description: Spec defines the desired state of the JobSink. + type: object + properties: + job: + type: object + description: Full Job resource object, see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#job-v1-batch for more details. + x-kubernetes-preserve-unknown-fields: true + status: + description: Status represents the current state of the JobSink. This data may be out of date. + type: object + properties: + address: + description: JobSink is Addressable. It exposes the endpoint as an URI to schedule long running jobs when an even occurs. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: JobSink is Addressable. It exposes the endpoint as an URI to schedule long running jobs when an even occurs. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + job: + type: object + properties: + selector: + type: string + description: Label selector for all scheduled jobs + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: JobSink + plural: jobsinks + singular: jobsink + categories: + - all + - knative + - eventing + - sink + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: parallels.flows.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: flows.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' + type: object + properties: + spec: + description: Spec defines the desired state of the Parallel. + type: object + properties: + branches: + description: Branches is the list of Filter/Subscribers pairs. + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + delivery: + description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + filter: + description: Filter is the expression guarding the branch + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + reply: + description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + subscriber: + description: Subscriber receiving the event when the filter passes + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + type: object + x-kubernetes-preserve-unknown-fields: true + reply: + description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + status: + description: Status represents the current state of the Parallel. This data may be out of date. + type: object + properties: + address: + description: Parallel is Addressable. It exposes the endpoint as an URI to get events delivered into the Parallel. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Parallel is Addressable. It exposes the endpoints as URIs to get events delivered into the Parallel. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + branchStatuses: + description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. + type: array + items: + type: object + properties: + filterChannelStatus: + description: FilterChannelStatus corresponds to the filter channel status. + type: object + properties: + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + filterSubscriptionStatus: + description: FilterSubscriptionStatus corresponds to the filter subscription status. + type: object + properties: + ready: + description: ReadyCondition indicates whether the Subscription is ready or not. + type: object + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + subscription: + description: Subscription is the reference to the underlying Subscription. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + subscriberSubscriptionStatus: + description: SubscriptionStatus corresponds to the subscriber subscription status. + type: object + properties: + ready: + description: ReadyCondition indicates whether the Subscription is ready or not. + type: object + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + subscription: + description: Subscription is the reference to the underlying Subscription. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + ingressChannelStatus: + description: IngressChannelStatus corresponds to the ingress channel status. + type: object + properties: + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Parallel + plural: parallels + singular: parallel + categories: + - all + - knative + - flows + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + annotations: + # TODO add schema + registry.knative.dev/eventTypes: | + [ + { + "type": "dev.knative.sources.ping", + "description": "CloudEvent type for fixed payloads on a specified cron schedule" + } + ] + name: pingsources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' + properties: + spec: + type: object + description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' + properties: + ceOverrides: + description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + type: object + properties: + extensions: + description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + type: object + additionalProperties: + type: string + x-kubernetes-preserve-unknown-fields: true + contentType: + description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' + type: string + data: + description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' + type: string + dataBase64: + description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." + type: string + schedule: + description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' + type: string + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + type: object + properties: + ref: + description: 'Ref points to an Addressable.' + type: object + properties: + apiVersion: + description: 'API version of the referent.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + timezone: + description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' + type: string + status: + type: object + description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + type: array + items: + type: object + properties: + source: + description: 'Source is the CloudEvents source attribute.' + type: string + type: + description: 'Type refers to the CloudEvent type attribute.' + type: string + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + type: integer + format: int64 + sinkUri: + description: 'SinkURI is the current active sink URI that has been configured for the Source.' + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: sinkAudience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Schedule + type: string + jsonPath: .spec.schedule + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: v1beta2 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' + properties: + spec: + type: object + description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' + properties: + ceOverrides: + description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + type: object + properties: + extensions: + description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + type: object + additionalProperties: + type: string + x-kubernetes-preserve-unknown-fields: true + contentType: + description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' + type: string + data: + description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' + type: string + dataBase64: + description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." + type: string + schedule: + description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' + type: string + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + type: object + properties: + ref: + description: 'Ref points to an Addressable.' + type: object + properties: + apiVersion: + description: 'API version of the referent.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + timezone: + description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' + type: string + status: + type: object + description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + type: array + items: + type: object + properties: + source: + description: 'Source is the CloudEvents source attribute.' + type: string + type: + description: 'Type refers to the CloudEvent type attribute.' + type: string + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + type: integer + format: int64 + sinkUri: + description: 'SinkURI is the current active sink URI that has been configured for the Source.' + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: sinkAudience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Schedule + type: string + jsonPath: .spec.schedule + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + # This indicates the v1beta2 version of the custom resource is deprecated. + # API requests to this version receive a warning header in the server response. + deprecated: true + # This overrides the default warning returned to API clients making v1beta2 API requests. + deprecationWarning: "sources.knative.dev/v1beta2 PingSource is deprecated; see https://knative.dev/docs/eventing/sources/ping-source/ for instructions to migrate to sources.knative.dev/v1 PingSource" + # v1 schema is identical to the v1beta2 schema + names: + categories: + - all + - knative + - sources + kind: PingSource + plural: pingsources + singular: pingsource + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + +--- +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: requestreplies.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + description: Spec defines the desired state of the RequestReply. + type: object + properties: + brokerRef: + description: A KReference referring to the broker this RequestReply forwards events to. CrossNamespace references are not allowed. + type: object + properties: + apiVersion: + description: API Version of the broker. + type: string + kind: + description: 'Kind of the broker. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the broker. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + correlationAttribute: + description: The name of the cloudevent attribute where the correlation id will be set on new events. + type: string + replyAttribute: + description: The name of the cloudevents attribute which will hold the correlation id for an event which will be treated as a reply. + type: string + timeout: + description: A ISO8601 string representing how long RequestReply holds onto an incoming request before it times out without a reply. + type: string + delivery: + description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + status: + description: Status represents the current state of the RequestReply. This data may be out of date. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + desiredReplicas: + description: The current replicas (StatefulSet pod + trigger) that are desired + type: integer + readyReplicas: + description: The current replicas (StatefulSet pod + trigger) that are ready + type: integer + address: + description: RequestReply is Addressable. It exposes the endpoint as an URI to get events delivered. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: RequestReply is Addressable. It exposes the endpoints as URIs to get events delivered. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates whichversion of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: ".status.address.url" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: RequestReply + plural: requestreplies + singular: requestreply + shortNames: + - rr + categories: + - all + - knative + - eventing + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sequences.flows.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: flows.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' + type: object + properties: + spec: + description: Spec defines the desired state of the Sequence. + type: object + properties: + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + type: object + x-kubernetes-preserve-unknown-fields: true + reply: + description: Reply is a Reference to where the result of the last Subscriber gets sent to. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + type: string + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the reply. + audience: + description: Audience is the OIDC audience of the reply. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + steps: + description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options + type: array + items: + type: object + properties: + delivery: + description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string + status: + description: Status represents the current state of the Sequence. This data may be out of date. + type: object + properties: + address: + description: Sequence is Addressable. It exposes the endpoint as an URI to get events delivered into the Sequence. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Sequence is Addressable. It exposes the endpoints as URIs to get events delivered into the Sequence. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + channelStatuses: + description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. + type: array + items: + type: object + properties: + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscriptionStatuses: + description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. + type: array + items: + type: object + properties: + ready: + description: ReadyCondition indicates whether the Subscription is ready or not. + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + subscription: + description: Subscription is the reference to the underlying Subscription. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Sequence + plural: sequences + singular: sequence + categories: + - all + - knative + - flows + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + duck.knative.dev/binding: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + name: sinkbindings.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' + type: object + properties: + spec: + type: object + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + subject: + description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: Kind of the referent. + type: string + name: + description: Name of the referent. Mutually exclusive with Selector. + type: string + namespace: + description: Namespace of the referent. + type: string + selector: + description: Selector of the referents. Mutually exclusive with Name. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string + oidcTokenSecretName: + description: Name of the secret with the OIDC token for the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + categories: + - all + - knative + - sources + - bindings + kind: SinkBinding + plural: sinkbindings + singular: sinkbinding + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: subscriptions.messaging.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: messaging.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' + type: object + properties: + spec: + type: object + properties: + channel: + description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion, name and namespace. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + delivery: + description: Delivery configuration + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + reply: + description: Reply specifies (optionally) how to handle events returned from the Subscriber target. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + subscriber: + description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the subscription trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + physicalSubscription: + description: PhysicalSubscription is the fully resolved values that this Subscription represents. + type: object + properties: + deadLetterSinkUri: + description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + replyUri: + description: ReplyURI is the fully resolved URI for the spec.reply. + type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string + subscriberUri: + description: SubscriberURI is the fully resolved URI for spec.subscriber. + type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string + additionalPrinterColumns: + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Subscription + plural: subscriptions + singular: subscription + categories: + - all + - knative + - messaging + shortNames: + - sub + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: triggers.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Broker + type: string + jsonPath: .spec.broker + - name: Subscriber_URI + type: string + jsonPath: .status.subscriberUri + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + schema: + openAPIV3Schema: + description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' + type: object + properties: + spec: + description: Spec defines the desired state of the Trigger. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + broker: + description: Broker is the broker that this trigger receives events from. + type: string + brokerRef: + description: 'Reference to a broker that is enabled for cross-namespace referencing. You can specify only the following fields of the KReference: kind, apiVersion, name and namespace.' + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + delivery: + description: Delivery contains the delivery spec for this specific trigger. + type: object + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + format: + description: Format is the format used to serialize the event into a http request when delivering the event. It can be json (for structured events), binary (for binary events), or unset. + type: string + filter: + description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events.' + type: object + properties: + attributes: + description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported.' + type: object + x-kubernetes-preserve-unknown-fields: true + filters: + description: 'Filters is an array of SubscriptionsAPIFilter that evaluate to true or false. If any filter expression in the array evaluates to false, the event must not be sent to the Subscriber. If all the filter expressions in the array evaluate to true, the event must be attempted to be delivered. Absence of a filter or empty array implies a value of true. In the event of users specifying both Filter and Filters, then the latter will override the former. This will allow users to try out the effect of the new Filters field without compromising the existing attribute-based Filter and try it out on existing Trigger objects.' + type: array + items: + type: object + properties: + all: + description: 'All evaluates to true if all the nested expressions evaluate to true. It must contain at least one filter expression.' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + any: + description: 'Any evaluates to true if at least one of the nested expressions evaluates to true. It must contain at least one filter expression.' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + cesql: + description: 'CESQL is a CloudEvents SQL expression that will be evaluated to true or false against each CloudEvent.' + type: string + exact: + description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all exactly match with the associated value String specified (case-sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + not: + description: 'Not evaluates to true if the nested expression evaluates to false.' + type: object + x-kubernetes-preserve-unknown-fields: true + prefix: + description: 'Prefix evaluates to true if the values of the matching CloudEvents attributes all start with the associated value String specified (case sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + suffix: + description: 'Suffix evaluates to true if the values of the matching CloudEvents attributes all end with the associated value String specified (case sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + subscriber: + description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + status: + description: Status represents the current state of the Trigger. This data may be out of date. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscriberUri: + description: SubscriberURI is the resolved URI of the receiver for this Trigger. + type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: OIDC audience of the subscriber. + type: string + names: + kind: Trigger + plural: triggers + singular: trigger + categories: + - all + - knative + - eventing + scope: Namespaced + +--- diff --git a/cmd/operator/kodata/knative-eventing/1.21.3/2-eventing-core.yaml b/cmd/operator/kodata/knative-eventing/1.21.3/2-eventing-core.yaml new file mode 100644 index 0000000000..3529a62a3d --- /dev/null +++ b/cmd/operator/kodata/knative-eventing/1.21.3/2-eventing-core.yaml @@ -0,0 +1,8456 @@ +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Namespace +metadata: + name: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: eventing-controller + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-controller + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-controller-resolver + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: addressable-resolver + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-controller-source-observer + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: source-observer + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-controller-sources-controller + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-sources-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-controller-manipulator + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: channelable-manipulator + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-controller-crossnamespace-subscriber + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: crossnamespace-subscriber + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: job-sink + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-eventing-job-sink + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: job-sink + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-job-sink + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pingsource-mt-adapter + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-eventing-pingsource-mt-adapter + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: pingsource-mt-adapter + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-pingsource-mt-adapter + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: request-reply + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-eventing-request-reply + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: request-reply + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-request-reply + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: eventing-webhook + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-webhook + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-webhook + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-webhook + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: knative-eventing + name: eventing-webhook + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-webhook + namespace: knative-eventing +roleRef: + kind: Role + name: knative-eventing-webhook + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-webhook-resolver + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-webhook + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: addressable-resolver + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-webhook-podspecable-binding + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-webhook + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: podspecable-binding + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-br-default-channel + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +data: + channel-template-spec: | + apiVersion: messaging.knative.dev/v1 + kind: InMemoryChannel + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-br-defaults + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +data: + # Configures the default for any Broker that does not specify a spec.config or Broker class. + default-br-config: | + clusterDefault: + brokerClass: MTChannelBasedBroker + apiVersion: v1 + kind: ConfigMap + name: config-br-default-channel + namespace: knative-eventing + delivery: + retry: 10 + backoffPolicy: exponential + backoffDelay: PT0.2S + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: default-ch-webhook + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +data: + # Configuration for defaulting channels that do not specify CRD implementations. + default-ch-config: | + clusterDefault: + apiVersion: messaging.knative.dev/v1 + kind: InMemoryChannel + namespaceDefaults: + some-namespace: + apiVersion: messaging.knative.dev/v1 + kind: InMemoryChannel + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-ping-defaults + namespace: knative-eventing + annotations: + knative.dev/example-checksum: "9185c153" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Max number of bytes allowed to be sent for message excluding any + # base64 decoding. Default is no limit set for data + data-max-size: -1 + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: eventing-integrations-images + namespace: knative-eventing + labels: + app.kubernetes.io/version: "v1.21.0" +data: + aws-eventbridge-sink: gcr.io/knative-releases/aws-eventbridge-sink@sha256:2dc612ab600c3813e48adb8e190136859ce06d21a62ea90ed2dc621e31ea74f3 + timer-source: gcr.io/knative-releases/timer-source@sha256:1f8d9650068bf96e09a07381e0c0ac35a8e04456c9a5cfc298f7438c4b6ffe2d + aws-ddb-streams-source: gcr.io/knative-releases/aws-ddb-streams-source@sha256:c5110873d0a99c78aa2848a570892d01610c661e0580c20e973dd08187e5a340 + aws-sqs-sink: gcr.io/knative-releases/aws-sqs-sink@sha256:496e8b7ca049d71189b96b6f4e0cb23f2ce93f206df53a32a05310ed0a014fbd + log-sink: gcr.io/knative-releases/log-sink@sha256:7dc1fa9d49f797296808928dd525005a445a7c17b18017103482453a71adfb07 + aws-s3-sink: gcr.io/knative-releases/aws-s3-sink@sha256:10859fa6ea1823173310ad94d4cc9bd716a174fb05fc09e0f4eeae92b1742cc0 + aws-sns-sink: gcr.io/knative-releases/aws-sns-sink@sha256:5860b307f309d4adb3e19e26a171829dc74cc9e308bc3660d8bb142cc064a6ca + aws-sqs-source: gcr.io/knative-releases/aws-sqs-source@sha256:08e46406ba34c0936a6e591161c84446cfc9de1152ee80bc4b71aa37ec1aae88 + jsonata-transformer: gcr.io/knative-releases/jsonata-transformer@sha256:646c30b48edef26510fbf720189b514d758c56b9782a1f0206d08525f94ef661 + aws-s3-source: gcr.io/knative-releases/aws-s3-source@sha256:eab34dadd20a3c418d0df0e6ec2ff8ab9f974598b7a40544b4fc40129057762b + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: eventing-transformations-images + namespace: knative-eventing + labels: + app.kubernetes.io/version: "v1.21.0" +data: + transform-jsonata: gcr.io/knative-releases/transform-jsonata@sha256:293eb9924e1e33de679181f8e932afed6947961aef2fd684e77cb7293ca3510e + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-features + namespace: knative-eventing + labels: + knative.dev/config-propagation: original + knative.dev/config-category: eventing + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +data: + # ALPHA feature: The kreference-group allows you to use the Group field in KReferences. + # For more details: https://github.com/knative/eventing/issues/5086 + kreference-group: "disabled" + # ALPHA feature: The delivery-retryafter allows you to use the RetryAfter field in DeliverySpec. + # For more details: https://github.com/knative/eventing/issues/5811 + delivery-retryafter: "disabled" + # BETA feature: The delivery-timeout allows you to use the Timeout field in DeliverySpec. + # For more details: https://github.com/knative/eventing/issues/5148 + delivery-timeout: "enabled" + # ALPHA feature: The kreference-mapping allows you to map kreference onto templated URI + # For more details: https://github.com/knative/eventing/issues/5593 + kreference-mapping: "disabled" + # BETA feature: The transport-encryption flag allows you to encrypt events in transit using the transport layer security (TLS) protocol. + # For more details: https://github.com/knative/eventing/issues/5957 + transport-encryption: "disabled" + # ALPHA feature: The eventtype-auto-create flag allows automatic creation of Even Type instances based on Event's type being processed. + # For more details: https://github.com/knative/eventing/issues/6909 + eventtype-auto-create: "disabled" + # ALPHA feature: The aauthentication-oidc flag allows you to use OIDC authentication for Eventing. + # For more details: https://github.com/knative/eventing/issues/7174 + authentication-oidc: "disabled" + # ALPHA feature: The default-authorization-mode flag allows you to change the default + # authorization mode for resources that have no EventPolicy associated with them. + # + # This feature flag is only used when "authentication-oidc" is enabled. + default-authorization-mode: "allow-same-namespace" + # ALPHA feature: The cross-namespace-event-links flag allows you to use cross-namespace referencing for Eventing. + # For more details: https://github.com/knative/eventing/issues/7739 + cross-namespace-event-links: "disabled" + # ALPHA feature: The new-apiserversource-filters flag allows you to use the new `filters` field + # in APIServerSource objects with its rich filtering capabilities. + new-apiserversource-filters: "disabled" + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kreference-mapping + namespace: knative-eventing + labels: + knative.dev/config-propagation: original + knative.dev/config-category: eventing + annotations: + knative.dev/example-checksum: "7375dbe1" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + + # this is an example of mapping from pod to addressable-pod service + # the data key must be of the form "kind.version.group" + # the data value must be a valid URL. Valid template data are: + # - Name: reference name + # - Namespace: reference namespace + # - SystemNamespace: knative namespace + # - UID: reference UID + # + # Pod.v1: https://addressable-pod.{{ .SystemNamespace }}.svc.cluster.local/{{ .Name }} + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + annotations: + knative.dev/example-checksum: "f7948630" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "15s" + + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "10s" + + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "2s" + + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: knative-eventing + labels: + knative.dev/config-propagation: original + knative.dev/config-category: eventing + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +data: + # Common configuration for all Knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "ts", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + # For all components changes are be picked up immediately. + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: knative-eventing + labels: + knative.dev/config-propagation: original + knative.dev/config-category: eventing + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + annotations: + knative.dev/example-checksum: "0270bb17" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics-protocol field specifies the protocol used when exporting metrics + # It supports either 'none' (the default), 'prometheus', 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC) + metrics-protocol: http/protobuf + + # metrics-endpoint field specifies the destination metrics should be exported to. + # + # The endpoint MUST be set when the protocol is http/protobuf or grpc. + # The endpoint MUST NOT be set when the protocol is none. + # + # When the protocol is prometheus the endpoint can accept a 'host:port' string to customize the + # listening host interface and port. + metrics-endpoint: http://collector.otel.svc.cluster.local/ + + # metrics-export-interval specifies the global metrics reporting period for control and data plane components. + # If a zero or negative value is passed the default reporting OTel period is used (60 secs). + metrics-export-interval: 60s + + # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating + # a failure to send a cloud event to the sink. + sink-event-error-reporting.enable: "false" + + # runtime-profiling indicates whether it is allowed to retrieve runtime profiling data from + # the pods via an HTTP server in the format expected by the pprof visualization tool. When + # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. + # The HTTP context root for profiling is then /debug/pprof/. + runtime-profiling: enabled + + # tracing-protocol field specifies the protocol used when exporting traces + # It supports either 'none' (the default), 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC) + # or `stdout` for debugging purposes + tracing-protocol: http/protobuf + + # tracing-endpoint field specifies the destination traces should be exporter to. + # + # The endpoint MUST be set when the protocol is http/protobuf or grpc. + # The endpoint MUST NOT be set when the protocol is none. + tracing-endpoint: http://jaeger-collector.observability:4318/v1/traces + + # tracing-sampling-rate allows the user to specify what percentage of all traces should be exported + # The value should be between 0 (never sample) to 1 (always sample) + tracing-sampling-rate: "1" + +--- +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-sugar + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + annotations: + knative.dev/example-checksum: "62dfac6f" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # namespace-selector specifies a LabelSelector which + # determines which namespaces the Sugar Controller should operate upon + # Use an empty value to disable the feature (this is the default): + namespace-selector: "" + + # Use an empty object as a string to enable for all namespaces + namespace-selector: "{}" + + # trigger-selector specifies a LabelSelector which + # determines which triggers the Sugar Controller should operate upon + # Use an empty value to disable the feature (this is the default): + trigger-selector: "" + + # Use an empty object as string to enable for all triggers + trigger-selector: "{}" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-tracing + namespace: knative-eventing + labels: + knative.dev/config-propagation: original + knative.dev/config-category: eventing + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + annotations: + knative.dev/example-checksum: "04c7e9a3" +data: + _example: | + ########################################################### + # # + # This config is deprecated - use config-observability # + # # + ########################################################### + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: eventing-controller + namespace: knative-eventing + labels: + knative.dev/high-availability: "true" + app.kubernetes.io/component: eventing-controller + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + selector: + matchLabels: + app: eventing-controller + template: + metadata: + labels: + app: eventing-controller + app.kubernetes.io/component: eventing-controller + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: eventing-controller + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: eventing-controller + enableServiceLinks: false + containers: + - name: eventing-controller + terminationMessagePolicy: FallbackToLogsOnError + image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:3ba66b3ba4440bf9e9de0d9d4d7634b5edf06800c73bb6e7c0a430bdd0529802 + resources: + requests: + cpu: 100m + memory: 100Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/eventing + # APIServerSource + - name: APISERVER_RA_IMAGE + value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:69c2a4311e707ae064af8ca2328641ce7cccfe59d2c30af50bbd3d4659f31d68 + - name: AUTH_PROXY_IMAGE + value: gcr.io/knative-releases/knative.dev/eventing/cmd/auth_proxy@sha256:e25970a6329df9dfbea94c0ad3fc6ed3ffd067e0b6949f141b8043987c35c0e2 + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: EVENT_TRANSFORM_JSONATA_IMAGE + valueFrom: + configMapKeyRef: + key: transform-jsonata + name: eventing-transformations-images + - name: INTEGRATION_SOURCE_TIMER_IMAGE + valueFrom: + configMapKeyRef: + key: timer-source + name: eventing-integrations-images + - name: INTEGRATION_SOURCE_AWS_S3_IMAGE + valueFrom: + configMapKeyRef: + key: aws-s3-source + name: eventing-integrations-images + - name: INTEGRATION_SOURCE_AWS_SQS_IMAGE + valueFrom: + configMapKeyRef: + key: aws-sqs-source + name: eventing-integrations-images + - name: INTEGRATION_SOURCE_AWS_DDB_STREAMS_IMAGE + valueFrom: + configMapKeyRef: + key: aws-ddb-streams-source + name: eventing-integrations-images + - name: INTEGRATION_SINK_LOG_IMAGE + valueFrom: + configMapKeyRef: + key: log-sink + name: eventing-integrations-images + - name: INTEGRATION_SINK_AWS_S3_IMAGE + valueFrom: + configMapKeyRef: + key: aws-s3-sink + name: eventing-integrations-images + - name: INTEGRATION_SINK_AWS_SQS_IMAGE + valueFrom: + configMapKeyRef: + key: aws-sqs-sink + name: eventing-integrations-images + - name: INTEGRATION_SINK_AWS_SNS_IMAGE + valueFrom: + configMapKeyRef: + key: aws-sns-sink + name: eventing-integrations-images + ## Adapter settings + # - name: K_LOGGING_CONFIG + # value: '' + # - name: K_LEADER_ELECTION_CONFIG + # value: '' + # - name: K_NO_SHUTDOWN_AFTER + # value: '' + ## Time in seconds the adapter will wait for the sink to respond. Default is no timeout + # - name: K_SINK_TIMEOUT + # value: '' + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: job-sink + namespace: knative-eventing + labels: + app.kubernetes.io/component: job-sink + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + replicas: 1 + selector: + matchLabels: + sinks.knative.dev/sink: job-sink + template: + metadata: + labels: + sinks.knative.dev/sink: job-sink + app.kubernetes.io/component: job-sink + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + sinks.knative.dev/sink: job-sink + topologyKey: kubernetes.io/hostname + weight: 100 + enableServiceLinks: false + containers: + - name: job-sink + terminationMessagePolicy: FallbackToLogsOnError + image: gcr.io/knative-releases/knative.dev/eventing/cmd/jobsink@sha256:e95fcc3192e3220a1ebca00ef73d10bbed4a6d69708aa8a3267efec3ba9730ee + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: CONTAINER_NAME + value: job-sink + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/internal/eventing + - name: INGRESS_PORT + value: "8080" + - name: INGRESS_PORT_HTTPS + value: "8443" + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 5 + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + terminationMessagePath: /dev/termination-log + resources: + requests: + cpu: 125m + memory: 64Mi + limits: + cpu: 1000m + memory: 2048Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + serviceAccountName: job-sink +--- +apiVersion: v1 +kind: Service +metadata: + labels: + sinks.knative.dev/sink: job-sink + app.kubernetes.io/component: job-sink + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + name: job-sink + namespace: knative-eventing +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 + - name: http-metrics + port: 9092 + protocol: TCP + targetPort: 9092 + selector: + sinks.knative.dev/sink: job-sink + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pingsource-mt-adapter + namespace: knative-eventing + labels: + app.kubernetes.io/component: pingsource-mt-adapter + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + # when set to 0 (and only 0) will be set to 1 when the first PingSource is created. + replicas: 0 + selector: + matchLabels: + eventing.knative.dev/source: ping-source-controller + sources.knative.dev/role: adapter + template: + metadata: + labels: + eventing.knative.dev/source: ping-source-controller + sources.knative.dev/role: adapter + app.kubernetes.io/component: pingsource-mt-adapter + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + eventing.knative.dev/source: ping-source-controller + sources.knative.dev/role: adapter + topologyKey: kubernetes.io/hostname + weight: 100 + enableServiceLinks: false + containers: + - name: dispatcher + image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:4c33afca70dfbf551d7f39382c58656734aff82eccd66451af9fef8cd56e77c7 + env: + - name: SYSTEM_NAMESPACE + value: '' + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: NAMESPACE + value: '' + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + # DO NOT MODIFY: The values below are being filled by the ping source controller + # See 500-controller.yaml + - name: K_OBSERVABILITY_CONFIG + value: '{}' + - name: K_LOGGING_CONFIG + value: '' + - name: K_LEADER_ELECTION_CONFIG + value: '' + - name: K_NO_SHUTDOWN_AFTER + value: '' + - name: K_SINK_TIMEOUT + value: '-1' + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + ports: + - containerPort: 9090 + name: metrics + protocol: TCP + - name: probes + containerPort: 8080 + resources: + requests: + cpu: 125m + memory: 64Mi + limits: + cpu: 1000m + memory: 2048Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + serviceAccountName: pingsource-mt-adapter + +--- +# Copyright 2025 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: request-reply + namespace: knative-eventing + labels: + app.kubernetes.io/component: request-reply + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + replicas: 1 + selector: + matchLabels: + eventing.knative.dev/part-of: request-reply + template: + metadata: + labels: + eventing.knative.dev/part-of: request-reply + app.kubernetes.io/component: request-reply + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + spec: + containers: + - name: request-reply + image: gcr.io/knative-releases/knative.dev/eventing/cmd/requestreply@sha256:19918e562da19faf9b33c51fc3895182ef67920ee63ff5c8c69060f0ca0addec + volumeMounts: + - name: aes-keys + mountPath: /etc/secrets + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_INDEX + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: HTTP_PORT + value: "8080" + - name: HTTPS_PORT + value: "8443" + - name: SECRETS_PATH + value: "/etc/secrets" + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + serviceAccountName: request-reply + volumes: + - name: aes-keys + secret: + secretName: request-reply-keys + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + labels: + eventing.knative.dev/part-of: request-reply + app.kubernetes.io/component: request-reply + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + name: request-reply + namespace: knative-eventing +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 + selector: + eventing.knative.dev/part-of: request-reply +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + eventing.knative.dev/part-of: request-reply + app.kubernetes.io/component: request-reply + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + name: request-reply-keys + namespace: knative-eventing + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: eventing-webhook + namespace: knative-eventing + labels: + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: eventing-webhook + minReplicas: 1 + maxReplicas: 5 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 100 +--- +# Webhook PDB. +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: eventing-webhook + namespace: knative-eventing + labels: + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + minAvailable: 80% + selector: + matchLabels: + app: eventing-webhook + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: eventing-webhook + namespace: knative-eventing + labels: + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + selector: + matchLabels: + app: eventing-webhook + role: eventing-webhook + template: + metadata: + labels: + app: eventing-webhook + role: eventing-webhook + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: eventing-webhook + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: eventing-webhook + enableServiceLinks: false + containers: + - name: eventing-webhook + terminationMessagePolicy: FallbackToLogsOnError + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:3ff491e05036af7c8821b9218e97ca8d14f1a7630b1faa77d6fff1237fd14f7a + resources: + requests: + # taken from serving. + cpu: 100m + memory: 50Mi + limits: + # taken from serving. + cpu: 200m + memory: 200Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: METRICS_DOMAIN + value: knative.dev/eventing + - name: WEBHOOK_NAME + value: eventing-webhook + - name: WEBHOOK_PORT + value: "8443" + # SINK_BINDING_SELECTION_MODE specifies the NamespaceSelector and ObjectSelector + # for the sinkbinding webhook. + # If `inclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/include:true` + # will be considered by the sinkbinding webhook; + # If `exclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/exclude:true` + # will NOT be considered by the sinkbinding webhook. + # The default is `exclusion`. + - name: SINK_BINDING_SELECTION_MODE + value: "exclusion" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + ports: + - name: https-webhook + containerPort: 8443 + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + readinessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + initialDelaySeconds: 120 + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + role: eventing-webhook + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + name: eventing-webhook + namespace: knative-eventing +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + role: eventing-webhook + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + annotations: + # TODO add schemas + registry.knative.dev/eventTypes: | + [ + { + "type": "dev.knative.apiserver.resource.add", + "description": "CloudEvent type used for add operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.delete", + "description": "CloudEvent type used for delete operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.update", + "description": "CloudEvent type used for update operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.ref.add", + "description": "CloudEvent type used for add operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.delete", + "description": "CloudEvent type used for delete operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.update", + "description": "CloudEvent type used for update operations when in Reference mode" + } + ] + name: apiserversources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - resources + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + mode: + description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` + type: string + owner: + description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. + type: object + properties: + apiVersion: + description: APIVersion - the API version of the resource to watch. + type: string + kind: + description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + resources: + description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. + type: array + items: + type: object + properties: + apiVersion: + description: APIVersion - the API version of the resource to watch. + type: string + kind: + description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + selector: + description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. + type: string + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + namespaceSelector: + description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string + namespaces: + description: Namespaces show the namespaces currently watched by the ApiServerSource + type: array + items: + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + categories: + - all + - knative + - sources + kind: ApiServerSource + plural: apiserversources + singular: apiserversource + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: brokers.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' + type: object + properties: + spec: + description: Spec defines the desired state of the Broker. + type: object + properties: + config: + description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + delivery: + description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + status: + description: Status represents the current state of the Broker. This data may be out of date. + type: object + properties: + address: + description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Broker is Addressable. It exposes the endpoints as URIs to get events delivered into the Broker mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: Class + type: string + priority: 1 + jsonPath: '.metadata.annotations.eventing\.knative\.dev/broker\.class' + names: + kind: Broker + plural: brokers + singular: broker + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: channels.messaging.knative.dev + labels: + knative.dev/crd-install: "true" + messaging.knative.dev/subscribable: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: messaging.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + schema: + openAPIV3Schema: + description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' + type: object + properties: + spec: + description: Spec defines the desired state of the Channel. + type: object + properties: + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + type: object + x-kubernetes-preserve-unknown-fields: true + delivery: + description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + subscribers: + description: This is the list of subscriptions for this subscribable. + type: array + items: + type: object + properties: + delivery: + description: DeliverySpec contains options controlling the event delivery + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + generation: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + name: + description: The name of the subscription + type: string + replyUri: + description: ReplyURI is the endpoint for the reply + type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string + subscriberUri: + description: SubscriberURI is the endpoint for the subscriber + type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + status: + description: Status represents the current state of the Channel. This data may be out of date. + type: object + properties: + address: + description: Channel is Addressable. It exposes the endpoint as an URI to get events delivered into the Channel mesh. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Channel is Addressable. It exposes the endpoints as URIs to get events delivered into the Channel mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + channel: + description: Channel is an KReference to the Channel CRD backing this Channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + deadLetterChannel: + description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscribers: + description: This is the list of subscription's statuses for this channel. + type: array + items: + type: object + properties: + message: + description: A human readable message indicating details of Ready status. + type: string + observedGeneration: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + ready: + description: Status of the subscriber. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + names: + kind: Channel + plural: channels + singular: channel + categories: + - all + - knative + - messaging + - channel + shortNames: + - ch + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + name: containersources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' + type: object + properties: + spec: + type: object + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. + template: + type: object + x-kubernetes-preserve-unknown-fields: true + description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + categories: + - all + - knative + - sources + kind: ContainerSource + plural: containersources + singular: containersource + scope: Namespaced + +--- +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventpolicies.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + description: Spec defines the desired state of the EventPolicy. + type: object + properties: + from: + description: From is the list of sources or oidc identities, which are allowed to send events to the targets (.spec.to). + type: array + items: + type: object + properties: + ref: + description: Ref contains a direct reference to a resource which is allowed to send events to the target. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + sub: + description: Sub sets the OIDC identity name to be allowed to send events to the target. It is also possible to set a glob-like pattern to match any suffix. + type: string + to: + description: To lists all resources for which this policy applies. Resources in this list must act like an ingress and have an audience. The resources are part of the same namespace as the EventPolicy. An empty list means it applies to all resources in the EventPolicies namespace + type: array + items: + type: object + properties: + ref: + description: Ref contains the direct reference to a target + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + selector: + description: Selector contains a selector to group targets + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + filters: + description: 'Filters is an array of SubscriptionsAPIFilters that evaluate to true or false. If any filter expression in the array evaluates to false, the event will not continue pass the ingress of the target resources of the policy' + type: array + items: + type: object + properties: + all: + description: 'All evaluates to true if all the nested expressions evaluate to true. It must contain at least one filter expression' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + any: + description: 'Any evaluates to true if any of the nested expressions evaluate to true. It must contain at least one filter expression' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + cesql: + description: 'CESQL is a CloudEvents SQL v1 expression that will evaluate to true or false for each CloudEvent.' + type: string + exact: + description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all exactly match with the associated value string specified (case sensitive)' + type: object + x-kubernetes-preserve-unknown-fields: true + not: + description: 'Not evaluates to true if the nested expression evaluates to false.' + type: object + x-kubernetes-preserve-unknown-fields: true + prefix: + description: 'Prefix evaluates to true if the values of the matching CloudEvents attributes all start with the associated value string specified (case sensitive)' + type: object + x-kubernetes-preserve-unknown-fields: true + suffix: + description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all end with the associated value string specified (case sensitive)' + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status represents the current state of the EventPolicy. This data may be out of date. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + from: + description: From is the list of resolved oidc identities from .spec.from + type: array + items: + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: EventPolicy + plural: eventpolicies + singular: eventpolicy + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2025 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventtransforms.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + description: Spec defines the desired state of the EventTransform. + type: object + properties: + jsonata: + type: object + properties: + expression: + description: Expression is the JSONata expression (https://jsonata.org/). + type: string + reply: + description: | + Reply is the configuration on how to handle responses from Sink. It can only be set if Sink is set. + Only one "type" can be used. + The used type must match the top-level transformation, if you need to mix transformation types, use compositions and chain transformations together to achieve your desired outcome. + type: object + properties: + jsonata: + type: object + properties: + expression: + description: Expression is the JSONata expression (https://jsonata.org/). + type: string + discard: + description: | + Discard discards responses from Sink and return empty response body. + When set to false, it returns the exact sink response body. + When set to true, Discard is mutually exclusive with EventTransformations in the reply + section, it can either be discarded or transformed. + Default: false. + type: boolean + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink. If not present, the transformation will send back the transformed event as response, this is useful to leverage the built-in Broker reply feature to re-publish a transformed event back to the broker. ' + type: object + properties: + CACerts: + description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any. + type: string + audience: + description: Audience is the OIDC audience. This need only be set, if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. In case the Addressable specifies an Audience too, the Destinations Audience takes preference. + type: string + ref: + description: Ref points to an Addressable. + type: object + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + status: + description: Status represents the current state of the EventTransform. This data may be out of date. + type: object + properties: + address: + description: Address is a single Addressable address. If Addresses is present, Address will be ignored by clients. + type: object + required: + - url + properties: + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + addresses: + description: Addresses is a list of addresses for different protocols (HTTP and HTTPS) If Addresses is present, Address must be ignored by clients. + type: array + items: + type: object + required: + - url + properties: + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth defines the attributes that provide the generated service account name in the resource status. + type: object + required: + - serviceAccountName + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. This list can have len() > 1, when the component uses multiple identities (e.g. in case of a Parallel). + type: array + items: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + jsonata: + description: JsonataTransformationStatus is the status associated with JsonataEventTransformationSpec. + type: object + properties: + deployment: + type: object + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. + type: integer + format: int32 + collisionCount: + description: Count of hash collisions for the Deployment. The Deployment controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ReplicaSet. + type: integer + format: int32 + conditions: + description: Represents the latest available observations of a deployment's current state. + type: array + items: + type: object + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + lastUpdateTime: + description: The last time this condition was updated. + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of deployment condition. + type: string + observedGeneration: + description: The generation observed by the deployment controller. + type: integer + format: int64 + readyReplicas: + description: readyReplicas is the number of pods targeted by this Deployment with a Ready Condition. + type: integer + format: int32 + replicas: + description: Total number of non-terminated pods targeted by this deployment (their labels match the selector). + type: integer + format: int32 + unavailableReplicas: + description: Total number of unavailable pods targeted by this deployment. This is the total number of pods that are still required for the deployment to have 100% available capacity. They may either be pods that are running but not yet available or pods that still have not been created. + type: integer + format: int32 + updatedReplicas: + description: Total number of non-terminated pods targeted by this deployment that have the desired template spec. + type: integer + format: int32 + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkAudience: + description: SinkAudience is the OIDC audience of the sink. + type: string + sinkCACerts: + description: SinkCACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: ".status.address.url" + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: EventTransform + plural: eventtransforms + singular: eventtransform + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventtypes.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1beta3 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + address: + description: 'Address points to a specific Address Name' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + attributes: + description: "CloudEvent attribute and extension attributes." + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: "Name of the CloudEvent attribute." + required: + type: boolean + description: "Indicates whether the attribute is required." + value: + type: string + description: "Value of the attribute. May be a template string using curly brackets {} to represent variable sections of the string." + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.attributes[?(@.name=='type')].value" + - name: Source + type: string + jsonPath: ".spec.attributes[?(@.name=='source')].value" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + broker: + type: string + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + address: + description: 'Address points to a specific Address Name' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + schema: + description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' + type: string + schemaData: + description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' + type: string + source: + description: 'Source is a URI, it represents the CloudEvents source.' + type: string + type: + description: 'Type represents the CloudEvents type. It is authoritative.' + type: string + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.type" + - name: Source + type: string + jsonPath: ".spec.source" + - name: Schema + type: string + jsonPath: ".spec.schema" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + broker: + type: string + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + address: + description: 'Address points to a specific Address Name' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + schema: + description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' + type: string + schemaData: + description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' + type: string + source: + description: 'Source is a URI, it represents the CloudEvents source.' + type: string + type: + description: 'Type represents the CloudEvents type. It is authoritative.' + type: string + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.type" + - name: Source + type: string + jsonPath: ".spec.source" + - name: Schema + type: string + jsonPath: ".spec.schema" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + # This indicates the v1beta1 version of the custom resource is deprecated. + # API requests to this version receive a warning header in the server response. + deprecated: true + # This overrides the default warning returned to API clients making v1beta1 API requests. + deprecationWarning: "eventing.knative.dev/v1beta1 EventType is deprecated; see https://knative.dev/docs/eventing/event-registry/ for instructions to migrate to eventing.knative.dev/v1beta2 EventType" + # v1beta1 schema is identical to the v1beta2 schema + names: + kind: EventType + plural: eventtypes + singular: eventtype + categories: + - all + - knative + - eventing + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: integrationsinks.sinks.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: sinks.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'IntegrationSink sends events to generic event sink' + type: object + properties: + spec: + description: Spec defines the desired state of the IntegrationSink. + type: object + properties: + log: + type: object + properties: + loggerName: + type: string + title: Logger Name + description: Name of the logging category to use + default: log-sink + level: + type: string + title: Log Level + description: Logging level to use + default: INFO + logMask: + type: boolean + title: Log Mask + description: Mask sensitive information like password or passphrase in the log + default: false + marker: + type: string + title: Marker + description: An optional Marker name to use + multiline: + type: boolean + title: Multiline + description: If enabled then each information is outputted on a newline + default: false + showAllProperties: + type: boolean + title: Show All Properties + description: Show all of the exchange properties (both internal and custom) + default: false + showBody: + type: boolean + title: Show Body + description: Show the message body + default: true + showBodyType: + type: boolean + title: Show Body Type + description: Show the body Java type + default: true + showExchangePattern: + type: boolean + title: Show Exchange Pattern + description: Shows the Message Exchange Pattern (or MEP for short) + default: true + showHeaders: + type: boolean + title: Show Headers + description: Show the headers received + default: false + showProperties: + type: boolean + title: Show Properties + description: Show the exchange properties (only custom). Use showAllProperties to show both internal and custom properties. + default: false + showStreams: + type: boolean + title: Show Streams + description: Show the stream bodies (they may not be available in following steps) + default: false + showCachedStreams: + type: boolean + title: Show Cached Streams + description: Whether Camel should show cached stream bodies or not. + default: true + aws: + type: object + properties: + s3: + type: object + properties: + arn: + type: string + title: Bucket Name + description: The S3 Bucket name or Amazon Resource Name (ARN). + deleteAfterRead: + type: boolean + title: Auto-delete Objects + description: Specifies to delete objects after consuming them. + default: true + moveAfterRead: + type: boolean + title: Move Objects After Delete + description: Move objects from S3 bucket to a different bucket after they have been retrieved. + default: false + destinationBucket: + type: string + title: Destination Bucket + description: Define the destination bucket where an object must be moved when moveAfterRead is set to true. + destinationBucketPrefix: + type: string + title: Destination Bucket Prefix + description: Define the destination bucket prefix to use when an object must be moved, and moveAfterRead is set to true. + destinationBucketSuffix: + type: string + title: Destination Bucket Suffix + description: Define the destination bucket suffix to use when an object must be moved, and moveAfterRead is set to true. + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateBucket: + type: boolean + title: Autocreate Bucket + description: Specifies to automatically create the S3 bucket. + default: false + prefix: + type: string + title: Prefix + description: The AWS S3 bucket prefix to consider while searching. + example: folder/ + ignoreBody: + type: boolean + title: Ignore Body + description: If true, the S3 Object body is ignored. Setting this to true overrides any behavior defined by the `includeBody` option. If false, the S3 object is put in the body. + default: false + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + forcePathStyle: + type: boolean + title: Force Path Style + description: Forces path style when accessing AWS S3 buckets. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected bucket. + default: 500 + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: Gets the maximum number of messages as a limit to poll at each polling. Gets the maximum number of messages as a limit to poll at each polling. The default value is 10. Use 0 or a negative number to set it as unlimited. + default: 10 + sqs: + type: object + properties: + arn: + type: string + title: Queue Name + description: The SQS Queue Name or ARN + deleteAfterRead: + type: boolean + title: Auto-delete Messages + description: Delete messages after consuming them + default: true + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateQueue: + type: boolean + title: Autocreate Queue + description: Setting the autocreation of the SQS queue. + default: false + host: + type: string + title: AWS Host + description: The hostname of the Amazon AWS cloud. + default: amazonaws.com + protocol: + type: string + title: Protocol + description: The underlying protocol used to communicate with SQS + default: https + example: http or https + queueURL: + type: string + title: Queue URL + description: The full SQS Queue URL (required if using KEDA) + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected stream + default: 500 + greedy: + type: boolean + title: Greedy Scheduler + description: If greedy is enabled, then the polling will happen immediately again, if the previous run polled 1 or more messages. + default: false + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: The maximum number of messages to return. Amazon SQS never returns more messages than this value (however, fewer messages might be returned). Valid values 1 to 10. Default 1. + default: 1 + waitTimeSeconds: + type: integer + title: Wait Time Seconds + description: The duration (in seconds) for which the call waits for a message to arrive in the queue before returning. If a message is available, the call returns sooner than WaitTimeSeconds. If no messages are available and the wait time expires, the call does not return a message list. + visibilityTimeout: + type: integer + title: Visibility Timeout + description: The duration (in seconds) that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request. + sns: + type: object + properties: + arn: + type: string + title: Topic Name + description: The SNS topic name name or Amazon Resource Name (ARN). + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateTopic: + type: boolean + title: Autocreate Topic + description: Setting the autocreation of the SNS topic. + default: false + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + auth: + description: 'Auth configurations' + type: object + properties: + secret: + description: 'Auth secret' + type: object + properties: + ref: + description: | + Secret reference. + type: object + required: + - name + properties: + name: + description: 'Secret name' + type: string + serviceAccountName: + description: 'Optional ServiceAccount to assign to pod. This enables the pod default credentials to be used instead of the auth secret.' + type: string + status: + description: Status represents the current state of the IntegrationSink. This data may be out of date. + type: object + properties: + address: + description: IntegrationSink is Addressable. It exposes the endpoints as URIs to get events delivered into the used Kamelet. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: IntegrationSink is Addressable. It exposes the endpoints as URIs to get events delivered into the used Kamelet. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: IntegrationSink + plural: integrationsinks + singular: integrationsink + categories: + - all + - knative + - eventing + - sink + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + name: integrationsources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'IntegrationSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' + type: object + properties: + spec: + type: object + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + timer: + type: object + properties: + period: + type: integer + title: Period + description: The interval (in milliseconds) to wait between producing the next message. + default: 1000 + message: + type: string + title: Message + description: The message to generate. + example: hello world + contentType: + type: string + title: Content Type + description: The content type of the generated message. + default: text/plain + repeatCount: + type: integer + title: Repeat Count + description: Specifies a maximum limit of number of fires + aws: + type: object + properties: + s3: + type: object + properties: + arn: + type: string + title: Bucket Name + description: The S3 Bucket name or Amazon Resource Name (ARN). + deleteAfterRead: + type: boolean + title: Auto-delete Objects + description: Specifies to delete objects after consuming them. + default: true + moveAfterRead: + type: boolean + title: Move Objects After Delete + description: Move objects from S3 bucket to a different bucket after they have been retrieved. + default: false + destinationBucket: + type: string + title: Destination Bucket + description: Define the destination bucket where an object must be moved when moveAfterRead is set to true. + destinationBucketPrefix: + type: string + title: Destination Bucket Prefix + description: Define the destination bucket prefix to use when an object must be moved, and moveAfterRead is set to true. + destinationBucketSuffix: + type: string + title: Destination Bucket Suffix + description: Define the destination bucket suffix to use when an object must be moved, and moveAfterRead is set to true. + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateBucket: + type: boolean + title: Autocreate Bucket + description: Specifies to automatically create the S3 bucket. + default: false + prefix: + type: string + title: Prefix + description: The AWS S3 bucket prefix to consider while searching. + example: folder/ + ignoreBody: + type: boolean + title: Ignore Body + description: If true, the S3 Object body is ignored. Setting this to true overrides any behavior defined by the `includeBody` option. If false, the S3 object is put in the body. + default: false + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + forcePathStyle: + type: boolean + title: Force Path Style + description: Forces path style when accessing AWS S3 buckets. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected bucket. + default: 500 + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: Gets the maximum number of messages as a limit to poll at each polling. Gets the maximum number of messages as a limit to poll at each polling. The default value is 10. Use 0 or a negative number to set it as unlimited. + default: 10 + sqs: + type: object + properties: + arn: + type: string + title: Queue Name + description: The SQS Queue Name or ARN + deleteAfterRead: + type: boolean + title: Auto-delete Messages + description: Delete messages after consuming them + default: true + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateQueue: + type: boolean + title: Autocreate Queue + description: Setting the autocreation of the SQS queue. + default: false + host: + type: string + title: AWS Host + description: The hostname of the Amazon AWS cloud. + default: amazonaws.com + protocol: + type: string + title: Protocol + description: The underlying protocol used to communicate with SQS + default: https + example: http or https + queueURL: + type: string + title: Queue URL + description: The full SQS Queue URL (required if using KEDA) + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected stream + default: 500 + greedy: + type: boolean + title: Greedy Scheduler + description: If greedy is enabled, then the polling will happen immediately again, if the previous run polled 1 or more messages. + default: false + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: The maximum number of messages to return. Amazon SQS never returns more messages than this value (however, fewer messages might be returned). Valid values 1 to 10. Default 1. + default: 1 + waitTimeSeconds: + type: integer + title: Wait Time Seconds + description: The duration (in seconds) for which the call waits for a message to arrive in the queue before returning. If a message is available, the call returns sooner than WaitTimeSeconds. If no messages are available and the wait time expires, the call does not return a message list. + visibilityTimeout: + type: integer + title: Visibility Timeout + description: The duration (in seconds) that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request. + ddbStreams: + type: object + properties: + table: + type: string + title: Table + description: The name of the DynamoDB table. + region: + type: string + title: AWS Region + description: The AWS region to access. + streamIteratorType: + type: string + title: Stream Iterator Type + description: Defines where in the DynamoDB stream to start getting records. There are two enums and the value can be one of FROM_LATEST and FROM_START. Note that using FROM_START can cause a significant delay before the stream has caught up to real-time. + default: FROM_LATEST + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll from the database. + default: 500 + auth: + description: 'Auth configurations' + type: object + properties: + secret: + description: 'Auth secret' + type: object + properties: + ref: + description: | + Secret reference. + type: object + required: + - name + properties: + name: + description: 'Secret name' + type: string + serviceAccountName: + description: 'Optional ServiceAccount to assign to pod. This enables the pod default credentials to be used instead of the auth secret.' + type: string + template: + type: object + x-kubernetes-preserve-unknown-fields: true + description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: ".metadata.creationTimestamp" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + categories: + - all + - knative + - sources + kind: IntegrationSource + plural: integrationsources + singular: integrationsource + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: jobsinks.sinks.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: sinks.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'JobSink triggers long-running jobs when an event occur.' + type: object + properties: + spec: + description: Spec defines the desired state of the JobSink. + type: object + properties: + job: + type: object + description: Full Job resource object, see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#job-v1-batch for more details. + x-kubernetes-preserve-unknown-fields: true + status: + description: Status represents the current state of the JobSink. This data may be out of date. + type: object + properties: + address: + description: JobSink is Addressable. It exposes the endpoint as an URI to schedule long running jobs when an even occurs. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: JobSink is Addressable. It exposes the endpoint as an URI to schedule long running jobs when an even occurs. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + job: + type: object + properties: + selector: + type: string + description: Label selector for all scheduled jobs + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: JobSink + plural: jobsinks + singular: jobsink + categories: + - all + - knative + - eventing + - sink + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: parallels.flows.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: flows.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' + type: object + properties: + spec: + description: Spec defines the desired state of the Parallel. + type: object + properties: + branches: + description: Branches is the list of Filter/Subscribers pairs. + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + delivery: + description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + filter: + description: Filter is the expression guarding the branch + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + reply: + description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + subscriber: + description: Subscriber receiving the event when the filter passes + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + type: object + x-kubernetes-preserve-unknown-fields: true + reply: + description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + status: + description: Status represents the current state of the Parallel. This data may be out of date. + type: object + properties: + address: + description: Parallel is Addressable. It exposes the endpoint as an URI to get events delivered into the Parallel. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Parallel is Addressable. It exposes the endpoints as URIs to get events delivered into the Parallel. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + branchStatuses: + description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. + type: array + items: + type: object + properties: + filterChannelStatus: + description: FilterChannelStatus corresponds to the filter channel status. + type: object + properties: + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + filterSubscriptionStatus: + description: FilterSubscriptionStatus corresponds to the filter subscription status. + type: object + properties: + ready: + description: ReadyCondition indicates whether the Subscription is ready or not. + type: object + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + subscription: + description: Subscription is the reference to the underlying Subscription. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + subscriberSubscriptionStatus: + description: SubscriptionStatus corresponds to the subscriber subscription status. + type: object + properties: + ready: + description: ReadyCondition indicates whether the Subscription is ready or not. + type: object + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + subscription: + description: Subscription is the reference to the underlying Subscription. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + ingressChannelStatus: + description: IngressChannelStatus corresponds to the ingress channel status. + type: object + properties: + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Parallel + plural: parallels + singular: parallel + categories: + - all + - knative + - flows + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + annotations: + # TODO add schema + registry.knative.dev/eventTypes: | + [ + { + "type": "dev.knative.sources.ping", + "description": "CloudEvent type for fixed payloads on a specified cron schedule" + } + ] + name: pingsources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' + properties: + spec: + type: object + description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' + properties: + ceOverrides: + description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + type: object + properties: + extensions: + description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + type: object + additionalProperties: + type: string + x-kubernetes-preserve-unknown-fields: true + contentType: + description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' + type: string + data: + description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' + type: string + dataBase64: + description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." + type: string + schedule: + description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' + type: string + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + type: object + properties: + ref: + description: 'Ref points to an Addressable.' + type: object + properties: + apiVersion: + description: 'API version of the referent.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + timezone: + description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' + type: string + status: + type: object + description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + type: array + items: + type: object + properties: + source: + description: 'Source is the CloudEvents source attribute.' + type: string + type: + description: 'Type refers to the CloudEvent type attribute.' + type: string + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + type: integer + format: int64 + sinkUri: + description: 'SinkURI is the current active sink URI that has been configured for the Source.' + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: sinkAudience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Schedule + type: string + jsonPath: .spec.schedule + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: v1beta2 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' + properties: + spec: + type: object + description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' + properties: + ceOverrides: + description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + type: object + properties: + extensions: + description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + type: object + additionalProperties: + type: string + x-kubernetes-preserve-unknown-fields: true + contentType: + description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' + type: string + data: + description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' + type: string + dataBase64: + description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." + type: string + schedule: + description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' + type: string + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + type: object + properties: + ref: + description: 'Ref points to an Addressable.' + type: object + properties: + apiVersion: + description: 'API version of the referent.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + timezone: + description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' + type: string + status: + type: object + description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + type: array + items: + type: object + properties: + source: + description: 'Source is the CloudEvents source attribute.' + type: string + type: + description: 'Type refers to the CloudEvent type attribute.' + type: string + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + type: integer + format: int64 + sinkUri: + description: 'SinkURI is the current active sink URI that has been configured for the Source.' + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: sinkAudience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Schedule + type: string + jsonPath: .spec.schedule + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + # This indicates the v1beta2 version of the custom resource is deprecated. + # API requests to this version receive a warning header in the server response. + deprecated: true + # This overrides the default warning returned to API clients making v1beta2 API requests. + deprecationWarning: "sources.knative.dev/v1beta2 PingSource is deprecated; see https://knative.dev/docs/eventing/sources/ping-source/ for instructions to migrate to sources.knative.dev/v1 PingSource" + # v1 schema is identical to the v1beta2 schema + names: + categories: + - all + - knative + - sources + kind: PingSource + plural: pingsources + singular: pingsource + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + +--- +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: requestreplies.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + description: Spec defines the desired state of the RequestReply. + type: object + properties: + brokerRef: + description: A KReference referring to the broker this RequestReply forwards events to. CrossNamespace references are not allowed. + type: object + properties: + apiVersion: + description: API Version of the broker. + type: string + kind: + description: 'Kind of the broker. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the broker. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + correlationAttribute: + description: The name of the cloudevent attribute where the correlation id will be set on new events. + type: string + replyAttribute: + description: The name of the cloudevents attribute which will hold the correlation id for an event which will be treated as a reply. + type: string + timeout: + description: A ISO8601 string representing how long RequestReply holds onto an incoming request before it times out without a reply. + type: string + delivery: + description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + status: + description: Status represents the current state of the RequestReply. This data may be out of date. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + desiredReplicas: + description: The current replicas (StatefulSet pod + trigger) that are desired + type: integer + readyReplicas: + description: The current replicas (StatefulSet pod + trigger) that are ready + type: integer + address: + description: RequestReply is Addressable. It exposes the endpoint as an URI to get events delivered. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: RequestReply is Addressable. It exposes the endpoints as URIs to get events delivered. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates whichversion of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: ".status.address.url" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: RequestReply + plural: requestreplies + singular: requestreply + shortNames: + - rr + categories: + - all + - knative + - eventing + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sequences.flows.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: flows.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' + type: object + properties: + spec: + description: Spec defines the desired state of the Sequence. + type: object + properties: + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + type: object + x-kubernetes-preserve-unknown-fields: true + reply: + description: Reply is a Reference to where the result of the last Subscriber gets sent to. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + type: string + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the reply. + audience: + description: Audience is the OIDC audience of the reply. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + steps: + description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options + type: array + items: + type: object + properties: + delivery: + description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string + status: + description: Status represents the current state of the Sequence. This data may be out of date. + type: object + properties: + address: + description: Sequence is Addressable. It exposes the endpoint as an URI to get events delivered into the Sequence. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Sequence is Addressable. It exposes the endpoints as URIs to get events delivered into the Sequence. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + channelStatuses: + description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. + type: array + items: + type: object + properties: + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscriptionStatuses: + description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. + type: array + items: + type: object + properties: + ready: + description: ReadyCondition indicates whether the Subscription is ready or not. + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + subscription: + description: Subscription is the reference to the underlying Subscription. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Sequence + plural: sequences + singular: sequence + categories: + - all + - knative + - flows + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + duck.knative.dev/binding: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + name: sinkbindings.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' + type: object + properties: + spec: + type: object + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + subject: + description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: Kind of the referent. + type: string + name: + description: Name of the referent. Mutually exclusive with Selector. + type: string + namespace: + description: Namespace of the referent. + type: string + selector: + description: Selector of the referents. Mutually exclusive with Name. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string + oidcTokenSecretName: + description: Name of the secret with the OIDC token for the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + categories: + - all + - knative + - sources + - bindings + kind: SinkBinding + plural: sinkbindings + singular: sinkbinding + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: subscriptions.messaging.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: messaging.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' + type: object + properties: + spec: + type: object + properties: + channel: + description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion, name and namespace. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + delivery: + description: Delivery configuration + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + reply: + description: Reply specifies (optionally) how to handle events returned from the Subscriber target. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + subscriber: + description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the subscription trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + physicalSubscription: + description: PhysicalSubscription is the fully resolved values that this Subscription represents. + type: object + properties: + deadLetterSinkUri: + description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + replyUri: + description: ReplyURI is the fully resolved URI for the spec.reply. + type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string + subscriberUri: + description: SubscriberURI is the fully resolved URI for spec.subscriber. + type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string + additionalPrinterColumns: + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Subscription + plural: subscriptions + singular: subscription + categories: + - all + - knative + - messaging + shortNames: + - sub + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: triggers.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Broker + type: string + jsonPath: .spec.broker + - name: Subscriber_URI + type: string + jsonPath: .status.subscriberUri + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + schema: + openAPIV3Schema: + description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' + type: object + properties: + spec: + description: Spec defines the desired state of the Trigger. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + broker: + description: Broker is the broker that this trigger receives events from. + type: string + brokerRef: + description: 'Reference to a broker that is enabled for cross-namespace referencing. You can specify only the following fields of the KReference: kind, apiVersion, name and namespace.' + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + delivery: + description: Delivery contains the delivery spec for this specific trigger. + type: object + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + format: + description: Format is the format used to serialize the event into a http request when delivering the event. It can be json (for structured events), binary (for binary events), or unset. + type: string + filter: + description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events.' + type: object + properties: + attributes: + description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported.' + type: object + x-kubernetes-preserve-unknown-fields: true + filters: + description: 'Filters is an array of SubscriptionsAPIFilter that evaluate to true or false. If any filter expression in the array evaluates to false, the event must not be sent to the Subscriber. If all the filter expressions in the array evaluate to true, the event must be attempted to be delivered. Absence of a filter or empty array implies a value of true. In the event of users specifying both Filter and Filters, then the latter will override the former. This will allow users to try out the effect of the new Filters field without compromising the existing attribute-based Filter and try it out on existing Trigger objects.' + type: array + items: + type: object + properties: + all: + description: 'All evaluates to true if all the nested expressions evaluate to true. It must contain at least one filter expression.' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + any: + description: 'Any evaluates to true if at least one of the nested expressions evaluates to true. It must contain at least one filter expression.' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + cesql: + description: 'CESQL is a CloudEvents SQL expression that will be evaluated to true or false against each CloudEvent.' + type: string + exact: + description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all exactly match with the associated value String specified (case-sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + not: + description: 'Not evaluates to true if the nested expression evaluates to false.' + type: object + x-kubernetes-preserve-unknown-fields: true + prefix: + description: 'Prefix evaluates to true if the values of the matching CloudEvents attributes all start with the associated value String specified (case sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + suffix: + description: 'Suffix evaluates to true if the values of the matching CloudEvents attributes all end with the associated value String specified (case sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + subscriber: + description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + status: + description: Status represents the current state of the Trigger. This data may be out of date. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscriberUri: + description: SubscriberURI is the resolved URI of the receiver for this Trigger. + type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: OIDC audience of the subscriber. + type: string + names: + kind: Trigger + plural: triggers + singular: trigger + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need readonly access to "Addressables" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addressable-resolver + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/addressable: "true" +rules: [] # Rules are automatically filled in by the controller manager. +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: service-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: serving-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - serving.knative.dev + resources: + - routes + - routes/status + - services + - services/status + verbs: + - get + - list + - watch +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: channel-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - messaging.knative.dev + resources: + - channels + - channels/status + verbs: + - get + - list + - watch + - apiGroups: + - messaging.knative.dev + resources: + - channels/finalizers + verbs: + - update +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: broker-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - eventing.knative.dev + resources: + - brokers + - brokers/status + verbs: + - get + - list + - watch +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: flows-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - flows.knative.dev + resources: + - sequences + - sequences/status + - parallels + - parallels/status + verbs: + - get + - list + - watch +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: jobsinks-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - sinks.knative.dev + resources: + - jobsinks + - jobsinks/status + verbs: + - get + - list + - watch +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: integrationsinks-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - sinks.knative.dev + resources: + - integrationsinks + - integrationsinks/status + verbs: + - get + - list + - watch +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: eventtransforms-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - eventing.knative.dev + resources: + - eventtransforms + - eventtransforms/status + verbs: + - get + - list + - watch + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: knative-eventing-auth-proxy + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "configmaps" + resourceNames: + - "config-logging" + - "config-features" + verbs: + - "get" + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "list" + - "watch" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: eventing-broker-filter + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "eventing.knative.dev" + resources: + - "triggers" + - "triggers/status" + verbs: + - "get" + - "list" + - "watch" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: eventing-broker-ingress + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "get" + - "list" + - "watch" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: eventing-config-reader + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "get" + - "list" + - "watch" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need read and update permissions on "Channelables". +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: channelable-manipulator + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/channelable: "true" +rules: [] # Rules are automatically filled in by the controller manager. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: meta-channelable-manipulator + labels: + duck.knative.dev/channelable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. +rules: + - apiGroups: + - messaging.knative.dev + resources: + - channels + - channels/status + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-eventing-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["eventing.knative.dev"] + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-messaging-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["messaging.knative.dev"] + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-flows-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["flows.knative.dev"] + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-sources-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["sources.knative.dev"] + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-bindings-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["bindings.knative.dev"] + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-sinks-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["sinks.knative.dev"] + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-eventing-namespaced-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev", "sinks.knative.dev"] + resources: ["*"] + verbs: ["create", "update", "patch", "delete"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-eventing-namespaced-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev", "sinks.knative.dev"] + resources: ["*"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-controller + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "namespaces" + - "secrets" + - "configmaps" + - "services" + - "endpoints" + - "events" + - "serviceaccounts" + - "pods" + - "serviceaccounts/token" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Brokers and the namespace annotation controllers manipulate Deployments. + # RequestReply controller needs to manipulate StatefulSets + - apiGroups: + - "apps" + resources: + - "deployments" + - "statefulsets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "get" + - "list" + - "watch" + # PingSource and EventTransform controllers manipulate Deployment and ConfigMap owner reference + - apiGroups: + - "apps" + - "" + resources: + - "deployments/finalizers" + - "configmaps/finalizers" + verbs: + - "update" + # The namespace annotation controller needs to manipulate RoleBindings. + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - "rolebindings" + - "roles" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Our own resources and statuses we care about. + - apiGroups: + - "eventing.knative.dev" + resources: + - "brokers" + - "brokers/status" + - "triggers" + - "triggers/status" + - "eventtypes" + - "eventtypes/status" + - "eventpolicies" + - "eventpolicies/status" + - "eventtransforms" + - "eventtransforms/status" + - "requestreplies" + - "requestreplies/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + - apiGroups: + - "sinks.knative.dev" + resources: + - "jobsinks" + - "jobsinks/status" + - "integrationsinks" + - "integrationsinks/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Eventing resources and finalizers we care about. + - apiGroups: + - "eventing.knative.dev" + resources: + - "brokers/finalizers" + - "triggers/finalizers" + - "eventtransforms/finalizers" + verbs: + - "update" + # EventTransform controller manipulates SinkBinding owner reference + - apiGroups: + - "sources.knative.dev" + resources: + - "sinkbindings/finalizers" + verbs: + - "update" + # EventTransform controller manipulates Service owner reference + - apiGroups: + - "" + resources: + - "services/finalizers" + verbs: + - "update" + - apiGroups: + - "sinks.knative.dev" + resources: + - "jobsinks/finalizers" + - "integrationsinks/finalizers" + verbs: + - "update" + # Our own resources and statuses we care about. + - apiGroups: + - "messaging.knative.dev" + resources: + - "sequences" + - "sequences/status" + - "channels" + - "channels/status" + - "parallels" + - "parallels/status" + - "subscriptions" + - "subscriptions/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Flow resources and statuses we care about. + - apiGroups: + - "flows.knative.dev" + resources: + - "sequences" + - "sequences/status" + - "parallels" + - "parallels/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Messaging resources and finalizers we care about. + - apiGroups: + - "messaging.knative.dev" + resources: + - "sequences/finalizers" + - "parallels/finalizers" + - "channels/finalizers" + verbs: + - "update" + # Flows resources and finalizers we care about. + - apiGroups: + - "flows.knative.dev" + resources: + - "sequences/finalizers" + - "parallels/finalizers" + verbs: + - "update" + # The subscription controller needs to retrieve and watch CustomResourceDefinitions. + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" + # For leader election + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + - apiGroups: + - "cert-manager.io" + resources: + - "certificates" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # EventTransform controller manipulates Certificate owner reference + - apiGroups: + - "cert-manager.io" + resources: + - "certificates/finalizers" + verbs: + - "update" + - apiGroups: + - "acme.cert-manager.io" + resources: + - "challenges" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + +--- +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need cluster wide crossnamespace subscribe permissions for all resources +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: crossnamespace-subscriber + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/crossnamespace-subscribable: "true" +rules: [] # rules are automatically filled in by the controller manager. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: channel-subscriber + labels: + duck.knative.dev/crossnamespace-subscribable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - messaging.knative.dev + resources: + - channels + verbs: + - knsubscribe +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: broker-subscriber + labels: + duck.knative.dev/crossnamespace-subscribable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - eventing.knative.dev + resources: + - brokers + verbs: + - knsubscribe + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-job-sink + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "configmaps" + - "secrets" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "create" + - "update" + - "delete" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "create" + - "update" + - "delete" + - "get" + - "list" + - "watch" + - apiGroups: + - sinks.knative.dev + resources: + - jobsinks + - jobsinks/status + verbs: + - get + - list + - watch + - patch + - apiGroups: + - sinks.knative.dev + resources: + - jobsinks/finalizers + verbs: + - "patch" + - apiGroups: + - "" + resources: + - events + verbs: + - "create" + - "patch" + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - eventing.knative.dev + resources: + - eventpolicies + verbs: + - get + - list + - watch + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-pingsource-mt-adapter + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + verbs: + - "create" + - apiGroups: + - sources.knative.dev + resources: + - pingsources + - pingsources/status + verbs: + - get + - list + - watch + - patch + - apiGroups: + - sources.knative.dev + resources: + - pingsources/finalizers + verbs: + - "patch" + - apiGroups: + - "" + resources: + - events + verbs: + - "create" + - "patch" + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need readonly access to "PodSpecables" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: podspecable-binding + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/podspecable: "true" +rules: [] # Rules are automatically filled in by the controller manager. +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: builtin-podspecable-binding + labels: + duck.knative.dev/podspecable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "podspecable-binding role. +rules: + # To patch the subjects of our bindings + - apiGroups: + - "apps" + resources: + - "deployments" + - "daemonsets" + - "statefulsets" + - "replicasets" + verbs: + - "list" + - "watch" + - "patch" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "list" + - "watch" + - "patch" + +--- +# Copyright 2025 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-request-reply + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "configmaps" + - "secrets" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - eventing.knative.dev + resources: + - requestreplies + - requestreplies/status + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - "create" + - "patch" + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - eventing.knative.dev + resources: + - eventpolicies + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need to read "Sources". +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: source-observer + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/source: "true" +rules: [] # Rules are automatically filled in by the controller manager. +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: eventing-sources-source-observer + labels: + duck.knative.dev/source: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "source-observer" role. +rules: + - apiGroups: + - sources.knative.dev + resources: + - apiserversources + - pingsources + - sinkbindings + - containersources + - integrationsources + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-sources-controller + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "secrets" + - "configmaps" + - "services" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Deployments admin + - apiGroups: + - "apps" + resources: + - "deployments" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Source resources and statuses we care about. + - apiGroups: + - "sources.knative.dev" + resources: + - "sinkbindings" + - "sinkbindings/status" + - "sinkbindings/finalizers" + - "apiserversources" + - "apiserversources/status" + - "apiserversources/finalizers" + - "pingsources" + - "pingsources/status" + - "pingsources/finalizers" + - "containersources" + - "containersources/status" + - "containersources/finalizers" + - "integrationsources" + - "integrationsources/status" + - "integrationsources/finalizers" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Knative Services admin + - apiGroups: + - serving.knative.dev + resources: + - services + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # EventTypes admin + - apiGroups: + - eventing.knative.dev + resources: + - eventtypes + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Events admin + - apiGroups: + - "" + resources: + - events + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Authorization checker + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-webhook + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + # For watching logging configuration and getting certs. + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "create" + - "update" + - "delete" + - "get" + - "list" + - "watch" + # For manipulating certs into secrets. + - apiGroups: + - "" + resources: + - "namespaces" + verbs: + - "get" + - "create" + - "update" + - "list" + - "watch" + - "patch" + # finalizers are needed for the owner reference of the webhook + - apiGroups: + - "" + resources: + - "namespaces/finalizers" + verbs: + - "update" + # For getting our Deployment so we can decorate with ownerref. + - apiGroups: + - "apps" + resources: + - "deployments" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "deployments/finalizers" + verbs: + - update + # For actually registering our webhook. + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - "mutatingwebhookconfigurations" + - "validatingwebhookconfigurations" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # For running the SinkBinding reconciler. + - apiGroups: + - "sources.knative.dev" + resources: + - "sinkbindings" + - "sinkbindings/status" + - "sinkbindings/finalizers" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # For leader election + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # For creating events + - apiGroups: + - "" + - "events.k8s.io" + resources: + - "events" + verbs: + - "get" + - "list" + - "create" + - "patch" + - apiGroups: + - eventing.knative.dev + resources: + - eventpolicies + verbs: + - get + - list + - watch + # For the SinkBinding reconciler adding the OIDC identity service accounts + - apiGroups: + - "" + resources: + - "serviceaccounts" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # For the SinkBinding reconciler creating the sinkbinding token secret + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + verbs: + - "create" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # For checking if user has permissions to make a cross namespace resource + - apiGroups: + - "authorization.k8s.io" + resources: + - "subjectaccessreviews" + verbs: + - "create" + # Necessary for conversion webhook. These are copied from the serving + # TODO: Do we really need all these permissions? + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create"] + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: knative-eventing + name: knative-eventing-webhook + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + # For manipulating certs into secrets. + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - "create" + - "update" + - "list" + - "watch" + - "patch" + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.eventing.knative.dev + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + sideEffects: None + failurePolicy: Ignore + name: config.webhook.eventing.knative.dev + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: ["knative-eventing"] + timeoutSeconds: 10 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.eventing.knative.dev + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: webhook.eventing.knative.dev + timeoutSeconds: 10 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.eventing.knative.dev + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: validation.webhook.eventing.knative.dev + timeoutSeconds: 10 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: eventing-webhook-certs + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# The data is populated at install time. + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: sinkbindings.webhook.sources.knative.dev + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + failurePolicy: Fail + sideEffects: None + name: sinkbindings.webhook.sources.knative.dev + timeoutSeconds: 10 + +--- diff --git a/cmd/operator/kodata/knative-eventing/1.21.3/3-eventing-tls-networking.yaml b/cmd/operator/kodata/knative-eventing/1.21.3/3-eventing-tls-networking.yaml new file mode 100644 index 0000000000..c6a0f4d9a8 --- /dev/null +++ b/cmd/operator/kodata/knative-eventing/1.21.3/3-eventing-tls-networking.yaml @@ -0,0 +1,184 @@ +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: job-sink-server-tls + namespace: knative-eventing +spec: + # Secret names are always required. + secretName: job-sink-server-tls + secretTemplate: + labels: + app.kubernetes.io/component: job-sink + app.kubernetes.io/name: knative-eventing + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - local + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + rotationPolicy: Always + dnsNames: + - job-sink.knative-eventing.svc.cluster.local + - job-sink.knative-eventing.svc + issuerRef: + name: knative-eventing-ca-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: imc-dispatcher-server-tls + namespace: knative-eventing +spec: + # Secret names are always required. + secretName: imc-dispatcher-server-tls + secretTemplate: + labels: + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/name: knative-eventing + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - local + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + rotationPolicy: Always + dnsNames: + - imc-dispatcher.knative-eventing.svc.cluster.local + - imc-dispatcher.knative-eventing.svc + issuerRef: + name: knative-eventing-ca-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: mt-broker-filter-server-tls + namespace: knative-eventing +spec: + # Secret names are always required. + secretName: mt-broker-filter-server-tls + secretTemplate: + labels: + app.kubernetes.io/component: broker-filter + app.kubernetes.io/name: knative-eventing + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - local + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + rotationPolicy: Always + dnsNames: + - broker-filter.knative-eventing.svc.cluster.local + - broker-filter.knative-eventing.svc + issuerRef: + name: knative-eventing-ca-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: mt-broker-ingress-server-tls + namespace: knative-eventing +spec: + # Secret names are always required. + secretName: mt-broker-ingress-server-tls + secretTemplate: + labels: + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/name: knative-eventing + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - local + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + rotationPolicy: Always + dnsNames: + - broker-ingress.knative-eventing.svc.cluster.local + - broker-ingress.knative-eventing.svc + issuerRef: + name: knative-eventing-ca-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- diff --git a/cmd/operator/kodata/knative-eventing/1.21.3/4-in-memory-channel.yaml b/cmd/operator/kodata/knative-eventing/1.21.3/4-in-memory-channel.yaml new file mode 100644 index 0000000000..9854c2e4ac --- /dev/null +++ b/cmd/operator/kodata/knative-eventing/1.21.3/4-in-memory-channel.yaml @@ -0,0 +1,1290 @@ +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: imc-controller + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: imc-controller + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: imc-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: imc-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: knative-eventing + name: imc-controller + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: imc-controller + namespace: knative-eventing +roleRef: + kind: Role + name: knative-inmemorychannel-webhook + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: imc-controller-resolver + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: imc-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: addressable-resolver + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: imc-dispatcher + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: imc-dispatcher + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: imc-dispatcher + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: imc-dispatcher + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: imc-dispatcher-tls-role-binding + namespace: knative-eventing +subjects: + - kind: ServiceAccount + name: imc-dispatcher + apiGroup: "" +roleRef: + kind: Role + name: imc-dispatcher-tls-role + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: imc-dispatcher-tls-role + namespace: knative-eventing +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-imc-event-dispatcher + namespace: knative-eventing + labels: + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +data: + MaxIdleConnections: "1000" + MaxIdleConnectionsPerHost: "100" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: imc-controller + namespace: knative-eventing + labels: + knative.dev/high-availability: "true" + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + selector: + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller + template: + metadata: + labels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: imc-controller + enableServiceLinks: false + containers: + - name: controller + image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:045a039fe2cc928db0cc3d00668a9b4a52898ddadde580a1ec77f4e4276c138a + env: + - name: WEBHOOK_NAME + value: inmemorychannel-webhook + - name: WEBHOOK_PORT + value: "8443" + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/inmemorychannel-controller + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: DISPATCHER_IMAGE + value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:1adfabcf046e1a18df7c1ae1a9168a98b68e937610a7092c76a640f8adc2dcb1 + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + readinessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + initialDelaySeconds: 120 + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + name: inmemorychannel-webhook + namespace: knative-eventing +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + selector: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: imc-dispatcher + namespace: knative-eventing + labels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + selector: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + ports: + - name: http-dispatcher + port: 80 + protocol: TCP + targetPort: 8080 + - name: https-dispatcher + port: 443 + protocol: TCP + targetPort: 8443 + - name: http-metrics + port: 9090 + targetPort: 9090 + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: imc-dispatcher + namespace: knative-eventing + labels: + knative.dev/high-availability: "true" + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + selector: + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + template: + metadata: + labels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: imc-dispatcher + enableServiceLinks: false + containers: + - name: dispatcher + image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:1adfabcf046e1a18df7c1ae1a9168a98b68e937610a7092c76a640f8adc2dcb1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 5 + env: + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/inmemorychannel-dispatcher + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CONTAINER_NAME + value: dispatcher + - name: MAX_IDLE_CONNS + value: "1000" + - name: MAX_IDLE_CONNS_PER_HOST + value: "1000" + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + - containerPort: 9090 + name: metrics + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: inmemorychannels.messaging.knative.dev + labels: + knative.dev/crd-install: "true" + messaging.knative.dev/subscribable: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + group: messaging.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'InMemoryChannel is a resource representing an in memory channel' + type: object + properties: + spec: + description: Spec defines the desired state of the Channel. + type: object + properties: + delivery: + description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + subscribers: + description: This is the list of subscriptions for this subscribable. + type: array + items: + type: object + properties: + delivery: + description: DeliverySpec contains options controlling the event delivery + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + generation: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + name: + description: The name of the subscription + type: string + namespace: + description: The namespace of the subscription + type: string + replyUri: + description: ReplyURI is the endpoint for the reply + type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string + subscriberUri: + description: SubscriberURI is the endpoint for the subscriber + type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + status: + description: Status represents the current state of the Channel. This data may be out of date. + type: object + properties: + address: + description: InMemoryChannel is Addressable. It exposes the endpoint as an URI to get events delivered into the channel mesh. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: InMemoryChannel is Addressable. It exposes the endpoints as URIs to get events delivered into the channel mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + deadLetterChannel: + description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter ref if one is specified in the Spec.Delivery. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscribers: + description: This is the list of subscription's statuses for this channel. + type: array + items: + type: object + properties: + message: + description: A human readable message indicating details of Ready status. + type: string + observedGeneration: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + ready: + description: Status of the subscriber. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: InMemoryChannel + plural: inmemorychannels + singular: inmemorychannel + categories: + - all + - knative + - messaging + - channel + shortNames: + - imc + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imc-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imc-channelable-manipulator + labels: + duck.knative.dev/channelable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imc-controller + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - get + - list + - watch + - update + - knsubscribe + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels/finalizers + verbs: + - update + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels/finalizers + - inmemorychannels/status + - inmemorychannels + verbs: + - patch + - apiGroups: + - eventing.knative.dev + resources: + - eventpolicies + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + - serviceaccounts + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - rolebindings + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + # For actually registering our webhook. + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - "mutatingwebhookconfigurations" + - "validatingwebhookconfigurations" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # For manipulating certs into secrets. + - apiGroups: + - "" + resources: + - "namespaces" + verbs: + - "get" + - "create" + - "update" + - "list" + - "watch" + - "patch" + # finalizers are needed for the owner reference of the webhook + - apiGroups: + - "" + resources: + - "namespaces/finalizers" + verbs: + - "update" + +--- +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imc-subscriber + labels: + duck.knative.dev/crossnamespace-subscribable: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + verbs: + - knsubscribe + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imc-dispatcher + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - get + - list + - watch + - apiGroups: + - "" # Core API group. + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + # Create OIDC tokens + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + verbs: + - create + # Updates the finalizer so we can remove our handlers when channel is deleted + # Patches the status.subscribers to reflect when the subscription dataplane has been + # configured. + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels/finalizers + - inmemorychannels/status + - inmemorychannels + verbs: + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - eventing.knative.dev + resources: + - eventtypes + - eventpolicies + verbs: + - get + - list + - watch + - apiGroups: + - eventing.knative.dev + resources: + - eventtypes + verbs: + - create + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: knative-eventing + name: knative-inmemorychannel-webhook + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + # For manipulating certs into secrets. + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - "create" + - "update" + - "list" + - "watch" + - "patch" + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: inmemorychannel.eventing.knative.dev + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: inmemorychannel-webhook + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: inmemorychannel.eventing.knative.dev + timeoutSeconds: 10 + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.inmemorychannel.eventing.knative.dev + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: inmemorychannel-webhook + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: validation.inmemorychannel.eventing.knative.dev + timeoutSeconds: 10 + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: inmemorychannel-webhook-certs + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +# The data is populated at install time. + +--- diff --git a/cmd/operator/kodata/knative-eventing/1.21.3/5-mt-channel-broker.yaml b/cmd/operator/kodata/knative-eventing/1.21.3/5-mt-channel-broker.yaml new file mode 100644 index 0000000000..05b79ff2e0 --- /dev/null +++ b/cmd/operator/kodata/knative-eventing/1.21.3/5-mt-channel-broker.yaml @@ -0,0 +1,900 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-mt-channel-broker-controller + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + # Configs resources and status we care about. + - apiGroups: + - "" + resources: + - "namespaces/finalizers" + verbs: + - "update" + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + - apiGroups: + - eventing.knative.dev + resources: + - brokers + verbs: + - "knsubscribe" + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-mt-broker-filter + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - eventing.knative.dev + resources: + - brokers + - brokers/status + - triggers + - triggers/status + - eventpolicies + verbs: + - get + - list + - watch + # get subscription of trigger for AuthZ + - apiGroups: + - messaging.knative.dev + resources: + - subscriptions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + verbs: + - create + - apiGroups: + - "eventing.knative.dev" + resources: + - "eventtypes" + verbs: + - "get" + - "list" + - "watch" + - "create" + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: mt-broker-filter + namespace: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - get + - list + - watch + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mt-broker-filter + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-mt-broker-ingress + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - eventing.knative.dev + resources: + - eventtypes + verbs: + - create + - get + - list + - watch + - apiGroups: + - eventing.knative.dev + resources: + - brokers + - eventpolicies + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - get + - list + - watch + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: mt-broker-ingress + namespace: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + resourceNames: + - "mt-broker-ingress-oidc" + verbs: + - create + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mt-broker-ingress-oidc + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mt-broker-ingress + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-mt-channel-broker-controller + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-mt-channel-broker-controller + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-eventing-mt-broker-filter + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: mt-broker-filter + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-mt-broker-filter + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: mt-broker-filter + namespace: knative-eventing +subjects: + - kind: ServiceAccount + name: mt-broker-filter + namespace: knative-eventing +roleRef: + kind: Role + name: mt-broker-filter + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-eventing-mt-broker-ingress + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: mt-broker-ingress + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-mt-broker-ingress + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: mt-broker-ingress + namespace: knative-eventing +subjects: + - kind: ServiceAccount + name: mt-broker-ingress + namespace: knative-eventing +roleRef: + kind: Role + name: mt-broker-ingress + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mt-broker-filter + namespace: knative-eventing + labels: + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + selector: + matchLabels: + eventing.knative.dev/brokerRole: filter + template: + metadata: + labels: + eventing.knative.dev/brokerRole: filter + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + spec: + serviceAccountName: mt-broker-filter + enableServiceLinks: false + containers: + - name: filter + terminationMessagePolicy: FallbackToLogsOnError + image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:9aef63d88f4b81bc5347a3de6d729f5a8e2e022812e62ba719f60e96d3be0b7f + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 5 + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + terminationMessagePath: /dev/termination-log + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: CONTAINER_NAME + value: filter + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/internal/eventing + - name: FILTER_PORT + value: "8080" + - name: FILTER_PORT_HTTPS + value: "8443" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault +--- +apiVersion: v1 +kind: Service +metadata: + labels: + eventing.knative.dev/brokerRole: filter + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + name: broker-filter + namespace: knative-eventing +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 + - name: http-metrics + port: 9092 + protocol: TCP + targetPort: 9092 + selector: + eventing.knative.dev/brokerRole: filter + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mt-broker-ingress + namespace: knative-eventing + labels: + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + selector: + matchLabels: + eventing.knative.dev/brokerRole: ingress + template: + metadata: + labels: + eventing.knative.dev/brokerRole: ingress + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + spec: + serviceAccountName: mt-broker-ingress + enableServiceLinks: false + containers: + - name: ingress + terminationMessagePolicy: FallbackToLogsOnError + image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:8b4e6ca54479749e55c9fb559fc4c636af8c315069173f5e62ad73334e22a9a1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 5 + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + terminationMessagePath: /dev/termination-log + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: CONTAINER_NAME + value: ingress + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/internal/eventing + - name: INGRESS_PORT + value: "8080" + - name: INGRESS_PORT_HTTPS + value: "8443" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault +--- +apiVersion: v1 +kind: Service +metadata: + labels: + eventing.knative.dev/brokerRole: ingress + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + name: broker-ingress + namespace: knative-eventing +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 + - name: http-metrics + port: 9092 + protocol: TCP + targetPort: 9092 + selector: + eventing.knative.dev/brokerRole: ingress + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mt-broker-controller + namespace: knative-eventing + labels: + app.kubernetes.io/component: mt-broker-controller + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + selector: + matchLabels: + app: mt-broker-controller + template: + metadata: + labels: + app: mt-broker-controller + app.kubernetes.io/component: broker-controller + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: mt-broker-controller + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: eventing-controller + enableServiceLinks: false + containers: + - name: mt-broker-controller + terminationMessagePolicy: FallbackToLogsOnError + image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:4c35c2c51fe56e5e2fd2b6d1422f9e8d8705e8097861e49de6117b88ed158d31 + resources: + requests: + cpu: 100m + memory: 100Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/eventing + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: broker-ingress-hpa + namespace: knative-eventing + labels: + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: mt-broker-ingress + minReplicas: 1 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 70 +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: broker-filter-hpa + namespace: knative-eventing + labels: + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: mt-broker-filter + minReplicas: 1 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 70 + +--- diff --git a/cmd/operator/kodata/knative-eventing/1.21.3/6-eventing-post-install.yaml b/cmd/operator/kodata/knative-eventing/1.21.3/6-eventing-post-install.yaml new file mode 100644 index 0000000000..edb1a9563c --- /dev/null +++ b/cmd/operator/kodata/knative-eventing/1.21.3/6-eventing-post-install.yaml @@ -0,0 +1,247 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-post-install-job-role + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +rules: + # Storage version upgrader needs to be able to patch CRDs. + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + - "customresourcedefinitions/status" + verbs: + - "get" + - "list" + - "update" + - "patch" + - "watch" + # Our own resources we care about. + - apiGroups: + - "sources.knative.dev" + resources: + - "apiserversources" + - "apiserversources/finalizers" + - "apiserversources/status" + - "containersources" + - "containersources/finalizers" + - "containersources/status" + - "pingsources" + - "pingsources/finalizers" + - "pingsources/status" + - "sinkbindings" + - "sinkbindings/finalizers" + - "sinkbindings/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "eventing.knative.dev" + resources: + - "brokers" + - "brokers/finalizers" + - "brokers/status" + - "eventtypes" + - "eventtypes/finalizers" + - "eventtypes/status" + - "triggers" + - "triggers/finalizers" + - "triggers/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "messaging.knative.dev" + resources: + - "channels" + - "channels/finalizers" + - "channels/status" + - "inmemorychannels" + - "inmemorychannels/finalizers" + - "inmemorychannels/status" + - "subscriptions" + - "subscriptions/finalizers" + - "subscriptions/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "flows.knative.dev" + resources: + - "parallels" + - "parallels/finalizers" + - "parallels/status" + - "sequences" + - "sequences/finalizers" + - "sequences/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "sinks.knative.dev" + resources: + - "jobsinks" + - "jobsinks/finalizers" + - "jobsinks/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + verbs: + - "get" + - "list" + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: knative-eventing-post-install-job + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-eventing-post-install-job-role-binding + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: knative-eventing-post-install-job + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-post-install-job-role + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + generateName: storage-version-migration-eventing- + namespace: knative-eventing + labels: + app: "storage-version-migration-eventing" + app.kubernetes.io/name: knative-eventing + app.kubernetes.io/component: storage-version-migration-job + app.kubernetes.io/version: "1.21.3" +spec: + ttlSecondsAfterFinished: 600 + backoffLimit: 10 + template: + metadata: + labels: + app: "storage-version-migration-eventing" + app.kubernetes.io/name: knative-eventing + app.kubernetes.io/component: storage-version-migration-job + app.kubernetes.io/version: "1.21.3" + sidecar.istio.io/inject: "false" + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: knative-eventing-post-install-job + restartPolicy: OnFailure + containers: + - name: migrate + image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:ba35838a1871f99f6bc5fe920772cde0d1110b5925a3deb1c4118c87839b9742 + env: + - name: IGNORE_NOT_FOUND + value: "true" + args: + - "apiserversources.sources.knative.dev" + - "brokers.eventing.knative.dev" + - "channels.messaging.knative.dev" + - "containersources.sources.knative.dev" + - "eventtypes.eventing.knative.dev" + - "inmemorychannels.messaging.knative.dev" + - "parallels.flows.knative.dev" + - "pingsources.sources.knative.dev" + - "sequences.flows.knative.dev" + - "sinkbindings.sources.knative.dev" + - "subscriptions.messaging.knative.dev" + - "triggers.eventing.knative.dev" + - "jobsinks.sinks.knative.dev" + - "eventpolicies.eventing.knative.dev" + - "integrationsources.sources.knative.dev" + - "integrationsinks.sinks.knative.dev" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + +--- diff --git a/cmd/operator/kodata/knative-eventing/1.22.1/1-eventing-crds.yaml b/cmd/operator/kodata/knative-eventing/1.22.1/1-eventing-crds.yaml new file mode 100644 index 0000000000..680b3cc835 --- /dev/null +++ b/cmd/operator/kodata/knative-eventing/1.22.1/1-eventing-crds.yaml @@ -0,0 +1,5124 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + annotations: + # TODO add schemas + registry.knative.dev/eventTypes: | + [ + { + "type": "dev.knative.apiserver.resource.add", + "description": "CloudEvent type used for add operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.delete", + "description": "CloudEvent type used for delete operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.update", + "description": "CloudEvent type used for update operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.ref.add", + "description": "CloudEvent type used for add operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.delete", + "description": "CloudEvent type used for delete operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.update", + "description": "CloudEvent type used for update operations when in Reference mode" + } + ] + name: apiserversources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - resources + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + mode: + description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` + type: string + owner: + description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. + type: object + properties: + apiVersion: + description: APIVersion - the API version of the resource to watch. + type: string + kind: + description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + resources: + description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. + type: array + items: + type: object + properties: + apiVersion: + description: APIVersion - the API version of the resource to watch. + type: string + kind: + description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + selector: + description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. + type: string + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + namespaceSelector: + description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string + namespaces: + description: Namespaces show the namespaces currently watched by the ApiServerSource + type: array + items: + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + categories: + - all + - knative + - sources + kind: ApiServerSource + plural: apiserversources + singular: apiserversource + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: brokers.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' + type: object + properties: + spec: + description: Spec defines the desired state of the Broker. + type: object + properties: + config: + description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + delivery: + description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + status: + description: Status represents the current state of the Broker. This data may be out of date. + type: object + properties: + address: + description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Broker is Addressable. It exposes the endpoints as URIs to get events delivered into the Broker mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: Class + type: string + priority: 1 + jsonPath: '.metadata.annotations.eventing\.knative\.dev/broker\.class' + names: + kind: Broker + plural: brokers + singular: broker + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: channels.messaging.knative.dev + labels: + knative.dev/crd-install: "true" + messaging.knative.dev/subscribable: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: messaging.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + schema: + openAPIV3Schema: + description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' + type: object + properties: + spec: + description: Spec defines the desired state of the Channel. + type: object + properties: + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + type: object + x-kubernetes-preserve-unknown-fields: true + delivery: + description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + subscribers: + description: This is the list of subscriptions for this subscribable. + type: array + items: + type: object + properties: + delivery: + description: DeliverySpec contains options controlling the event delivery + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + generation: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + name: + description: The name of the subscription + type: string + replyUri: + description: ReplyURI is the endpoint for the reply + type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string + subscriberUri: + description: SubscriberURI is the endpoint for the subscriber + type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + status: + description: Status represents the current state of the Channel. This data may be out of date. + type: object + properties: + address: + description: Channel is Addressable. It exposes the endpoint as an URI to get events delivered into the Channel mesh. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Channel is Addressable. It exposes the endpoints as URIs to get events delivered into the Channel mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + channel: + description: Channel is an KReference to the Channel CRD backing this Channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + deadLetterChannel: + description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscribers: + description: This is the list of subscription's statuses for this channel. + type: array + items: + type: object + properties: + message: + description: A human readable message indicating details of Ready status. + type: string + observedGeneration: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + ready: + description: Status of the subscriber. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + names: + kind: Channel + plural: channels + singular: channel + categories: + - all + - knative + - messaging + - channel + shortNames: + - ch + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + name: containersources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' + type: object + properties: + spec: + type: object + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. + template: + type: object + x-kubernetes-preserve-unknown-fields: true + description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + categories: + - all + - knative + - sources + kind: ContainerSource + plural: containersources + singular: containersource + scope: Namespaced + +--- +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventpolicies.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + description: Spec defines the desired state of the EventPolicy. + type: object + properties: + from: + description: From is the list of sources or oidc identities, which are allowed to send events to the targets (.spec.to). + type: array + items: + type: object + properties: + ref: + description: Ref contains a direct reference to a resource which is allowed to send events to the target. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + sub: + description: Sub sets the OIDC identity name to be allowed to send events to the target. It is also possible to set a glob-like pattern to match any suffix. + type: string + to: + description: To lists all resources for which this policy applies. Resources in this list must act like an ingress and have an audience. The resources are part of the same namespace as the EventPolicy. An empty list means it applies to all resources in the EventPolicies namespace + type: array + items: + type: object + properties: + ref: + description: Ref contains the direct reference to a target + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + selector: + description: Selector contains a selector to group targets + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + filters: + description: 'Filters is an array of SubscriptionsAPIFilters that evaluate to true or false. If any filter expression in the array evaluates to false, the event will not continue pass the ingress of the target resources of the policy' + type: array + items: + type: object + properties: + all: + description: 'All evaluates to true if all the nested expressions evaluate to true. It must contain at least one filter expression' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + any: + description: 'Any evaluates to true if any of the nested expressions evaluate to true. It must contain at least one filter expression' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + cesql: + description: 'CESQL is a CloudEvents SQL v1 expression that will evaluate to true or false for each CloudEvent.' + type: string + exact: + description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all exactly match with the associated value string specified (case sensitive)' + type: object + x-kubernetes-preserve-unknown-fields: true + not: + description: 'Not evaluates to true if the nested expression evaluates to false.' + type: object + x-kubernetes-preserve-unknown-fields: true + prefix: + description: 'Prefix evaluates to true if the values of the matching CloudEvents attributes all start with the associated value string specified (case sensitive)' + type: object + x-kubernetes-preserve-unknown-fields: true + suffix: + description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all end with the associated value string specified (case sensitive)' + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status represents the current state of the EventPolicy. This data may be out of date. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + from: + description: From is the list of resolved oidc identities from .spec.from + type: array + items: + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: EventPolicy + plural: eventpolicies + singular: eventpolicy + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2025 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventtransforms.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + description: Spec defines the desired state of the EventTransform. + type: object + properties: + jsonata: + type: object + properties: + expression: + description: Expression is the JSONata expression (https://jsonata.org/). + type: string + reply: + description: | + Reply is the configuration on how to handle responses from Sink. It can only be set if Sink is set. + Only one "type" can be used. + The used type must match the top-level transformation, if you need to mix transformation types, use compositions and chain transformations together to achieve your desired outcome. + type: object + properties: + jsonata: + type: object + properties: + expression: + description: Expression is the JSONata expression (https://jsonata.org/). + type: string + discard: + description: | + Discard discards responses from Sink and return empty response body. + When set to false, it returns the exact sink response body. + When set to true, Discard is mutually exclusive with EventTransformations in the reply + section, it can either be discarded or transformed. + Default: false. + type: boolean + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink. If not present, the transformation will send back the transformed event as response, this is useful to leverage the built-in Broker reply feature to re-publish a transformed event back to the broker. ' + type: object + properties: + CACerts: + description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any. + type: string + audience: + description: Audience is the OIDC audience. This need only be set, if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. In case the Addressable specifies an Audience too, the Destinations Audience takes preference. + type: string + ref: + description: Ref points to an Addressable. + type: object + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + status: + description: Status represents the current state of the EventTransform. This data may be out of date. + type: object + properties: + address: + description: Address is a single Addressable address. If Addresses is present, Address will be ignored by clients. + type: object + required: + - url + properties: + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + addresses: + description: Addresses is a list of addresses for different protocols (HTTP and HTTPS) If Addresses is present, Address must be ignored by clients. + type: array + items: + type: object + required: + - url + properties: + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth defines the attributes that provide the generated service account name in the resource status. + type: object + required: + - serviceAccountName + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. This list can have len() > 1, when the component uses multiple identities (e.g. in case of a Parallel). + type: array + items: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + jsonata: + description: JsonataTransformationStatus is the status associated with JsonataEventTransformationSpec. + type: object + properties: + deployment: + type: object + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. + type: integer + format: int32 + collisionCount: + description: Count of hash collisions for the Deployment. The Deployment controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ReplicaSet. + type: integer + format: int32 + conditions: + description: Represents the latest available observations of a deployment's current state. + type: array + items: + type: object + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + lastUpdateTime: + description: The last time this condition was updated. + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of deployment condition. + type: string + observedGeneration: + description: The generation observed by the deployment controller. + type: integer + format: int64 + readyReplicas: + description: readyReplicas is the number of pods targeted by this Deployment with a Ready Condition. + type: integer + format: int32 + replicas: + description: Total number of non-terminated pods targeted by this deployment (their labels match the selector). + type: integer + format: int32 + unavailableReplicas: + description: Total number of unavailable pods targeted by this deployment. This is the total number of pods that are still required for the deployment to have 100% available capacity. They may either be pods that are running but not yet available or pods that still have not been created. + type: integer + format: int32 + updatedReplicas: + description: Total number of non-terminated pods targeted by this deployment that have the desired template spec. + type: integer + format: int32 + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkAudience: + description: SinkAudience is the OIDC audience of the sink. + type: string + sinkCACerts: + description: SinkCACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: ".status.address.url" + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: EventTransform + plural: eventtransforms + singular: eventtransform + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventtypes.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1beta3 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + address: + description: 'Address points to a specific Address Name' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + attributes: + description: "CloudEvent attribute and extension attributes." + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: "Name of the CloudEvent attribute." + required: + type: boolean + description: "Indicates whether the attribute is required." + value: + type: string + description: "Value of the attribute. May be a template string using curly brackets {} to represent variable sections of the string." + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.attributes[?(@.name=='type')].value" + - name: Source + type: string + jsonPath: ".spec.attributes[?(@.name=='source')].value" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + broker: + type: string + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + address: + description: 'Address points to a specific Address Name' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + schema: + description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' + type: string + schemaData: + description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' + type: string + source: + description: 'Source is a URI, it represents the CloudEvents source.' + type: string + type: + description: 'Type represents the CloudEvents type. It is authoritative.' + type: string + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.type" + - name: Source + type: string + jsonPath: ".spec.source" + - name: Schema + type: string + jsonPath: ".spec.schema" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + broker: + type: string + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + address: + description: 'Address points to a specific Address Name' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + schema: + description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' + type: string + schemaData: + description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' + type: string + source: + description: 'Source is a URI, it represents the CloudEvents source.' + type: string + type: + description: 'Type represents the CloudEvents type. It is authoritative.' + type: string + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.type" + - name: Source + type: string + jsonPath: ".spec.source" + - name: Schema + type: string + jsonPath: ".spec.schema" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + # This indicates the v1beta1 version of the custom resource is deprecated. + # API requests to this version receive a warning header in the server response. + deprecated: true + # This overrides the default warning returned to API clients making v1beta1 API requests. + deprecationWarning: "eventing.knative.dev/v1beta1 EventType is deprecated; see https://knative.dev/docs/eventing/event-registry/ for instructions to migrate to eventing.knative.dev/v1beta2 EventType" + # v1beta1 schema is identical to the v1beta2 schema + names: + kind: EventType + plural: eventtypes + singular: eventtype + categories: + - all + - knative + - eventing + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: integrationsinks.sinks.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: sinks.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'IntegrationSink sends events to generic event sink' + type: object + properties: + spec: + description: Spec defines the desired state of the IntegrationSink. + type: object + properties: + log: + type: object + properties: + loggerName: + type: string + title: Logger Name + description: Name of the logging category to use + default: log-sink + level: + type: string + title: Log Level + description: Logging level to use + default: INFO + logMask: + type: boolean + title: Log Mask + description: Mask sensitive information like password or passphrase in the log + default: false + marker: + type: string + title: Marker + description: An optional Marker name to use + multiline: + type: boolean + title: Multiline + description: If enabled then each information is outputted on a newline + default: false + showAllProperties: + type: boolean + title: Show All Properties + description: Show all of the exchange properties (both internal and custom) + default: false + showBody: + type: boolean + title: Show Body + description: Show the message body + default: true + showBodyType: + type: boolean + title: Show Body Type + description: Show the body Java type + default: true + showExchangePattern: + type: boolean + title: Show Exchange Pattern + description: Shows the Message Exchange Pattern (or MEP for short) + default: true + showHeaders: + type: boolean + title: Show Headers + description: Show the headers received + default: false + showProperties: + type: boolean + title: Show Properties + description: Show the exchange properties (only custom). Use showAllProperties to show both internal and custom properties. + default: false + showStreams: + type: boolean + title: Show Streams + description: Show the stream bodies (they may not be available in following steps) + default: false + showCachedStreams: + type: boolean + title: Show Cached Streams + description: Whether Camel should show cached stream bodies or not. + default: true + aws: + type: object + properties: + s3: + type: object + properties: + arn: + type: string + title: Bucket Name + description: The S3 Bucket name or Amazon Resource Name (ARN). + deleteAfterRead: + type: boolean + title: Auto-delete Objects + description: Specifies to delete objects after consuming them. + default: true + moveAfterRead: + type: boolean + title: Move Objects After Delete + description: Move objects from S3 bucket to a different bucket after they have been retrieved. + default: false + destinationBucket: + type: string + title: Destination Bucket + description: Define the destination bucket where an object must be moved when moveAfterRead is set to true. + destinationBucketPrefix: + type: string + title: Destination Bucket Prefix + description: Define the destination bucket prefix to use when an object must be moved, and moveAfterRead is set to true. + destinationBucketSuffix: + type: string + title: Destination Bucket Suffix + description: Define the destination bucket suffix to use when an object must be moved, and moveAfterRead is set to true. + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateBucket: + type: boolean + title: Autocreate Bucket + description: Specifies to automatically create the S3 bucket. + default: false + prefix: + type: string + title: Prefix + description: The AWS S3 bucket prefix to consider while searching. + example: folder/ + ignoreBody: + type: boolean + title: Ignore Body + description: If true, the S3 Object body is ignored. Setting this to true overrides any behavior defined by the `includeBody` option. If false, the S3 object is put in the body. + default: false + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + forcePathStyle: + type: boolean + title: Force Path Style + description: Forces path style when accessing AWS S3 buckets. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected bucket. + default: 500 + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: Gets the maximum number of messages as a limit to poll at each polling. Gets the maximum number of messages as a limit to poll at each polling. The default value is 10. Use 0 or a negative number to set it as unlimited. + default: 10 + sqs: + type: object + properties: + arn: + type: string + title: Queue Name + description: The SQS Queue Name or ARN + deleteAfterRead: + type: boolean + title: Auto-delete Messages + description: Delete messages after consuming them + default: true + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateQueue: + type: boolean + title: Autocreate Queue + description: Setting the autocreation of the SQS queue. + default: false + host: + type: string + title: AWS Host + description: The hostname of the Amazon AWS cloud. + default: amazonaws.com + protocol: + type: string + title: Protocol + description: The underlying protocol used to communicate with SQS + default: https + example: http or https + queueURL: + type: string + title: Queue URL + description: The full SQS Queue URL (required if using KEDA) + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected stream + default: 500 + greedy: + type: boolean + title: Greedy Scheduler + description: If greedy is enabled, then the polling will happen immediately again, if the previous run polled 1 or more messages. + default: false + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: The maximum number of messages to return. Amazon SQS never returns more messages than this value (however, fewer messages might be returned). Valid values 1 to 10. Default 1. + default: 1 + waitTimeSeconds: + type: integer + title: Wait Time Seconds + description: The duration (in seconds) for which the call waits for a message to arrive in the queue before returning. If a message is available, the call returns sooner than WaitTimeSeconds. If no messages are available and the wait time expires, the call does not return a message list. + visibilityTimeout: + type: integer + title: Visibility Timeout + description: The duration (in seconds) that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request. + sns: + type: object + properties: + arn: + type: string + title: Topic Name + description: The SNS topic name name or Amazon Resource Name (ARN). + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateTopic: + type: boolean + title: Autocreate Topic + description: Setting the autocreation of the SNS topic. + default: false + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + auth: + description: 'Auth configurations' + type: object + properties: + secret: + description: 'Auth secret' + type: object + properties: + ref: + description: | + Secret reference. + type: object + required: + - name + properties: + name: + description: 'Secret name' + type: string + serviceAccountName: + description: 'Optional ServiceAccount to assign to pod. This enables the pod default credentials to be used instead of the auth secret.' + type: string + status: + description: Status represents the current state of the IntegrationSink. This data may be out of date. + type: object + properties: + address: + description: IntegrationSink is Addressable. It exposes the endpoints as URIs to get events delivered into the used Kamelet. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: IntegrationSink is Addressable. It exposes the endpoints as URIs to get events delivered into the used Kamelet. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: IntegrationSink + plural: integrationsinks + singular: integrationsink + categories: + - all + - knative + - eventing + - sink + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + name: integrationsources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'IntegrationSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' + type: object + properties: + spec: + type: object + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + timer: + type: object + properties: + period: + type: integer + title: Period + description: The interval (in milliseconds) to wait between producing the next message. + default: 1000 + message: + type: string + title: Message + description: The message to generate. + example: hello world + contentType: + type: string + title: Content Type + description: The content type of the generated message. + default: text/plain + repeatCount: + type: integer + title: Repeat Count + description: Specifies a maximum limit of number of fires + aws: + type: object + properties: + s3: + type: object + properties: + arn: + type: string + title: Bucket Name + description: The S3 Bucket name or Amazon Resource Name (ARN). + deleteAfterRead: + type: boolean + title: Auto-delete Objects + description: Specifies to delete objects after consuming them. + default: true + moveAfterRead: + type: boolean + title: Move Objects After Delete + description: Move objects from S3 bucket to a different bucket after they have been retrieved. + default: false + destinationBucket: + type: string + title: Destination Bucket + description: Define the destination bucket where an object must be moved when moveAfterRead is set to true. + destinationBucketPrefix: + type: string + title: Destination Bucket Prefix + description: Define the destination bucket prefix to use when an object must be moved, and moveAfterRead is set to true. + destinationBucketSuffix: + type: string + title: Destination Bucket Suffix + description: Define the destination bucket suffix to use when an object must be moved, and moveAfterRead is set to true. + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateBucket: + type: boolean + title: Autocreate Bucket + description: Specifies to automatically create the S3 bucket. + default: false + prefix: + type: string + title: Prefix + description: The AWS S3 bucket prefix to consider while searching. + example: folder/ + ignoreBody: + type: boolean + title: Ignore Body + description: If true, the S3 Object body is ignored. Setting this to true overrides any behavior defined by the `includeBody` option. If false, the S3 object is put in the body. + default: false + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + forcePathStyle: + type: boolean + title: Force Path Style + description: Forces path style when accessing AWS S3 buckets. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected bucket. + default: 500 + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: Gets the maximum number of messages as a limit to poll at each polling. Gets the maximum number of messages as a limit to poll at each polling. The default value is 10. Use 0 or a negative number to set it as unlimited. + default: 10 + sqs: + type: object + properties: + arn: + type: string + title: Queue Name + description: The SQS Queue Name or ARN + deleteAfterRead: + type: boolean + title: Auto-delete Messages + description: Delete messages after consuming them + default: true + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateQueue: + type: boolean + title: Autocreate Queue + description: Setting the autocreation of the SQS queue. + default: false + host: + type: string + title: AWS Host + description: The hostname of the Amazon AWS cloud. + default: amazonaws.com + protocol: + type: string + title: Protocol + description: The underlying protocol used to communicate with SQS + default: https + example: http or https + queueURL: + type: string + title: Queue URL + description: The full SQS Queue URL (required if using KEDA) + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected stream + default: 500 + greedy: + type: boolean + title: Greedy Scheduler + description: If greedy is enabled, then the polling will happen immediately again, if the previous run polled 1 or more messages. + default: false + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: The maximum number of messages to return. Amazon SQS never returns more messages than this value (however, fewer messages might be returned). Valid values 1 to 10. Default 1. + default: 1 + waitTimeSeconds: + type: integer + title: Wait Time Seconds + description: The duration (in seconds) for which the call waits for a message to arrive in the queue before returning. If a message is available, the call returns sooner than WaitTimeSeconds. If no messages are available and the wait time expires, the call does not return a message list. + visibilityTimeout: + type: integer + title: Visibility Timeout + description: The duration (in seconds) that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request. + ddbStreams: + type: object + properties: + table: + type: string + title: Table + description: The name of the DynamoDB table. + region: + type: string + title: AWS Region + description: The AWS region to access. + streamIteratorType: + type: string + title: Stream Iterator Type + description: Defines where in the DynamoDB stream to start getting records. There are two enums and the value can be one of FROM_LATEST and FROM_START. Note that using FROM_START can cause a significant delay before the stream has caught up to real-time. + default: FROM_LATEST + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll from the database. + default: 500 + auth: + description: 'Auth configurations' + type: object + properties: + secret: + description: 'Auth secret' + type: object + properties: + ref: + description: | + Secret reference. + type: object + required: + - name + properties: + name: + description: 'Secret name' + type: string + serviceAccountName: + description: 'Optional ServiceAccount to assign to pod. This enables the pod default credentials to be used instead of the auth secret.' + type: string + template: + type: object + x-kubernetes-preserve-unknown-fields: true + description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: ".metadata.creationTimestamp" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + categories: + - all + - knative + - sources + kind: IntegrationSource + plural: integrationsources + singular: integrationsource + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: jobsinks.sinks.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: sinks.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'JobSink triggers long-running jobs when an event occur.' + type: object + properties: + spec: + description: Spec defines the desired state of the JobSink. + type: object + properties: + job: + type: object + description: Full Job resource object, see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#job-v1-batch for more details. + x-kubernetes-preserve-unknown-fields: true + status: + description: Status represents the current state of the JobSink. This data may be out of date. + type: object + properties: + address: + description: JobSink is Addressable. It exposes the endpoint as an URI to schedule long running jobs when an even occurs. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: JobSink is Addressable. It exposes the endpoint as an URI to schedule long running jobs when an even occurs. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + job: + type: object + properties: + selector: + type: string + description: Label selector for all scheduled jobs + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: JobSink + plural: jobsinks + singular: jobsink + categories: + - all + - knative + - eventing + - sink + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: parallels.flows.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: flows.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' + type: object + properties: + spec: + description: Spec defines the desired state of the Parallel. + type: object + properties: + branches: + description: Branches is the list of Filter/Subscribers pairs. + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + delivery: + description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + filter: + description: Filter is the expression guarding the branch + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + reply: + description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + subscriber: + description: Subscriber receiving the event when the filter passes + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + type: object + x-kubernetes-preserve-unknown-fields: true + reply: + description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + status: + description: Status represents the current state of the Parallel. This data may be out of date. + type: object + properties: + address: + description: Parallel is Addressable. It exposes the endpoint as an URI to get events delivered into the Parallel. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Parallel is Addressable. It exposes the endpoints as URIs to get events delivered into the Parallel. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + branchStatuses: + description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. + type: array + items: + type: object + properties: + filterChannelStatus: + description: FilterChannelStatus corresponds to the filter channel status. + type: object + properties: + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + filterSubscriptionStatus: + description: FilterSubscriptionStatus corresponds to the filter subscription status. + type: object + properties: + ready: + description: ReadyCondition indicates whether the Subscription is ready or not. + type: object + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + subscription: + description: Subscription is the reference to the underlying Subscription. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + subscriberSubscriptionStatus: + description: SubscriptionStatus corresponds to the subscriber subscription status. + type: object + properties: + ready: + description: ReadyCondition indicates whether the Subscription is ready or not. + type: object + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + subscription: + description: Subscription is the reference to the underlying Subscription. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + ingressChannelStatus: + description: IngressChannelStatus corresponds to the ingress channel status. + type: object + properties: + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Parallel + plural: parallels + singular: parallel + categories: + - all + - knative + - flows + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + annotations: + # TODO add schema + registry.knative.dev/eventTypes: | + [ + { + "type": "dev.knative.sources.ping", + "description": "CloudEvent type for fixed payloads on a specified cron schedule" + } + ] + name: pingsources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' + properties: + spec: + type: object + description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' + properties: + ceOverrides: + description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + type: object + properties: + extensions: + description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + type: object + additionalProperties: + type: string + x-kubernetes-preserve-unknown-fields: true + contentType: + description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' + type: string + data: + description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' + type: string + dataBase64: + description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." + type: string + schedule: + description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' + type: string + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + type: object + properties: + ref: + description: 'Ref points to an Addressable.' + type: object + properties: + apiVersion: + description: 'API version of the referent.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + timezone: + description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' + type: string + status: + type: object + description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + type: array + items: + type: object + properties: + source: + description: 'Source is the CloudEvents source attribute.' + type: string + type: + description: 'Type refers to the CloudEvent type attribute.' + type: string + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + type: integer + format: int64 + sinkUri: + description: 'SinkURI is the current active sink URI that has been configured for the Source.' + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: sinkAudience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Schedule + type: string + jsonPath: .spec.schedule + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: v1beta2 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' + properties: + spec: + type: object + description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' + properties: + ceOverrides: + description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + type: object + properties: + extensions: + description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + type: object + additionalProperties: + type: string + x-kubernetes-preserve-unknown-fields: true + contentType: + description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' + type: string + data: + description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' + type: string + dataBase64: + description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." + type: string + schedule: + description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' + type: string + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + type: object + properties: + ref: + description: 'Ref points to an Addressable.' + type: object + properties: + apiVersion: + description: 'API version of the referent.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + timezone: + description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' + type: string + status: + type: object + description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + type: array + items: + type: object + properties: + source: + description: 'Source is the CloudEvents source attribute.' + type: string + type: + description: 'Type refers to the CloudEvent type attribute.' + type: string + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + type: integer + format: int64 + sinkUri: + description: 'SinkURI is the current active sink URI that has been configured for the Source.' + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: sinkAudience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Schedule + type: string + jsonPath: .spec.schedule + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + # This indicates the v1beta2 version of the custom resource is deprecated. + # API requests to this version receive a warning header in the server response. + deprecated: true + # This overrides the default warning returned to API clients making v1beta2 API requests. + deprecationWarning: "sources.knative.dev/v1beta2 PingSource is deprecated; see https://knative.dev/docs/eventing/sources/ping-source/ for instructions to migrate to sources.knative.dev/v1 PingSource" + # v1 schema is identical to the v1beta2 schema + names: + categories: + - all + - knative + - sources + kind: PingSource + plural: pingsources + singular: pingsource + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + +--- +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: requestreplies.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + description: Spec defines the desired state of the RequestReply. + type: object + properties: + brokerRef: + description: A KReference referring to the broker this RequestReply forwards events to. CrossNamespace references are not allowed. + type: object + properties: + apiVersion: + description: API Version of the broker. + type: string + kind: + description: 'Kind of the broker. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the broker. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + correlationAttribute: + description: The name of the cloudevent attribute where the correlation id will be set on new events. + type: string + replyAttribute: + description: The name of the cloudevents attribute which will hold the correlation id for an event which will be treated as a reply. + type: string + timeout: + description: A ISO8601 string representing how long RequestReply holds onto an incoming request before it times out without a reply. + type: string + delivery: + description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + status: + description: Status represents the current state of the RequestReply. This data may be out of date. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + desiredReplicas: + description: The current replicas (StatefulSet pod + trigger) that are desired + type: integer + readyReplicas: + description: The current replicas (StatefulSet pod + trigger) that are ready + type: integer + address: + description: RequestReply is Addressable. It exposes the endpoint as an URI to get events delivered. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: RequestReply is Addressable. It exposes the endpoints as URIs to get events delivered. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates whichversion of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: ".status.address.url" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: RequestReply + plural: requestreplies + singular: requestreply + shortNames: + - rr + categories: + - all + - knative + - eventing + scope: Namespaced + conversion: + strategy: None + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sequences.flows.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: flows.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' + type: object + properties: + spec: + description: Spec defines the desired state of the Sequence. + type: object + properties: + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + type: object + x-kubernetes-preserve-unknown-fields: true + reply: + description: Reply is a Reference to where the result of the last Subscriber gets sent to. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + type: string + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the reply. + audience: + description: Audience is the OIDC audience of the reply. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + steps: + description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options + type: array + items: + type: object + properties: + delivery: + description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string + status: + description: Status represents the current state of the Sequence. This data may be out of date. + type: object + properties: + address: + description: Sequence is Addressable. It exposes the endpoint as an URI to get events delivered into the Sequence. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Sequence is Addressable. It exposes the endpoints as URIs to get events delivered into the Sequence. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + channelStatuses: + description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. + type: array + items: + type: object + properties: + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscriptionStatuses: + description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. + type: array + items: + type: object + properties: + ready: + description: ReadyCondition indicates whether the Subscription is ready or not. + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + subscription: + description: Subscription is the reference to the underlying Subscription. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Sequence + plural: sequences + singular: sequence + categories: + - all + - knative + - flows + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + duck.knative.dev/binding: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + name: sinkbindings.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' + type: object + properties: + spec: + type: object + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + subject: + description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: Kind of the referent. + type: string + name: + description: Name of the referent. Mutually exclusive with Selector. + type: string + namespace: + description: Namespace of the referent. + type: string + selector: + description: Selector of the referents. Mutually exclusive with Name. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string + oidcTokenSecretName: + description: Name of the secret with the OIDC token for the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + categories: + - all + - knative + - sources + - bindings + kind: SinkBinding + plural: sinkbindings + singular: sinkbinding + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: subscriptions.messaging.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: messaging.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' + type: object + properties: + spec: + type: object + properties: + channel: + description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion, name and namespace. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + delivery: + description: Delivery configuration + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + reply: + description: Reply specifies (optionally) how to handle events returned from the Subscriber target. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + subscriber: + description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the subscription trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + physicalSubscription: + description: PhysicalSubscription is the fully resolved values that this Subscription represents. + type: object + properties: + deadLetterSinkUri: + description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + replyUri: + description: ReplyURI is the fully resolved URI for the spec.reply. + type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string + subscriberUri: + description: SubscriberURI is the fully resolved URI for spec.subscriber. + type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string + additionalPrinterColumns: + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Subscription + plural: subscriptions + singular: subscription + categories: + - all + - knative + - messaging + shortNames: + - sub + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: triggers.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Broker + type: string + jsonPath: .spec.broker + - name: Subscriber_URI + type: string + jsonPath: .status.subscriberUri + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + schema: + openAPIV3Schema: + description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' + type: object + properties: + spec: + description: Spec defines the desired state of the Trigger. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + broker: + description: Broker is the broker that this trigger receives events from. + type: string + brokerRef: + description: 'Reference to a broker that is enabled for cross-namespace referencing. You can specify only the following fields of the KReference: kind, apiVersion, name and namespace.' + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + delivery: + description: Delivery contains the delivery spec for this specific trigger. + type: object + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + format: + description: Format is the format used to serialize the event into a http request when delivering the event. It can be json (for structured events), binary (for binary events), or unset. + type: string + filter: + description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events.' + type: object + properties: + attributes: + description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported.' + type: object + x-kubernetes-preserve-unknown-fields: true + filters: + description: 'Filters is an array of SubscriptionsAPIFilter that evaluate to true or false. If any filter expression in the array evaluates to false, the event must not be sent to the Subscriber. If all the filter expressions in the array evaluate to true, the event must be attempted to be delivered. Absence of a filter or empty array implies a value of true. In the event of users specifying both Filter and Filters, then the latter will override the former. This will allow users to try out the effect of the new Filters field without compromising the existing attribute-based Filter and try it out on existing Trigger objects.' + type: array + items: + type: object + properties: + all: + description: 'All evaluates to true if all the nested expressions evaluate to true. It must contain at least one filter expression.' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + any: + description: 'Any evaluates to true if at least one of the nested expressions evaluates to true. It must contain at least one filter expression.' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + cesql: + description: 'CESQL is a CloudEvents SQL expression that will be evaluated to true or false against each CloudEvent.' + type: string + exact: + description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all exactly match with the associated value String specified (case-sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + not: + description: 'Not evaluates to true if the nested expression evaluates to false.' + type: object + x-kubernetes-preserve-unknown-fields: true + prefix: + description: 'Prefix evaluates to true if the values of the matching CloudEvents attributes all start with the associated value String specified (case sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + suffix: + description: 'Suffix evaluates to true if the values of the matching CloudEvents attributes all end with the associated value String specified (case sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + subscriber: + description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + status: + description: Status represents the current state of the Trigger. This data may be out of date. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscriberUri: + description: SubscriberURI is the resolved URI of the receiver for this Trigger. + type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: OIDC audience of the subscriber. + type: string + names: + kind: Trigger + plural: triggers + singular: trigger + categories: + - all + - knative + - eventing + scope: Namespaced + +--- diff --git a/cmd/operator/kodata/knative-eventing/1.22.1/2-eventing-core.yaml b/cmd/operator/kodata/knative-eventing/1.22.1/2-eventing-core.yaml new file mode 100644 index 0000000000..4346b76dd1 --- /dev/null +++ b/cmd/operator/kodata/knative-eventing/1.22.1/2-eventing-core.yaml @@ -0,0 +1,8475 @@ +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Namespace +metadata: + name: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: eventing-controller + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-controller + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-controller-resolver + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: addressable-resolver + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-controller-source-observer + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: source-observer + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-controller-sources-controller + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-sources-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-controller-manipulator + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: channelable-manipulator + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-controller-crossnamespace-subscriber + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: crossnamespace-subscriber + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: job-sink + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-eventing-job-sink + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: job-sink + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-job-sink + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pingsource-mt-adapter + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-eventing-pingsource-mt-adapter + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: pingsource-mt-adapter + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-pingsource-mt-adapter + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: request-reply + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-eventing-request-reply + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: request-reply + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-request-reply + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: eventing-webhook + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-webhook + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-webhook + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-webhook + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: knative-eventing + name: eventing-webhook + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-webhook + namespace: knative-eventing +roleRef: + kind: Role + name: knative-eventing-webhook + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-webhook-resolver + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-webhook + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: addressable-resolver + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-webhook-podspecable-binding + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-webhook + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: podspecable-binding + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-br-default-channel + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +data: + channel-template-spec: | + apiVersion: messaging.knative.dev/v1 + kind: InMemoryChannel + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-br-defaults + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +data: + # Configures the default for any Broker that does not specify a spec.config or Broker class. + default-br-config: | + clusterDefault: + brokerClass: MTChannelBasedBroker + apiVersion: v1 + kind: ConfigMap + name: config-br-default-channel + namespace: knative-eventing + delivery: + retry: 10 + backoffPolicy: exponential + backoffDelay: PT0.2S + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: default-ch-webhook + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +data: + # Configuration for defaulting channels that do not specify CRD implementations. + default-ch-config: | + clusterDefault: + apiVersion: messaging.knative.dev/v1 + kind: InMemoryChannel + namespaceDefaults: + some-namespace: + apiVersion: messaging.knative.dev/v1 + kind: InMemoryChannel + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-ping-defaults + namespace: knative-eventing + annotations: + knative.dev/example-checksum: "9185c153" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Max number of bytes allowed to be sent for message excluding any + # base64 decoding. Default is no limit set for data + data-max-size: -1 + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: eventing-integrations-images + namespace: knative-eventing + labels: + app.kubernetes.io/version: "v1.22.0" +data: + aws-sqs-sink: gcr.io/knative-releases/aws-sqs-sink@sha256:3c6e15a8e2c735eb6647ba3141e541c352873383d6992072925e3d01d68031a0 + aws-eventbridge-sink: gcr.io/knative-releases/aws-eventbridge-sink@sha256:763954ae8946af146307a3a7152ec27d599ee5475edfa5338eb25826ee083582 + aws-sns-sink: gcr.io/knative-releases/aws-sns-sink@sha256:6fb6ad9359172e1a2461851e5f45daf3c96fec0ea2b4bc5097d68701a04b777f + aws-s3-sink: gcr.io/knative-releases/aws-s3-sink@sha256:5322e981d4e0001d4b74bb122846b08ac3c38d4ff18363294b0c5066854c48f9 + aws-s3-source: gcr.io/knative-releases/aws-s3-source@sha256:2a1b1860d481f1f2ab1aee03bdfa7e4cbd5d25dddfc490f0e7627013e6cac470 + log-sink: gcr.io/knative-releases/log-sink@sha256:b88feae0b7b2aed522b3ef9213e5688263c1db3c7cca495578669e0a2b933ad1 + timer-source: gcr.io/knative-releases/timer-source@sha256:04c01cfd475073732cc84b4c2ea429aead0154197e57fa343ede9557b1b49aee + jsonata-transformer: gcr.io/knative-releases/jsonata-transformer@sha256:7469e73837dee196cba275ed69e7eff5366676379be180ed7de52b1917d4ec07 + aws-sqs-source: gcr.io/knative-releases/aws-sqs-source@sha256:37b11f47f8ec66dc697901028e4b24531e34f7400037e046cebc8369a5cbf882 + aws-ddb-streams-source: gcr.io/knative-releases/aws-ddb-streams-source@sha256:8b6e98cfbe00590faa68eed5855307fe9706b8719ec57c2a7610248fc348954a + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: eventing-transformations-images + namespace: knative-eventing + labels: + app.kubernetes.io/version: "v1.22.0" +data: + transform-jsonata: gcr.io/knative-releases/transform-jsonata@sha256:5cf8c8203be3ac0f8df403f714c27afc84a8cf02a3b9bf7b2f66d7717252a380 + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-features + namespace: knative-eventing + labels: + knative.dev/config-propagation: original + knative.dev/config-category: eventing + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +data: + # ALPHA feature: The kreference-group allows you to use the Group field in KReferences. + # For more details: https://github.com/knative/eventing/issues/5086 + kreference-group: "disabled" + # ALPHA feature: The delivery-retryafter allows you to use the RetryAfter field in DeliverySpec. + # For more details: https://github.com/knative/eventing/issues/5811 + delivery-retryafter: "disabled" + # BETA feature: The delivery-timeout allows you to use the Timeout field in DeliverySpec. + # For more details: https://github.com/knative/eventing/issues/5148 + delivery-timeout: "enabled" + # ALPHA feature: The kreference-mapping allows you to map kreference onto templated URI + # For more details: https://github.com/knative/eventing/issues/5593 + kreference-mapping: "disabled" + # BETA feature: The transport-encryption flag allows you to encrypt events in transit using the transport layer security (TLS) protocol. + # For more details: https://github.com/knative/eventing/issues/5957 + transport-encryption: "disabled" + # ALPHA feature: The eventtype-auto-create flag allows automatic creation of Even Type instances based on Event's type being processed. + # For more details: https://github.com/knative/eventing/issues/6909 + eventtype-auto-create: "disabled" + # ALPHA feature: The aauthentication-oidc flag allows you to use OIDC authentication for Eventing. + # For more details: https://github.com/knative/eventing/issues/7174 + authentication-oidc: "disabled" + # ALPHA feature: The default-authorization-mode flag allows you to change the default + # authorization mode for resources that have no EventPolicy associated with them. + # + # This feature flag is only used when "authentication-oidc" is enabled. + default-authorization-mode: "allow-same-namespace" + # ALPHA feature: The cross-namespace-event-links flag allows you to use cross-namespace referencing for Eventing. + # For more details: https://github.com/knative/eventing/issues/7739 + cross-namespace-event-links: "disabled" + # ALPHA feature: The new-apiserversource-filters flag allows you to use the new `filters` field + # in APIServerSource objects with its rich filtering capabilities. + new-apiserversource-filters: "disabled" + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kreference-mapping + namespace: knative-eventing + labels: + knative.dev/config-propagation: original + knative.dev/config-category: eventing + annotations: + knative.dev/example-checksum: "7375dbe1" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + + # this is an example of mapping from pod to addressable-pod service + # the data key must be of the form "kind.version.group" + # the data value must be a valid URL. Valid template data are: + # - Name: reference name + # - Namespace: reference namespace + # - SystemNamespace: knative namespace + # - UID: reference UID + # + # Pod.v1: https://addressable-pod.{{ .SystemNamespace }}.svc.cluster.local/{{ .Name }} + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + annotations: + knative.dev/example-checksum: "f7948630" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "15s" + + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "10s" + + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "2s" + + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: knative-eventing + labels: + knative.dev/config-propagation: original + knative.dev/config-category: eventing + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +data: + # Common configuration for all Knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "ts", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + # For all components changes are be picked up immediately. + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: knative-eventing + labels: + knative.dev/config-propagation: original + knative.dev/config-category: eventing + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + annotations: + knative.dev/example-checksum: "0270bb17" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics-protocol field specifies the protocol used when exporting metrics + # It supports either 'none' (the default), 'prometheus', 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC) + metrics-protocol: http/protobuf + + # metrics-endpoint field specifies the destination metrics should be exported to. + # + # The endpoint MUST be set when the protocol is http/protobuf or grpc. + # The endpoint MUST NOT be set when the protocol is none. + # + # When the protocol is prometheus the endpoint can accept a 'host:port' string to customize the + # listening host interface and port. + metrics-endpoint: http://collector.otel.svc.cluster.local/ + + # metrics-export-interval specifies the global metrics reporting period for control and data plane components. + # If a zero or negative value is passed the default reporting OTel period is used (60 secs). + metrics-export-interval: 60s + + # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating + # a failure to send a cloud event to the sink. + sink-event-error-reporting.enable: "false" + + # runtime-profiling indicates whether it is allowed to retrieve runtime profiling data from + # the pods via an HTTP server in the format expected by the pprof visualization tool. When + # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. + # The HTTP context root for profiling is then /debug/pprof/. + runtime-profiling: enabled + + # tracing-protocol field specifies the protocol used when exporting traces + # It supports either 'none' (the default), 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC) + # or `stdout` for debugging purposes + tracing-protocol: http/protobuf + + # tracing-endpoint field specifies the destination traces should be exporter to. + # + # The endpoint MUST be set when the protocol is http/protobuf or grpc. + # The endpoint MUST NOT be set when the protocol is none. + tracing-endpoint: http://jaeger-collector.observability:4318/v1/traces + + # tracing-sampling-rate allows the user to specify what percentage of all traces should be exported + # The value should be between 0 (never sample) to 1 (always sample) + tracing-sampling-rate: "1" + +--- +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-sugar + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + annotations: + knative.dev/example-checksum: "62dfac6f" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # namespace-selector specifies a LabelSelector which + # determines which namespaces the Sugar Controller should operate upon + # Use an empty value to disable the feature (this is the default): + namespace-selector: "" + + # Use an empty object as a string to enable for all namespaces + namespace-selector: "{}" + + # trigger-selector specifies a LabelSelector which + # determines which triggers the Sugar Controller should operate upon + # Use an empty value to disable the feature (this is the default): + trigger-selector: "" + + # Use an empty object as string to enable for all triggers + trigger-selector: "{}" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-tracing + namespace: knative-eventing + labels: + knative.dev/config-propagation: original + knative.dev/config-category: eventing + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + annotations: + knative.dev/example-checksum: "04c7e9a3" +data: + _example: | + ########################################################### + # # + # This config is deprecated - use config-observability # + # # + ########################################################### + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: eventing-controller + namespace: knative-eventing + labels: + knative.dev/high-availability: "true" + app.kubernetes.io/component: eventing-controller + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + selector: + matchLabels: + app: eventing-controller + template: + metadata: + labels: + app: eventing-controller + app.kubernetes.io/component: eventing-controller + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: eventing-controller + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: eventing-controller + enableServiceLinks: false + containers: + - name: eventing-controller + terminationMessagePolicy: FallbackToLogsOnError + image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:d415c17fa714a0f017e791a14eb43cd2aec2d01dcae182a6649c064037651382 + resources: + requests: + cpu: 100m + memory: 100Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/eventing + # APIServerSource + - name: APISERVER_RA_IMAGE + value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:f52d91950b4fbe2d7f91815813a79d29178f44d92ab9f89464ff339d4490f490 + - name: AUTH_PROXY_IMAGE + value: gcr.io/knative-releases/knative.dev/eventing/cmd/auth_proxy@sha256:99e5948735f7c2440b6d6dcf77e7225094a53c86263a29467fafdeed385ada31 + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: EVENT_TRANSFORM_JSONATA_IMAGE + valueFrom: + configMapKeyRef: + key: transform-jsonata + name: eventing-transformations-images + - name: INTEGRATION_SOURCE_TIMER_IMAGE + valueFrom: + configMapKeyRef: + key: timer-source + name: eventing-integrations-images + - name: INTEGRATION_SOURCE_AWS_S3_IMAGE + valueFrom: + configMapKeyRef: + key: aws-s3-source + name: eventing-integrations-images + - name: INTEGRATION_SOURCE_AWS_SQS_IMAGE + valueFrom: + configMapKeyRef: + key: aws-sqs-source + name: eventing-integrations-images + - name: INTEGRATION_SOURCE_AWS_DDB_STREAMS_IMAGE + valueFrom: + configMapKeyRef: + key: aws-ddb-streams-source + name: eventing-integrations-images + - name: INTEGRATION_SINK_LOG_IMAGE + valueFrom: + configMapKeyRef: + key: log-sink + name: eventing-integrations-images + - name: INTEGRATION_SINK_AWS_S3_IMAGE + valueFrom: + configMapKeyRef: + key: aws-s3-sink + name: eventing-integrations-images + - name: INTEGRATION_SINK_AWS_SQS_IMAGE + valueFrom: + configMapKeyRef: + key: aws-sqs-sink + name: eventing-integrations-images + - name: INTEGRATION_SINK_AWS_SNS_IMAGE + valueFrom: + configMapKeyRef: + key: aws-sns-sink + name: eventing-integrations-images + ## Adapter settings + # - name: K_LOGGING_CONFIG + # value: '' + # - name: K_LEADER_ELECTION_CONFIG + # value: '' + # - name: K_NO_SHUTDOWN_AFTER + # value: '' + ## Time in seconds the adapter will wait for the sink to respond. Default is no timeout + # - name: K_SINK_TIMEOUT + # value: '' + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: job-sink + namespace: knative-eventing + labels: + app.kubernetes.io/component: job-sink + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + replicas: 1 + selector: + matchLabels: + sinks.knative.dev/sink: job-sink + template: + metadata: + labels: + sinks.knative.dev/sink: job-sink + app.kubernetes.io/component: job-sink + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + sinks.knative.dev/sink: job-sink + topologyKey: kubernetes.io/hostname + weight: 100 + enableServiceLinks: false + containers: + - name: job-sink + terminationMessagePolicy: FallbackToLogsOnError + image: gcr.io/knative-releases/knative.dev/eventing/cmd/jobsink@sha256:874c4edb6e199b65ce28f3918b8e8f78794cd634d66c306c94ec7d92b23e17e5 + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: CONTAINER_NAME + value: job-sink + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/internal/eventing + - name: INGRESS_PORT + value: "8080" + - name: INGRESS_PORT_HTTPS + value: "8443" + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 5 + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + terminationMessagePath: /dev/termination-log + resources: + requests: + cpu: 125m + memory: 64Mi + limits: + cpu: 1000m + memory: 2048Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + serviceAccountName: job-sink +--- +apiVersion: v1 +kind: Service +metadata: + labels: + sinks.knative.dev/sink: job-sink + app.kubernetes.io/component: job-sink + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + name: job-sink + namespace: knative-eventing +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 + - name: http-metrics + port: 9092 + protocol: TCP + targetPort: 9092 + selector: + sinks.knative.dev/sink: job-sink + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pingsource-mt-adapter + namespace: knative-eventing + labels: + app.kubernetes.io/component: pingsource-mt-adapter + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + # when set to 0 (and only 0) will be set to 1 when the first PingSource is created. + replicas: 0 + selector: + matchLabels: + eventing.knative.dev/source: ping-source-controller + sources.knative.dev/role: adapter + template: + metadata: + labels: + eventing.knative.dev/source: ping-source-controller + sources.knative.dev/role: adapter + app.kubernetes.io/component: pingsource-mt-adapter + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + eventing.knative.dev/source: ping-source-controller + sources.knative.dev/role: adapter + topologyKey: kubernetes.io/hostname + weight: 100 + enableServiceLinks: false + containers: + - name: dispatcher + image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:1bb3b16fb7e0e28751704d1f1381a878ecaeb4bf2a4a94e43f20d2ad9a7338d8 + env: + - name: SYSTEM_NAMESPACE + value: '' + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: NAMESPACE + value: '' + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + # DO NOT MODIFY: The values below are being filled by the ping source controller + # See 500-controller.yaml + - name: K_OBSERVABILITY_CONFIG + value: '{}' + - name: K_LOGGING_CONFIG + value: '' + - name: K_LEADER_ELECTION_CONFIG + value: '' + - name: K_NO_SHUTDOWN_AFTER + value: '' + - name: K_SINK_TIMEOUT + value: '-1' + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + ports: + - containerPort: 9090 + name: metrics + protocol: TCP + - name: probes + containerPort: 8080 + resources: + requests: + cpu: 125m + memory: 64Mi + limits: + cpu: 1000m + memory: 2048Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + serviceAccountName: pingsource-mt-adapter + +--- +# Copyright 2025 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: request-reply + namespace: knative-eventing + labels: + app.kubernetes.io/component: request-reply + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + replicas: 1 + selector: + matchLabels: + eventing.knative.dev/part-of: request-reply + template: + metadata: + labels: + eventing.knative.dev/part-of: request-reply + app.kubernetes.io/component: request-reply + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + spec: + containers: + - name: request-reply + image: gcr.io/knative-releases/knative.dev/eventing/cmd/requestreply@sha256:b64d9e9d246d645aa984b7bf8f9ac23aa29257d8a2816f14e212056f65de3296 + volumeMounts: + - name: aes-keys + mountPath: /etc/secrets + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_INDEX + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + - name: HTTP_PORT + value: "8080" + - name: HTTPS_PORT + value: "8443" + - name: SECRETS_PATH + value: "/etc/secrets" + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + serviceAccountName: request-reply + volumes: + - name: aes-keys + secret: + secretName: request-reply-keys + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + labels: + eventing.knative.dev/part-of: request-reply + app.kubernetes.io/component: request-reply + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + name: request-reply + namespace: knative-eventing +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 + selector: + eventing.knative.dev/part-of: request-reply +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + eventing.knative.dev/part-of: request-reply + app.kubernetes.io/component: request-reply + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + name: request-reply-keys + namespace: knative-eventing + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: eventing-webhook + namespace: knative-eventing + labels: + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: eventing-webhook + minReplicas: 1 + maxReplicas: 5 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 100 +--- +# Webhook PDB. +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: eventing-webhook + namespace: knative-eventing + labels: + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + minAvailable: 80% + selector: + matchLabels: + app: eventing-webhook + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: eventing-webhook + namespace: knative-eventing + labels: + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + selector: + matchLabels: + app: eventing-webhook + role: eventing-webhook + template: + metadata: + labels: + app: eventing-webhook + role: eventing-webhook + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: eventing-webhook + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: eventing-webhook + enableServiceLinks: false + containers: + - name: eventing-webhook + terminationMessagePolicy: FallbackToLogsOnError + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:af170f0ff3acb81355bad1db03848f67b824b05c82f248f780fa1c5567a6bdf2 + resources: + requests: + # taken from serving. + cpu: 100m + memory: 50Mi + limits: + # taken from serving. + cpu: 200m + memory: 200Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: METRICS_DOMAIN + value: knative.dev/eventing + - name: WEBHOOK_NAME + value: eventing-webhook + - name: WEBHOOK_PORT + value: "8443" + # SINK_BINDING_SELECTION_MODE specifies the NamespaceSelector and ObjectSelector + # for the sinkbinding webhook. + # If `inclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/include:true` + # will be considered by the sinkbinding webhook; + # If `exclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/exclude:true` + # will NOT be considered by the sinkbinding webhook. + # The default is `exclusion`. + - name: SINK_BINDING_SELECTION_MODE + value: "exclusion" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + ports: + - name: https-webhook + containerPort: 8443 + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + readinessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + initialDelaySeconds: 120 + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + role: eventing-webhook + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + name: eventing-webhook + namespace: knative-eventing +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + role: eventing-webhook + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + annotations: + # TODO add schemas + registry.knative.dev/eventTypes: | + [ + { + "type": "dev.knative.apiserver.resource.add", + "description": "CloudEvent type used for add operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.delete", + "description": "CloudEvent type used for delete operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.update", + "description": "CloudEvent type used for update operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.ref.add", + "description": "CloudEvent type used for add operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.delete", + "description": "CloudEvent type used for delete operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.update", + "description": "CloudEvent type used for update operations when in Reference mode" + } + ] + name: apiserversources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - resources + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + mode: + description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` + type: string + owner: + description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. + type: object + properties: + apiVersion: + description: APIVersion - the API version of the resource to watch. + type: string + kind: + description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + resources: + description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. + type: array + items: + type: object + properties: + apiVersion: + description: APIVersion - the API version of the resource to watch. + type: string + kind: + description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + selector: + description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. + type: string + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + namespaceSelector: + description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string + namespaces: + description: Namespaces show the namespaces currently watched by the ApiServerSource + type: array + items: + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + categories: + - all + - knative + - sources + kind: ApiServerSource + plural: apiserversources + singular: apiserversource + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: brokers.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' + type: object + properties: + spec: + description: Spec defines the desired state of the Broker. + type: object + properties: + config: + description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + delivery: + description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + status: + description: Status represents the current state of the Broker. This data may be out of date. + type: object + properties: + address: + description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Broker is Addressable. It exposes the endpoints as URIs to get events delivered into the Broker mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: Class + type: string + priority: 1 + jsonPath: '.metadata.annotations.eventing\.knative\.dev/broker\.class' + names: + kind: Broker + plural: brokers + singular: broker + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: channels.messaging.knative.dev + labels: + knative.dev/crd-install: "true" + messaging.knative.dev/subscribable: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: messaging.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + schema: + openAPIV3Schema: + description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' + type: object + properties: + spec: + description: Spec defines the desired state of the Channel. + type: object + properties: + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + type: object + x-kubernetes-preserve-unknown-fields: true + delivery: + description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + subscribers: + description: This is the list of subscriptions for this subscribable. + type: array + items: + type: object + properties: + delivery: + description: DeliverySpec contains options controlling the event delivery + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + generation: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + name: + description: The name of the subscription + type: string + replyUri: + description: ReplyURI is the endpoint for the reply + type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string + subscriberUri: + description: SubscriberURI is the endpoint for the subscriber + type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + status: + description: Status represents the current state of the Channel. This data may be out of date. + type: object + properties: + address: + description: Channel is Addressable. It exposes the endpoint as an URI to get events delivered into the Channel mesh. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Channel is Addressable. It exposes the endpoints as URIs to get events delivered into the Channel mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + channel: + description: Channel is an KReference to the Channel CRD backing this Channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + deadLetterChannel: + description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscribers: + description: This is the list of subscription's statuses for this channel. + type: array + items: + type: object + properties: + message: + description: A human readable message indicating details of Ready status. + type: string + observedGeneration: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + ready: + description: Status of the subscriber. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + names: + kind: Channel + plural: channels + singular: channel + categories: + - all + - knative + - messaging + - channel + shortNames: + - ch + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + name: containersources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' + type: object + properties: + spec: + type: object + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. + template: + type: object + x-kubernetes-preserve-unknown-fields: true + description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + categories: + - all + - knative + - sources + kind: ContainerSource + plural: containersources + singular: containersource + scope: Namespaced + +--- +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventpolicies.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + description: Spec defines the desired state of the EventPolicy. + type: object + properties: + from: + description: From is the list of sources or oidc identities, which are allowed to send events to the targets (.spec.to). + type: array + items: + type: object + properties: + ref: + description: Ref contains a direct reference to a resource which is allowed to send events to the target. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + sub: + description: Sub sets the OIDC identity name to be allowed to send events to the target. It is also possible to set a glob-like pattern to match any suffix. + type: string + to: + description: To lists all resources for which this policy applies. Resources in this list must act like an ingress and have an audience. The resources are part of the same namespace as the EventPolicy. An empty list means it applies to all resources in the EventPolicies namespace + type: array + items: + type: object + properties: + ref: + description: Ref contains the direct reference to a target + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + selector: + description: Selector contains a selector to group targets + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + filters: + description: 'Filters is an array of SubscriptionsAPIFilters that evaluate to true or false. If any filter expression in the array evaluates to false, the event will not continue pass the ingress of the target resources of the policy' + type: array + items: + type: object + properties: + all: + description: 'All evaluates to true if all the nested expressions evaluate to true. It must contain at least one filter expression' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + any: + description: 'Any evaluates to true if any of the nested expressions evaluate to true. It must contain at least one filter expression' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + cesql: + description: 'CESQL is a CloudEvents SQL v1 expression that will evaluate to true or false for each CloudEvent.' + type: string + exact: + description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all exactly match with the associated value string specified (case sensitive)' + type: object + x-kubernetes-preserve-unknown-fields: true + not: + description: 'Not evaluates to true if the nested expression evaluates to false.' + type: object + x-kubernetes-preserve-unknown-fields: true + prefix: + description: 'Prefix evaluates to true if the values of the matching CloudEvents attributes all start with the associated value string specified (case sensitive)' + type: object + x-kubernetes-preserve-unknown-fields: true + suffix: + description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all end with the associated value string specified (case sensitive)' + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status represents the current state of the EventPolicy. This data may be out of date. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + from: + description: From is the list of resolved oidc identities from .spec.from + type: array + items: + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: EventPolicy + plural: eventpolicies + singular: eventpolicy + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2025 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventtransforms.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + description: Spec defines the desired state of the EventTransform. + type: object + properties: + jsonata: + type: object + properties: + expression: + description: Expression is the JSONata expression (https://jsonata.org/). + type: string + reply: + description: | + Reply is the configuration on how to handle responses from Sink. It can only be set if Sink is set. + Only one "type" can be used. + The used type must match the top-level transformation, if you need to mix transformation types, use compositions and chain transformations together to achieve your desired outcome. + type: object + properties: + jsonata: + type: object + properties: + expression: + description: Expression is the JSONata expression (https://jsonata.org/). + type: string + discard: + description: | + Discard discards responses from Sink and return empty response body. + When set to false, it returns the exact sink response body. + When set to true, Discard is mutually exclusive with EventTransformations in the reply + section, it can either be discarded or transformed. + Default: false. + type: boolean + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink. If not present, the transformation will send back the transformed event as response, this is useful to leverage the built-in Broker reply feature to re-publish a transformed event back to the broker. ' + type: object + properties: + CACerts: + description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any. + type: string + audience: + description: Audience is the OIDC audience. This need only be set, if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. In case the Addressable specifies an Audience too, the Destinations Audience takes preference. + type: string + ref: + description: Ref points to an Addressable. + type: object + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + status: + description: Status represents the current state of the EventTransform. This data may be out of date. + type: object + properties: + address: + description: Address is a single Addressable address. If Addresses is present, Address will be ignored by clients. + type: object + required: + - url + properties: + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + addresses: + description: Addresses is a list of addresses for different protocols (HTTP and HTTPS) If Addresses is present, Address must be ignored by clients. + type: array + items: + type: object + required: + - url + properties: + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth defines the attributes that provide the generated service account name in the resource status. + type: object + required: + - serviceAccountName + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. This list can have len() > 1, when the component uses multiple identities (e.g. in case of a Parallel). + type: array + items: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + jsonata: + description: JsonataTransformationStatus is the status associated with JsonataEventTransformationSpec. + type: object + properties: + deployment: + type: object + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. + type: integer + format: int32 + collisionCount: + description: Count of hash collisions for the Deployment. The Deployment controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ReplicaSet. + type: integer + format: int32 + conditions: + description: Represents the latest available observations of a deployment's current state. + type: array + items: + type: object + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + lastUpdateTime: + description: The last time this condition was updated. + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of deployment condition. + type: string + observedGeneration: + description: The generation observed by the deployment controller. + type: integer + format: int64 + readyReplicas: + description: readyReplicas is the number of pods targeted by this Deployment with a Ready Condition. + type: integer + format: int32 + replicas: + description: Total number of non-terminated pods targeted by this deployment (their labels match the selector). + type: integer + format: int32 + unavailableReplicas: + description: Total number of unavailable pods targeted by this deployment. This is the total number of pods that are still required for the deployment to have 100% available capacity. They may either be pods that are running but not yet available or pods that still have not been created. + type: integer + format: int32 + updatedReplicas: + description: Total number of non-terminated pods targeted by this deployment that have the desired template spec. + type: integer + format: int32 + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkAudience: + description: SinkAudience is the OIDC audience of the sink. + type: string + sinkCACerts: + description: SinkCACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: ".status.address.url" + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: EventTransform + plural: eventtransforms + singular: eventtransform + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventtypes.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1beta3 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + address: + description: 'Address points to a specific Address Name' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + attributes: + description: "CloudEvent attribute and extension attributes." + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: "Name of the CloudEvent attribute." + required: + type: boolean + description: "Indicates whether the attribute is required." + value: + type: string + description: "Value of the attribute. May be a template string using curly brackets {} to represent variable sections of the string." + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.attributes[?(@.name=='type')].value" + - name: Source + type: string + jsonPath: ".spec.attributes[?(@.name=='source')].value" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: v1beta2 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + broker: + type: string + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + address: + description: 'Address points to a specific Address Name' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + schema: + description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' + type: string + schemaData: + description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' + type: string + source: + description: 'Source is a URI, it represents the CloudEvents source.' + type: string + type: + description: 'Type represents the CloudEvents type. It is authoritative.' + type: string + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.type" + - name: Source + type: string + jsonPath: ".spec.source" + - name: Schema + type: string + jsonPath: ".spec.schema" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'EventType represents a type of event that can be consumed from a resource.' + properties: + spec: + description: 'Spec defines the desired state of the EventType.' + type: object + properties: + broker: + type: string + reference: + description: Reference a resource. For example, Broker. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string + address: + description: 'Address points to a specific Address Name' + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + schema: + description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' + type: string + schemaData: + description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' + type: string + source: + description: 'Source is a URI, it represents the CloudEvents source.' + type: string + type: + description: 'Type represents the CloudEvents type. It is authoritative.' + type: string + status: + description: 'Status represents the current state of the EventType. This data may be out of date.' + type: object + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: Type + type: string + jsonPath: ".spec.type" + - name: Source + type: string + jsonPath: ".spec.source" + - name: Schema + type: string + jsonPath: ".spec.schema" + - name: Reference Name + type: string + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" + - name: Description + type: string + jsonPath: ".spec.description" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + # This indicates the v1beta1 version of the custom resource is deprecated. + # API requests to this version receive a warning header in the server response. + deprecated: true + # This overrides the default warning returned to API clients making v1beta1 API requests. + deprecationWarning: "eventing.knative.dev/v1beta1 EventType is deprecated; see https://knative.dev/docs/eventing/event-registry/ for instructions to migrate to eventing.knative.dev/v1beta2 EventType" + # v1beta1 schema is identical to the v1beta2 schema + names: + kind: EventType + plural: eventtypes + singular: eventtype + categories: + - all + - knative + - eventing + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: integrationsinks.sinks.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: sinks.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'IntegrationSink sends events to generic event sink' + type: object + properties: + spec: + description: Spec defines the desired state of the IntegrationSink. + type: object + properties: + log: + type: object + properties: + loggerName: + type: string + title: Logger Name + description: Name of the logging category to use + default: log-sink + level: + type: string + title: Log Level + description: Logging level to use + default: INFO + logMask: + type: boolean + title: Log Mask + description: Mask sensitive information like password or passphrase in the log + default: false + marker: + type: string + title: Marker + description: An optional Marker name to use + multiline: + type: boolean + title: Multiline + description: If enabled then each information is outputted on a newline + default: false + showAllProperties: + type: boolean + title: Show All Properties + description: Show all of the exchange properties (both internal and custom) + default: false + showBody: + type: boolean + title: Show Body + description: Show the message body + default: true + showBodyType: + type: boolean + title: Show Body Type + description: Show the body Java type + default: true + showExchangePattern: + type: boolean + title: Show Exchange Pattern + description: Shows the Message Exchange Pattern (or MEP for short) + default: true + showHeaders: + type: boolean + title: Show Headers + description: Show the headers received + default: false + showProperties: + type: boolean + title: Show Properties + description: Show the exchange properties (only custom). Use showAllProperties to show both internal and custom properties. + default: false + showStreams: + type: boolean + title: Show Streams + description: Show the stream bodies (they may not be available in following steps) + default: false + showCachedStreams: + type: boolean + title: Show Cached Streams + description: Whether Camel should show cached stream bodies or not. + default: true + aws: + type: object + properties: + s3: + type: object + properties: + arn: + type: string + title: Bucket Name + description: The S3 Bucket name or Amazon Resource Name (ARN). + deleteAfterRead: + type: boolean + title: Auto-delete Objects + description: Specifies to delete objects after consuming them. + default: true + moveAfterRead: + type: boolean + title: Move Objects After Delete + description: Move objects from S3 bucket to a different bucket after they have been retrieved. + default: false + destinationBucket: + type: string + title: Destination Bucket + description: Define the destination bucket where an object must be moved when moveAfterRead is set to true. + destinationBucketPrefix: + type: string + title: Destination Bucket Prefix + description: Define the destination bucket prefix to use when an object must be moved, and moveAfterRead is set to true. + destinationBucketSuffix: + type: string + title: Destination Bucket Suffix + description: Define the destination bucket suffix to use when an object must be moved, and moveAfterRead is set to true. + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateBucket: + type: boolean + title: Autocreate Bucket + description: Specifies to automatically create the S3 bucket. + default: false + prefix: + type: string + title: Prefix + description: The AWS S3 bucket prefix to consider while searching. + example: folder/ + ignoreBody: + type: boolean + title: Ignore Body + description: If true, the S3 Object body is ignored. Setting this to true overrides any behavior defined by the `includeBody` option. If false, the S3 object is put in the body. + default: false + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + forcePathStyle: + type: boolean + title: Force Path Style + description: Forces path style when accessing AWS S3 buckets. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected bucket. + default: 500 + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: Gets the maximum number of messages as a limit to poll at each polling. Gets the maximum number of messages as a limit to poll at each polling. The default value is 10. Use 0 or a negative number to set it as unlimited. + default: 10 + sqs: + type: object + properties: + arn: + type: string + title: Queue Name + description: The SQS Queue Name or ARN + deleteAfterRead: + type: boolean + title: Auto-delete Messages + description: Delete messages after consuming them + default: true + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateQueue: + type: boolean + title: Autocreate Queue + description: Setting the autocreation of the SQS queue. + default: false + host: + type: string + title: AWS Host + description: The hostname of the Amazon AWS cloud. + default: amazonaws.com + protocol: + type: string + title: Protocol + description: The underlying protocol used to communicate with SQS + default: https + example: http or https + queueURL: + type: string + title: Queue URL + description: The full SQS Queue URL (required if using KEDA) + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected stream + default: 500 + greedy: + type: boolean + title: Greedy Scheduler + description: If greedy is enabled, then the polling will happen immediately again, if the previous run polled 1 or more messages. + default: false + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: The maximum number of messages to return. Amazon SQS never returns more messages than this value (however, fewer messages might be returned). Valid values 1 to 10. Default 1. + default: 1 + waitTimeSeconds: + type: integer + title: Wait Time Seconds + description: The duration (in seconds) for which the call waits for a message to arrive in the queue before returning. If a message is available, the call returns sooner than WaitTimeSeconds. If no messages are available and the wait time expires, the call does not return a message list. + visibilityTimeout: + type: integer + title: Visibility Timeout + description: The duration (in seconds) that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request. + sns: + type: object + properties: + arn: + type: string + title: Topic Name + description: The SNS topic name name or Amazon Resource Name (ARN). + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateTopic: + type: boolean + title: Autocreate Topic + description: Setting the autocreation of the SNS topic. + default: false + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + auth: + description: 'Auth configurations' + type: object + properties: + secret: + description: 'Auth secret' + type: object + properties: + ref: + description: | + Secret reference. + type: object + required: + - name + properties: + name: + description: 'Secret name' + type: string + serviceAccountName: + description: 'Optional ServiceAccount to assign to pod. This enables the pod default credentials to be used instead of the auth secret.' + type: string + status: + description: Status represents the current state of the IntegrationSink. This data may be out of date. + type: object + properties: + address: + description: IntegrationSink is Addressable. It exposes the endpoints as URIs to get events delivered into the used Kamelet. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: IntegrationSink is Addressable. It exposes the endpoints as URIs to get events delivered into the used Kamelet. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: IntegrationSink + plural: integrationsinks + singular: integrationsink + categories: + - all + - knative + - eventing + - sink + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + name: integrationsources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'IntegrationSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' + type: object + properties: + spec: + type: object + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + timer: + type: object + properties: + period: + type: integer + title: Period + description: The interval (in milliseconds) to wait between producing the next message. + default: 1000 + message: + type: string + title: Message + description: The message to generate. + example: hello world + contentType: + type: string + title: Content Type + description: The content type of the generated message. + default: text/plain + repeatCount: + type: integer + title: Repeat Count + description: Specifies a maximum limit of number of fires + aws: + type: object + properties: + s3: + type: object + properties: + arn: + type: string + title: Bucket Name + description: The S3 Bucket name or Amazon Resource Name (ARN). + deleteAfterRead: + type: boolean + title: Auto-delete Objects + description: Specifies to delete objects after consuming them. + default: true + moveAfterRead: + type: boolean + title: Move Objects After Delete + description: Move objects from S3 bucket to a different bucket after they have been retrieved. + default: false + destinationBucket: + type: string + title: Destination Bucket + description: Define the destination bucket where an object must be moved when moveAfterRead is set to true. + destinationBucketPrefix: + type: string + title: Destination Bucket Prefix + description: Define the destination bucket prefix to use when an object must be moved, and moveAfterRead is set to true. + destinationBucketSuffix: + type: string + title: Destination Bucket Suffix + description: Define the destination bucket suffix to use when an object must be moved, and moveAfterRead is set to true. + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateBucket: + type: boolean + title: Autocreate Bucket + description: Specifies to automatically create the S3 bucket. + default: false + prefix: + type: string + title: Prefix + description: The AWS S3 bucket prefix to consider while searching. + example: folder/ + ignoreBody: + type: boolean + title: Ignore Body + description: If true, the S3 Object body is ignored. Setting this to true overrides any behavior defined by the `includeBody` option. If false, the S3 object is put in the body. + default: false + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + forcePathStyle: + type: boolean + title: Force Path Style + description: Forces path style when accessing AWS S3 buckets. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected bucket. + default: 500 + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: Gets the maximum number of messages as a limit to poll at each polling. Gets the maximum number of messages as a limit to poll at each polling. The default value is 10. Use 0 or a negative number to set it as unlimited. + default: 10 + sqs: + type: object + properties: + arn: + type: string + title: Queue Name + description: The SQS Queue Name or ARN + deleteAfterRead: + type: boolean + title: Auto-delete Messages + description: Delete messages after consuming them + default: true + region: + type: string + title: AWS Region + description: The AWS region to access. + autoCreateQueue: + type: boolean + title: Autocreate Queue + description: Setting the autocreation of the SQS queue. + default: false + host: + type: string + title: AWS Host + description: The hostname of the Amazon AWS cloud. + default: amazonaws.com + protocol: + type: string + title: Protocol + description: The underlying protocol used to communicate with SQS + default: https + example: http or https + queueURL: + type: string + title: Queue URL + description: The full SQS Queue URL (required if using KEDA) + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll of the selected stream + default: 500 + greedy: + type: boolean + title: Greedy Scheduler + description: If greedy is enabled, then the polling will happen immediately again, if the previous run polled 1 or more messages. + default: false + maxMessagesPerPoll: + type: integer + title: Max Messages Per Poll + description: The maximum number of messages to return. Amazon SQS never returns more messages than this value (however, fewer messages might be returned). Valid values 1 to 10. Default 1. + default: 1 + waitTimeSeconds: + type: integer + title: Wait Time Seconds + description: The duration (in seconds) for which the call waits for a message to arrive in the queue before returning. If a message is available, the call returns sooner than WaitTimeSeconds. If no messages are available and the wait time expires, the call does not return a message list. + visibilityTimeout: + type: integer + title: Visibility Timeout + description: The duration (in seconds) that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request. + ddbStreams: + type: object + properties: + table: + type: string + title: Table + description: The name of the DynamoDB table. + region: + type: string + title: AWS Region + description: The AWS region to access. + streamIteratorType: + type: string + title: Stream Iterator Type + description: Defines where in the DynamoDB stream to start getting records. There are two enums and the value can be one of FROM_LATEST and FROM_START. Note that using FROM_START can cause a significant delay before the stream has caught up to real-time. + default: FROM_LATEST + uriEndpointOverride: + type: string + title: Overwrite Endpoint URI + description: The overriding endpoint URI. To use this option, you must also select the `overrideEndpoint` option. + overrideEndpoint: + type: boolean + title: Endpoint Overwrite + description: Select this option to override the endpoint URI. To use this option, you must also provide a URI for the `uriEndpointOverride` option. + default: false + delay: + type: integer + title: Delay + description: The number of milliseconds before the next poll from the database. + default: 500 + auth: + description: 'Auth configurations' + type: object + properties: + secret: + description: 'Auth secret' + type: object + properties: + ref: + description: | + Secret reference. + type: object + required: + - name + properties: + name: + description: 'Secret name' + type: string + serviceAccountName: + description: 'Optional ServiceAccount to assign to pod. This enables the pod default credentials to be used instead of the auth secret.' + type: string + template: + type: object + x-kubernetes-preserve-unknown-fields: true + description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: ".metadata.creationTimestamp" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + categories: + - all + - knative + - sources + kind: IntegrationSource + plural: integrationsources + singular: integrationsource + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: jobsinks.sinks.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: sinks.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'JobSink triggers long-running jobs when an event occur.' + type: object + properties: + spec: + description: Spec defines the desired state of the JobSink. + type: object + properties: + job: + type: object + description: Full Job resource object, see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#job-v1-batch for more details. + x-kubernetes-preserve-unknown-fields: true + status: + description: Status represents the current state of the JobSink. This data may be out of date. + type: object + properties: + address: + description: JobSink is Addressable. It exposes the endpoint as an URI to schedule long running jobs when an even occurs. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: JobSink is Addressable. It exposes the endpoint as an URI to schedule long running jobs when an even occurs. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + job: + type: object + properties: + selector: + type: string + description: Label selector for all scheduled jobs + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: JobSink + plural: jobsinks + singular: jobsink + categories: + - all + - knative + - eventing + - sink + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: parallels.flows.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: flows.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' + type: object + properties: + spec: + description: Spec defines the desired state of the Parallel. + type: object + properties: + branches: + description: Branches is the list of Filter/Subscribers pairs. + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + delivery: + description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + filter: + description: Filter is the expression guarding the branch + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + reply: + description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + subscriber: + description: Subscriber receiving the event when the filter passes + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + type: object + x-kubernetes-preserve-unknown-fields: true + reply: + description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + status: + description: Status represents the current state of the Parallel. This data may be out of date. + type: object + properties: + address: + description: Parallel is Addressable. It exposes the endpoint as an URI to get events delivered into the Parallel. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Parallel is Addressable. It exposes the endpoints as URIs to get events delivered into the Parallel. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + branchStatuses: + description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. + type: array + items: + type: object + properties: + filterChannelStatus: + description: FilterChannelStatus corresponds to the filter channel status. + type: object + properties: + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + filterSubscriptionStatus: + description: FilterSubscriptionStatus corresponds to the filter subscription status. + type: object + properties: + ready: + description: ReadyCondition indicates whether the Subscription is ready or not. + type: object + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + subscription: + description: Subscription is the reference to the underlying Subscription. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + subscriberSubscriptionStatus: + description: SubscriptionStatus corresponds to the subscriber subscription status. + type: object + properties: + ready: + description: ReadyCondition indicates whether the Subscription is ready or not. + type: object + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + subscription: + description: Subscription is the reference to the underlying Subscription. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + ingressChannelStatus: + description: IngressChannelStatus corresponds to the ingress channel status. + type: object + properties: + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Parallel + plural: parallels + singular: parallel + categories: + - all + - knative + - flows + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + annotations: + # TODO add schema + registry.knative.dev/eventTypes: | + [ + { + "type": "dev.knative.sources.ping", + "description": "CloudEvent type for fixed payloads on a specified cron schedule" + } + ] + name: pingsources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' + properties: + spec: + type: object + description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' + properties: + ceOverrides: + description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + type: object + properties: + extensions: + description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + type: object + additionalProperties: + type: string + x-kubernetes-preserve-unknown-fields: true + contentType: + description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' + type: string + data: + description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' + type: string + dataBase64: + description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." + type: string + schedule: + description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' + type: string + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + type: object + properties: + ref: + description: 'Ref points to an Addressable.' + type: object + properties: + apiVersion: + description: 'API version of the referent.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + timezone: + description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' + type: string + status: + type: object + description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + type: array + items: + type: object + properties: + source: + description: 'Source is the CloudEvents source attribute.' + type: string + type: + description: 'Type refers to the CloudEvent type attribute.' + type: string + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + type: integer + format: int64 + sinkUri: + description: 'SinkURI is the current active sink URI that has been configured for the Source.' + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: sinkAudience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Schedule + type: string + jsonPath: .spec.schedule + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: v1beta2 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' + properties: + spec: + type: object + description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' + properties: + ceOverrides: + description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + type: object + properties: + extensions: + description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + type: object + additionalProperties: + type: string + x-kubernetes-preserve-unknown-fields: true + contentType: + description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' + type: string + data: + description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' + type: string + dataBase64: + description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." + type: string + schedule: + description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' + type: string + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + type: object + properties: + ref: + description: 'Ref points to an Addressable.' + type: object + properties: + apiVersion: + description: 'API version of the referent.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + timezone: + description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' + type: string + status: + type: object + description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + type: array + items: + type: object + properties: + source: + description: 'Source is the CloudEvents source attribute.' + type: string + type: + description: 'Type refers to the CloudEvent type attribute.' + type: string + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + type: integer + format: int64 + sinkUri: + description: 'SinkURI is the current active sink URI that has been configured for the Source.' + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: sinkAudience is the OIDC audience of the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Schedule + type: string + jsonPath: .spec.schedule + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + # This indicates the v1beta2 version of the custom resource is deprecated. + # API requests to this version receive a warning header in the server response. + deprecated: true + # This overrides the default warning returned to API clients making v1beta2 API requests. + deprecationWarning: "sources.knative.dev/v1beta2 PingSource is deprecated; see https://knative.dev/docs/eventing/sources/ping-source/ for instructions to migrate to sources.knative.dev/v1 PingSource" + # v1 schema is identical to the v1beta2 schema + names: + categories: + - all + - knative + - sources + kind: PingSource + plural: pingsources + singular: pingsource + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + +--- +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: requestreplies.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + description: Spec defines the desired state of the RequestReply. + type: object + properties: + brokerRef: + description: A KReference referring to the broker this RequestReply forwards events to. CrossNamespace references are not allowed. + type: object + properties: + apiVersion: + description: API Version of the broker. + type: string + kind: + description: 'Kind of the broker. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the broker. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + correlationAttribute: + description: The name of the cloudevent attribute where the correlation id will be set on new events. + type: string + replyAttribute: + description: The name of the cloudevents attribute which will hold the correlation id for an event which will be treated as a reply. + type: string + timeout: + description: A ISO8601 string representing how long RequestReply holds onto an incoming request before it times out without a reply. + type: string + delivery: + description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + status: + description: Status represents the current state of the RequestReply. This data may be out of date. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + desiredReplicas: + description: The current replicas (StatefulSet pod + trigger) that are desired + type: integer + readyReplicas: + description: The current replicas (StatefulSet pod + trigger) that are ready + type: integer + address: + description: RequestReply is Addressable. It exposes the endpoint as an URI to get events delivered. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: RequestReply is Addressable. It exposes the endpoints as URIs to get events delivered. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates whichversion of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: ".status.address.url" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: RequestReply + plural: requestreplies + singular: requestreply + shortNames: + - rr + categories: + - all + - knative + - eventing + scope: Namespaced + conversion: + strategy: None + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sequences.flows.knative.dev + labels: + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: flows.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' + type: object + properties: + spec: + description: Spec defines the desired state of the Sequence. + type: object + properties: + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + type: object + x-kubernetes-preserve-unknown-fields: true + reply: + description: Reply is a Reference to where the result of the last Subscriber gets sent to. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + type: string + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the reply. + audience: + description: Audience is the OIDC audience of the reply. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + steps: + description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options + type: array + items: + type: object + properties: + delivery: + description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string + status: + description: Status represents the current state of the Sequence. This data may be out of date. + type: object + properties: + address: + description: Sequence is Addressable. It exposes the endpoint as an URI to get events delivered into the Sequence. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Sequence is Addressable. It exposes the endpoints as URIs to get events delivered into the Sequence. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + channelStatuses: + description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. + type: array + items: + type: object + properties: + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscriptionStatuses: + description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. + type: array + items: + type: object + properties: + ready: + description: ReadyCondition indicates whether the Subscription is ready or not. + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + subscription: + description: Subscription is the reference to the underlying Subscription. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Sequence + plural: sequences + singular: sequence + categories: + - all + - knative + - flows + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + duck.knative.dev/binding: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + name: sinkbindings.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' + type: object + properties: + spec: + type: object + properties: + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + x-kubernetes-preserve-unknown-fields: true + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + subject: + description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: Kind of the referent. + type: string + name: + description: Name of the referent. Mutually exclusive with Selector. + type: string + namespace: + description: Namespace of the referent. + type: string + selector: + description: Selector of the referents. Mutually exclusive with Name. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + sinkAudience: + description: Audience is the OIDC audience of the sink. + type: string + oidcTokenSecretName: + description: Name of the secret with the OIDC token for the sink. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + categories: + - all + - knative + - sources + - bindings + kind: SinkBinding + plural: sinkbindings + singular: sinkbinding + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: subscriptions.messaging.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: messaging.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' + type: object + properties: + spec: + type: object + properties: + channel: + description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion, name and namespace. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + delivery: + description: Delivery configuration + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + reply: + description: Reply specifies (optionally) how to handle events returned from the Subscriber target. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + subscriber: + description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the subscription trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + status: + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + physicalSubscription: + description: PhysicalSubscription is the fully resolved values that this Subscription represents. + type: object + properties: + deadLetterSinkUri: + description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + replyUri: + description: ReplyURI is the fully resolved URI for the spec.reply. + type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string + subscriberUri: + description: SubscriberURI is the fully resolved URI for spec.subscriber. + type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string + additionalPrinterColumns: + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Subscription + plural: subscriptions + singular: subscription + categories: + - all + - knative + - messaging + shortNames: + - sub + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: triggers.eventing.knative.dev + labels: + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Broker + type: string + jsonPath: .spec.broker + - name: Subscriber_URI + type: string + jsonPath: .status.subscriberUri + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + schema: + openAPIV3Schema: + description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' + type: object + properties: + spec: + description: Spec defines the desired state of the Trigger. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + broker: + description: Broker is the broker that this trigger receives events from. + type: string + brokerRef: + description: 'Reference to a broker that is enabled for cross-namespace referencing. You can specify only the following fields of the KReference: kind, apiVersion, name and namespace.' + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + delivery: + description: Delivery contains the delivery spec for this specific trigger. + type: object + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + format: + description: Format is the format used to serialize the event into a http request when delivering the event. It can be json (for structured events), binary (for binary events), or unset. + type: string + filter: + description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events.' + type: object + properties: + attributes: + description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported.' + type: object + x-kubernetes-preserve-unknown-fields: true + filters: + description: 'Filters is an array of SubscriptionsAPIFilter that evaluate to true or false. If any filter expression in the array evaluates to false, the event must not be sent to the Subscriber. If all the filter expressions in the array evaluate to true, the event must be attempted to be delivered. Absence of a filter or empty array implies a value of true. In the event of users specifying both Filter and Filters, then the latter will override the former. This will allow users to try out the effect of the new Filters field without compromising the existing attribute-based Filter and try it out on existing Trigger objects.' + type: array + items: + type: object + properties: + all: + description: 'All evaluates to true if all the nested expressions evaluate to true. It must contain at least one filter expression.' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + any: + description: 'Any evaluates to true if at least one of the nested expressions evaluates to true. It must contain at least one filter expression.' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + cesql: + description: 'CESQL is a CloudEvents SQL expression that will be evaluated to true or false against each CloudEvent.' + type: string + exact: + description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all exactly match with the associated value String specified (case-sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + not: + description: 'Not evaluates to true if the nested expression evaluates to false.' + type: object + x-kubernetes-preserve-unknown-fields: true + prefix: + description: 'Prefix evaluates to true if the values of the matching CloudEvents attributes all start with the associated value String specified (case sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + suffix: + description: 'Suffix evaluates to true if the values of the matching CloudEvents attributes all end with the associated value String specified (case sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + subscriber: + description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + status: + description: Status represents the current state of the Trigger. This data may be out of date. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscriberUri: + description: SubscriberURI is the resolved URI of the receiver for this Trigger. + type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: OIDC audience of the subscriber. + type: string + names: + kind: Trigger + plural: triggers + singular: trigger + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need readonly access to "Addressables" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addressable-resolver + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/addressable: "true" +rules: [] # Rules are automatically filled in by the controller manager. +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: service-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: serving-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - serving.knative.dev + resources: + - routes + - routes/status + - services + - services/status + verbs: + - get + - list + - watch +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: channel-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - messaging.knative.dev + resources: + - channels + - channels/status + verbs: + - get + - list + - watch + - apiGroups: + - messaging.knative.dev + resources: + - channels/finalizers + verbs: + - update +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: broker-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - eventing.knative.dev + resources: + - brokers + - brokers/status + verbs: + - get + - list + - watch +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: flows-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - flows.knative.dev + resources: + - sequences + - sequences/status + - parallels + - parallels/status + verbs: + - get + - list + - watch +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: jobsinks-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - sinks.knative.dev + resources: + - jobsinks + - jobsinks/status + verbs: + - get + - list + - watch +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: integrationsinks-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - sinks.knative.dev + resources: + - integrationsinks + - integrationsinks/status + verbs: + - get + - list + - watch +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: eventtransforms-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - eventing.knative.dev + resources: + - eventtransforms + - eventtransforms/status + verbs: + - get + - list + - watch + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: knative-eventing-auth-proxy + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "configmaps" + resourceNames: + - "config-logging" + - "config-features" + verbs: + - "get" + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "list" + - "watch" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: eventing-broker-filter + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "eventing.knative.dev" + resources: + - "triggers" + - "triggers/status" + verbs: + - "get" + - "list" + - "watch" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: eventing-broker-ingress + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "get" + - "list" + - "watch" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: eventing-config-reader + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "get" + - "list" + - "watch" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need read and update permissions on "Channelables". +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: channelable-manipulator + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/channelable: "true" +rules: [] # Rules are automatically filled in by the controller manager. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: meta-channelable-manipulator + labels: + duck.knative.dev/channelable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. +rules: + - apiGroups: + - messaging.knative.dev + resources: + - channels + - channels/status + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-eventing-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["eventing.knative.dev"] + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-messaging-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["messaging.knative.dev"] + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-flows-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["flows.knative.dev"] + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-sources-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["sources.knative.dev"] + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-bindings-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["bindings.knative.dev"] + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-sinks-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["sinks.knative.dev"] + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-eventing-namespaced-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev", "sinks.knative.dev"] + resources: ["*"] + verbs: ["create", "update", "patch", "delete"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-eventing-namespaced-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev", "sinks.knative.dev"] + resources: ["*"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-eventing-eventpolicy-reader + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: ["eventing.knative.dev"] + resources: ["eventpolicies"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-controller + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "namespaces" + - "secrets" + - "configmaps" + - "services" + - "endpoints" + - "events" + - "serviceaccounts" + - "pods" + - "serviceaccounts/token" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Brokers and the namespace annotation controllers manipulate Deployments. + # RequestReply controller needs to manipulate StatefulSets + - apiGroups: + - "apps" + resources: + - "deployments" + - "statefulsets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "get" + - "list" + - "watch" + # PingSource and EventTransform controllers manipulate Deployment and ConfigMap owner reference + - apiGroups: + - "apps" + - "" + resources: + - "deployments/finalizers" + - "configmaps/finalizers" + verbs: + - "update" + # The namespace annotation controller needs to manipulate RoleBindings. + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - "rolebindings" + - "roles" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Our own resources and statuses we care about. + - apiGroups: + - "eventing.knative.dev" + resources: + - "brokers" + - "brokers/status" + - "triggers" + - "triggers/status" + - "eventtypes" + - "eventtypes/status" + - "eventpolicies" + - "eventpolicies/status" + - "eventtransforms" + - "eventtransforms/status" + - "requestreplies" + - "requestreplies/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + - apiGroups: + - "sinks.knative.dev" + resources: + - "jobsinks" + - "jobsinks/status" + - "integrationsinks" + - "integrationsinks/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Eventing resources and finalizers we care about. + - apiGroups: + - "eventing.knative.dev" + resources: + - "brokers/finalizers" + - "triggers/finalizers" + - "eventtransforms/finalizers" + verbs: + - "update" + # EventTransform controller manipulates SinkBinding owner reference + - apiGroups: + - "sources.knative.dev" + resources: + - "sinkbindings/finalizers" + verbs: + - "update" + # EventTransform controller manipulates Service owner reference + - apiGroups: + - "" + resources: + - "services/finalizers" + verbs: + - "update" + - apiGroups: + - "sinks.knative.dev" + resources: + - "jobsinks/finalizers" + - "integrationsinks/finalizers" + verbs: + - "update" + # Our own resources and statuses we care about. + - apiGroups: + - "messaging.knative.dev" + resources: + - "sequences" + - "sequences/status" + - "channels" + - "channels/status" + - "parallels" + - "parallels/status" + - "subscriptions" + - "subscriptions/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Flow resources and statuses we care about. + - apiGroups: + - "flows.knative.dev" + resources: + - "sequences" + - "sequences/status" + - "parallels" + - "parallels/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Messaging resources and finalizers we care about. + - apiGroups: + - "messaging.knative.dev" + resources: + - "sequences/finalizers" + - "parallels/finalizers" + - "channels/finalizers" + verbs: + - "update" + # Flows resources and finalizers we care about. + - apiGroups: + - "flows.knative.dev" + resources: + - "sequences/finalizers" + - "parallels/finalizers" + verbs: + - "update" + # The subscription controller needs to retrieve and watch CustomResourceDefinitions. + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" + # For leader election + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + - apiGroups: + - "cert-manager.io" + resources: + - "certificates" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # EventTransform controller manipulates Certificate owner reference + - apiGroups: + - "cert-manager.io" + resources: + - "certificates/finalizers" + verbs: + - "update" + - apiGroups: + - "acme.cert-manager.io" + resources: + - "challenges" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + +--- +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need cluster wide crossnamespace subscribe permissions for all resources +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: crossnamespace-subscriber + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/crossnamespace-subscribable: "true" +rules: [] # rules are automatically filled in by the controller manager. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: channel-subscriber + labels: + duck.knative.dev/crossnamespace-subscribable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - messaging.knative.dev + resources: + - channels + verbs: + - knsubscribe +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: broker-subscriber + labels: + duck.knative.dev/crossnamespace-subscribable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - eventing.knative.dev + resources: + - brokers + verbs: + - knsubscribe + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-job-sink + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "configmaps" + - "secrets" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "create" + - "update" + - "delete" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "create" + - "update" + - "delete" + - "get" + - "list" + - "watch" + - apiGroups: + - sinks.knative.dev + resources: + - jobsinks + - jobsinks/status + verbs: + - get + - list + - watch + - patch + - apiGroups: + - sinks.knative.dev + resources: + - jobsinks/finalizers + verbs: + - "patch" + - apiGroups: + - "" + resources: + - events + verbs: + - "create" + - "patch" + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - eventing.knative.dev + resources: + - eventpolicies + verbs: + - get + - list + - watch + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-pingsource-mt-adapter + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + verbs: + - "create" + - apiGroups: + - sources.knative.dev + resources: + - pingsources + - pingsources/status + verbs: + - get + - list + - watch + - patch + - apiGroups: + - sources.knative.dev + resources: + - pingsources/finalizers + verbs: + - "patch" + - apiGroups: + - "" + resources: + - events + verbs: + - "create" + - "patch" + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need readonly access to "PodSpecables" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: podspecable-binding + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/podspecable: "true" +rules: [] # Rules are automatically filled in by the controller manager. +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: builtin-podspecable-binding + labels: + duck.knative.dev/podspecable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "podspecable-binding role. +rules: + # To patch the subjects of our bindings + - apiGroups: + - "apps" + resources: + - "deployments" + - "daemonsets" + - "statefulsets" + - "replicasets" + verbs: + - "list" + - "watch" + - "patch" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "list" + - "watch" + - "patch" + +--- +# Copyright 2025 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-request-reply + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "configmaps" + - "secrets" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - eventing.knative.dev + resources: + - requestreplies + - requestreplies/status + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - "create" + - "patch" + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - eventing.knative.dev + resources: + - eventpolicies + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need to read "Sources". +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: source-observer + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/source: "true" +rules: [] # Rules are automatically filled in by the controller manager. +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: eventing-sources-source-observer + labels: + duck.knative.dev/source: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "source-observer" role. +rules: + - apiGroups: + - sources.knative.dev + resources: + - apiserversources + - pingsources + - sinkbindings + - containersources + - integrationsources + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-sources-controller + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "secrets" + - "configmaps" + - "services" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Deployments admin + - apiGroups: + - "apps" + resources: + - "deployments" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Source resources and statuses we care about. + - apiGroups: + - "sources.knative.dev" + resources: + - "sinkbindings" + - "sinkbindings/status" + - "sinkbindings/finalizers" + - "apiserversources" + - "apiserversources/status" + - "apiserversources/finalizers" + - "pingsources" + - "pingsources/status" + - "pingsources/finalizers" + - "containersources" + - "containersources/status" + - "containersources/finalizers" + - "integrationsources" + - "integrationsources/status" + - "integrationsources/finalizers" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Knative Services admin + - apiGroups: + - serving.knative.dev + resources: + - services + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # EventTypes admin + - apiGroups: + - eventing.knative.dev + resources: + - eventtypes + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Events admin + - apiGroups: + - "" + resources: + - events + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # Authorization checker + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-webhook + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + # For watching logging configuration and getting certs. + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "create" + - "update" + - "delete" + - "get" + - "list" + - "watch" + # For manipulating certs into secrets. + - apiGroups: + - "" + resources: + - "namespaces" + verbs: + - "get" + - "create" + - "update" + - "list" + - "watch" + - "patch" + # finalizers are needed for the owner reference of the webhook + - apiGroups: + - "" + resources: + - "namespaces/finalizers" + verbs: + - "update" + # For getting our Deployment so we can decorate with ownerref. + - apiGroups: + - "apps" + resources: + - "deployments" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "deployments/finalizers" + verbs: + - update + # For actually registering our webhook. + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - "mutatingwebhookconfigurations" + - "validatingwebhookconfigurations" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # For running the SinkBinding reconciler. + - apiGroups: + - "sources.knative.dev" + resources: + - "sinkbindings" + - "sinkbindings/status" + - "sinkbindings/finalizers" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # For leader election + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # For creating events + - apiGroups: + - "" + - "events.k8s.io" + resources: + - "events" + verbs: + - "get" + - "list" + - "create" + - "patch" + - apiGroups: + - eventing.knative.dev + resources: + - eventpolicies + verbs: + - get + - list + - watch + # For the SinkBinding reconciler adding the OIDC identity service accounts + - apiGroups: + - "" + resources: + - "serviceaccounts" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # For the SinkBinding reconciler creating the sinkbinding token secret + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + verbs: + - "create" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # For checking if user has permissions to make a cross namespace resource + - apiGroups: + - "authorization.k8s.io" + resources: + - "subjectaccessreviews" + verbs: + - "create" + # Necessary for conversion webhook. These are copied from the serving + # TODO: Do we really need all these permissions? + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create"] + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: knative-eventing + name: knative-eventing-webhook + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + # For manipulating certs into secrets. + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - "create" + - "update" + - "list" + - "watch" + - "patch" + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.eventing.knative.dev + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + sideEffects: None + failurePolicy: Ignore + name: config.webhook.eventing.knative.dev + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: ["knative-eventing"] + timeoutSeconds: 10 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.eventing.knative.dev + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: webhook.eventing.knative.dev + timeoutSeconds: 10 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.eventing.knative.dev + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: validation.webhook.eventing.knative.dev + timeoutSeconds: 10 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: eventing-webhook-certs + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# The data is populated at install time. + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: sinkbindings.webhook.sources.knative.dev + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + failurePolicy: Fail + sideEffects: None + name: sinkbindings.webhook.sources.knative.dev + timeoutSeconds: 10 + +--- diff --git a/cmd/operator/kodata/knative-eventing/1.22.1/3-eventing-tls-networking.yaml b/cmd/operator/kodata/knative-eventing/1.22.1/3-eventing-tls-networking.yaml new file mode 100644 index 0000000000..c6a0f4d9a8 --- /dev/null +++ b/cmd/operator/kodata/knative-eventing/1.22.1/3-eventing-tls-networking.yaml @@ -0,0 +1,184 @@ +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: job-sink-server-tls + namespace: knative-eventing +spec: + # Secret names are always required. + secretName: job-sink-server-tls + secretTemplate: + labels: + app.kubernetes.io/component: job-sink + app.kubernetes.io/name: knative-eventing + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - local + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + rotationPolicy: Always + dnsNames: + - job-sink.knative-eventing.svc.cluster.local + - job-sink.knative-eventing.svc + issuerRef: + name: knative-eventing-ca-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: imc-dispatcher-server-tls + namespace: knative-eventing +spec: + # Secret names are always required. + secretName: imc-dispatcher-server-tls + secretTemplate: + labels: + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/name: knative-eventing + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - local + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + rotationPolicy: Always + dnsNames: + - imc-dispatcher.knative-eventing.svc.cluster.local + - imc-dispatcher.knative-eventing.svc + issuerRef: + name: knative-eventing-ca-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: mt-broker-filter-server-tls + namespace: knative-eventing +spec: + # Secret names are always required. + secretName: mt-broker-filter-server-tls + secretTemplate: + labels: + app.kubernetes.io/component: broker-filter + app.kubernetes.io/name: knative-eventing + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - local + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + rotationPolicy: Always + dnsNames: + - broker-filter.knative-eventing.svc.cluster.local + - broker-filter.knative-eventing.svc + issuerRef: + name: knative-eventing-ca-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: mt-broker-ingress-server-tls + namespace: knative-eventing +spec: + # Secret names are always required. + secretName: mt-broker-ingress-server-tls + secretTemplate: + labels: + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/name: knative-eventing + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - local + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + rotationPolicy: Always + dnsNames: + - broker-ingress.knative-eventing.svc.cluster.local + - broker-ingress.knative-eventing.svc + issuerRef: + name: knative-eventing-ca-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- diff --git a/cmd/operator/kodata/knative-eventing/1.22.1/4-in-memory-channel.yaml b/cmd/operator/kodata/knative-eventing/1.22.1/4-in-memory-channel.yaml new file mode 100644 index 0000000000..b108ca28b5 --- /dev/null +++ b/cmd/operator/kodata/knative-eventing/1.22.1/4-in-memory-channel.yaml @@ -0,0 +1,1290 @@ +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: imc-controller + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: imc-controller + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: imc-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: imc-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: knative-eventing + name: imc-controller + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: imc-controller + namespace: knative-eventing +roleRef: + kind: Role + name: knative-inmemorychannel-webhook + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: imc-controller-resolver + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: imc-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: addressable-resolver + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: imc-dispatcher + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: imc-dispatcher + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: imc-dispatcher + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: imc-dispatcher + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: imc-dispatcher-tls-role-binding + namespace: knative-eventing +subjects: + - kind: ServiceAccount + name: imc-dispatcher + apiGroup: "" +roleRef: + kind: Role + name: imc-dispatcher-tls-role + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: imc-dispatcher-tls-role + namespace: knative-eventing +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-imc-event-dispatcher + namespace: knative-eventing + labels: + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +data: + MaxIdleConnections: "1000" + MaxIdleConnectionsPerHost: "100" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: imc-controller + namespace: knative-eventing + labels: + knative.dev/high-availability: "true" + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + selector: + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller + template: + metadata: + labels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: imc-controller + enableServiceLinks: false + containers: + - name: controller + image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:f070ee10ef4b8508cea18aeef302957e8dd401a50060bf6274383fdeca4af0ee + env: + - name: WEBHOOK_NAME + value: inmemorychannel-webhook + - name: WEBHOOK_PORT + value: "8443" + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/inmemorychannel-controller + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: DISPATCHER_IMAGE + value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:3f515e0d7ddae339f87eafaccf1a654b915d47fcf8fb2633bc6d3de867380a8e + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + readinessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + initialDelaySeconds: 120 + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + name: inmemorychannel-webhook + namespace: knative-eventing +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + selector: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: imc-dispatcher + namespace: knative-eventing + labels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + selector: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + ports: + - name: http-dispatcher + port: 80 + protocol: TCP + targetPort: 8080 + - name: https-dispatcher + port: 443 + protocol: TCP + targetPort: 8443 + - name: http-metrics + port: 9090 + targetPort: 9090 + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: imc-dispatcher + namespace: knative-eventing + labels: + knative.dev/high-availability: "true" + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + selector: + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + template: + metadata: + labels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: imc-dispatcher + enableServiceLinks: false + containers: + - name: dispatcher + image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:3f515e0d7ddae339f87eafaccf1a654b915d47fcf8fb2633bc6d3de867380a8e + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 5 + env: + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/inmemorychannel-dispatcher + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CONTAINER_NAME + value: dispatcher + - name: MAX_IDLE_CONNS + value: "1000" + - name: MAX_IDLE_CONNS_PER_HOST + value: "1000" + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + - containerPort: 9090 + name: metrics + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: inmemorychannels.messaging.knative.dev + labels: + knative.dev/crd-install: "true" + messaging.knative.dev/subscribable: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + group: messaging.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'InMemoryChannel is a resource representing an in memory channel' + type: object + properties: + spec: + description: Spec defines the desired state of the Channel. + type: object + properties: + delivery: + description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + subscribers: + description: This is the list of subscriptions for this subscribable. + type: array + items: + type: object + properties: + delivery: + description: DeliverySpec contains options controlling the event delivery + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the target itself. If specified, it takes precedence over the target's Audience. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + generation: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + name: + description: The name of the subscription + type: string + namespace: + description: The namespace of the subscription + type: string + replyUri: + description: ReplyURI is the endpoint for the reply + type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string + subscriberUri: + description: SubscriberURI is the endpoint for the subscriber + type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + status: + description: Status represents the current state of the Channel. This data may be out of date. + type: object + properties: + address: + description: InMemoryChannel is Addressable. It exposes the endpoint as an URI to get events delivered into the channel mesh. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: InMemoryChannel is Addressable. It exposes the endpoints as URIs to get events delivered into the channel mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + deadLetterChannel: + description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter ref if one is specified in the Spec.Delivery. + type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscribers: + description: This is the list of subscription's statuses for this channel. + type: array + items: + type: object + properties: + message: + description: A human readable message indicating details of Ready status. + type: string + observedGeneration: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + ready: + description: Status of the subscriber. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + serviceAccountNames: + description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. + type: array + items: + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: InMemoryChannel + plural: inmemorychannels + singular: inmemorychannel + categories: + - all + - knative + - messaging + - channel + shortNames: + - imc + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imc-addressable-resolver + labels: + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imc-channelable-manipulator + labels: + duck.knative.dev/channelable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imc-controller + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - get + - list + - watch + - update + - knsubscribe + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels/finalizers + verbs: + - update + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels/finalizers + - inmemorychannels/status + - inmemorychannels + verbs: + - patch + - apiGroups: + - eventing.knative.dev + resources: + - eventpolicies + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + - serviceaccounts + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - rolebindings + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + # For actually registering our webhook. + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - "mutatingwebhookconfigurations" + - "validatingwebhookconfigurations" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # For manipulating certs into secrets. + - apiGroups: + - "" + resources: + - "namespaces" + verbs: + - "get" + - "create" + - "update" + - "list" + - "watch" + - "patch" + # finalizers are needed for the owner reference of the webhook + - apiGroups: + - "" + resources: + - "namespaces/finalizers" + verbs: + - "update" + +--- +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imc-subscriber + labels: + duck.knative.dev/crossnamespace-subscribable: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + verbs: + - knsubscribe + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imc-dispatcher + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - get + - list + - watch + - apiGroups: + - "" # Core API group. + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + # Create OIDC tokens + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + verbs: + - create + # Updates the finalizer so we can remove our handlers when channel is deleted + # Patches the status.subscribers to reflect when the subscription dataplane has been + # configured. + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels/finalizers + - inmemorychannels/status + - inmemorychannels + verbs: + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - eventing.knative.dev + resources: + - eventtypes + - eventpolicies + verbs: + - get + - list + - watch + - apiGroups: + - eventing.knative.dev + resources: + - eventtypes + verbs: + - create + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: knative-eventing + name: knative-inmemorychannel-webhook + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + # For manipulating certs into secrets. + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - "create" + - "update" + - "list" + - "watch" + - "patch" + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: inmemorychannel.eventing.knative.dev + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: inmemorychannel-webhook + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: inmemorychannel.eventing.knative.dev + timeoutSeconds: 10 + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.inmemorychannel.eventing.knative.dev + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: inmemorychannel-webhook + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: validation.inmemorychannel.eventing.knative.dev + timeoutSeconds: 10 + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: inmemorychannel-webhook-certs + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +# The data is populated at install time. + +--- diff --git a/cmd/operator/kodata/knative-eventing/1.22.1/5-mt-channel-broker.yaml b/cmd/operator/kodata/knative-eventing/1.22.1/5-mt-channel-broker.yaml new file mode 100644 index 0000000000..22c3d5eac4 --- /dev/null +++ b/cmd/operator/kodata/knative-eventing/1.22.1/5-mt-channel-broker.yaml @@ -0,0 +1,900 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-mt-channel-broker-controller + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + # Configs resources and status we care about. + - apiGroups: + - "" + resources: + - "namespaces/finalizers" + verbs: + - "update" + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + - apiGroups: + - eventing.knative.dev + resources: + - brokers + verbs: + - "knsubscribe" + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-mt-broker-filter + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - eventing.knative.dev + resources: + - brokers + - brokers/status + - triggers + - triggers/status + - eventpolicies + verbs: + - get + - list + - watch + # get subscription of trigger for AuthZ + - apiGroups: + - messaging.knative.dev + resources: + - subscriptions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + verbs: + - create + - apiGroups: + - "eventing.knative.dev" + resources: + - "eventtypes" + verbs: + - "get" + - "list" + - "watch" + - "create" + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: mt-broker-filter + namespace: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - get + - list + - watch + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mt-broker-filter + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-mt-broker-ingress + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - eventing.knative.dev + resources: + - eventtypes + verbs: + - create + - get + - list + - watch + - apiGroups: + - eventing.knative.dev + resources: + - brokers + - eventpolicies + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - get + - list + - watch + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: mt-broker-ingress + namespace: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - "serviceaccounts/token" + resourceNames: + - "mt-broker-ingress-oidc" + verbs: + - create + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mt-broker-ingress-oidc + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mt-broker-ingress + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-mt-channel-broker-controller + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-mt-channel-broker-controller + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-eventing-mt-broker-filter + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: mt-broker-filter + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-mt-broker-filter + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: mt-broker-filter + namespace: knative-eventing +subjects: + - kind: ServiceAccount + name: mt-broker-filter + namespace: knative-eventing +roleRef: + kind: Role + name: mt-broker-filter + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-eventing-mt-broker-ingress + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: mt-broker-ingress + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-mt-broker-ingress + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: mt-broker-ingress + namespace: knative-eventing +subjects: + - kind: ServiceAccount + name: mt-broker-ingress + namespace: knative-eventing +roleRef: + kind: Role + name: mt-broker-ingress + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mt-broker-filter + namespace: knative-eventing + labels: + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + selector: + matchLabels: + eventing.knative.dev/brokerRole: filter + template: + metadata: + labels: + eventing.knative.dev/brokerRole: filter + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + spec: + serviceAccountName: mt-broker-filter + enableServiceLinks: false + containers: + - name: filter + terminationMessagePolicy: FallbackToLogsOnError + image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:f84959192762624c20c5ccaa21f94b606f23352255ebec73758694b941083ee3 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 5 + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + terminationMessagePath: /dev/termination-log + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: CONTAINER_NAME + value: filter + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/internal/eventing + - name: FILTER_PORT + value: "8080" + - name: FILTER_PORT_HTTPS + value: "8443" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault +--- +apiVersion: v1 +kind: Service +metadata: + labels: + eventing.knative.dev/brokerRole: filter + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + name: broker-filter + namespace: knative-eventing +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 + - name: http-metrics + port: 9092 + protocol: TCP + targetPort: 9092 + selector: + eventing.knative.dev/brokerRole: filter + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mt-broker-ingress + namespace: knative-eventing + labels: + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + selector: + matchLabels: + eventing.knative.dev/brokerRole: ingress + template: + metadata: + labels: + eventing.knative.dev/brokerRole: ingress + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + spec: + serviceAccountName: mt-broker-ingress + enableServiceLinks: false + containers: + - name: ingress + terminationMessagePolicy: FallbackToLogsOnError + image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:9fe32471f307b30f18cda873522c95d15f86958143f7d792249983ffc74c1ffc + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 5 + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + terminationMessagePath: /dev/termination-log + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: CONTAINER_NAME + value: ingress + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/internal/eventing + - name: INGRESS_PORT + value: "8080" + - name: INGRESS_PORT_HTTPS + value: "8443" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault +--- +apiVersion: v1 +kind: Service +metadata: + labels: + eventing.knative.dev/brokerRole: ingress + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + name: broker-ingress + namespace: knative-eventing +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 + - name: http-metrics + port: 9092 + protocol: TCP + targetPort: 9092 + selector: + eventing.knative.dev/brokerRole: ingress + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mt-broker-controller + namespace: knative-eventing + labels: + app.kubernetes.io/component: mt-broker-controller + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + bindings.knative.dev/exclude: "true" +spec: + selector: + matchLabels: + app: mt-broker-controller + template: + metadata: + labels: + app: mt-broker-controller + app.kubernetes.io/component: broker-controller + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: mt-broker-controller + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: eventing-controller + enableServiceLinks: false + containers: + - name: mt-broker-controller + terminationMessagePolicy: FallbackToLogsOnError + image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:20f8963441260bbd35a7915f1760ad13e23ad7515137aca45f3c11b661ca5e74 + resources: + requests: + cpu: 100m + memory: 100Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/eventing + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: broker-ingress-hpa + namespace: knative-eventing + labels: + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: mt-broker-ingress + minReplicas: 1 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 70 +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: broker-filter-hpa + namespace: knative-eventing + labels: + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: mt-broker-filter + minReplicas: 1 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 70 + +--- diff --git a/cmd/operator/kodata/knative-eventing/1.22.1/6-eventing-post-install.yaml b/cmd/operator/kodata/knative-eventing/1.22.1/6-eventing-post-install.yaml new file mode 100644 index 0000000000..840e282651 --- /dev/null +++ b/cmd/operator/kodata/knative-eventing/1.22.1/6-eventing-post-install.yaml @@ -0,0 +1,247 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-post-install-job-role + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +rules: + # Storage version upgrader needs to be able to patch CRDs. + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + - "customresourcedefinitions/status" + verbs: + - "get" + - "list" + - "update" + - "patch" + - "watch" + # Our own resources we care about. + - apiGroups: + - "sources.knative.dev" + resources: + - "apiserversources" + - "apiserversources/finalizers" + - "apiserversources/status" + - "containersources" + - "containersources/finalizers" + - "containersources/status" + - "pingsources" + - "pingsources/finalizers" + - "pingsources/status" + - "sinkbindings" + - "sinkbindings/finalizers" + - "sinkbindings/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "eventing.knative.dev" + resources: + - "brokers" + - "brokers/finalizers" + - "brokers/status" + - "eventtypes" + - "eventtypes/finalizers" + - "eventtypes/status" + - "triggers" + - "triggers/finalizers" + - "triggers/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "messaging.knative.dev" + resources: + - "channels" + - "channels/finalizers" + - "channels/status" + - "inmemorychannels" + - "inmemorychannels/finalizers" + - "inmemorychannels/status" + - "subscriptions" + - "subscriptions/finalizers" + - "subscriptions/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "flows.knative.dev" + resources: + - "parallels" + - "parallels/finalizers" + - "parallels/status" + - "sequences" + - "sequences/finalizers" + - "sequences/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "sinks.knative.dev" + resources: + - "jobsinks" + - "jobsinks/finalizers" + - "jobsinks/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + verbs: + - "get" + - "list" + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: knative-eventing-post-install-job + namespace: knative-eventing + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-eventing-post-install-job-role-binding + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: knative-eventing-post-install-job + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-post-install-job-role + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + generateName: storage-version-migration-eventing- + namespace: knative-eventing + labels: + app: "storage-version-migration-eventing" + app.kubernetes.io/name: knative-eventing + app.kubernetes.io/component: storage-version-migration-job + app.kubernetes.io/version: "1.22.1" +spec: + ttlSecondsAfterFinished: 600 + backoffLimit: 10 + template: + metadata: + labels: + app: "storage-version-migration-eventing" + app.kubernetes.io/name: knative-eventing + app.kubernetes.io/component: storage-version-migration-job + app.kubernetes.io/version: "1.22.1" + sidecar.istio.io/inject: "false" + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: knative-eventing-post-install-job + restartPolicy: OnFailure + containers: + - name: migrate + image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:fa50f73000a0abce4170fb47854bef6b4626a201b221b567fec3a6f291f11d3e + env: + - name: IGNORE_NOT_FOUND + value: "true" + args: + - "apiserversources.sources.knative.dev" + - "brokers.eventing.knative.dev" + - "channels.messaging.knative.dev" + - "containersources.sources.knative.dev" + - "eventtypes.eventing.knative.dev" + - "inmemorychannels.messaging.knative.dev" + - "parallels.flows.knative.dev" + - "pingsources.sources.knative.dev" + - "sequences.flows.knative.dev" + - "sinkbindings.sources.knative.dev" + - "subscriptions.messaging.knative.dev" + - "triggers.eventing.knative.dev" + - "jobsinks.sinks.knative.dev" + - "eventpolicies.eventing.knative.dev" + - "integrationsources.sources.knative.dev" + - "integrationsinks.sinks.knative.dev" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + +--- diff --git a/cmd/operator/kodata/knative-serving/1.21.3/1-serving-crds.yaml b/cmd/operator/kodata/knative-serving/1.21.3/1-serving-crds.yaml new file mode 100644 index 0000000000..5130936768 --- /dev/null +++ b/cmd/operator/kodata/knative-serving/1.21.3/1-serving-crds.yaml @@ -0,0 +1,6704 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: certificates.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Certificate is responsible for provisioning a SSL certificate for the + given hosts. It is a Knative abstraction for various SSL certificate + provisioning solutions (such as cert-manager or self-signed SSL certificate). + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the Certificate. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - dnsNames + - secretName + properties: + dnsNames: + description: |- + DNSNames is a list of DNS names the Certificate could support. + The wildcard format of DNSNames (e.g. *.default.example.com) is supported. + type: array + items: + type: string + domain: + description: Domain is the top level domain of the values for DNSNames. + type: string + secretName: + description: SecretName is the name of the secret resource to store the SSL certificate in. + type: string + status: + description: |- + Status is the current state of the Certificate. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + http01Challenges: + description: |- + HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled + in order to get the TLS certificate.. + type: array + items: + description: |- + HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs + to fulfill. + type: object + properties: + serviceName: + description: ServiceName is the name of the service to serve HTTP01 challenge requests. + type: string + serviceNamespace: + description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. + type: string + servicePort: + description: ServicePort is the port of the service to serve HTTP01 challenge requests. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + url: + description: URL is the URL that the HTTP01 challenge is expected to serve on. + type: string + notAfter: + description: |- + The expiration time of the TLS certificate stored in the secret named + by this resource in spec.secretName. + type: string + format: date-time + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Certificate + plural: certificates + singular: certificate + categories: + - knative-internal + - networking + shortNames: + - kcert + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: configurations.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" + duck.knative.dev/podspecable: "true" +spec: + group: serving.knative.dev + names: + kind: Configuration + plural: configurations + singular: configuration + categories: + - all + - knative + - serving + shortNames: + - config + - cfg + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Configuration represents the "floating HEAD" of a linear history of Revisions. + Users create new Revisions by updating the Configuration's spec. + The "latest created" revision's name is available under status, as is the + "latest ready" revision's name. + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ConfigurationSpec holds the desired state of the Configuration (from the client). + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + resourceFieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps or Secrets + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. This can only be set to explicitly to 'false' + type: boolean + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. + type: boolean + hostAliases: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + hostIPC: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc + type: boolean + hostNetwork: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + type: boolean + hostPID: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid + type: boolean + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + priorityClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + schedulerName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + securityContext: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace + type: boolean + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi + type: object + x-kubernetes-preserve-unknown-fields: true + emptyDir: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + hostPath: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath + type: object + x-kubernetes-preserve-unknown-fields: true + image: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-image + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + status: + description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: |- + LatestCreatedRevisionName is the last revision that was created from this + Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: |- + LatestReadyRevisionName holds the name of the latest Revision stamped out + from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterdomainclaims.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the ClusterDomainClaim. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - namespace + properties: + namespace: + description: |- + Namespace is the namespace which is allowed to create a DomainMapping + using this ClusterDomainClaim's name. + type: string + names: + kind: ClusterDomainClaim + plural: clusterdomainclaims + singular: clusterdomainclaim + categories: + - knative-internal + - networking + shortNames: + - cdc + scope: Cluster + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: domainmappings.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + versions: + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + "schema": + "openAPIV3Schema": + description: DomainMapping is a mapping from a custom hostname to an Addressable. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the DomainMapping. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - ref + properties: + ref: + description: |- + Ref specifies the target of the Domain Mapping. + + The object identified by the Ref must be an Addressable with a URL of the + form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, + and `{name}` and `{namespace}` are the name and namespace of a Kubernetes + Service. + + This contract is satisfied by Knative types such as Knative Services and + Knative Routes, and by Kubernetes Services. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: |- + Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. + Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086 + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + This is optional field, it gets defaulted to the object holding it if left out. + type: string + tls: + description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. + type: object + required: + - secretName + properties: + secretName: + description: SecretName is the name of the existing secret used to terminate TLS traffic. + type: string + status: + description: |- + Status is the current state of the DomainMapping. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + address: + description: Address holds the information needed for a DomainMapping to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + url: + description: URL is the URL of this DomainMapping. + type: string + names: + kind: DomainMapping + plural: domainmappings + singular: domainmapping + categories: + - all + - knative + - serving + shortNames: + - dm + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ingresses.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Ingress is a collection of rules that allow inbound connections to reach the endpoints defined + by a backend. An Ingress can be configured to give services externally-reachable URLs, load + balance traffic, offer name based virtual hosting, etc. + + This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress + which some highlighted modifications. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the Ingress. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + httpOption: + description: |- + HTTPOption is the option of HTTP. It has the following two values: + `HTTPOptionEnabled`, `HTTPOptionRedirected` + type: string + rules: + description: A list of host rules used to configure the Ingress. + type: array + items: + description: |- + IngressRule represents the rules mapping the paths under a specified host to + the related backend services. Incoming requests are first evaluated for a host + match, then routed to the backend associated with the matching IngressRuleValue. + type: object + properties: + hosts: + description: |- + Host is the fully qualified domain name of a network host, as defined + by RFC 3986. Note the following deviations from the "host" part of the + URI as defined in the RFC: + 1. IPs are not allowed. Currently a rule value can only apply to the + IP in the Spec of the parent . + 2. The `:` delimiter is not respected because ports are not allowed. + Currently the port of an Ingress is implicitly :80 for http and + :443 for https. + Both these may change in the future. + If the host is unspecified, the Ingress routes all traffic based on the + specified IngressRuleValue. + If multiple matching Hosts were provided, the first rule will take precedent. + type: array + items: + type: string + http: + description: |- + HTTP represents a rule to apply against incoming requests. If the + rule is satisfied, the request is routed to the specified backend. + type: object + required: + - paths + properties: + paths: + description: |- + A collection of paths that map requests to backends. + + If they are multiple matching paths, the first match takes precedence. + type: array + items: + description: |- + HTTPIngressPath associates a path regex with a backend. Incoming URLs matching + the path are forwarded to the backend. + type: object + required: + - splits + properties: + appendHeaders: + description: |- + AppendHeaders allow specifying additional HTTP headers to add + before forwarding a request to the destination service. + + NOTE: This differs from K8s Ingress which doesn't allow header appending. + type: object + additionalProperties: + type: string + headers: + description: |- + Headers defines header matching rules which is a map from a header name + to HeaderMatch which specify a matching condition. + When a request matched with all the header matching rules, + the request is routed by the corresponding ingress rule. + If it is empty, the headers are not used for matching + type: object + additionalProperties: + description: |- + HeaderMatch represents a matching value of Headers in HTTPIngressPath. + Currently, only the exact matching is supported. + type: object + required: + - exact + properties: + exact: + type: string + path: + description: |- + Path represents a literal prefix to which this rule should apply. + Currently it can contain characters disallowed from the conventional + "path" part of a URL as defined by RFC 3986. Paths must begin with + a '/'. If unspecified, the path defaults to a catch all sending + traffic to the backend. + type: string + rewriteHost: + description: |- + RewriteHost rewrites the incoming request's host header. + + This field is currently experimental and not supported by all Ingress + implementations. + type: string + splits: + description: |- + Splits defines the referenced service endpoints to which the traffic + will be forwarded to. + type: array + items: + description: IngressBackendSplit describes all endpoints for a given service and port. + type: object + required: + - serviceName + - serviceNamespace + - servicePort + properties: + appendHeaders: + description: |- + AppendHeaders allow specifying additional HTTP headers to add + before forwarding a request to the destination service. + + NOTE: This differs from K8s Ingress which doesn't allow header appending. + type: object + additionalProperties: + type: string + percent: + description: |- + Specifies the split percentage, a number between 0 and 100. If + only one split is specified, we default to 100. + + NOTE: This differs from K8s Ingress to allow percentage split. + type: integer + serviceName: + description: Specifies the name of the referenced service. + type: string + serviceNamespace: + description: |- + Specifies the namespace of the referenced service. + + NOTE: This differs from K8s Ingress to allow routing to different namespaces. + type: string + servicePort: + description: Specifies the port of the referenced service. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + visibility: + description: |- + Visibility signifies whether this rule should `ClusterLocal`. If it's not + specified then it defaults to `ExternalIP`. + type: string + tls: + description: |- + TLS configuration. Currently Ingress only supports a single TLS + port: 443. If multiple members of this list specify different hosts, they + will be multiplexed on the same port according to the hostname specified + through the SNI TLS extension, if the ingress controller fulfilling the + ingress supports SNI. + type: array + items: + description: IngressTLS describes the transport layer security associated with an Ingress. + type: object + properties: + hosts: + description: |- + Hosts is a list of hosts included in the TLS certificate. The values in + this list must match the name/s used in the tlsSecret. Defaults to the + wildcard host setting for the loadbalancer controller fulfilling this + Ingress, if left unspecified. + type: array + items: + type: string + secretName: + description: SecretName is the name of the secret used to terminate SSL traffic. + type: string + secretNamespace: + description: |- + SecretNamespace is the namespace of the secret used to terminate SSL traffic. + If not set the namespace should be assumed to be the same as the Ingress. + If set the secret should have the same namespace as the Ingress otherwise + the behaviour is undefined and not supported. + type: string + status: + description: |- + Status is the current state of the Ingress. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + privateLoadBalancer: + description: PrivateLoadBalancer contains the current status of the load-balancer. + type: object + properties: + ingress: + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. + type: array + items: + description: |- + LoadBalancerIngressStatus represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. + type: object + properties: + domain: + description: |- + Domain is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) + type: string + domainInternal: + description: |- + DomainInternal is set if there is a cluster-local DNS name to access the Ingress. + + NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local + DNS name to allow routing in case of not having a mesh. + type: string + ip: + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) + type: string + meshOnly: + description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. + type: boolean + publicLoadBalancer: + description: PublicLoadBalancer contains the current status of the load-balancer. + type: object + properties: + ingress: + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. + type: array + items: + description: |- + LoadBalancerIngressStatus represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. + type: object + properties: + domain: + description: |- + Domain is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) + type: string + domainInternal: + description: |- + DomainInternal is set if there is a cluster-local DNS name to access the Ingress. + + NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local + DNS name to allow routing in case of not having a mesh. + type: string + ip: + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) + type: string + meshOnly: + description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. + type: boolean + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: Ingress + plural: ingresses + singular: ingress + categories: + - knative-internal + - networking + shortNames: + - kingress + - king + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: metrics.autoscaling.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: autoscaling.internal.knative.dev + names: + kind: Metric + plural: metrics + singular: metric + categories: + - knative-internal + - autoscaling + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: Metric represents a resource to configure the metric collector with. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Metric (from the client). + type: object + required: + - panicWindow + - scrapeTarget + - stableWindow + properties: + panicWindow: + description: PanicWindow is the aggregation window for metrics where quick reactions are needed. + type: integer + format: int64 + scrapeTarget: + description: ScrapeTarget is the K8s service that publishes the metric endpoint. + type: string + stableWindow: + description: StableWindow is the aggregation window for metrics in a stable state. + type: integer + format: int64 + status: + description: Status communicates the observed state of the Metric (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: podautoscalers.autoscaling.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: autoscaling.internal.knative.dev + names: + kind: PodAutoscaler + plural: podautoscalers + singular: podautoscaler + categories: + - knative-internal + - autoscaling + shortNames: + - kpa + - pa + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: DesiredScale + type: integer + jsonPath: ".status.desiredScale" + - name: ActualScale + type: integer + jsonPath: ".status.actualScale" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative + components instantiate autoscalers. This definition is an abstraction that may be backed + by multiple definitions. For more information, see the Knative Pluggability presentation: + https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the PodAutoscaler (from the client). + type: object + required: + - protocolType + - scaleTargetRef + properties: + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed + in-flight (concurrent) requests per container of the Revision. + Defaults to `0` which means unlimited concurrency. + type: integer + format: int64 + protocolType: + description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. + type: string + reachability: + description: |- + Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). + Defaults to `ReachabilityUnknown` + type: string + scaleTargetRef: + description: |- + ScaleTargetRef defines the /scale-able resource that this PodAutoscaler + is responsible for quickly right-sizing. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + x-kubernetes-map-type: atomic + status: + description: Status communicates the observed state of the PodAutoscaler (from the controller). + type: object + required: + - metricsServiceName + - serviceName + properties: + actualScale: + description: ActualScale shows the actual number of replicas for the revision. + type: integer + format: int32 + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + desiredScale: + description: DesiredScale shows the current desired number of replicas for the revision. + type: integer + format: int32 + metricsServiceName: + description: |- + MetricsServiceName is the K8s Service name that provides revision metrics. + The service is managed by the PA object. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + serviceName: + description: |- + ServiceName is the K8s Service name that serves the revision, scaled by this PA. + The service is created and owned by the ServerlessService object owned by this PA. + type: string + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: revisions.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + names: + kind: Revision + plural: revisions + singular: revision + categories: + - all + - knative + - serving + shortNames: + - rev + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Config Name + type: string + jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" + - name: Generation + type: string # int in string form :( + jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: Actual Replicas + type: integer + jsonPath: ".status.actualReplicas" + - name: Desired Replicas + type: integer + jsonPath: ".status.desiredReplicas" + schema: + openAPIV3Schema: + description: |- + Revision is an immutable snapshot of code and configuration. A revision + references a container image. Revisions are created by updates to a + Configuration. + + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + resourceFieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps or Secrets + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. This can only be set to explicitly to 'false' + type: boolean + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. + type: boolean + hostAliases: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + hostIPC: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc + type: boolean + hostNetwork: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + type: boolean + hostPID: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid + type: boolean + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + priorityClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + schedulerName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + securityContext: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace + type: boolean + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi + type: object + x-kubernetes-preserve-unknown-fields: true + emptyDir: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + hostPath: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath + type: object + x-kubernetes-preserve-unknown-fields: true + image: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-image + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + status: + description: RevisionStatus communicates the observed state of the Revision (from the controller). + type: object + properties: + actualReplicas: + description: ActualReplicas reflects the amount of ready pods running this revision. + type: integer + format: int32 + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + containerStatuses: + description: |- + ContainerStatuses is a slice of images present in .Spec.Container[*].Image + to their respective digests and their container name. + The digests are resolved during the creation of Revision. + ContainerStatuses holds the container name and image digests + for both serving and non serving containers. + ref: http://bit.ly/image-digests + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + desiredReplicas: + description: DesiredReplicas reflects the desired amount of pods running this revision. + type: integer + format: int32 + initContainerStatuses: + description: |- + InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image + to their respective digests and their container name. + The digests are resolved during the creation of Revision. + ContainerStatuses holds the container name and image digests + for both serving and non serving containers. + ref: http://bit.ly/image-digests + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + logUrl: + description: |- + LogURL specifies the generated logging url for this particular revision + based on the revision url template specified in the controller's config. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: routes.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" +spec: + group: serving.knative.dev + names: + kind: Route + plural: routes + singular: route + categories: + - all + - knative + - serving + shortNames: + - rt + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Route is responsible for configuring ingress over a collection of Revisions. + Some of the Revisions a Route distributes traffic over may be specified by + referencing the Configuration responsible for creating them; in these cases + the Route is additionally responsible for monitoring the Configuration for + "latest ready revision" changes, and smoothly rolling out latest revisions. + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Route (from the client). + type: object + properties: + traffic: + description: |- + Traffic specifies how to distribute traffic over a collection of + revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: Status communicates the observed state of the Route (from the controller). + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + traffic: + description: |- + Traffic holds the configured traffic distribution. + These entries will always contain RevisionName references. + When ConfigurationName appears in the spec, this will hold the + LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: |- + URL holds the url that will distribute traffic over the provided traffic targets. + It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: serverlessservices.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + ServerlessService is a proxy for the K8s service objects containing the + endpoints for the revision, whether those are endpoints of the activator or + revision pods. + See: https://knative.page.link/naxz for details. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the ServerlessService. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - objectRef + - protocolType + properties: + mode: + description: Mode describes the mode of operation of the ServerlessService. + type: string + numActivators: + description: |- + NumActivators contains number of Activators that this revision should be + assigned. + O means — assign all. + type: integer + format: int32 + objectRef: + description: |- + ObjectRef defines the resource that this ServerlessService + is responsible for making "serverless". + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + x-kubernetes-map-type: atomic + protocolType: + description: |- + The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. + serving imports networking, so just use string. + type: string + status: + description: |- + Status is the current state of the ServerlessService. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + privateServiceName: + description: |- + PrivateServiceName holds the name of a core K8s Service resource that + load balances over the user service pods backing this Revision. + type: string + serviceName: + description: |- + ServiceName holds the name of a core K8s Service resource that + load balances over the pods backing this Revision (activator or revision). + type: string + additionalPrinterColumns: + - name: Mode + type: string + jsonPath: ".spec.mode" + - name: Activators + type: integer + jsonPath: ".spec.numActivators" + - name: ServiceName + type: string + jsonPath: ".status.serviceName" + - name: PrivateServiceName + type: string + jsonPath: ".status.privateServiceName" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: ServerlessService + plural: serverlessservices + singular: serverlessservice + categories: + - knative-internal + - networking + shortNames: + - sks + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: services.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + duck.knative.dev/podspecable: "true" +spec: + group: serving.knative.dev + names: + kind: Service + plural: services + singular: service + categories: + - all + - knative + - serving + shortNames: + - kservice + - ksvc + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Service acts as a top-level container that manages a Route and Configuration + which implement a network service. Service exists to provide a singular + abstraction which can be access controlled, reasoned about, and which + encapsulates software lifecycle decisions such as rollout policy and + team resource ownership. Service acts only as an orchestrator of the + underlying Routes and Configurations (much as a kubernetes Deployment + orchestrates ReplicaSets), and its usage is optional but recommended. + + The Service's controller will track the statuses of its owned Configuration + and Route, reflecting their statuses and conditions as its own. + + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ServiceSpec represents the configuration for the Service object. + A Service's specification is the union of the specifications for a Route + and Configuration. The Service restricts what can be expressed in these + fields, e.g. the Route must reference the provided Configuration; + however, these limitations also enable friendlier defaulting, + e.g. Route never needs a Configuration name, and may be defaulted to + the appropriate "run latest" spec. + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + resourceFieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps or Secrets + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. This can only be set to explicitly to 'false' + type: boolean + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. + type: boolean + hostAliases: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + hostIPC: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc + type: boolean + hostNetwork: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + type: boolean + hostPID: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid + type: boolean + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + priorityClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + schedulerName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + securityContext: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace + type: boolean + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi + type: object + x-kubernetes-preserve-unknown-fields: true + emptyDir: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + hostPath: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath + type: object + x-kubernetes-preserve-unknown-fields: true + image: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-image + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + traffic: + description: |- + Traffic specifies how to distribute traffic over a collection of + revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: ServiceStatus represents the Status stanza of the Service resource. + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: |- + LatestCreatedRevisionName is the last revision that was created from this + Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: |- + LatestReadyRevisionName holds the name of the latest Revision stamped out + from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + traffic: + description: |- + Traffic holds the configured traffic distribution. + These entries will always contain RevisionName references. + When ConfigurationName appears in the spec, this will hold the + LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: |- + URL holds the url that will distribute traffic over the provided traffic targets. + It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: images.caching.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: caching.internal.knative.dev + names: + kind: Image + plural: images + singular: image + categories: + - knative-internal + - caching + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Image is a Knative abstraction that encapsulates the interface by which Knative + components express a desire to have a particular image cached. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Image (from the client). + type: object + required: + - image + properties: + image: + description: Image is the name of the container image url to cache across the cluster. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets contains the names of the Kubernetes Secrets containing login + information used by the Pods which will run this container. + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + serviceAccountName: + description: |- + ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods + will run this container. This is potentially used to authenticate the image pull + if the service account has attached pull secrets. For more information: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account + type: string + status: + description: Status communicates the observed state of the Image (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: Image + type: string + jsonPath: .spec.image + +--- diff --git a/cmd/operator/kodata/knative-serving/1.21.3/2-serving-core.yaml b/cmd/operator/kodata/knative-serving/1.21.3/2-serving-core.yaml new file mode 100644 index 0000000000..3fe84ff562 --- /dev/null +++ b/cmd/operator/kodata/knative-serving/1.21.3/2-serving-core.yaml @@ -0,0 +1,9534 @@ +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-activator + namespace: knative-serving + labels: + serving.knative.dev/controller: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + resourceNames: ["routing-serving-certs", "knative-serving-certs"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-activator-cluster + labels: + serving.knative.dev/controller: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: [""] + resources: ["services", "endpoints"] + verbs: ["get", "list", "watch"] + - apiGroups: ["serving.knative.dev"] + resources: ["revisions"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need readonly access to "Addressables" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + # Named like this to avoid clashing with eventing's existing `addressable-resolver` role + # (which should be identical, but isn't guaranteed to be installed alongside serving). + name: knative-serving-aggregated-addressable-resolver + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-serving +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/addressable: "true" +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-addressable-resolver + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-serving + # Labeled to facilitate aggregated cluster roles that act on Addressables. + duck.knative.dev/addressable: "true" +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - serving.knative.dev + resources: + - routes + - routes/status + - services + - services/status + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: ["serving.knative.dev"] + resources: ["*"] + verbs: ["*"] + - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] + resources: ["*"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-namespaced-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: ["serving.knative.dev"] + resources: ["*"] + verbs: ["create", "update", "patch", "delete"] + - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] + resources: ["*"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-namespaced-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] + resources: ["*"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-core + labels: + serving.knative.dev/controller: "true" + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: [""] + resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: [""] + resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission + verbs: ["create"] + - apiGroups: [""] + resources: ["namespaces/finalizers"] # finalizers are needed for the owner reference of the webhook + verbs: ["update"] + - apiGroups: ["apps"] + resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", "customresourcedefinitions/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["autoscaling"] + resources: ["horizontalpodautoscalers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"] + resources: ["*", "*/status", "*/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] + - apiGroups: ["caching.internal.knative.dev"] + resources: ["images"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "clusterissuers", "certificaterequests", "issuers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterroles"] + verbs: ["delete"] + resourceNames: ["knative-serving-certmanager"] + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-podspecable-binding + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-serving + # Labeled to facilitate aggregated cluster roles that act on PodSpecables. + duck.knative.dev/podspecable: "true" +# Do not use this role directly. These rules will be added to the "podspecable-binder" role. +rules: + - apiGroups: + - serving.knative.dev + resources: + - configurations + - services + verbs: + - list + - watch + - patch + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller + namespace: knative-serving + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-admin + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +aggregationRule: + clusterRoleSelectors: + - matchLabels: + serving.knative.dev/controller: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-serving-controller-admin + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +subjects: + - kind: ServiceAccount + name: controller + namespace: knative-serving +roleRef: + kind: ClusterRole + name: knative-serving-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-serving-controller-addressable-resolver + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +subjects: + - kind: ServiceAccount + name: controller + namespace: knative-serving +roleRef: + kind: ClusterRole + name: knative-serving-aggregated-addressable-resolver + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: activator + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: knative-serving-activator + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +subjects: + - kind: ServiceAccount + name: activator + namespace: knative-serving +roleRef: + kind: Role + name: knative-serving-activator + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-serving-activator-cluster + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +subjects: + - kind: ServiceAccount + name: activator + namespace: knative-serving +roleRef: + kind: ClusterRole + name: knative-serving-activator-cluster + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: images.caching.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: caching.internal.knative.dev + names: + kind: Image + plural: images + singular: image + categories: + - knative-internal + - caching + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Image is a Knative abstraction that encapsulates the interface by which Knative + components express a desire to have a particular image cached. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Image (from the client). + type: object + required: + - image + properties: + image: + description: Image is the name of the container image url to cache across the cluster. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets contains the names of the Kubernetes Secrets containing login + information used by the Pods which will run this container. + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + serviceAccountName: + description: |- + ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods + will run this container. This is potentially used to authenticate the image pull + if the service account has attached pull secrets. For more information: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account + type: string + status: + description: Status communicates the observed state of the Image (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: Image + type: string + jsonPath: .spec.image + +--- +apiVersion: networking.internal.knative.dev/v1alpha1 +kind: Certificate +metadata: + annotations: + networking.knative.dev/certificate.class: cert-manager.certificate.networking.knative.dev + labels: + networking.knative.dev/certificate-type: system-internal + name: routing-serving-certs + namespace: knative-serving +spec: + dnsNames: + - kn-routing + - data-plane.knative.dev # for reverse-compatibility with net-* implementations that do not work with multi-SANs + secretName: routing-serving-certs + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: certificates.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Certificate is responsible for provisioning a SSL certificate for the + given hosts. It is a Knative abstraction for various SSL certificate + provisioning solutions (such as cert-manager or self-signed SSL certificate). + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the Certificate. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - dnsNames + - secretName + properties: + dnsNames: + description: |- + DNSNames is a list of DNS names the Certificate could support. + The wildcard format of DNSNames (e.g. *.default.example.com) is supported. + type: array + items: + type: string + domain: + description: Domain is the top level domain of the values for DNSNames. + type: string + secretName: + description: SecretName is the name of the secret resource to store the SSL certificate in. + type: string + status: + description: |- + Status is the current state of the Certificate. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + http01Challenges: + description: |- + HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled + in order to get the TLS certificate.. + type: array + items: + description: |- + HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs + to fulfill. + type: object + properties: + serviceName: + description: ServiceName is the name of the service to serve HTTP01 challenge requests. + type: string + serviceNamespace: + description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. + type: string + servicePort: + description: ServicePort is the port of the service to serve HTTP01 challenge requests. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + url: + description: URL is the URL that the HTTP01 challenge is expected to serve on. + type: string + notAfter: + description: |- + The expiration time of the TLS certificate stored in the secret named + by this resource in spec.secretName. + type: string + format: date-time + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Certificate + plural: certificates + singular: certificate + categories: + - knative-internal + - networking + shortNames: + - kcert + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: configurations.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" + duck.knative.dev/podspecable: "true" +spec: + group: serving.knative.dev + names: + kind: Configuration + plural: configurations + singular: configuration + categories: + - all + - knative + - serving + shortNames: + - config + - cfg + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Configuration represents the "floating HEAD" of a linear history of Revisions. + Users create new Revisions by updating the Configuration's spec. + The "latest created" revision's name is available under status, as is the + "latest ready" revision's name. + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ConfigurationSpec holds the desired state of the Configuration (from the client). + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + resourceFieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps or Secrets + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. This can only be set to explicitly to 'false' + type: boolean + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. + type: boolean + hostAliases: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + hostIPC: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc + type: boolean + hostNetwork: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + type: boolean + hostPID: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid + type: boolean + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + priorityClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + schedulerName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + securityContext: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace + type: boolean + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi + type: object + x-kubernetes-preserve-unknown-fields: true + emptyDir: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + hostPath: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath + type: object + x-kubernetes-preserve-unknown-fields: true + image: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-image + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + status: + description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: |- + LatestCreatedRevisionName is the last revision that was created from this + Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: |- + LatestReadyRevisionName holds the name of the latest Revision stamped out + from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterdomainclaims.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the ClusterDomainClaim. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - namespace + properties: + namespace: + description: |- + Namespace is the namespace which is allowed to create a DomainMapping + using this ClusterDomainClaim's name. + type: string + names: + kind: ClusterDomainClaim + plural: clusterdomainclaims + singular: clusterdomainclaim + categories: + - knative-internal + - networking + shortNames: + - cdc + scope: Cluster + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: domainmappings.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + versions: + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + "schema": + "openAPIV3Schema": + description: DomainMapping is a mapping from a custom hostname to an Addressable. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the DomainMapping. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - ref + properties: + ref: + description: |- + Ref specifies the target of the Domain Mapping. + + The object identified by the Ref must be an Addressable with a URL of the + form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, + and `{name}` and `{namespace}` are the name and namespace of a Kubernetes + Service. + + This contract is satisfied by Knative types such as Knative Services and + Knative Routes, and by Kubernetes Services. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: |- + Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. + Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086 + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + This is optional field, it gets defaulted to the object holding it if left out. + type: string + tls: + description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. + type: object + required: + - secretName + properties: + secretName: + description: SecretName is the name of the existing secret used to terminate TLS traffic. + type: string + status: + description: |- + Status is the current state of the DomainMapping. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + address: + description: Address holds the information needed for a DomainMapping to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + url: + description: URL is the URL of this DomainMapping. + type: string + names: + kind: DomainMapping + plural: domainmappings + singular: domainmapping + categories: + - all + - knative + - serving + shortNames: + - dm + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ingresses.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Ingress is a collection of rules that allow inbound connections to reach the endpoints defined + by a backend. An Ingress can be configured to give services externally-reachable URLs, load + balance traffic, offer name based virtual hosting, etc. + + This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress + which some highlighted modifications. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the Ingress. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + httpOption: + description: |- + HTTPOption is the option of HTTP. It has the following two values: + `HTTPOptionEnabled`, `HTTPOptionRedirected` + type: string + rules: + description: A list of host rules used to configure the Ingress. + type: array + items: + description: |- + IngressRule represents the rules mapping the paths under a specified host to + the related backend services. Incoming requests are first evaluated for a host + match, then routed to the backend associated with the matching IngressRuleValue. + type: object + properties: + hosts: + description: |- + Host is the fully qualified domain name of a network host, as defined + by RFC 3986. Note the following deviations from the "host" part of the + URI as defined in the RFC: + 1. IPs are not allowed. Currently a rule value can only apply to the + IP in the Spec of the parent . + 2. The `:` delimiter is not respected because ports are not allowed. + Currently the port of an Ingress is implicitly :80 for http and + :443 for https. + Both these may change in the future. + If the host is unspecified, the Ingress routes all traffic based on the + specified IngressRuleValue. + If multiple matching Hosts were provided, the first rule will take precedent. + type: array + items: + type: string + http: + description: |- + HTTP represents a rule to apply against incoming requests. If the + rule is satisfied, the request is routed to the specified backend. + type: object + required: + - paths + properties: + paths: + description: |- + A collection of paths that map requests to backends. + + If they are multiple matching paths, the first match takes precedence. + type: array + items: + description: |- + HTTPIngressPath associates a path regex with a backend. Incoming URLs matching + the path are forwarded to the backend. + type: object + required: + - splits + properties: + appendHeaders: + description: |- + AppendHeaders allow specifying additional HTTP headers to add + before forwarding a request to the destination service. + + NOTE: This differs from K8s Ingress which doesn't allow header appending. + type: object + additionalProperties: + type: string + headers: + description: |- + Headers defines header matching rules which is a map from a header name + to HeaderMatch which specify a matching condition. + When a request matched with all the header matching rules, + the request is routed by the corresponding ingress rule. + If it is empty, the headers are not used for matching + type: object + additionalProperties: + description: |- + HeaderMatch represents a matching value of Headers in HTTPIngressPath. + Currently, only the exact matching is supported. + type: object + required: + - exact + properties: + exact: + type: string + path: + description: |- + Path represents a literal prefix to which this rule should apply. + Currently it can contain characters disallowed from the conventional + "path" part of a URL as defined by RFC 3986. Paths must begin with + a '/'. If unspecified, the path defaults to a catch all sending + traffic to the backend. + type: string + rewriteHost: + description: |- + RewriteHost rewrites the incoming request's host header. + + This field is currently experimental and not supported by all Ingress + implementations. + type: string + splits: + description: |- + Splits defines the referenced service endpoints to which the traffic + will be forwarded to. + type: array + items: + description: IngressBackendSplit describes all endpoints for a given service and port. + type: object + required: + - serviceName + - serviceNamespace + - servicePort + properties: + appendHeaders: + description: |- + AppendHeaders allow specifying additional HTTP headers to add + before forwarding a request to the destination service. + + NOTE: This differs from K8s Ingress which doesn't allow header appending. + type: object + additionalProperties: + type: string + percent: + description: |- + Specifies the split percentage, a number between 0 and 100. If + only one split is specified, we default to 100. + + NOTE: This differs from K8s Ingress to allow percentage split. + type: integer + serviceName: + description: Specifies the name of the referenced service. + type: string + serviceNamespace: + description: |- + Specifies the namespace of the referenced service. + + NOTE: This differs from K8s Ingress to allow routing to different namespaces. + type: string + servicePort: + description: Specifies the port of the referenced service. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + visibility: + description: |- + Visibility signifies whether this rule should `ClusterLocal`. If it's not + specified then it defaults to `ExternalIP`. + type: string + tls: + description: |- + TLS configuration. Currently Ingress only supports a single TLS + port: 443. If multiple members of this list specify different hosts, they + will be multiplexed on the same port according to the hostname specified + through the SNI TLS extension, if the ingress controller fulfilling the + ingress supports SNI. + type: array + items: + description: IngressTLS describes the transport layer security associated with an Ingress. + type: object + properties: + hosts: + description: |- + Hosts is a list of hosts included in the TLS certificate. The values in + this list must match the name/s used in the tlsSecret. Defaults to the + wildcard host setting for the loadbalancer controller fulfilling this + Ingress, if left unspecified. + type: array + items: + type: string + secretName: + description: SecretName is the name of the secret used to terminate SSL traffic. + type: string + secretNamespace: + description: |- + SecretNamespace is the namespace of the secret used to terminate SSL traffic. + If not set the namespace should be assumed to be the same as the Ingress. + If set the secret should have the same namespace as the Ingress otherwise + the behaviour is undefined and not supported. + type: string + status: + description: |- + Status is the current state of the Ingress. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + privateLoadBalancer: + description: PrivateLoadBalancer contains the current status of the load-balancer. + type: object + properties: + ingress: + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. + type: array + items: + description: |- + LoadBalancerIngressStatus represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. + type: object + properties: + domain: + description: |- + Domain is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) + type: string + domainInternal: + description: |- + DomainInternal is set if there is a cluster-local DNS name to access the Ingress. + + NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local + DNS name to allow routing in case of not having a mesh. + type: string + ip: + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) + type: string + meshOnly: + description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. + type: boolean + publicLoadBalancer: + description: PublicLoadBalancer contains the current status of the load-balancer. + type: object + properties: + ingress: + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. + type: array + items: + description: |- + LoadBalancerIngressStatus represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. + type: object + properties: + domain: + description: |- + Domain is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) + type: string + domainInternal: + description: |- + DomainInternal is set if there is a cluster-local DNS name to access the Ingress. + + NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local + DNS name to allow routing in case of not having a mesh. + type: string + ip: + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) + type: string + meshOnly: + description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. + type: boolean + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: Ingress + plural: ingresses + singular: ingress + categories: + - knative-internal + - networking + shortNames: + - kingress + - king + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: metrics.autoscaling.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: autoscaling.internal.knative.dev + names: + kind: Metric + plural: metrics + singular: metric + categories: + - knative-internal + - autoscaling + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: Metric represents a resource to configure the metric collector with. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Metric (from the client). + type: object + required: + - panicWindow + - scrapeTarget + - stableWindow + properties: + panicWindow: + description: PanicWindow is the aggregation window for metrics where quick reactions are needed. + type: integer + format: int64 + scrapeTarget: + description: ScrapeTarget is the K8s service that publishes the metric endpoint. + type: string + stableWindow: + description: StableWindow is the aggregation window for metrics in a stable state. + type: integer + format: int64 + status: + description: Status communicates the observed state of the Metric (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: podautoscalers.autoscaling.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: autoscaling.internal.knative.dev + names: + kind: PodAutoscaler + plural: podautoscalers + singular: podautoscaler + categories: + - knative-internal + - autoscaling + shortNames: + - kpa + - pa + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: DesiredScale + type: integer + jsonPath: ".status.desiredScale" + - name: ActualScale + type: integer + jsonPath: ".status.actualScale" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative + components instantiate autoscalers. This definition is an abstraction that may be backed + by multiple definitions. For more information, see the Knative Pluggability presentation: + https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the PodAutoscaler (from the client). + type: object + required: + - protocolType + - scaleTargetRef + properties: + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed + in-flight (concurrent) requests per container of the Revision. + Defaults to `0` which means unlimited concurrency. + type: integer + format: int64 + protocolType: + description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. + type: string + reachability: + description: |- + Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). + Defaults to `ReachabilityUnknown` + type: string + scaleTargetRef: + description: |- + ScaleTargetRef defines the /scale-able resource that this PodAutoscaler + is responsible for quickly right-sizing. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + x-kubernetes-map-type: atomic + status: + description: Status communicates the observed state of the PodAutoscaler (from the controller). + type: object + required: + - metricsServiceName + - serviceName + properties: + actualScale: + description: ActualScale shows the actual number of replicas for the revision. + type: integer + format: int32 + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + desiredScale: + description: DesiredScale shows the current desired number of replicas for the revision. + type: integer + format: int32 + metricsServiceName: + description: |- + MetricsServiceName is the K8s Service name that provides revision metrics. + The service is managed by the PA object. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + serviceName: + description: |- + ServiceName is the K8s Service name that serves the revision, scaled by this PA. + The service is created and owned by the ServerlessService object owned by this PA. + type: string + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: revisions.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + names: + kind: Revision + plural: revisions + singular: revision + categories: + - all + - knative + - serving + shortNames: + - rev + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Config Name + type: string + jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" + - name: Generation + type: string # int in string form :( + jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: Actual Replicas + type: integer + jsonPath: ".status.actualReplicas" + - name: Desired Replicas + type: integer + jsonPath: ".status.desiredReplicas" + schema: + openAPIV3Schema: + description: |- + Revision is an immutable snapshot of code and configuration. A revision + references a container image. Revisions are created by updates to a + Configuration. + + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + resourceFieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps or Secrets + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. This can only be set to explicitly to 'false' + type: boolean + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. + type: boolean + hostAliases: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + hostIPC: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc + type: boolean + hostNetwork: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + type: boolean + hostPID: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid + type: boolean + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + priorityClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + schedulerName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + securityContext: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace + type: boolean + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi + type: object + x-kubernetes-preserve-unknown-fields: true + emptyDir: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + hostPath: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath + type: object + x-kubernetes-preserve-unknown-fields: true + image: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-image + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + status: + description: RevisionStatus communicates the observed state of the Revision (from the controller). + type: object + properties: + actualReplicas: + description: ActualReplicas reflects the amount of ready pods running this revision. + type: integer + format: int32 + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + containerStatuses: + description: |- + ContainerStatuses is a slice of images present in .Spec.Container[*].Image + to their respective digests and their container name. + The digests are resolved during the creation of Revision. + ContainerStatuses holds the container name and image digests + for both serving and non serving containers. + ref: http://bit.ly/image-digests + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + desiredReplicas: + description: DesiredReplicas reflects the desired amount of pods running this revision. + type: integer + format: int32 + initContainerStatuses: + description: |- + InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image + to their respective digests and their container name. + The digests are resolved during the creation of Revision. + ContainerStatuses holds the container name and image digests + for both serving and non serving containers. + ref: http://bit.ly/image-digests + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + logUrl: + description: |- + LogURL specifies the generated logging url for this particular revision + based on the revision url template specified in the controller's config. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: routes.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" +spec: + group: serving.knative.dev + names: + kind: Route + plural: routes + singular: route + categories: + - all + - knative + - serving + shortNames: + - rt + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Route is responsible for configuring ingress over a collection of Revisions. + Some of the Revisions a Route distributes traffic over may be specified by + referencing the Configuration responsible for creating them; in these cases + the Route is additionally responsible for monitoring the Configuration for + "latest ready revision" changes, and smoothly rolling out latest revisions. + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Route (from the client). + type: object + properties: + traffic: + description: |- + Traffic specifies how to distribute traffic over a collection of + revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: Status communicates the observed state of the Route (from the controller). + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + traffic: + description: |- + Traffic holds the configured traffic distribution. + These entries will always contain RevisionName references. + When ConfigurationName appears in the spec, this will hold the + LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: |- + URL holds the url that will distribute traffic over the provided traffic targets. + It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: serverlessservices.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + ServerlessService is a proxy for the K8s service objects containing the + endpoints for the revision, whether those are endpoints of the activator or + revision pods. + See: https://knative.page.link/naxz for details. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the ServerlessService. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - objectRef + - protocolType + properties: + mode: + description: Mode describes the mode of operation of the ServerlessService. + type: string + numActivators: + description: |- + NumActivators contains number of Activators that this revision should be + assigned. + O means — assign all. + type: integer + format: int32 + objectRef: + description: |- + ObjectRef defines the resource that this ServerlessService + is responsible for making "serverless". + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + x-kubernetes-map-type: atomic + protocolType: + description: |- + The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. + serving imports networking, so just use string. + type: string + status: + description: |- + Status is the current state of the ServerlessService. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + privateServiceName: + description: |- + PrivateServiceName holds the name of a core K8s Service resource that + load balances over the user service pods backing this Revision. + type: string + serviceName: + description: |- + ServiceName holds the name of a core K8s Service resource that + load balances over the pods backing this Revision (activator or revision). + type: string + additionalPrinterColumns: + - name: Mode + type: string + jsonPath: ".spec.mode" + - name: Activators + type: integer + jsonPath: ".spec.numActivators" + - name: ServiceName + type: string + jsonPath: ".status.serviceName" + - name: PrivateServiceName + type: string + jsonPath: ".status.privateServiceName" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: ServerlessService + plural: serverlessservices + singular: serverlessservice + categories: + - knative-internal + - networking + shortNames: + - sks + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: services.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + duck.knative.dev/podspecable: "true" +spec: + group: serving.knative.dev + names: + kind: Service + plural: services + singular: service + categories: + - all + - knative + - serving + shortNames: + - kservice + - ksvc + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Service acts as a top-level container that manages a Route and Configuration + which implement a network service. Service exists to provide a singular + abstraction which can be access controlled, reasoned about, and which + encapsulates software lifecycle decisions such as rollout policy and + team resource ownership. Service acts only as an orchestrator of the + underlying Routes and Configurations (much as a kubernetes Deployment + orchestrates ReplicaSets), and its usage is optional but recommended. + + The Service's controller will track the statuses of its owned Configuration + and Route, reflecting their statuses and conditions as its own. + + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ServiceSpec represents the configuration for the Service object. + A Service's specification is the union of the specifications for a Route + and Configuration. The Service restricts what can be expressed in these + fields, e.g. the Route must reference the provided Configuration; + however, these limitations also enable friendlier defaulting, + e.g. Route never needs a Configuration name, and may be defaulted to + the appropriate "run latest" spec. + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + resourceFieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps or Secrets + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. This can only be set to explicitly to 'false' + type: boolean + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. + type: boolean + hostAliases: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + hostIPC: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc + type: boolean + hostNetwork: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + type: boolean + hostPID: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid + type: boolean + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + priorityClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + schedulerName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + securityContext: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace + type: boolean + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi + type: object + x-kubernetes-preserve-unknown-fields: true + emptyDir: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + hostPath: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath + type: object + x-kubernetes-preserve-unknown-fields: true + image: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-image + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + traffic: + description: |- + Traffic specifies how to distribute traffic over a collection of + revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: ServiceStatus represents the Status stanza of the Service resource. + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: |- + LatestCreatedRevisionName is the last revision that was created from this + Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: |- + LatestReadyRevisionName holds the name of the latest Revision stamped out + from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + traffic: + description: |- + Traffic holds the configured traffic distribution. + These entries will always contain RevisionName references. + When ConfigurationName appears in the spec, this will hold the + LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: |- + URL holds the url that will distribute traffic over the provided traffic targets. + It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: caching.internal.knative.dev/v1alpha1 +kind: Image +metadata: + name: queue-proxy + namespace: knative-serving + labels: + app.kubernetes.io/component: queue-proxy + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +spec: + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:00ee4fa30c4ae21799edd702616890680c95499a306ec2bcdb8229e0cc05f0f8 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-autoscaler + namespace: knative-serving + labels: + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + annotations: + knative.dev/example-checksum: "47c2487f" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # The Revision ContainerConcurrency field specifies the maximum number + # of requests the Container can handle at once. Container concurrency + # target percentage is how much of that maximum to use in a stable + # state. E.g. if a Revision specifies ContainerConcurrency of 10, then + # the Autoscaler will try to maintain 7 concurrent connections per pod + # on average. + # Note: this limit will be applied to container concurrency set at every + # level (ConfigMap, Revision Spec or Annotation). + # For legacy and backwards compatibility reasons, this value also accepts + # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%). + # Thus minimal percentage value must be greater than 1.0, or it will be + # treated as a fraction. + # NOTE: that this value does not affect actual number of concurrent requests + # the user container may receive, but only the average number of requests + # that the revision pods will receive. + container-concurrency-target-percentage: "70" + + # The container concurrency target default is what the Autoscaler will + # try to maintain when concurrency is used as the scaling metric for the + # Revision and the Revision specifies unlimited concurrency. + # When revision explicitly specifies container concurrency, that value + # will be used as a scaling target for autoscaler. + # When specifying unlimited concurrency, the autoscaler will + # horizontally scale the application based on this target concurrency. + # This is what we call "soft limit" in the documentation, i.e. it only + # affects number of pods and does not affect the number of requests + # individual pod processes. + # The value must be a positive number such that the value multiplied + # by container-concurrency-target-percentage is greater than 0.01. + # NOTE: that this value will be adjusted by application of + # container-concurrency-target-percentage, i.e. by default + # the system will target on average 70 concurrent requests + # per revision pod. + # NOTE: Only one metric can be used for autoscaling a Revision. + container-concurrency-target-default: "100" + + # The requests per second (RPS) target default is what the Autoscaler will + # try to maintain when RPS is used as the scaling metric for a Revision and + # the Revision specifies unlimited RPS. Even when specifying unlimited RPS, + # the autoscaler will horizontally scale the application based on this + # target RPS. + # Must be greater than 1.0. + # NOTE: Only one metric can be used for autoscaling a Revision. + requests-per-second-target-default: "200" + + # The target burst capacity specifies the size of burst in concurrent + # requests that the system operator expects the system will receive. + # Autoscaler will try to protect the system from queueing by introducing + # Activator in the request path if the current spare capacity of the + # service is less than this setting. + # If this setting is 0, then Activator will be in the request path only + # when the revision is scaled to 0. + # If this setting is > 0 and container-concurrency-target-percentage is + # 100% or 1.0, then activator will always be in the request path. + # -1 denotes unlimited target-burst-capacity and activator will always + # be in the request path. + # Other negative values are invalid. + target-burst-capacity: "211" + + # When operating in a stable mode, the autoscaler operates on the + # average concurrency over the stable window. + # Stable window must be in whole seconds. + stable-window: "60s" + + # When observed average concurrency during the panic window reaches + # panic-threshold-percentage the target concurrency, the autoscaler + # enters panic mode. When operating in panic mode, the autoscaler + # scales on the average concurrency over the panic window which is + # panic-window-percentage of the stable-window. + # Must be in the [1, 100] range. + # When computing the panic window it will be rounded to the closest + # whole second, at least 1s. + panic-window-percentage: "10.0" + + # The percentage of the container concurrency target at which to + # enter panic mode when reached within the panic window. + panic-threshold-percentage: "200.0" + + # Max scale up rate limits the rate at which the autoscaler will + # increase pod count. It is the maximum ratio of desired pods versus + # observed pods. + # Cannot be less or equal to 1. + # I.e with value of 2.0 the number of pods can at most go N to 2N + # over single Autoscaler period (2s), but at least N to + # N+1, if Autoscaler needs to scale up. + max-scale-up-rate: "1000.0" + + # Max scale down rate limits the rate at which the autoscaler will + # decrease pod count. It is the maximum ratio of observed pods versus + # desired pods. + # Cannot be less or equal to 1. + # I.e. with value of 2.0 the number of pods can at most go N to N/2 + # over single Autoscaler evaluation period (2s), but at + # least N to N-1, if Autoscaler needs to scale down. + max-scale-down-rate: "2.0" + + # Scale to zero feature flag. + enable-scale-to-zero: "true" + + # Scale to zero grace period is the time an inactive revision is left + # running before it is scaled to zero (must be positive, but recommended + # at least a few seconds if running with mesh networking). + # This is the upper limit and is provided not to enforce timeout after + # the revision stopped receiving requests for stable window, but to + # ensure network reprogramming to put activator in the path has completed. + # If the system determines that a shorter period is satisfactory, + # then the system will only wait that amount of time before scaling to 0. + # NOTE: this period might actually be 0, if activator has been + # in the request path sufficiently long. + # If there is necessity for the last pod to linger longer use + # scale-to-zero-pod-retention-period flag. + scale-to-zero-grace-period: "30s" + + # Scale to zero pod retention period defines the minimum amount + # of time the last pod will remain after Autoscaler has decided to + # scale to zero. + # This flag is for the situations where the pod startup is very expensive + # and the traffic is bursty (requiring smaller windows for fast action), + # but patchy. + # The larger of this flag and `scale-to-zero-grace-period` will effectively + # determine how the last pod will hang around. + scale-to-zero-pod-retention-period: "0s" + + # pod-autoscaler-class specifies the default pod autoscaler class + # that should be used if none is specified. If omitted, + # the Knative Pod Autoscaler (KPA) is used by default. + pod-autoscaler-class: "kpa.autoscaling.knative.dev" + + # The capacity of a single activator task. + # The `unit` is one concurrent request proxied by the activator. + # activator-capacity must be at least 1. + # This value is used for computation of the Activator subset size. + # See the algorithm here: http://bit.ly/38XiCZ3. + # TODO(vagababov): tune after actual benchmarking. + activator-capacity: "100.0" + + # initial-scale is the cluster-wide default value for the initial target + # scale of a revision after creation, unless overridden by the + # "autoscaling.knative.dev/initialScale" annotation. + # This value must be greater than 0 unless allow-zero-initial-scale is true. + initial-scale: "1" + + # allow-zero-initial-scale controls whether either the cluster-wide initial-scale flag, + # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0. + allow-zero-initial-scale: "false" + + # min-scale is the cluster-wide default value for the min scale of a revision, + # unless overridden by the "autoscaling.knative.dev/minScale" annotation. + min-scale: "0" + + # max-scale is the cluster-wide default value for the max scale of a revision, + # unless overridden by the "autoscaling.knative.dev/maxScale" annotation. + # If set to 0, the revision has no maximum scale. + max-scale: "0" + + # scale-down-delay is the amount of time that must pass at reduced + # concurrency before a scale down decision is applied. This can be useful, + # for example, to maintain replica count and avoid a cold start penalty if + # more requests come in within the scale down delay period. + # The default, 0s, imposes no delay at all. + scale-down-delay: "0s" + + # max-scale-limit sets the maximum permitted value for the max scale of a revision. + # When this is set to a positive value, a revision with a maxScale above that value + # (including a maxScale of "0" = unlimited) is disallowed. + # A value of zero (the default) allows any limit, including unlimited. + max-scale-limit: "0" + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-certmanager + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.21.3" + networking.knative.dev/certificate-provider: cert-manager + annotations: + knative.dev/example-checksum: "b7a9a602" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this block and unindented to actually change the configuration. + + # issuerRef is a reference to the issuer for external-domain certificates used for ingress. + # IssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about IssuerRef configuration. + # If the issuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + issuerRef: | + kind: ClusterIssuer + name: letsencrypt-issuer + + # clusterLocalIssuerRef is a reference to the issuer for cluster-local-domain certificates used for ingress. + # clusterLocalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about ClusterInternalIssuerRef configuration. + # If the clusterLocalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + clusterLocalIssuerRef: | + kind: ClusterIssuer + name: your-company-issuer + + # systemInternalIssuerRef is a reference to the issuer for certificates for system-internal-tls certificates used by Knative internal components. + # systemInternalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about ClusterInternalIssuerRef configuration. + # If the systemInternalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + systemInternalIssuerRef: | + kind: ClusterIssuer + name: knative-selfsigned-issuer + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-defaults + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.21.3" + annotations: + knative.dev/example-checksum: "5b64ff5c" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # revision-timeout-seconds contains the default number of + # seconds to use for the revision's per-request timeout, if + # none is specified. + revision-timeout-seconds: "300" # 5 minutes + + # max-revision-timeout-seconds contains the maximum number of + # seconds that can be used for revision-timeout-seconds. + # This value must be greater than or equal to revision-timeout-seconds. + # If omitted, the system default is used (600 seconds). + # + # If this value is increased, the activator's terminationGracePeriodSeconds + # should also be increased to prevent in-flight requests being disrupted. + max-revision-timeout-seconds: "600" # 10 minutes + + # revision-response-start-timeout-seconds contains the default number of + # seconds a request will be allowed to stay open while waiting to + # receive any bytes from the user's application, if none is specified. + # + # This defaults to 'revision-timeout-seconds' + revision-response-start-timeout-seconds: "300" + + # revision-idle-timeout-seconds contains the default number of + # seconds a request will be allowed to stay open while not receiving any + # bytes from the user's application, if none is specified. + revision-idle-timeout-seconds: "0" # infinite + + # revision-cpu-request contains the cpu allocation to assign + # to revisions by default. If omitted, no value is specified + # and the system default is used. + # Below is an example of setting revision-cpu-request. + # By default, it is not set by Knative. + revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) + + # revision-memory-request contains the memory allocation to assign + # to revisions by default. If omitted, no value is specified + # and the system default is used. + # Below is an example of setting revision-memory-request. + # By default, it is not set by Knative. + revision-memory-request: "100M" # 100 megabytes of memory + + # revision-ephemeral-storage-request contains the ephemeral storage + # allocation to assign to revisions by default. If omitted, no value is + # specified and the system default is used. + revision-ephemeral-storage-request: "500M" # 500 megabytes of storage + + # revision-cpu-limit contains the cpu allocation to limit + # revisions to by default. If omitted, no value is specified + # and the system default is used. + # Below is an example of setting revision-cpu-limit. + # By default, it is not set by Knative. + revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU) + + # revision-memory-limit contains the memory allocation to limit + # revisions to by default. If omitted, no value is specified + # and the system default is used. + # Below is an example of setting revision-memory-limit. + # By default, it is not set by Knative. + revision-memory-limit: "200M" # 200 megabytes of memory + + # revision-ephemeral-storage-limit contains the ephemeral storage + # allocation to limit revisions to by default. If omitted, no value is + # specified and the system default is used. + revision-ephemeral-storage-limit: "750M" # 750 megabytes of storage + + # container-name-template contains a template for the default + # container name, if none is specified. This field supports + # Go templating and is supplied with the ObjectMeta of the + # enclosing Service or Configuration, so values such as + # {{.Name}} are also valid. + container-name-template: "user-container" + + # init-container-name-template contains a template for the default + # init container name, if none is specified. This field supports + # Go templating and is supplied with the ObjectMeta of the + # enclosing Service or Configuration, so values such as + # {{.Name}} are also valid. + init-container-name-template: "init-container" + + # container-concurrency specifies the maximum number + # of requests the Container can handle at once, and requests + # above this threshold are queued. Setting a value of zero + # disables this throttling and lets through as many requests as + # the pod receives. + container-concurrency: "0" + + # The container concurrency max limit is an operator setting ensuring that + # the individual revisions cannot have arbitrary large concurrency + # values, or autoscaling targets. `container-concurrency` default setting + # must be at or below this value. + # + # Must be greater than 1. + # + # Note: even with this set, a user can choose a containerConcurrency + # of 0 (i.e. unbounded) unless allow-container-concurrency-zero is + # set to "false". + container-concurrency-max-limit: "1000" + + # allow-container-concurrency-zero controls whether users can + # specify 0 (i.e. unbounded) for containerConcurrency. + allow-container-concurrency-zero: "true" + + # enable-service-links specifies the default value used for the + # enableServiceLinks field of the PodSpec, when it is omitted by the user. + # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service + # + # This is a tri-state flag with possible values of (true|false|default). + # + # In environments with large number of services it is suggested + # to set this value to `false`. + # See https://github.com/knative/serving/issues/8498. + enable-service-links: "false" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-deployment + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.21.3" + annotations: + knative.dev/example-checksum: "555b4826" +data: + # This is the Go import path for the binary that is containerized + # and substituted here. + queue-sidecar-image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:00ee4fa30c4ae21799edd702616890680c95499a306ec2bcdb8229e0cc05f0f8 + _example: |- + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # List of repositories for which tag to digest resolving should be skipped + registries-skipping-tag-resolving: "kind.local,ko.local,dev.local" + + # Maximum time allowed for an image's digests to be resolved. + digest-resolution-timeout: "10s" + + # Duration we wait for the deployment to be ready before considering it failed. + progress-deadline: "600s" + + # Sets the queue proxy's CPU request. + # If omitted, a default value (currently "25m"), is used. + queue-sidecar-cpu-request: "25m" + + # Sets the queue proxy's CPU limit. + # If omitted, a default value (currently "1000m"), is used when + # `queueproxy.resource-defaults` is set to `Enabled`. + queue-sidecar-cpu-limit: "1000m" + + # Sets the queue proxy's memory request. + # If omitted, a default value (currently "400Mi"), is used when + # `queueproxy.resource-defaults` is set to `Enabled`. + queue-sidecar-memory-request: "400Mi" + + # Sets the queue proxy's memory limit. + # If omitted, a default value (currently "800Mi"), is used when + # `queueproxy.resource-defaults` is set to `Enabled`. + queue-sidecar-memory-limit: "800Mi" + + # Sets the queue proxy's ephemeral storage request. + # If omitted, no value is specified and the system default is used. + queue-sidecar-ephemeral-storage-request: "512Mi" + + # Sets the queue proxy's ephemeral storage limit. + # If omitted, no value is specified and the system default is used. + queue-sidecar-ephemeral-storage-limit: "1024Mi" + + # Sets tokens associated with specific audiences for queue proxy - used by QPOptions + # + # For example, to add the `service-x` audience: + # queue-sidecar-token-audiences: "service-x" + # Also supports a list of audiences, for example: + # queue-sidecar-token-audiences: "service-x,service-y" + # If omitted, or empty, no tokens are created + queue-sidecar-token-audiences: "" + + # Sets rootCA for the queue proxy - used by QPOptions + # If omitted, or empty, no rootCA is added to the golang rootCAs + queue-sidecar-rootca: "" + + # Sets the minimum TLS version for the queue proxy sidecar's TLS server. + # Accepted values: "1.2", "1.3". Default is "1.3" if not specified. + queue-sidecar-tls-min-version: "" + + # Sets the maximum TLS version for the queue proxy sidecar's TLS server. + # Accepted values: "1.2", "1.3". If omitted, the Go default is used. + queue-sidecar-tls-max-version: "" + + # Sets the cipher suites for the queue proxy sidecar's TLS server. + # Comma-separated list of cipher suite names (e.g. "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"). + # If omitted, the Go default cipher suites are used. + # Note: cipher suites are not configurable in TLS 1.3. + queue-sidecar-tls-cipher-suites: "" + + # Sets the elliptic curve preferences for the queue proxy sidecar's TLS server. + # Comma-separated list of curve names (e.g. "X25519,CurveP256"). + # If omitted, the Go default curves are used. + queue-sidecar-tls-curve-preferences: "" + + # If set, it automatically configures pod anti-affinity requirements for all Knative services. + # It employs the `preferredDuringSchedulingIgnoredDuringExecution` weighted pod affinity term, + # aligning with the Knative revision label. It yields the configuration below in all workloads' deployments: + # ` + # affinity: + # podAntiAffinity: + # preferredDuringSchedulingIgnoredDuringExecution: + # - podAffinityTerm: + # topologyKey: kubernetes.io/hostname + # labelSelector: + # matchLabels: + # serving.knative.dev/revision: {{revision-name}} + # weight: 100 + # ` + # This may be "none" or "prefer-spread-revision-over-nodes" (default) + # default-affinity-type: "prefer-spread-revision-over-nodes" + + # runtime-class-name contains the selector for which runtimeClassName + # is selected to put in a revision. + # By default, it is not set by Knative. + # + # Example: + # runtime-class-name: | + # "": + # selector: + # use-default-runc: "yes" + # kata: {} + # gvisor: + # selector: + # use-gvisor: "please" + runtime-class-name: "" + + # pod-is-always-schedulable can be used to define that Pods in the system will always be + # scheduled, and a Revision should not be marked unschedulable. + # Setting this to `true` makes sense if you have cluster-autoscaling set up for your cluster + # where unschedulable Pods trigger the addition of a new Node and are therefore a short and + # transient state. + # + # See https://github.com/knative/serving/issues/14862 + pod-is-always-schedulable: "false" + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-domain + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.21.3" + annotations: + knative.dev/example-checksum: "26c09de5" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Default value for domain. + # Routes having the cluster domain suffix (by default 'svc.cluster.local') + # will not be exposed through Ingress. You can define your own label + # selector to assign that domain suffix to your Route here, or you can set + # the label + # "networking.knative.dev/visibility=cluster-local" + # to achieve the same effect. This shows how to make routes having + # the label app=secret only exposed to the local cluster. + svc.cluster.local: | + selector: + app: secret + + # These are example settings of domain. + # example.com will be used for all routes, but it is the least-specific rule so it + # will only be used if no other domain matches. + example.com: | + + # example.org will be used for routes having app=nonprofit. + example.org: | + selector: + app: nonprofit + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-features + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.21.3" + annotations: + knative.dev/example-checksum: "9553535b" +data: + _example: |- + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Default SecurityContext settings to secure-by-default values + # if unset. + # + # Disabled - do nothing; no security options are applied + # AllowRootBounded - Applies secure defaults without enforcing strict policies; sets seccompProfile + # to RuntimeDefault and drops all capabilities + # Enabled - Enforces security defaults; sets seccompProfile to RuntimeDefault, drops all capabilities, + # and sets runAsNonRoot to true if not already specified. + secure-pod-defaults: "disabled" + + # Indicates whether multi container support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/configuration/feature-flags/#multiple-containers + multi-container: "enabled" + + # Indicates whether multi container probing is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/configuration/feature-flags/#multiple-container-probing + multi-container-probing: "disabled" + + # Indicates whether Kubernetes affinity support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity + kubernetes.podspec-affinity: "disabled" + + # Indicates whether Kubernetes topologySpreadConstraints support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-topology-spread-constraints + kubernetes.podspec-topologyspreadconstraints: "disabled" + + # Indicates whether Kubernetes hostAliases support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-host-aliases + kubernetes.podspec-hostaliases: "disabled" + + # Indicates whether Kubernetes nodeSelector support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector + kubernetes.podspec-nodeselector: "disabled" + + # Indicates whether Kubernetes tolerations support is enabled + # + # WARNING: Cannot safely be disabled once enabled + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration + kubernetes.podspec-tolerations: "disabled" + + # Indicates whether Kubernetes FieldRef support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref + kubernetes.podspec-fieldref: "disabled" + + # Indicates whether Kubernetes RuntimeClassName support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class + kubernetes.podspec-runtimeclassname: "disabled" + + # Indicates whether Kubernetes DNSPolicy support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnspolicy + kubernetes.podspec-dnspolicy: "disabled" + + # Indicates whether Kubernetes DNSConfig support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnsconfig + kubernetes.podspec-dnsconfig: "disabled" + + # This feature allows end-users to set a subset of fields on the Pod's SecurityContext + # + # When set to "enabled" or "allowed" it allows the following + # PodSecurityContext properties: + # - FSGroup + # - RunAsGroup + # - RunAsNonRoot + # - SupplementalGroups + # - RunAsUser + # - SeccompProfile + # + # This feature flag should be used with caution as the PodSecurityContext + # properties may have a side-effect on non-user sidecar containers that come + # from Knative or your service mesh + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context + kubernetes.podspec-securitycontext: "disabled" + + # Indicated whether sharing the process namespace via ShareProcessNamespace pod spec is allowed. + # This can be especially useful for sharing data from images directly between sidecars + # + # See: https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-share-process-namespace + kubernetes.podspec-shareprocessnamespace: "disabled" + + # Indicates whether hostIPC support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-host-ipc + kubernetes.podspec-hostipc: "disabled" + + # Indicates whether hostPID support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-host-pid + kubernetes.podspec-hostpid: "disabled" + + # Indicates whether hostNetwork support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See See https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-host-network + kubernetes.podspec-hostnetwork: "disabled" + + # Indicates whether Kubernetes PriorityClassName support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-priority-class-name + kubernetes.podspec-priorityclassname: "disabled" + + # Indicates whether Kubernetes SchedulerName support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-scheduler-name + kubernetes.podspec-schedulername: "disabled" + + # This feature flag allows end-users to add a subset of capabilities on the Pod's SecurityContext. + # + # When set to "enabled" or "allowed" it allows capabilities to be added to the container. + # For a list of possible capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html + kubernetes.containerspec-addcapabilities: "disabled" + + + # Controls whether tag header based routing feature are enabled or not. + # 1. Enabled: enabling tag header based routing + # 2. Disabled: disabling tag header based routing + # See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing + tag-header-based-routing: "disabled" + + # Controls whether http2 auto-detection should be enabled or not. + # 1. Enabled: http2 connection will be attempted via upgrade. + # 2. Disabled: http2 connection will only be attempted when port name is set to "h2c". + autodetect-http2: "disabled" + + # Controls whether volume support for EmptyDir is enabled or not. + # 1. Enabled: enabling EmptyDir volume support + # 2. Disabled: disabling EmptyDir volume support + kubernetes.podspec-volumes-emptydir: "enabled" + + # Controls whether volume support for image is enabled or not. + # 1. Enabled: enabling image volume support + # 2. Disabled: disabling image volume support + kubernetes.podspec-volumes-image: "disabled" + + # Controls whether volume support for HostPath is enabled or not. + # WARNING: Cannot safely be disabled once enabled. + # WARNING: If you can avoid using a hostPath volume, you should. + # Please read https://kubernetes.io/docs/concepts/storage/volumes/#hostpath before enabling this feature. + # 1. Enabled: enabling HostPath volume support + # 2. Disabled: disabling HostPath volume support + kubernetes.podspec-volumes-hostpath: "disabled" + + # Controls whether volume support for CSI is enabled or not. + # 1. Enabled: enabling CSI volume support + # 2. Disabled: disabling CSI volume support + kubernetes.podspec-volumes-csi: "disabled" + + # Controls whether init containers support is enabled or not. + # 1. Enabled: enabling init containers support + # 2. Disabled: disabling init containers support + kubernetes.podspec-init-containers: "disabled" + + # Controls whether persistent volume claim support is enabled or not. + # 1. Enabled: enabling persistent volume claim support + # 2. Disabled: disabling persistent volume claim support + kubernetes.podspec-persistent-volume-claim: "disabled" + + # Controls whether write access for persistent volumes is enabled or not. + # 1. Enabled: enabling write access for persistent volumes + # 2. Disabled: disabling write access for persistent volumes + kubernetes.podspec-persistent-volume-write: "disabled" + + # Controls whether volume mount propagation support is enabled or not. + # 1. Enabled: enabling volume mount propagation support + # 2. Disabled: disabling volume mount propagation support + kubernetes.podspec-volumes-mount-propagation: "disabled" + + # Controls if the queue proxy podInfo feature is enabled, allowed or disabled + # + # This feature should be enabled/allowed when using queue proxy Options (Extensions) + # Enabling will mount a podInfo volume to the queue proxy container. + # The volume will contains an 'annotations' file (from the pod's annotation field). + # The annotations in this file include the Service annotations set by the client creating the service. + # If mounted, the annotations can be accessed by queue proxy extensions at /etc/podinfo/annnotations + # + # 1. "enabled": always mount a podInfo volume + # 2. "disabled": never mount a podInfo volume + # 3. "allowed": by default, do not mount a podInfo volume + # However, a client may mount the podInfo volume on an individual Service by attaching + # the following metadata annotation to the Service: "features.knative.dev/queueproxy-podinfo":"enabled". + # + # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE + queueproxy.mount-podinfo: "disabled" + + # Default queue proxy resource requests and limits to good values for most cases if set. + queueproxy.resource-defaults: "disabled" + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-gc + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.21.3" + annotations: + knative.dev/example-checksum: "aa3813a8" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # --------------------------------------- + # Garbage Collector Settings + # --------------------------------------- + # + # Active + # * Revisions which are referenced by a Route are considered active. + # * Individual revisions may be marked with the annotation + # "serving.knative.dev/no-gc":"true" to be permanently considered active. + # * Active revisions are not considered for GC. + # Retention + # * Revisions are retained if they are any of the following: + # 1. Active + # 2. Were created within "retain-since-create-time" + # 3. Were last referenced by a route within + # "retain-since-last-active-time" + # 4. There are fewer than "min-non-active-revisions" + # If none of these conditions are met, or if the count of revisions exceed + # "max-non-active-revisions", they will be deleted by GC. + # The special value "disabled" may be used to turn off these limits. + # + # Example config to immediately collect any inactive revision: + # min-non-active-revisions: "0" + # max-non-active-revisions: "0" + # retain-since-create-time: "disabled" + # retain-since-last-active-time: "disabled" + # + # Example config to always keep around the last ten non-active revisions: + # retain-since-create-time: "disabled" + # retain-since-last-active-time: "disabled" + # max-non-active-revisions: "10" + # + # Example config to disable all garbage collection: + # retain-since-create-time: "disabled" + # retain-since-last-active-time: "disabled" + # max-non-active-revisions: "disabled" + # + # Example config to keep recently deployed or active revisions, + # always maintain the last two in case of rollback, and prevent + # burst activity from exploding the count of old revisions: + # retain-since-create-time: "48h" + # retain-since-last-active-time: "15h" + # min-non-active-revisions: "2" + # max-non-active-revisions: "1000" + + # Duration since creation before considering a revision for GC or "disabled". + retain-since-create-time: "48h" + + # Duration since active before considering a revision for GC or "disabled". + retain-since-last-active-time: "15h" + + # Minimum number of non-active revisions to retain. + min-non-active-revisions: "20" + + # Maximum number of non-active revisions to retain + # or "disabled" to disable any maximum limit. + max-non-active-revisions: "1000" + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.21.3" + annotations: + knative.dev/example-checksum: "f4b71f57" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: knative-serving + labels: + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/component: logging + app.kubernetes.io/name: knative-serving + annotations: + knative.dev/example-checksum: "9f25d429" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Common configuration for all Knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + + # Log level overrides + # For all components except the queue proxy, + # changes are picked up immediately. + # For queue proxy, changes require recreation of the pods. + loglevel.controller: "info" + loglevel.autoscaler: "info" + loglevel.queueproxy: "info" + loglevel.webhook: "info" + loglevel.activator: "info" + loglevel.hpaautoscaler: "info" + loglevel.net-istio-controller: "info" + loglevel.net-contour-controller: "info" + loglevel.net-kourier-controller: "info" + loglevel.net-gateway-api-controller: "info" + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-network + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.21.3" + annotations: + knative.dev/example-checksum: "0573e07d" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # ingress-class specifies the default ingress class + # to use when not dictated by Route annotation. + # + # If not specified, will use the Istio ingress. + # + # Note that changing the Ingress class of an existing Route + # will result in undefined behavior. Therefore it is best to only + # update this value during the setup of Knative, to avoid getting + # undefined behavior. + ingress-class: "istio.ingress.networking.knative.dev" + + # certificate-class specifies the default Certificate class + # to use when not dictated by Route annotation. + # + # If not specified, will use the Cert-Manager Certificate. + # + # Note that changing the Certificate class of an existing Route + # will result in undefined behavior. Therefore it is best to only + # update this value during the setup of Knative, to avoid getting + # undefined behavior. + certificate-class: "cert-manager.certificate.networking.knative.dev" + + # namespace-wildcard-cert-selector specifies a LabelSelector which + # determines which namespaces should have a wildcard certificate + # provisioned. + # + # Use an empty value to disable the feature (this is the default): + # namespace-wildcard-cert-selector: "" + # + # Use an empty object to enable for all namespaces + # namespace-wildcard-cert-selector: {} + # + # Useful labels include the "kubernetes.io/metadata.name" label to + # avoid provisioning a certificate for the "kube-system" namespaces. + # Use the following selector to match pre-1.0 behavior of using + # "networking.knative.dev/disableWildcardCert" to exclude namespaces: + # + # matchExpressions: + # - key: "networking.knative.dev/disableWildcardCert" + # operator: "NotIn" + # values: ["true"] + namespace-wildcard-cert-selector: "" + + # domain-template specifies the golang text template string to use + # when constructing the Knative service's DNS name. The default + # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". + # + # Valid variables defined in the template include Name, Namespace, Domain, + # Labels, and Annotations. Name will be the result of the tag-template + # below, if a tag is specified for the route. + # + # Changing this value might be necessary when the extra levels in + # the domain name generated is problematic for wildcard certificates + # that only support a single level of domain name added to the + # certificate's domain. In those cases you might consider using a value + # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace + # entirely from the template. When choosing a new value be thoughtful + # of the potential for conflicts - for example, when users choose to use + # characters such as `-` in their service, or namespace, names. + # {{.Annotations}} or {{.Labels}} can be used for any customization in the + # go template if needed. + # We strongly recommend keeping namespace part of the template to avoid + # domain name clashes: + # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' + # and you have an annotation {"sub":"foo"}, then the generated template + # would be {Name}-{Namespace}.foo.{Domain} + domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}" + + # tag-template specifies the golang text template string to use + # when constructing the DNS name for "tags" within the traffic blocks + # of Routes and Configuration. This is used in conjunction with the + # domain-template above to determine the full URL for the tag. + tag-template: "{{.Tag}}-{{.Name}}" + + # auto-tls is deprecated and replaced by external-domain-tls + auto-tls: "Disabled" + + # Controls whether TLS certificates are automatically provisioned and + # installed in the Knative ingress to terminate TLS connections + # for cluster external domains (like: app.example.com) + # - Enabled: enables the TLS certificate provisioning feature for cluster external domains. + # - Disabled: disables the TLS certificate provisioning feature for cluster external domains. + external-domain-tls: "Disabled" + + # Controls weather TLS certificates are automatically provisioned and + # installed in the Knative ingress to terminate TLS connections + # for cluster local domains (like: app.namespace.svc.) + # - Enabled: enables the TLS certificate provisioning feature for cluster cluster-local domains. + # - Disabled: disables the TLS certificate provisioning feature for cluster cluster local domains. + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + cluster-local-domain-tls: "Disabled" + + # internal-encryption is deprecated and replaced by system-internal-tls + internal-encryption: "false" + + # system-internal-tls controls weather TLS encryption is used for connections between + # the internal components of Knative: + # - ingress to activator + # - ingress to queue-proxy + # - activator to queue-proxy + # + # Possible values for this flag are: + # - Enabled: enables the TLS certificate provisioning feature for cluster cluster-local domains. + # - Disabled: disables the TLS certificate provisioning feature for cluster cluster local domains. + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + system-internal-tls: "Disabled" + + # Controls the behavior of the HTTP endpoint for the Knative ingress. + # It requires auto-tls to be enabled. + # - Enabled: The Knative ingress will be able to serve HTTP connection. + # - Redirected: The Knative ingress will send a 301 redirect for all + # http connections, asking the clients to use HTTPS. + # + # "Disabled" option is deprecated. + http-protocol: "Enabled" + + # rollout-duration contains the minimal duration in seconds over which the + # Configuration traffic targets are rolled out to the newest revision. + rollout-duration: "0" + + # autocreate-cluster-domain-claims controls whether ClusterDomainClaims should + # be automatically created (and deleted) as needed when DomainMappings are + # reconciled. + # + # If this is "false" (the default), the cluster administrator is + # responsible for creating ClusterDomainClaims and delegating them to + # namespaces via their spec.Namespace field. This setting should be used in + # multitenant environments which need to control which namespace can use a + # particular domain name in a domain mapping. + # + # If this is "true", users are able to associate arbitrary names with their + # services via the DomainMapping feature. + autocreate-cluster-domain-claims: "false" + + # If true, networking plugins can add additional information to deployed + # applications to make their pods directly accessible via their IPs even if mesh is + # enabled and thus direct-addressability is usually not possible. + # Consumers like Knative Serving can use this setting to adjust their behavior + # accordingly, i.e. to drop fallback solutions for non-pod-addressable systems. + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + enable-mesh-pod-addressability: "false" + + # mesh-compatibility-mode indicates whether consumers of network plugins + # should directly contact Pod IPs (most efficient), or should use the + # Cluster IP (less efficient, needed when mesh is enabled unless + # `enable-mesh-pod-addressability`, above, is set). + # Permitted values are: + # - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed. + # - "enabled": always use Cluster IP and do not attempt to use Pod IPs. + # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure. + mesh-compatibility-mode: "auto" + + # Defines the scheme used for external URLs if auto-tls is not enabled. + # This can be used for making Knative report all URLs as "HTTPS" for example, if you're + # fronting Knative with an external loadbalancer that deals with TLS termination and + # Knative doesn't know about that otherwise. + default-external-scheme: "http" + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: observability + app.kubernetes.io/version: "1.21.3" + annotations: + knative.dev/example-checksum: "59abacb5" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # logging.enable-var-log-collection defaults to false. + # The fluentd daemon set will be set up to collect /var/log if + # this flag is true. + logging.enable-var-log-collection: "false" + + # logging.revision-url-template provides a template to use for producing the + # logging URL that is injected into the status of each Revision. + logging.revision-url-template: "http://logging.example.com/?revisionUID=${REVISION_UID}" + + # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe + # requests. + # NB: after 0.18 release logging.enable-request-log must be explicitly set to true + # in order for request logging to be enabled. + # + # The value determines the shape of the request logs and it must be a valid go text/template. + # It is important to keep this as a single line. Multiple lines are parsed as separate entities + # by most collection agents and will split the request logs into multiple records. + # + # The following fields and functions are available to the template: + # + # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) + # representing an HTTP request received by the server. + # + # Response: + # struct { + # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) + # Size int // An int representing the size of the response. + # Latency float64 // A float64 representing the latency of the response in seconds. + # } + # + # Revision: + # struct { + # Name string // Knative revision name + # Namespace string // Knative revision namespace + # Service string // Knative service name + # Configuration string // Knative configuration name + # PodName string // Name of the pod hosting the revision + # PodIP string // IP of the pod hosting the revision + # } + # + logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{.TraceID}}"}' + + # If true, the request logging will be enabled. + logging.enable-request-log: "false" + + # If true, this enables queue proxy writing request logs for probe requests to stdout. + # It uses the same template for user requests, i.e. logging.request-log-template. + logging.enable-probe-request-log: "false" + + # metrics-protocol field specifies the protocol used when exporting metrics + # It supports either 'none' (the default), 'prometheus', 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC) + metrics-protocol: http/protobuf + + # metrics-endpoint field specifies the destination metrics should be exporter to. + # + # The endpoint MUST be set when the protocol is http/protobuf or grpc. + # The endpoint MUST NOT be set when the protocol is none. + # + # When the protocol is prometheus the endpoint can accept a 'host:port' string to customize the + # listening host interface and port. + metrics-endpoint: http://example.com/v1/traces + + # metrics-export-interval specifies the global metrics reporting period for control and data plane components. + # If a zero or negative value is passed the default reporting OTel period is used (60 secs). + metrics-export-interval: 60s + + # request-metrics-protocol field specifies the protocol used when exporting queue-proxy metrics + # It supports either 'none' (the default), 'prometheus', 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC) + request-metrics-protocol: http/protobuf + + # request-metrics-endpoint field specifies the destination metrics from the queue proxy should be exporter to. + # + # The endpoint MUST be set when the protocol is http/protobuf or grpc. + # The endpoint MUST NOT be set when the protocol is none. + # + # When the protocol is prometheus the endpoint can accept a 'host:port' string to customize the + # listening host interface and port. + request-metrics-endpoint: http://promstack-kube-prometheus-prometheus.observability:9090/api/v1/otlp/v1/metrics + + # request-metrics-export-interval specifies the global metrics reporting period for the queue-proxy. + # + # If a zero or negative value is passed the default reporting OTel period is used (60 secs). + request-metrics-export-interval: 60s + + # runtime-profiling indicates whether it is allowed to retrieve runtime profiling data from + # the pods via an HTTP server in the format expected by the pprof visualization tool. When + # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. + # The HTTP context root for profiling is then /debug/pprof/. + runtime-profiling: enabled + + # tracing-protocol field specifies the protocol used when exporting traces + # It supports either 'none' (the default), 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC) + # or `stdout` for debugging purposes + tracing-protocol: http/protobuf + + # tracing-endpoint field specifies the destination traces should be exporter to. + # + # The endpoint MUST be set when the protocol is http/protobuf or grpc. + # The endpoint MUST NOT be set when the protocol is none. + tracing-endpoint: http://jaeger-collector.observability:4318/v1/traces + + # tracing-sampling-rate allows the user to specify what percentage of all traces should be exported + # The value should be between 0 (never sample) to 1 (always sample) + tracing-sampling-rate: "1" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-tracing + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: tracing + app.kubernetes.io/version: "1.21.3" + annotations: + knative.dev/example-checksum: "04c7e9a3" +data: + _example: | + ########################################################### + # # + # This config is deprecated - use config-observability # + # # + ########################################################### + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: activator + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +spec: + minReplicas: 1 + maxReplicas: 20 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: activator + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + # Percentage of the requested CPU + averageUtilization: 100 +--- +# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time. +# Given the subsetting and that the activators are partially stateful systems, we want +# a slow rollout of the new versions and slow migration during node upgrades. +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: activator-pdb + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +spec: + minAvailable: 80% + selector: + matchLabels: + app: activator + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: activator + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-serving +spec: + selector: + matchLabels: + app: activator + role: activator + template: + metadata: + labels: + app: activator + role: activator + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: activator + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: activator + containers: + - name: activator + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:b636c2a61f171ca24a4f7e8429056264b358273d5b97dfe119e20dd55e82314d + # The numbers are based on performance test results from + # https://github.com/knative/serving/issues/1625#issuecomment-511930023 + resources: + requests: + cpu: 300m + memory: 60Mi + limits: + cpu: 1000m + memory: 600Mi + env: + # Run Activator with GC collection when newly generated memory is 500%. + - name: GOGC + value: "500" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: http1 + containerPort: 8012 + - name: h2c + containerPort: 8013 + readinessProbe: + httpGet: + port: 8012 + periodSeconds: 5 + failureThreshold: 5 + livenessProbe: + httpGet: + port: 8012 + periodSeconds: 10 + failureThreshold: 12 + initialDelaySeconds: 15 + # The activator (often) sits on the dataplane, and may proxy long (e.g. + # streaming, websockets) requests. We give a long grace period for the + # activator to "lame duck" and drain outstanding requests before we + # forcibly terminate the pod (and outstanding connections). This value + # should be at least as large as the upper bound on the Revision's + # timeoutSeconds property to avoid servicing events disrupting + # connections. + terminationGracePeriodSeconds: 600 +--- +apiVersion: v1 +kind: Service +metadata: + name: activator-service + namespace: knative-serving + labels: + app: activator + app.kubernetes.io/component: activator + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-serving +spec: + selector: + app: activator + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: http + port: 80 + targetPort: 8012 + - name: http2 + port: 81 + targetPort: 8013 + - name: https + port: 443 + targetPort: 8112 + type: ClusterIP + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: autoscaler + namespace: knative-serving + labels: + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +spec: + replicas: 1 + selector: + matchLabels: + app: autoscaler + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + template: + metadata: + labels: + app: autoscaler + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: autoscaler + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: autoscaler + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:c89e8dcc7902e7cca5dec299efe24e9a856d0426a5bc921cb44c0b90d2407f7e + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1000Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: websocket + containerPort: 8080 + readinessProbe: + httpGet: + port: 8080 + livenessProbe: + httpGet: + port: 8080 + failureThreshold: 6 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: autoscaler + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + name: autoscaler + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: http + port: 8080 + targetPort: 8080 + selector: + app: autoscaler + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller + namespace: knative-serving + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +spec: + selector: + matchLabels: + app: controller + template: + metadata: + labels: + app: controller + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: controller + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: controller + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:93df216b505319219780c425632751c7b580bfffe315c2e6a66dffa8aa5529d6 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1000Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + periodSeconds: 5 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + periodSeconds: 5 + failureThreshold: 3 + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: controller + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + name: controller + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + selector: + app: controller + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: webhook + namespace: knative-serving + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +spec: + minReplicas: 1 + maxReplicas: 5 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: webhook + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + # Percentage of the requested CPU + averageUtilization: 100 +--- +# Webhook PDB. +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: webhook-pdb + namespace: knative-serving + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +spec: + minAvailable: 80% + selector: + matchLabels: + app: webhook + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: webhook + namespace: knative-serving + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-serving +spec: + selector: + matchLabels: + app: webhook + role: webhook + template: + metadata: + labels: + app: webhook + role: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-serving + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: webhook + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:92fb5cbd925f80209675391c2c6c5d708fb0c12535bafec0f4d1745a2428ee57 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: WEBHOOK_NAME + value: webhook + - name: WEBHOOK_PORT + value: "8443" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + readinessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + livenessProbe: + periodSeconds: 10 + httpGet: + scheme: HTTPS + port: 8443 + failureThreshold: 6 + initialDelaySeconds: 20 + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: webhook + role: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/version: "1.21.3" + app.kubernetes.io/name: knative-serving + name: webhook + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app: webhook + role: webhook + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.serving.knative.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: config.webhook.serving.knative.dev + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: ["knative-serving"] + - key: app.kubernetes.io/component + operator: In + values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing", "net-certmanager"] + timeoutSeconds: 10 + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.serving.knative.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: webhook.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - autoscaling.internal.knative.dev + - networking.internal.knative.dev + - serving.knative.dev + apiVersions: + - "*" + operations: + - CREATE + - UPDATE + scope: "*" + resources: + - metrics + - podautoscalers + - certificates + - ingresses + - serverlessservices + - configurations + - revisions + - routes + - services + - domainmappings + - domainmappings/status + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.serving.knative.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: validation.webhook.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - autoscaling.internal.knative.dev + - networking.internal.knative.dev + - serving.knative.dev + apiVersions: + - "*" + operations: + - CREATE + - UPDATE + - DELETE + scope: "*" + resources: + - metrics + - podautoscalers + - certificates + - ingresses + - serverlessservices + - configurations + - revisions + - routes + - services + - domainmappings + - domainmappings/status + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: webhook-certs + namespace: knative-serving + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +# The data is populated at install time. + +--- diff --git a/cmd/operator/kodata/knative-serving/1.21.3/3-serving-hpa.yaml b/cmd/operator/kodata/knative-serving/1.21.3/3-serving-hpa.yaml new file mode 100644 index 0000000000..8176cb9bd0 --- /dev/null +++ b/cmd/operator/kodata/knative-serving/1.21.3/3-serving-hpa.yaml @@ -0,0 +1,123 @@ +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: autoscaler-hpa + namespace: knative-serving + labels: + autoscaling.knative.dev/autoscaler-provider: hpa + app.kubernetes.io/component: autoscaler-hpa + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" +spec: + selector: + matchLabels: + app: autoscaler-hpa + template: + metadata: + labels: + app: autoscaler-hpa + app.kubernetes.io/component: autoscaler-hpa + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: autoscaler-hpa + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: autoscaler-hpa + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa@sha256:315c9f814a840ec682135d36ee3fc2cf99466418b18b62b7fa5a8f9322b5da5c + resources: + requests: + cpu: 30m + memory: 40Mi + limits: + cpu: 300m + memory: 400Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + periodSeconds: 5 + failureThreshold: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + periodSeconds: 5 + failureThreshold: 5 + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: autoscaler-hpa + autoscaling.knative.dev/autoscaler-provider: hpa + app.kubernetes.io/component: autoscaler-hpa + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.21.3" + name: autoscaler-hpa + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + selector: + app: autoscaler-hpa + +--- diff --git a/cmd/operator/kodata/knative-serving/1.21.3/4-serving-post-install-jobs.yaml b/cmd/operator/kodata/knative-serving/1.21.3/4-serving-post-install-jobs.yaml new file mode 100644 index 0000000000..e69b8b5cd3 --- /dev/null +++ b/cmd/operator/kodata/knative-serving/1.21.3/4-serving-post-install-jobs.yaml @@ -0,0 +1,138 @@ + +--- +# /tmp/knative.dF2edcK6/tmp.scmWJ6sULO/serving-storage-version-migration.yaml +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + generateName: storage-version-migration-serving- + namespace: knative-serving + labels: + app: storage-version-migration-serving + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: storage-version-migration-job + app.kubernetes.io/version: "1.21.3" +spec: + ttlSecondsAfterFinished: 600 + backoffLimit: 10 + template: + metadata: + labels: + app: storage-version-migration-serving + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: storage-version-migration-job + app.kubernetes.io/version: "1.21.3" + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: controller + restartPolicy: OnFailure + containers: + - name: migrate + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:9abd5a7709ee626231a5bf50b53fbcfc85962f0efc4769e931b793f2e19cddc8 + args: + - "services.serving.knative.dev" + - "configurations.serving.knative.dev" + - "revisions.serving.knative.dev" + - "routes.serving.knative.dev" + - "domainmappings.serving.knative.dev" + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1000Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + +--- +--- +# /tmp/knative.dF2edcK6/tmp.scmWJ6sULO/cleanup.yaml +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + generateName: cleanup-serving- + namespace: knative-serving + labels: + app: cleanup-serving + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: cleanup-job + app.kubernetes.io/version: "1.21.3" +spec: + ttlSecondsAfterFinished: 600 + backoffLimit: 10 + template: + metadata: + labels: + app: cleanup-migration-serving + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: cleanup-job + app.kubernetes.io/version: "1.21.3" + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: controller + restartPolicy: OnFailure + containers: + - name: cleanup + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/pkg/cleanup/cmd/cleanup@sha256:9f2eb3f1f3a9fe9caaf4191d328907e0b26c7b1bf86861c03f73b0a9ee16b3f9 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1000Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + +--- diff --git a/cmd/operator/kodata/knative-serving/1.22.1/1-serving-crds.yaml b/cmd/operator/kodata/knative-serving/1.22.1/1-serving-crds.yaml new file mode 100644 index 0000000000..b966276ec7 --- /dev/null +++ b/cmd/operator/kodata/knative-serving/1.22.1/1-serving-crds.yaml @@ -0,0 +1,6704 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: certificates.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Certificate is responsible for provisioning a SSL certificate for the + given hosts. It is a Knative abstraction for various SSL certificate + provisioning solutions (such as cert-manager or self-signed SSL certificate). + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the Certificate. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - dnsNames + - secretName + properties: + dnsNames: + description: |- + DNSNames is a list of DNS names the Certificate could support. + The wildcard format of DNSNames (e.g. *.default.example.com) is supported. + type: array + items: + type: string + domain: + description: Domain is the top level domain of the values for DNSNames. + type: string + secretName: + description: SecretName is the name of the secret resource to store the SSL certificate in. + type: string + status: + description: |- + Status is the current state of the Certificate. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + http01Challenges: + description: |- + HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled + in order to get the TLS certificate.. + type: array + items: + description: |- + HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs + to fulfill. + type: object + properties: + serviceName: + description: ServiceName is the name of the service to serve HTTP01 challenge requests. + type: string + serviceNamespace: + description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. + type: string + servicePort: + description: ServicePort is the port of the service to serve HTTP01 challenge requests. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + url: + description: URL is the URL that the HTTP01 challenge is expected to serve on. + type: string + notAfter: + description: |- + The expiration time of the TLS certificate stored in the secret named + by this resource in spec.secretName. + type: string + format: date-time + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Certificate + plural: certificates + singular: certificate + categories: + - knative-internal + - networking + shortNames: + - kcert + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: configurations.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" + duck.knative.dev/podspecable: "true" +spec: + group: serving.knative.dev + names: + kind: Configuration + plural: configurations + singular: configuration + categories: + - all + - knative + - serving + shortNames: + - config + - cfg + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Configuration represents the "floating HEAD" of a linear history of Revisions. + Users create new Revisions by updating the Configuration's spec. + The "latest created" revision's name is available under status, as is the + "latest ready" revision's name. + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ConfigurationSpec holds the desired state of the Configuration (from the client). + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + resourceFieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps or Secrets + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. This can only be set to explicitly to 'false' + type: boolean + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. + type: boolean + hostAliases: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + hostIPC: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc + type: boolean + hostNetwork: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + type: boolean + hostPID: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid + type: boolean + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + priorityClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + schedulerName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + securityContext: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace + type: boolean + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi + type: object + x-kubernetes-preserve-unknown-fields: true + emptyDir: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + hostPath: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath + type: object + x-kubernetes-preserve-unknown-fields: true + image: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-image + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + status: + description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: |- + LatestCreatedRevisionName is the last revision that was created from this + Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: |- + LatestReadyRevisionName holds the name of the latest Revision stamped out + from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterdomainclaims.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the ClusterDomainClaim. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - namespace + properties: + namespace: + description: |- + Namespace is the namespace which is allowed to create a DomainMapping + using this ClusterDomainClaim's name. + type: string + names: + kind: ClusterDomainClaim + plural: clusterdomainclaims + singular: clusterdomainclaim + categories: + - knative-internal + - networking + shortNames: + - cdc + scope: Cluster + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: domainmappings.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + versions: + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + "schema": + "openAPIV3Schema": + description: DomainMapping is a mapping from a custom hostname to an Addressable. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the DomainMapping. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - ref + properties: + ref: + description: |- + Ref specifies the target of the Domain Mapping. + + The object identified by the Ref must be an Addressable with a URL of the + form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, + and `{name}` and `{namespace}` are the name and namespace of a Kubernetes + Service. + + This contract is satisfied by Knative types such as Knative Services and + Knative Routes, and by Kubernetes Services. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: |- + Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. + Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086 + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + This is optional field, it gets defaulted to the object holding it if left out. + type: string + tls: + description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. + type: object + required: + - secretName + properties: + secretName: + description: SecretName is the name of the existing secret used to terminate TLS traffic. + type: string + status: + description: |- + Status is the current state of the DomainMapping. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + address: + description: Address holds the information needed for a DomainMapping to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + url: + description: URL is the URL of this DomainMapping. + type: string + names: + kind: DomainMapping + plural: domainmappings + singular: domainmapping + categories: + - all + - knative + - serving + shortNames: + - dm + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ingresses.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Ingress is a collection of rules that allow inbound connections to reach the endpoints defined + by a backend. An Ingress can be configured to give services externally-reachable URLs, load + balance traffic, offer name based virtual hosting, etc. + + This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress + which some highlighted modifications. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the Ingress. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + httpOption: + description: |- + HTTPOption is the option of HTTP. It has the following two values: + `HTTPOptionEnabled`, `HTTPOptionRedirected` + type: string + rules: + description: A list of host rules used to configure the Ingress. + type: array + items: + description: |- + IngressRule represents the rules mapping the paths under a specified host to + the related backend services. Incoming requests are first evaluated for a host + match, then routed to the backend associated with the matching IngressRuleValue. + type: object + properties: + hosts: + description: |- + Host is the fully qualified domain name of a network host, as defined + by RFC 3986. Note the following deviations from the "host" part of the + URI as defined in the RFC: + 1. IPs are not allowed. Currently a rule value can only apply to the + IP in the Spec of the parent . + 2. The `:` delimiter is not respected because ports are not allowed. + Currently the port of an Ingress is implicitly :80 for http and + :443 for https. + Both these may change in the future. + If the host is unspecified, the Ingress routes all traffic based on the + specified IngressRuleValue. + If multiple matching Hosts were provided, the first rule will take precedent. + type: array + items: + type: string + http: + description: |- + HTTP represents a rule to apply against incoming requests. If the + rule is satisfied, the request is routed to the specified backend. + type: object + required: + - paths + properties: + paths: + description: |- + A collection of paths that map requests to backends. + + If they are multiple matching paths, the first match takes precedence. + type: array + items: + description: |- + HTTPIngressPath associates a path regex with a backend. Incoming URLs matching + the path are forwarded to the backend. + type: object + required: + - splits + properties: + appendHeaders: + description: |- + AppendHeaders allow specifying additional HTTP headers to add + before forwarding a request to the destination service. + + NOTE: This differs from K8s Ingress which doesn't allow header appending. + type: object + additionalProperties: + type: string + headers: + description: |- + Headers defines header matching rules which is a map from a header name + to HeaderMatch which specify a matching condition. + When a request matched with all the header matching rules, + the request is routed by the corresponding ingress rule. + If it is empty, the headers are not used for matching + type: object + additionalProperties: + description: |- + HeaderMatch represents a matching value of Headers in HTTPIngressPath. + Currently, only the exact matching is supported. + type: object + required: + - exact + properties: + exact: + type: string + path: + description: |- + Path represents a literal prefix to which this rule should apply. + Currently it can contain characters disallowed from the conventional + "path" part of a URL as defined by RFC 3986. Paths must begin with + a '/'. If unspecified, the path defaults to a catch all sending + traffic to the backend. + type: string + rewriteHost: + description: |- + RewriteHost rewrites the incoming request's host header. + + This field is currently experimental and not supported by all Ingress + implementations. + type: string + splits: + description: |- + Splits defines the referenced service endpoints to which the traffic + will be forwarded to. + type: array + items: + description: IngressBackendSplit describes all endpoints for a given service and port. + type: object + required: + - serviceName + - serviceNamespace + - servicePort + properties: + appendHeaders: + description: |- + AppendHeaders allow specifying additional HTTP headers to add + before forwarding a request to the destination service. + + NOTE: This differs from K8s Ingress which doesn't allow header appending. + type: object + additionalProperties: + type: string + percent: + description: |- + Specifies the split percentage, a number between 0 and 100. If + only one split is specified, we default to 100. + + NOTE: This differs from K8s Ingress to allow percentage split. + type: integer + serviceName: + description: Specifies the name of the referenced service. + type: string + serviceNamespace: + description: |- + Specifies the namespace of the referenced service. + + NOTE: This differs from K8s Ingress to allow routing to different namespaces. + type: string + servicePort: + description: Specifies the port of the referenced service. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + visibility: + description: |- + Visibility signifies whether this rule should `ClusterLocal`. If it's not + specified then it defaults to `ExternalIP`. + type: string + tls: + description: |- + TLS configuration. Currently Ingress only supports a single TLS + port: 443. If multiple members of this list specify different hosts, they + will be multiplexed on the same port according to the hostname specified + through the SNI TLS extension, if the ingress controller fulfilling the + ingress supports SNI. + type: array + items: + description: IngressTLS describes the transport layer security associated with an Ingress. + type: object + properties: + hosts: + description: |- + Hosts is a list of hosts included in the TLS certificate. The values in + this list must match the name/s used in the tlsSecret. Defaults to the + wildcard host setting for the loadbalancer controller fulfilling this + Ingress, if left unspecified. + type: array + items: + type: string + secretName: + description: SecretName is the name of the secret used to terminate SSL traffic. + type: string + secretNamespace: + description: |- + SecretNamespace is the namespace of the secret used to terminate SSL traffic. + If not set the namespace should be assumed to be the same as the Ingress. + If set the secret should have the same namespace as the Ingress otherwise + the behaviour is undefined and not supported. + type: string + status: + description: |- + Status is the current state of the Ingress. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + privateLoadBalancer: + description: PrivateLoadBalancer contains the current status of the load-balancer. + type: object + properties: + ingress: + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. + type: array + items: + description: |- + LoadBalancerIngressStatus represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. + type: object + properties: + domain: + description: |- + Domain is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) + type: string + domainInternal: + description: |- + DomainInternal is set if there is a cluster-local DNS name to access the Ingress. + + NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local + DNS name to allow routing in case of not having a mesh. + type: string + ip: + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) + type: string + meshOnly: + description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. + type: boolean + publicLoadBalancer: + description: PublicLoadBalancer contains the current status of the load-balancer. + type: object + properties: + ingress: + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. + type: array + items: + description: |- + LoadBalancerIngressStatus represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. + type: object + properties: + domain: + description: |- + Domain is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) + type: string + domainInternal: + description: |- + DomainInternal is set if there is a cluster-local DNS name to access the Ingress. + + NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local + DNS name to allow routing in case of not having a mesh. + type: string + ip: + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) + type: string + meshOnly: + description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. + type: boolean + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: Ingress + plural: ingresses + singular: ingress + categories: + - knative-internal + - networking + shortNames: + - kingress + - king + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: metrics.autoscaling.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: autoscaling.internal.knative.dev + names: + kind: Metric + plural: metrics + singular: metric + categories: + - knative-internal + - autoscaling + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: Metric represents a resource to configure the metric collector with. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Metric (from the client). + type: object + required: + - panicWindow + - scrapeTarget + - stableWindow + properties: + panicWindow: + description: PanicWindow is the aggregation window for metrics where quick reactions are needed. + type: integer + format: int64 + scrapeTarget: + description: ScrapeTarget is the K8s service that publishes the metric endpoint. + type: string + stableWindow: + description: StableWindow is the aggregation window for metrics in a stable state. + type: integer + format: int64 + status: + description: Status communicates the observed state of the Metric (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: podautoscalers.autoscaling.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: autoscaling.internal.knative.dev + names: + kind: PodAutoscaler + plural: podautoscalers + singular: podautoscaler + categories: + - knative-internal + - autoscaling + shortNames: + - kpa + - pa + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: DesiredScale + type: integer + jsonPath: ".status.desiredScale" + - name: ActualScale + type: integer + jsonPath: ".status.actualScale" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative + components instantiate autoscalers. This definition is an abstraction that may be backed + by multiple definitions. For more information, see the Knative Pluggability presentation: + https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the PodAutoscaler (from the client). + type: object + required: + - protocolType + - scaleTargetRef + properties: + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed + in-flight (concurrent) requests per container of the Revision. + Defaults to `0` which means unlimited concurrency. + type: integer + format: int64 + protocolType: + description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. + type: string + reachability: + description: |- + Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). + Defaults to `ReachabilityUnknown` + type: string + scaleTargetRef: + description: |- + ScaleTargetRef defines the /scale-able resource that this PodAutoscaler + is responsible for quickly right-sizing. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + x-kubernetes-map-type: atomic + status: + description: Status communicates the observed state of the PodAutoscaler (from the controller). + type: object + required: + - metricsServiceName + - serviceName + properties: + actualScale: + description: ActualScale shows the actual number of replicas for the revision. + type: integer + format: int32 + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + desiredScale: + description: DesiredScale shows the current desired number of replicas for the revision. + type: integer + format: int32 + metricsServiceName: + description: |- + MetricsServiceName is the K8s Service name that provides revision metrics. + The service is managed by the PA object. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + serviceName: + description: |- + ServiceName is the K8s Service name that serves the revision, scaled by this PA. + The service is created and owned by the ServerlessService object owned by this PA. + type: string + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: revisions.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + names: + kind: Revision + plural: revisions + singular: revision + categories: + - all + - knative + - serving + shortNames: + - rev + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Config Name + type: string + jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" + - name: Generation + type: string # int in string form :( + jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: Actual Replicas + type: integer + jsonPath: ".status.actualReplicas" + - name: Desired Replicas + type: integer + jsonPath: ".status.desiredReplicas" + schema: + openAPIV3Schema: + description: |- + Revision is an immutable snapshot of code and configuration. A revision + references a container image. Revisions are created by updates to a + Configuration. + + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + resourceFieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps or Secrets + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. This can only be set to explicitly to 'false' + type: boolean + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. + type: boolean + hostAliases: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + hostIPC: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc + type: boolean + hostNetwork: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + type: boolean + hostPID: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid + type: boolean + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + priorityClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + schedulerName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + securityContext: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace + type: boolean + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi + type: object + x-kubernetes-preserve-unknown-fields: true + emptyDir: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + hostPath: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath + type: object + x-kubernetes-preserve-unknown-fields: true + image: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-image + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + status: + description: RevisionStatus communicates the observed state of the Revision (from the controller). + type: object + properties: + actualReplicas: + description: ActualReplicas reflects the amount of ready pods running this revision. + type: integer + format: int32 + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + containerStatuses: + description: |- + ContainerStatuses is a slice of images present in .Spec.Container[*].Image + to their respective digests and their container name. + The digests are resolved during the creation of Revision. + ContainerStatuses holds the container name and image digests + for both serving and non serving containers. + ref: https://bit.ly/image-digests + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + desiredReplicas: + description: DesiredReplicas reflects the desired amount of pods running this revision. + type: integer + format: int32 + initContainerStatuses: + description: |- + InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image + to their respective digests and their container name. + The digests are resolved during the creation of Revision. + ContainerStatuses holds the container name and image digests + for both serving and non serving containers. + ref: https://bit.ly/image-digests + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + logUrl: + description: |- + LogURL specifies the generated logging url for this particular revision + based on the revision url template specified in the controller's config. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: routes.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" +spec: + group: serving.knative.dev + names: + kind: Route + plural: routes + singular: route + categories: + - all + - knative + - serving + shortNames: + - rt + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Route is responsible for configuring ingress over a collection of Revisions. + Some of the Revisions a Route distributes traffic over may be specified by + referencing the Configuration responsible for creating them; in these cases + the Route is additionally responsible for monitoring the Configuration for + "latest ready revision" changes, and smoothly rolling out latest revisions. + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Route (from the client). + type: object + properties: + traffic: + description: |- + Traffic specifies how to distribute traffic over a collection of + revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: Status communicates the observed state of the Route (from the controller). + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + traffic: + description: |- + Traffic holds the configured traffic distribution. + These entries will always contain RevisionName references. + When ConfigurationName appears in the spec, this will hold the + LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: |- + URL holds the url that will distribute traffic over the provided traffic targets. + It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: serverlessservices.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + ServerlessService is a proxy for the K8s service objects containing the + endpoints for the revision, whether those are endpoints of the activator or + revision pods. + See: https://knative.page.link/naxz for details. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the ServerlessService. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - objectRef + - protocolType + properties: + mode: + description: Mode describes the mode of operation of the ServerlessService. + type: string + numActivators: + description: |- + NumActivators contains number of Activators that this revision should be + assigned. + O means — assign all. + type: integer + format: int32 + objectRef: + description: |- + ObjectRef defines the resource that this ServerlessService + is responsible for making "serverless". + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + x-kubernetes-map-type: atomic + protocolType: + description: |- + The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. + serving imports networking, so just use string. + type: string + status: + description: |- + Status is the current state of the ServerlessService. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + privateServiceName: + description: |- + PrivateServiceName holds the name of a core K8s Service resource that + load balances over the user service pods backing this Revision. + type: string + serviceName: + description: |- + ServiceName holds the name of a core K8s Service resource that + load balances over the pods backing this Revision (activator or revision). + type: string + additionalPrinterColumns: + - name: Mode + type: string + jsonPath: ".spec.mode" + - name: Activators + type: integer + jsonPath: ".spec.numActivators" + - name: ServiceName + type: string + jsonPath: ".status.serviceName" + - name: PrivateServiceName + type: string + jsonPath: ".status.privateServiceName" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: ServerlessService + plural: serverlessservices + singular: serverlessservice + categories: + - knative-internal + - networking + shortNames: + - sks + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: services.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + duck.knative.dev/podspecable: "true" +spec: + group: serving.knative.dev + names: + kind: Service + plural: services + singular: service + categories: + - all + - knative + - serving + shortNames: + - kservice + - ksvc + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Service acts as a top-level container that manages a Route and Configuration + which implement a network service. Service exists to provide a singular + abstraction which can be access controlled, reasoned about, and which + encapsulates software lifecycle decisions such as rollout policy and + team resource ownership. Service acts only as an orchestrator of the + underlying Routes and Configurations (much as a kubernetes Deployment + orchestrates ReplicaSets), and its usage is optional but recommended. + + The Service's controller will track the statuses of its owned Configuration + and Route, reflecting their statuses and conditions as its own. + + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ServiceSpec represents the configuration for the Service object. + A Service's specification is the union of the specifications for a Route + and Configuration. The Service restricts what can be expressed in these + fields, e.g. the Route must reference the provided Configuration; + however, these limitations also enable friendlier defaulting, + e.g. Route never needs a Configuration name, and may be defaulted to + the appropriate "run latest" spec. + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + resourceFieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps or Secrets + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. This can only be set to explicitly to 'false' + type: boolean + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. + type: boolean + hostAliases: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + hostIPC: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc + type: boolean + hostNetwork: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + type: boolean + hostPID: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid + type: boolean + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + priorityClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + schedulerName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + securityContext: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace + type: boolean + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi + type: object + x-kubernetes-preserve-unknown-fields: true + emptyDir: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + hostPath: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath + type: object + x-kubernetes-preserve-unknown-fields: true + image: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-image + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + traffic: + description: |- + Traffic specifies how to distribute traffic over a collection of + revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: ServiceStatus represents the Status stanza of the Service resource. + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: |- + LatestCreatedRevisionName is the last revision that was created from this + Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: |- + LatestReadyRevisionName holds the name of the latest Revision stamped out + from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + traffic: + description: |- + Traffic holds the configured traffic distribution. + These entries will always contain RevisionName references. + When ConfigurationName appears in the spec, this will hold the + LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: |- + URL holds the url that will distribute traffic over the provided traffic targets. + It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: images.caching.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: caching.internal.knative.dev + names: + kind: Image + plural: images + singular: image + categories: + - knative-internal + - caching + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Image is a Knative abstraction that encapsulates the interface by which Knative + components express a desire to have a particular image cached. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Image (from the client). + type: object + required: + - image + properties: + image: + description: Image is the name of the container image url to cache across the cluster. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets contains the names of the Kubernetes Secrets containing login + information used by the Pods which will run this container. + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + serviceAccountName: + description: |- + ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods + will run this container. This is potentially used to authenticate the image pull + if the service account has attached pull secrets. For more information: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account + type: string + status: + description: Status communicates the observed state of the Image (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: Image + type: string + jsonPath: .spec.image + +--- diff --git a/cmd/operator/kodata/knative-serving/1.22.1/2-serving-core.yaml b/cmd/operator/kodata/knative-serving/1.22.1/2-serving-core.yaml new file mode 100644 index 0000000000..ebcf599885 --- /dev/null +++ b/cmd/operator/kodata/knative-serving/1.22.1/2-serving-core.yaml @@ -0,0 +1,9543 @@ +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-activator + namespace: knative-serving + labels: + serving.knative.dev/controller: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + resourceNames: ["routing-serving-certs", "knative-serving-certs"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-activator-cluster + labels: + serving.knative.dev/controller: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: [""] + resources: ["services", "endpoints"] + verbs: ["get", "list", "watch"] + - apiGroups: ["serving.knative.dev"] + resources: ["revisions"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need readonly access to "Addressables" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + # Named like this to avoid clashing with eventing's existing `addressable-resolver` role + # (which should be identical, but isn't guaranteed to be installed alongside serving). + name: knative-serving-aggregated-addressable-resolver + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-serving +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/addressable: "true" +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-addressable-resolver + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-serving + # Labeled to facilitate aggregated cluster roles that act on Addressables. + duck.knative.dev/addressable: "true" +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - serving.knative.dev + resources: + - routes + - routes/status + - services + - services/status + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: ["serving.knative.dev"] + resources: ["*"] + verbs: ["*"] + - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] + resources: ["*"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-namespaced-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: ["serving.knative.dev"] + resources: ["*"] + verbs: ["create", "update", "patch", "delete"] + - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] + resources: ["*"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-namespaced-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] + resources: ["*"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-core + labels: + serving.knative.dev/controller: "true" + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: [""] + resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: [""] + resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission + verbs: ["create"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices/restricted"] # Permission for RestrictedEndpointsAdmission + verbs: ["create"] + - apiGroups: [""] + resources: ["namespaces/finalizers"] # finalizers are needed for the owner reference of the webhook + verbs: ["update"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["apps"] + resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", "customresourcedefinitions/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["autoscaling"] + resources: ["horizontalpodautoscalers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"] + resources: ["*", "*/status", "*/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] + - apiGroups: ["caching.internal.knative.dev"] + resources: ["images"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "clusterissuers", "certificaterequests", "issuers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterroles"] + verbs: ["delete"] + resourceNames: ["knative-serving-certmanager"] + - apiGroups: ["*"] + resources: ["*/scale"] + verbs: ["patch"] + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-podspecable-binding + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-serving + # Labeled to facilitate aggregated cluster roles that act on PodSpecables. + duck.knative.dev/podspecable: "true" +# Do not use this role directly. These rules will be added to the "podspecable-binder" role. +rules: + - apiGroups: + - serving.knative.dev + resources: + - configurations + - services + verbs: + - list + - watch + - patch + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller + namespace: knative-serving + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-admin + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +aggregationRule: + clusterRoleSelectors: + - matchLabels: + serving.knative.dev/controller: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-serving-controller-admin + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +subjects: + - kind: ServiceAccount + name: controller + namespace: knative-serving +roleRef: + kind: ClusterRole + name: knative-serving-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-serving-controller-addressable-resolver + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +subjects: + - kind: ServiceAccount + name: controller + namespace: knative-serving +roleRef: + kind: ClusterRole + name: knative-serving-aggregated-addressable-resolver + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: activator + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: knative-serving-activator + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +subjects: + - kind: ServiceAccount + name: activator + namespace: knative-serving +roleRef: + kind: Role + name: knative-serving-activator + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-serving-activator-cluster + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +subjects: + - kind: ServiceAccount + name: activator + namespace: knative-serving +roleRef: + kind: ClusterRole + name: knative-serving-activator-cluster + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: images.caching.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: caching.internal.knative.dev + names: + kind: Image + plural: images + singular: image + categories: + - knative-internal + - caching + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Image is a Knative abstraction that encapsulates the interface by which Knative + components express a desire to have a particular image cached. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Image (from the client). + type: object + required: + - image + properties: + image: + description: Image is the name of the container image url to cache across the cluster. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets contains the names of the Kubernetes Secrets containing login + information used by the Pods which will run this container. + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + serviceAccountName: + description: |- + ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods + will run this container. This is potentially used to authenticate the image pull + if the service account has attached pull secrets. For more information: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account + type: string + status: + description: Status communicates the observed state of the Image (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: Image + type: string + jsonPath: .spec.image + +--- +apiVersion: networking.internal.knative.dev/v1alpha1 +kind: Certificate +metadata: + annotations: + networking.knative.dev/certificate.class: cert-manager.certificate.networking.knative.dev + labels: + networking.knative.dev/certificate-type: system-internal + name: routing-serving-certs + namespace: knative-serving +spec: + dnsNames: + - kn-routing + - data-plane.knative.dev # for reverse-compatibility with net-* implementations that do not work with multi-SANs + secretName: routing-serving-certs + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: certificates.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Certificate is responsible for provisioning a SSL certificate for the + given hosts. It is a Knative abstraction for various SSL certificate + provisioning solutions (such as cert-manager or self-signed SSL certificate). + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the Certificate. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - dnsNames + - secretName + properties: + dnsNames: + description: |- + DNSNames is a list of DNS names the Certificate could support. + The wildcard format of DNSNames (e.g. *.default.example.com) is supported. + type: array + items: + type: string + domain: + description: Domain is the top level domain of the values for DNSNames. + type: string + secretName: + description: SecretName is the name of the secret resource to store the SSL certificate in. + type: string + status: + description: |- + Status is the current state of the Certificate. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + http01Challenges: + description: |- + HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled + in order to get the TLS certificate.. + type: array + items: + description: |- + HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs + to fulfill. + type: object + properties: + serviceName: + description: ServiceName is the name of the service to serve HTTP01 challenge requests. + type: string + serviceNamespace: + description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests. + type: string + servicePort: + description: ServicePort is the port of the service to serve HTTP01 challenge requests. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + url: + description: URL is the URL that the HTTP01 challenge is expected to serve on. + type: string + notAfter: + description: |- + The expiration time of the TLS certificate stored in the secret named + by this resource in spec.secretName. + type: string + format: date-time + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Certificate + plural: certificates + singular: certificate + categories: + - knative-internal + - networking + shortNames: + - kcert + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: configurations.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" + duck.knative.dev/podspecable: "true" +spec: + group: serving.knative.dev + names: + kind: Configuration + plural: configurations + singular: configuration + categories: + - all + - knative + - serving + shortNames: + - config + - cfg + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Configuration represents the "floating HEAD" of a linear history of Revisions. + Users create new Revisions by updating the Configuration's spec. + The "latest created" revision's name is available under status, as is the + "latest ready" revision's name. + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ConfigurationSpec holds the desired state of the Configuration (from the client). + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + resourceFieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps or Secrets + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. This can only be set to explicitly to 'false' + type: boolean + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. + type: boolean + hostAliases: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + hostIPC: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc + type: boolean + hostNetwork: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + type: boolean + hostPID: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid + type: boolean + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + priorityClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + schedulerName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + securityContext: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace + type: boolean + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi + type: object + x-kubernetes-preserve-unknown-fields: true + emptyDir: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + hostPath: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath + type: object + x-kubernetes-preserve-unknown-fields: true + image: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-image + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + status: + description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: |- + LatestCreatedRevisionName is the last revision that was created from this + Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: |- + LatestReadyRevisionName holds the name of the latest Revision stamped out + from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterdomainclaims.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the ClusterDomainClaim. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - namespace + properties: + namespace: + description: |- + Namespace is the namespace which is allowed to create a DomainMapping + using this ClusterDomainClaim's name. + type: string + names: + kind: ClusterDomainClaim + plural: clusterdomainclaims + singular: clusterdomainclaim + categories: + - knative-internal + - networking + shortNames: + - cdc + scope: Cluster + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: domainmappings.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + versions: + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + "schema": + "openAPIV3Schema": + description: DomainMapping is a mapping from a custom hostname to an Addressable. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the DomainMapping. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - ref + properties: + ref: + description: |- + Ref specifies the target of the Domain Mapping. + + The object identified by the Ref must be an Addressable with a URL of the + form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, + and `{name}` and `{namespace}` are the name and namespace of a Kubernetes + Service. + + This contract is satisfied by Knative types such as Knative Services and + Knative Routes, and by Kubernetes Services. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: |- + Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. + Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086 + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + This is optional field, it gets defaulted to the object holding it if left out. + type: string + tls: + description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. + type: object + required: + - secretName + properties: + secretName: + description: SecretName is the name of the existing secret used to terminate TLS traffic. + type: string + status: + description: |- + Status is the current state of the DomainMapping. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + address: + description: Address holds the information needed for a DomainMapping to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + url: + description: URL is the URL of this DomainMapping. + type: string + names: + kind: DomainMapping + plural: domainmappings + singular: domainmapping + categories: + - all + - knative + - serving + shortNames: + - dm + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ingresses.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + Ingress is a collection of rules that allow inbound connections to reach the endpoints defined + by a backend. An Ingress can be configured to give services externally-reachable URLs, load + balance traffic, offer name based virtual hosting, etc. + + This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress + which some highlighted modifications. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the Ingress. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + httpOption: + description: |- + HTTPOption is the option of HTTP. It has the following two values: + `HTTPOptionEnabled`, `HTTPOptionRedirected` + type: string + rules: + description: A list of host rules used to configure the Ingress. + type: array + items: + description: |- + IngressRule represents the rules mapping the paths under a specified host to + the related backend services. Incoming requests are first evaluated for a host + match, then routed to the backend associated with the matching IngressRuleValue. + type: object + properties: + hosts: + description: |- + Host is the fully qualified domain name of a network host, as defined + by RFC 3986. Note the following deviations from the "host" part of the + URI as defined in the RFC: + 1. IPs are not allowed. Currently a rule value can only apply to the + IP in the Spec of the parent . + 2. The `:` delimiter is not respected because ports are not allowed. + Currently the port of an Ingress is implicitly :80 for http and + :443 for https. + Both these may change in the future. + If the host is unspecified, the Ingress routes all traffic based on the + specified IngressRuleValue. + If multiple matching Hosts were provided, the first rule will take precedent. + type: array + items: + type: string + http: + description: |- + HTTP represents a rule to apply against incoming requests. If the + rule is satisfied, the request is routed to the specified backend. + type: object + required: + - paths + properties: + paths: + description: |- + A collection of paths that map requests to backends. + + If they are multiple matching paths, the first match takes precedence. + type: array + items: + description: |- + HTTPIngressPath associates a path regex with a backend. Incoming URLs matching + the path are forwarded to the backend. + type: object + required: + - splits + properties: + appendHeaders: + description: |- + AppendHeaders allow specifying additional HTTP headers to add + before forwarding a request to the destination service. + + NOTE: This differs from K8s Ingress which doesn't allow header appending. + type: object + additionalProperties: + type: string + headers: + description: |- + Headers defines header matching rules which is a map from a header name + to HeaderMatch which specify a matching condition. + When a request matched with all the header matching rules, + the request is routed by the corresponding ingress rule. + If it is empty, the headers are not used for matching + type: object + additionalProperties: + description: |- + HeaderMatch represents a matching value of Headers in HTTPIngressPath. + Currently, only the exact matching is supported. + type: object + required: + - exact + properties: + exact: + type: string + path: + description: |- + Path represents a literal prefix to which this rule should apply. + Currently it can contain characters disallowed from the conventional + "path" part of a URL as defined by RFC 3986. Paths must begin with + a '/'. If unspecified, the path defaults to a catch all sending + traffic to the backend. + type: string + rewriteHost: + description: |- + RewriteHost rewrites the incoming request's host header. + + This field is currently experimental and not supported by all Ingress + implementations. + type: string + splits: + description: |- + Splits defines the referenced service endpoints to which the traffic + will be forwarded to. + type: array + items: + description: IngressBackendSplit describes all endpoints for a given service and port. + type: object + required: + - serviceName + - serviceNamespace + - servicePort + properties: + appendHeaders: + description: |- + AppendHeaders allow specifying additional HTTP headers to add + before forwarding a request to the destination service. + + NOTE: This differs from K8s Ingress which doesn't allow header appending. + type: object + additionalProperties: + type: string + percent: + description: |- + Specifies the split percentage, a number between 0 and 100. If + only one split is specified, we default to 100. + + NOTE: This differs from K8s Ingress to allow percentage split. + type: integer + serviceName: + description: Specifies the name of the referenced service. + type: string + serviceNamespace: + description: |- + Specifies the namespace of the referenced service. + + NOTE: This differs from K8s Ingress to allow routing to different namespaces. + type: string + servicePort: + description: Specifies the port of the referenced service. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + visibility: + description: |- + Visibility signifies whether this rule should `ClusterLocal`. If it's not + specified then it defaults to `ExternalIP`. + type: string + tls: + description: |- + TLS configuration. Currently Ingress only supports a single TLS + port: 443. If multiple members of this list specify different hosts, they + will be multiplexed on the same port according to the hostname specified + through the SNI TLS extension, if the ingress controller fulfilling the + ingress supports SNI. + type: array + items: + description: IngressTLS describes the transport layer security associated with an Ingress. + type: object + properties: + hosts: + description: |- + Hosts is a list of hosts included in the TLS certificate. The values in + this list must match the name/s used in the tlsSecret. Defaults to the + wildcard host setting for the loadbalancer controller fulfilling this + Ingress, if left unspecified. + type: array + items: + type: string + secretName: + description: SecretName is the name of the secret used to terminate SSL traffic. + type: string + secretNamespace: + description: |- + SecretNamespace is the namespace of the secret used to terminate SSL traffic. + If not set the namespace should be assumed to be the same as the Ingress. + If set the secret should have the same namespace as the Ingress otherwise + the behaviour is undefined and not supported. + type: string + status: + description: |- + Status is the current state of the Ingress. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + privateLoadBalancer: + description: PrivateLoadBalancer contains the current status of the load-balancer. + type: object + properties: + ingress: + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. + type: array + items: + description: |- + LoadBalancerIngressStatus represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. + type: object + properties: + domain: + description: |- + Domain is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) + type: string + domainInternal: + description: |- + DomainInternal is set if there is a cluster-local DNS name to access the Ingress. + + NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local + DNS name to allow routing in case of not having a mesh. + type: string + ip: + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) + type: string + meshOnly: + description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. + type: boolean + publicLoadBalancer: + description: PublicLoadBalancer contains the current status of the load-balancer. + type: object + properties: + ingress: + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. + type: array + items: + description: |- + LoadBalancerIngressStatus represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. + type: object + properties: + domain: + description: |- + Domain is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) + type: string + domainInternal: + description: |- + DomainInternal is set if there is a cluster-local DNS name to access the Ingress. + + NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local + DNS name to allow routing in case of not having a mesh. + type: string + ip: + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) + type: string + meshOnly: + description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh. + type: boolean + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: Ingress + plural: ingresses + singular: ingress + categories: + - knative-internal + - networking + shortNames: + - kingress + - king + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: metrics.autoscaling.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: autoscaling.internal.knative.dev + names: + kind: Metric + plural: metrics + singular: metric + categories: + - knative-internal + - autoscaling + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: Metric represents a resource to configure the metric collector with. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Metric (from the client). + type: object + required: + - panicWindow + - scrapeTarget + - stableWindow + properties: + panicWindow: + description: PanicWindow is the aggregation window for metrics where quick reactions are needed. + type: integer + format: int64 + scrapeTarget: + description: ScrapeTarget is the K8s service that publishes the metric endpoint. + type: string + stableWindow: + description: StableWindow is the aggregation window for metrics in a stable state. + type: integer + format: int64 + status: + description: Status communicates the observed state of the Metric (from the controller). + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: podautoscalers.autoscaling.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: autoscaling.internal.knative.dev + names: + kind: PodAutoscaler + plural: podautoscalers + singular: podautoscaler + categories: + - knative-internal + - autoscaling + shortNames: + - kpa + - pa + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: DesiredScale + type: integer + jsonPath: ".status.desiredScale" + - name: ActualScale + type: integer + jsonPath: ".status.actualScale" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative + components instantiate autoscalers. This definition is an abstraction that may be backed + by multiple definitions. For more information, see the Knative Pluggability presentation: + https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the PodAutoscaler (from the client). + type: object + required: + - protocolType + - scaleTargetRef + properties: + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed + in-flight (concurrent) requests per container of the Revision. + Defaults to `0` which means unlimited concurrency. + type: integer + format: int64 + protocolType: + description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. + type: string + reachability: + description: |- + Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). + Defaults to `ReachabilityUnknown` + type: string + scaleTargetRef: + description: |- + ScaleTargetRef defines the /scale-able resource that this PodAutoscaler + is responsible for quickly right-sizing. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + x-kubernetes-map-type: atomic + status: + description: Status communicates the observed state of the PodAutoscaler (from the controller). + type: object + required: + - metricsServiceName + - serviceName + properties: + actualScale: + description: ActualScale shows the actual number of replicas for the revision. + type: integer + format: int32 + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + desiredScale: + description: DesiredScale shows the current desired number of replicas for the revision. + type: integer + format: int32 + metricsServiceName: + description: |- + MetricsServiceName is the K8s Service name that provides revision metrics. + The service is managed by the PA object. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + serviceName: + description: |- + ServiceName is the K8s Service name that serves the revision, scaled by this PA. + The service is created and owned by the ServerlessService object owned by this PA. + type: string + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: revisions.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + names: + kind: Revision + plural: revisions + singular: revision + categories: + - all + - knative + - serving + shortNames: + - rev + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Config Name + type: string + jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" + - name: Generation + type: string # int in string form :( + jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: Actual Replicas + type: integer + jsonPath: ".status.actualReplicas" + - name: Desired Replicas + type: integer + jsonPath: ".status.desiredReplicas" + schema: + openAPIV3Schema: + description: |- + Revision is an immutable snapshot of code and configuration. A revision + references a container image. Revisions are created by updates to a + Configuration. + + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + resourceFieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps or Secrets + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. This can only be set to explicitly to 'false' + type: boolean + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. + type: boolean + hostAliases: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + hostIPC: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc + type: boolean + hostNetwork: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + type: boolean + hostPID: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid + type: boolean + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + priorityClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + schedulerName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + securityContext: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace + type: boolean + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi + type: object + x-kubernetes-preserve-unknown-fields: true + emptyDir: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + hostPath: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath + type: object + x-kubernetes-preserve-unknown-fields: true + image: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-image + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + status: + description: RevisionStatus communicates the observed state of the Revision (from the controller). + type: object + properties: + actualReplicas: + description: ActualReplicas reflects the amount of ready pods running this revision. + type: integer + format: int32 + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + containerStatuses: + description: |- + ContainerStatuses is a slice of images present in .Spec.Container[*].Image + to their respective digests and their container name. + The digests are resolved during the creation of Revision. + ContainerStatuses holds the container name and image digests + for both serving and non serving containers. + ref: https://bit.ly/image-digests + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + desiredReplicas: + description: DesiredReplicas reflects the desired amount of pods running this revision. + type: integer + format: int32 + initContainerStatuses: + description: |- + InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image + to their respective digests and their container name. + The digests are resolved during the creation of Revision. + ContainerStatuses holds the container name and image digests + for both serving and non serving containers. + ref: https://bit.ly/image-digests + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + logUrl: + description: |- + LogURL specifies the generated logging url for this particular revision + based on the revision url template specified in the controller's config. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: routes.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" +spec: + group: serving.knative.dev + names: + kind: Route + plural: routes + singular: route + categories: + - all + - knative + - serving + shortNames: + - rt + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Route is responsible for configuring ingress over a collection of Revisions. + Some of the Revisions a Route distributes traffic over may be specified by + referencing the Configuration responsible for creating them; in these cases + the Route is additionally responsible for monitoring the Configuration for + "latest ready revision" changes, and smoothly rolling out latest revisions. + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Route (from the client). + type: object + properties: + traffic: + description: |- + Traffic specifies how to distribute traffic over a collection of + revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: Status communicates the observed state of the Route (from the controller). + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + traffic: + description: |- + Traffic holds the configured traffic distribution. + These entries will always contain RevisionName references. + When ConfigurationName appears in the spec, this will hold the + LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: |- + URL holds the url that will distribute traffic over the provided traffic targets. + It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: serverlessservices.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: |- + ServerlessService is a proxy for the K8s service objects containing the + endpoints for the revision, whether those are endpoints of the activator or + revision pods. + See: https://knative.page.link/naxz for details. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec is the desired state of the ServerlessService. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - objectRef + - protocolType + properties: + mode: + description: Mode describes the mode of operation of the ServerlessService. + type: string + numActivators: + description: |- + NumActivators contains number of Activators that this revision should be + assigned. + O means — assign all. + type: integer + format: int32 + objectRef: + description: |- + ObjectRef defines the resource that this ServerlessService + is responsible for making "serverless". + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + x-kubernetes-map-type: atomic + protocolType: + description: |- + The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision. + serving imports networking, so just use string. + type: string + status: + description: |- + Status is the current state of the ServerlessService. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + privateServiceName: + description: |- + PrivateServiceName holds the name of a core K8s Service resource that + load balances over the user service pods backing this Revision. + type: string + serviceName: + description: |- + ServiceName holds the name of a core K8s Service resource that + load balances over the pods backing this Revision (activator or revision). + type: string + additionalPrinterColumns: + - name: Mode + type: string + jsonPath: ".spec.mode" + - name: Activators + type: integer + jsonPath: ".spec.numActivators" + - name: ServiceName + type: string + jsonPath: ".status.serviceName" + - name: PrivateServiceName + type: string + jsonPath: ".status.privateServiceName" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: ServerlessService + plural: serverlessservices + singular: serverlessservice + categories: + - knative-internal + - networking + shortNames: + - sks + scope: Namespaced + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: services.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + duck.knative.dev/podspecable: "true" +spec: + group: serving.knative.dev + names: + kind: Service + plural: services + singular: service + categories: + - all + - knative + - serving + shortNames: + - kservice + - ksvc + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: |- + Service acts as a top-level container that manages a Route and Configuration + which implement a network service. Service exists to provide a singular + abstraction which can be access controlled, reasoned about, and which + encapsulates software lifecycle decisions such as rollout policy and + team resource ownership. Service acts only as an orchestrator of the + underlying Routes and Configurations (much as a kubernetes Deployment + orchestrates ReplicaSets), and its usage is optional but recommended. + + The Service's controller will track the statuses of its owned Configuration + and Route, reflecting their statuses and conditions as its own. + + See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ServiceSpec represents the configuration for the Service object. + A Service's specification is the union of the specifications for a Route + and Configuration. The Service restricts what can be expressed in these + fields, e.g. the Route must reference the provided Configuration; + however, these limitations also enable friendlier defaulting, + e.g. Route never needs a Configuration name, and may be defaulted to + the appropriate "run latest" spec. + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + affinity: + description: This is accessible behind a feature flag - kubernetes.podspec-affinity + type: object + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Defaults to `0` which means + concurrency to the application is not limited, and the system decides the + target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + resourceFieldRef: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps or Secrets + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. This can only be set to explicitly to 'false' + type: boolean + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + dnsConfig: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + type: object + x-kubernetes-preserve-unknown-fields: true + dnsPolicy: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. + type: boolean + hostAliases: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases + type: object + x-kubernetes-preserve-unknown-fields: true + hostIPC: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc + type: boolean + hostNetwork: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + type: boolean + hostPID: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid + type: boolean + idleTimeoutSeconds: + description: |- + IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed + to stay open while not receiving any bytes from the user's application. If + unspecified, a system default will be provided. + type: integer + format: int64 + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-init-containers + type: object + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + priorityClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + type: string + responseStartTimeoutSeconds: + description: |- + ResponseStartTimeoutSeconds is the maximum duration in seconds that the request + routing layer will wait for a request delivered to a container to begin + sending any network traffic. + type: integer + format: int64 + runtimeClassName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + type: string + schedulerName: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername + type: string + securityContext: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + shareProcessNamespace: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace + type: boolean + timeoutSeconds: + description: |- + TimeoutSeconds is the maximum duration in seconds that the request instance + is allowed to respond to a request. If unspecified, a system default will + be provided. + type: integer + format: int64 + tolerations: + description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: array + items: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations + type: object + x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: array + items: + description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + type: object + x-kubernetes-preserve-unknown-fields: true + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: configMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi + type: object + x-kubernetes-preserve-unknown-fields: true + emptyDir: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir + type: object + x-kubernetes-preserve-unknown-fields: true + hostPath: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath + type: object + x-kubernetes-preserve-unknown-fields: true + image: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-image + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + type: object + x-kubernetes-preserve-unknown-fields: true + projected: + description: projected items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + traffic: + description: |- + Traffic specifies how to distribute traffic over a collection of + revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: ServiceStatus represents the Status stanza of the Service resource. + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + CACerts: + description: |- + CACerts is the Certification Authority (CA) certificates in PEM format + according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + audience: + description: Audience is the OIDC audience for this address. + type: string + name: + description: Name is the name of the address. + type: string + url: + type: string + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: |- + LatestCreatedRevisionName is the last revision that was created from this + Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: |- + LatestReadyRevisionName holds the name of the latest Revision stamped out + from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + traffic: + description: |- + Traffic holds the configured traffic distribution. + These entries will always contain RevisionName references. + When ConfigurationName appears in the spec, this will hold the + LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: |- + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. This is mutually exclusive with + RevisionName. + type: string + latestRevision: + description: |- + LatestRevision may be optionally provided to indicate that the latest + ready Revision of the Configuration should be used for this traffic + target. When provided LatestRevision must be true if RevisionName is + empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: |- + Percent indicates that percentage based routing should be used and + the value indicates the percent of traffic that is be routed to this + Revision or Configuration. `0` (zero) mean no traffic, `100` means all + traffic. + When percentage based routing is being used the follow rules apply: + - the sum of all percent values must equal 100 + - when not specified, the implied value for `percent` is zero for + that particular Revision or Configuration + type: integer + format: int64 + revisionName: + description: |- + RevisionName of a specific revision to which to send this portion of + traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: |- + Tag is optionally used to expose a dedicated url for referencing + this target exclusively. + type: string + url: + description: |- + URL displays the URL for accessing named traffic targets. URL is displayed in + status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and + a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: |- + URL holds the url that will distribute traffic over the provided traffic targets. + It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: caching.internal.knative.dev/v1alpha1 +kind: Image +metadata: + name: queue-proxy + namespace: knative-serving + labels: + app.kubernetes.io/component: queue-proxy + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +spec: + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:b1af8bda6c1d32b1cf5fbf8f1f6068c5007a5cebf091039fdea83b88b1fd87f4 + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-autoscaler + namespace: knative-serving + labels: + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + annotations: + knative.dev/example-checksum: "c727b3e8" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # The Revision ContainerConcurrency field specifies the maximum number + # of requests the Container can handle at once. Container concurrency + # target percentage is how much of that maximum to use in a stable + # state. E.g. if a Revision specifies ContainerConcurrency of 10, then + # the Autoscaler will try to maintain 7 concurrent connections per pod + # on average. + # Note: this limit will be applied to container concurrency set at every + # level (ConfigMap, Revision Spec or Annotation). + # For legacy and backwards compatibility reasons, this value also accepts + # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%). + # Thus minimal percentage value must be greater than 1.0, or it will be + # treated as a fraction. + # NOTE: that this value does not affect actual number of concurrent requests + # the user container may receive, but only the average number of requests + # that the revision pods will receive. + container-concurrency-target-percentage: "70" + + # The container concurrency target default is what the Autoscaler will + # try to maintain when concurrency is used as the scaling metric for the + # Revision and the Revision specifies unlimited concurrency. + # When revision explicitly specifies container concurrency, that value + # will be used as a scaling target for autoscaler. + # When specifying unlimited concurrency, the autoscaler will + # horizontally scale the application based on this target concurrency. + # This is what we call "soft limit" in the documentation, i.e. it only + # affects number of pods and does not affect the number of requests + # individual pod processes. + # The value must be a positive number such that the value multiplied + # by container-concurrency-target-percentage is greater than 0.01. + # NOTE: that this value will be adjusted by application of + # container-concurrency-target-percentage, i.e. by default + # the system will target on average 70 concurrent requests + # per revision pod. + # NOTE: Only one metric can be used for autoscaling a Revision. + container-concurrency-target-default: "100" + + # The requests per second (RPS) target default is what the Autoscaler will + # try to maintain when RPS is used as the scaling metric for a Revision and + # the Revision specifies unlimited RPS. Even when specifying unlimited RPS, + # the autoscaler will horizontally scale the application based on this + # target RPS. + # Must be greater than 1.0. + # NOTE: Only one metric can be used for autoscaling a Revision. + requests-per-second-target-default: "200" + + # The target burst capacity specifies the size of burst in concurrent + # requests that the system operator expects the system will receive. + # Autoscaler will try to protect the system from queueing by introducing + # Activator in the request path if the current spare capacity of the + # service is less than this setting. + # If this setting is 0, then Activator will be in the request path only + # when the revision is scaled to 0. + # If this setting is > 0 and container-concurrency-target-percentage is + # 100% or 1.0, then activator will always be in the request path. + # -1 denotes unlimited target-burst-capacity and activator will always + # be in the request path. + # Other negative values are invalid. + target-burst-capacity: "211" + + # When operating in a stable mode, the autoscaler operates on the + # average concurrency over the stable window. + # Stable window must be in whole seconds. + stable-window: "60s" + + # When observed average concurrency during the panic window reaches + # panic-threshold-percentage the target concurrency, the autoscaler + # enters panic mode. When operating in panic mode, the autoscaler + # scales on the average concurrency over the panic window which is + # panic-window-percentage of the stable-window. + # Must be in the [1, 100] range. + # When computing the panic window it will be rounded to the closest + # whole second, at least 1s. + panic-window-percentage: "10.0" + + # The percentage of the container concurrency target at which to + # enter panic mode when reached within the panic window. + panic-threshold-percentage: "200.0" + + # Max scale up rate limits the rate at which the autoscaler will + # increase pod count. It is the maximum ratio of desired pods versus + # observed pods. + # Cannot be less or equal to 1. + # I.e with value of 2.0 the number of pods can at most go N to 2N + # over single Autoscaler period (2s), but at least N to + # N+1, if Autoscaler needs to scale up. + max-scale-up-rate: "1000.0" + + # Max scale down rate limits the rate at which the autoscaler will + # decrease pod count. It is the maximum ratio of observed pods versus + # desired pods. + # Cannot be less or equal to 1. + # I.e. with value of 2.0 the number of pods can at most go N to N/2 + # over single Autoscaler evaluation period (2s), but at + # least N to N-1, if Autoscaler needs to scale down. + max-scale-down-rate: "2.0" + + # Scale to zero feature flag. + enable-scale-to-zero: "true" + + # Scale to zero grace period is the time an inactive revision is left + # running before it is scaled to zero (must be positive, but recommended + # at least a few seconds if running with mesh networking). + # This is the upper limit and is provided not to enforce timeout after + # the revision stopped receiving requests for stable window, but to + # ensure network reprogramming to put activator in the path has completed. + # If the system determines that a shorter period is satisfactory, + # then the system will only wait that amount of time before scaling to 0. + # NOTE: this period might actually be 0, if activator has been + # in the request path sufficiently long. + # If there is necessity for the last pod to linger longer use + # scale-to-zero-pod-retention-period flag. + scale-to-zero-grace-period: "30s" + + # Scale to zero pod retention period defines the minimum amount + # of time the last pod will remain after Autoscaler has decided to + # scale to zero. + # This flag is for the situations where the pod startup is very expensive + # and the traffic is bursty (requiring smaller windows for fast action), + # but patchy. + # The larger of this flag and `scale-to-zero-grace-period` will effectively + # determine how the last pod will hang around. + scale-to-zero-pod-retention-period: "0s" + + # pod-autoscaler-class specifies the default pod autoscaler class + # that should be used if none is specified. If omitted, + # the Knative Pod Autoscaler (KPA) is used by default. + pod-autoscaler-class: "kpa.autoscaling.knative.dev" + + # The capacity of a single activator task. + # The `unit` is one concurrent request proxied by the activator. + # activator-capacity must be at least 1. + # This value is used for computation of the Activator subset size. + # See the algorithm here: https://bit.ly/38XiCZ3. + # TODO(vagababov): tune after actual benchmarking. + activator-capacity: "100.0" + + # initial-scale is the cluster-wide default value for the initial target + # scale of a revision after creation, unless overridden by the + # "autoscaling.knative.dev/initialScale" annotation. + # This value must be greater than 0 unless allow-zero-initial-scale is true. + initial-scale: "1" + + # allow-zero-initial-scale controls whether either the cluster-wide initial-scale flag, + # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0. + allow-zero-initial-scale: "false" + + # min-scale is the cluster-wide default value for the min scale of a revision, + # unless overridden by the "autoscaling.knative.dev/minScale" annotation. + min-scale: "0" + + # max-scale is the cluster-wide default value for the max scale of a revision, + # unless overridden by the "autoscaling.knative.dev/maxScale" annotation. + # If set to 0, the revision has no maximum scale. + max-scale: "0" + + # scale-down-delay is the amount of time that must pass at reduced + # concurrency before a scale down decision is applied. This can be useful, + # for example, to maintain replica count and avoid a cold start penalty if + # more requests come in within the scale down delay period. + # The default, 0s, imposes no delay at all. + scale-down-delay: "0s" + + # max-scale-limit sets the maximum permitted value for the max scale of a revision. + # When this is set to a positive value, a revision with a maxScale above that value + # (including a maxScale of "0" = unlimited) is disallowed. + # A value of zero (the default) allows any limit, including unlimited. + max-scale-limit: "0" + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-certmanager + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.22.1" + networking.knative.dev/certificate-provider: cert-manager + annotations: + knative.dev/example-checksum: "b7a9a602" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this block and unindented to actually change the configuration. + + # issuerRef is a reference to the issuer for external-domain certificates used for ingress. + # IssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about IssuerRef configuration. + # If the issuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + issuerRef: | + kind: ClusterIssuer + name: letsencrypt-issuer + + # clusterLocalIssuerRef is a reference to the issuer for cluster-local-domain certificates used for ingress. + # clusterLocalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about ClusterInternalIssuerRef configuration. + # If the clusterLocalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + clusterLocalIssuerRef: | + kind: ClusterIssuer + name: your-company-issuer + + # systemInternalIssuerRef is a reference to the issuer for certificates for system-internal-tls certificates used by Knative internal components. + # systemInternalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://cert-manager.io/docs/concepts/issuer/ + # for more details about ClusterInternalIssuerRef configuration. + # If the systemInternalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + systemInternalIssuerRef: | + kind: ClusterIssuer + name: knative-selfsigned-issuer + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-defaults + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.22.1" + annotations: + knative.dev/example-checksum: "5b64ff5c" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # revision-timeout-seconds contains the default number of + # seconds to use for the revision's per-request timeout, if + # none is specified. + revision-timeout-seconds: "300" # 5 minutes + + # max-revision-timeout-seconds contains the maximum number of + # seconds that can be used for revision-timeout-seconds. + # This value must be greater than or equal to revision-timeout-seconds. + # If omitted, the system default is used (600 seconds). + # + # If this value is increased, the activator's terminationGracePeriodSeconds + # should also be increased to prevent in-flight requests being disrupted. + max-revision-timeout-seconds: "600" # 10 minutes + + # revision-response-start-timeout-seconds contains the default number of + # seconds a request will be allowed to stay open while waiting to + # receive any bytes from the user's application, if none is specified. + # + # This defaults to 'revision-timeout-seconds' + revision-response-start-timeout-seconds: "300" + + # revision-idle-timeout-seconds contains the default number of + # seconds a request will be allowed to stay open while not receiving any + # bytes from the user's application, if none is specified. + revision-idle-timeout-seconds: "0" # infinite + + # revision-cpu-request contains the cpu allocation to assign + # to revisions by default. If omitted, no value is specified + # and the system default is used. + # Below is an example of setting revision-cpu-request. + # By default, it is not set by Knative. + revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) + + # revision-memory-request contains the memory allocation to assign + # to revisions by default. If omitted, no value is specified + # and the system default is used. + # Below is an example of setting revision-memory-request. + # By default, it is not set by Knative. + revision-memory-request: "100M" # 100 megabytes of memory + + # revision-ephemeral-storage-request contains the ephemeral storage + # allocation to assign to revisions by default. If omitted, no value is + # specified and the system default is used. + revision-ephemeral-storage-request: "500M" # 500 megabytes of storage + + # revision-cpu-limit contains the cpu allocation to limit + # revisions to by default. If omitted, no value is specified + # and the system default is used. + # Below is an example of setting revision-cpu-limit. + # By default, it is not set by Knative. + revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU) + + # revision-memory-limit contains the memory allocation to limit + # revisions to by default. If omitted, no value is specified + # and the system default is used. + # Below is an example of setting revision-memory-limit. + # By default, it is not set by Knative. + revision-memory-limit: "200M" # 200 megabytes of memory + + # revision-ephemeral-storage-limit contains the ephemeral storage + # allocation to limit revisions to by default. If omitted, no value is + # specified and the system default is used. + revision-ephemeral-storage-limit: "750M" # 750 megabytes of storage + + # container-name-template contains a template for the default + # container name, if none is specified. This field supports + # Go templating and is supplied with the ObjectMeta of the + # enclosing Service or Configuration, so values such as + # {{.Name}} are also valid. + container-name-template: "user-container" + + # init-container-name-template contains a template for the default + # init container name, if none is specified. This field supports + # Go templating and is supplied with the ObjectMeta of the + # enclosing Service or Configuration, so values such as + # {{.Name}} are also valid. + init-container-name-template: "init-container" + + # container-concurrency specifies the maximum number + # of requests the Container can handle at once, and requests + # above this threshold are queued. Setting a value of zero + # disables this throttling and lets through as many requests as + # the pod receives. + container-concurrency: "0" + + # The container concurrency max limit is an operator setting ensuring that + # the individual revisions cannot have arbitrary large concurrency + # values, or autoscaling targets. `container-concurrency` default setting + # must be at or below this value. + # + # Must be greater than 1. + # + # Note: even with this set, a user can choose a containerConcurrency + # of 0 (i.e. unbounded) unless allow-container-concurrency-zero is + # set to "false". + container-concurrency-max-limit: "1000" + + # allow-container-concurrency-zero controls whether users can + # specify 0 (i.e. unbounded) for containerConcurrency. + allow-container-concurrency-zero: "true" + + # enable-service-links specifies the default value used for the + # enableServiceLinks field of the PodSpec, when it is omitted by the user. + # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service + # + # This is a tri-state flag with possible values of (true|false|default). + # + # In environments with large number of services it is suggested + # to set this value to `false`. + # See https://github.com/knative/serving/issues/8498. + enable-service-links: "false" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-deployment + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.22.1" + annotations: + knative.dev/example-checksum: "555b4826" +data: + # This is the Go import path for the binary that is containerized + # and substituted here. + queue-sidecar-image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:b1af8bda6c1d32b1cf5fbf8f1f6068c5007a5cebf091039fdea83b88b1fd87f4 + _example: |- + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # List of repositories for which tag to digest resolving should be skipped + registries-skipping-tag-resolving: "kind.local,ko.local,dev.local" + + # Maximum time allowed for an image's digests to be resolved. + digest-resolution-timeout: "10s" + + # Duration we wait for the deployment to be ready before considering it failed. + progress-deadline: "600s" + + # Sets the queue proxy's CPU request. + # If omitted, a default value (currently "25m"), is used. + queue-sidecar-cpu-request: "25m" + + # Sets the queue proxy's CPU limit. + # If omitted, a default value (currently "1000m"), is used when + # `queueproxy.resource-defaults` is set to `Enabled`. + queue-sidecar-cpu-limit: "1000m" + + # Sets the queue proxy's memory request. + # If omitted, a default value (currently "400Mi"), is used when + # `queueproxy.resource-defaults` is set to `Enabled`. + queue-sidecar-memory-request: "400Mi" + + # Sets the queue proxy's memory limit. + # If omitted, a default value (currently "800Mi"), is used when + # `queueproxy.resource-defaults` is set to `Enabled`. + queue-sidecar-memory-limit: "800Mi" + + # Sets the queue proxy's ephemeral storage request. + # If omitted, no value is specified and the system default is used. + queue-sidecar-ephemeral-storage-request: "512Mi" + + # Sets the queue proxy's ephemeral storage limit. + # If omitted, no value is specified and the system default is used. + queue-sidecar-ephemeral-storage-limit: "1024Mi" + + # Sets tokens associated with specific audiences for queue proxy - used by QPOptions + # + # For example, to add the `service-x` audience: + # queue-sidecar-token-audiences: "service-x" + # Also supports a list of audiences, for example: + # queue-sidecar-token-audiences: "service-x,service-y" + # If omitted, or empty, no tokens are created + queue-sidecar-token-audiences: "" + + # Sets rootCA for the queue proxy - used by QPOptions + # If omitted, or empty, no rootCA is added to the golang rootCAs + queue-sidecar-rootca: "" + + # Sets the minimum TLS version for the queue proxy sidecar's TLS server. + # Accepted values: "1.2", "1.3". Default is "1.3" if not specified. + queue-sidecar-tls-min-version: "" + + # Sets the maximum TLS version for the queue proxy sidecar's TLS server. + # Accepted values: "1.2", "1.3". If omitted, the Go default is used. + queue-sidecar-tls-max-version: "" + + # Sets the cipher suites for the queue proxy sidecar's TLS server. + # Comma-separated list of cipher suite names (e.g. "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"). + # If omitted, the Go default cipher suites are used. + # Note: cipher suites are not configurable in TLS 1.3. + queue-sidecar-tls-cipher-suites: "" + + # Sets the elliptic curve preferences for the queue proxy sidecar's TLS server. + # Comma-separated list of curve names (e.g. "X25519,CurveP256"). + # If omitted, the Go default curves are used. + queue-sidecar-tls-curve-preferences: "" + + # If set, it automatically configures pod anti-affinity requirements for all Knative services. + # It employs the `preferredDuringSchedulingIgnoredDuringExecution` weighted pod affinity term, + # aligning with the Knative revision label. It yields the configuration below in all workloads' deployments: + # ` + # affinity: + # podAntiAffinity: + # preferredDuringSchedulingIgnoredDuringExecution: + # - podAffinityTerm: + # topologyKey: kubernetes.io/hostname + # labelSelector: + # matchLabels: + # serving.knative.dev/revision: {{revision-name}} + # weight: 100 + # ` + # This may be "none" or "prefer-spread-revision-over-nodes" (default) + # default-affinity-type: "prefer-spread-revision-over-nodes" + + # runtime-class-name contains the selector for which runtimeClassName + # is selected to put in a revision. + # By default, it is not set by Knative. + # + # Example: + # runtime-class-name: | + # "": + # selector: + # use-default-runc: "yes" + # kata: {} + # gvisor: + # selector: + # use-gvisor: "please" + runtime-class-name: "" + + # pod-is-always-schedulable can be used to define that Pods in the system will always be + # scheduled, and a Revision should not be marked unschedulable. + # Setting this to `true` makes sense if you have cluster-autoscaling set up for your cluster + # where unschedulable Pods trigger the addition of a new Node and are therefore a short and + # transient state. + # + # See https://github.com/knative/serving/issues/14862 + pod-is-always-schedulable: "false" + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-domain + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.22.1" + annotations: + knative.dev/example-checksum: "26c09de5" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Default value for domain. + # Routes having the cluster domain suffix (by default 'svc.cluster.local') + # will not be exposed through Ingress. You can define your own label + # selector to assign that domain suffix to your Route here, or you can set + # the label + # "networking.knative.dev/visibility=cluster-local" + # to achieve the same effect. This shows how to make routes having + # the label app=secret only exposed to the local cluster. + svc.cluster.local: | + selector: + app: secret + + # These are example settings of domain. + # example.com will be used for all routes, but it is the least-specific rule so it + # will only be used if no other domain matches. + example.com: | + + # example.org will be used for routes having app=nonprofit. + example.org: | + selector: + app: nonprofit + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-features + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.22.1" + annotations: + knative.dev/example-checksum: "bee75b26" +data: + _example: |- + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Default SecurityContext settings to secure-by-default values + # if unset. + # + # Disabled - do nothing; no security options are applied + # AllowRootBounded - Applies secure defaults without enforcing strict policies; sets seccompProfile + # to RuntimeDefault and drops all capabilities + # Enabled - Enforces security defaults; sets seccompProfile to RuntimeDefault, drops all capabilities, + # and sets runAsNonRoot to true if not already specified. + secure-pod-defaults: "disabled" + + # Indicates whether multi container support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/configuration/feature-flags/#multiple-containers + multi-container: "enabled" + + # Indicates whether multi container probing is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/configuration/feature-flags/#multiple-container-probing + multi-container-probing: "disabled" + + # Indicates whether Kubernetes affinity support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity + kubernetes.podspec-affinity: "disabled" + + # Indicates whether Kubernetes topologySpreadConstraints support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-topology-spread-constraints + kubernetes.podspec-topologyspreadconstraints: "disabled" + + # Indicates whether Kubernetes hostAliases support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-host-aliases + kubernetes.podspec-hostaliases: "disabled" + + # Indicates whether Kubernetes nodeSelector support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector + kubernetes.podspec-nodeselector: "disabled" + + # Indicates whether Kubernetes tolerations support is enabled + # + # WARNING: Cannot safely be disabled once enabled + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration + kubernetes.podspec-tolerations: "disabled" + + # Indicates whether Kubernetes FieldRef support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref + kubernetes.podspec-fieldref: "disabled" + + # Indicates whether Kubernetes RuntimeClassName support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class + kubernetes.podspec-runtimeclassname: "disabled" + + # Indicates whether Kubernetes DNSPolicy support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnspolicy + kubernetes.podspec-dnspolicy: "disabled" + + # Indicates whether Kubernetes DNSConfig support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dnsconfig + kubernetes.podspec-dnsconfig: "disabled" + + # This feature allows end-users to set a subset of fields on the Pod's SecurityContext + # + # When set to "enabled" or "allowed" it allows the following + # PodSecurityContext properties: + # - FSGroup + # - RunAsGroup + # - RunAsNonRoot + # - SupplementalGroups + # - RunAsUser + # - SeccompProfile + # + # This feature flag should be used with caution as the PodSecurityContext + # properties may have a side-effect on non-user sidecar containers that come + # from Knative or your service mesh + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context + kubernetes.podspec-securitycontext: "disabled" + + # Indicated whether sharing the process namespace via ShareProcessNamespace pod spec is allowed. + # This can be especially useful for sharing data from images directly between sidecars + # + # See: https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-share-process-namespace + kubernetes.podspec-shareprocessnamespace: "disabled" + + # Indicates whether hostIPC support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-host-ipc + kubernetes.podspec-hostipc: "disabled" + + # Indicates whether hostPID support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-host-pid + kubernetes.podspec-hostpid: "disabled" + + # Indicates whether hostNetwork support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See See https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-host-network + kubernetes.podspec-hostnetwork: "disabled" + + # Indicates whether Kubernetes PriorityClassName support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-priority-class-name + kubernetes.podspec-priorityclassname: "disabled" + + # Indicates whether Kubernetes SchedulerName support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-scheduler-name + kubernetes.podspec-schedulername: "disabled" + + # This feature flag allows end-users to add a subset of capabilities on the Pod's SecurityContext. + # + # When set to "enabled" or "allowed" it allows capabilities to be added to the container. + # For a list of possible capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html + kubernetes.containerspec-addcapabilities: "disabled" + + + # Controls whether tag header based routing feature are enabled or not. + # 1. Enabled: enabling tag header based routing + # 2. Disabled: disabling tag header based routing + # See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing + tag-header-based-routing: "disabled" + + # Controls whether http2 auto-detection should be enabled or not. + # 1. Enabled: http2 connection will be attempted via upgrade. + # 2. Disabled: http2 connection will only be attempted when port name is set to "h2c". + autodetect-http2: "disabled" + + # Controls whether volume support for EmptyDir is enabled or not. + # 1. Enabled: enabling EmptyDir volume support + # 2. Disabled: disabling EmptyDir volume support + kubernetes.podspec-volumes-emptydir: "enabled" + + # Controls whether volume support for image is enabled or not. + # 1. Enabled: enabling image volume support + # 2. Disabled: disabling image volume support + kubernetes.podspec-volumes-image: "disabled" + + # Controls whether volume support for HostPath is enabled or not. + # WARNING: Cannot safely be disabled once enabled. + # WARNING: If you can avoid using a hostPath volume, you should. + # Please read https://kubernetes.io/docs/concepts/storage/volumes/#hostpath before enabling this feature. + # 1. Enabled: enabling HostPath volume support + # 2. Disabled: disabling HostPath volume support + kubernetes.podspec-volumes-hostpath: "disabled" + + # Controls whether volume support for CSI is enabled or not. + # 1. Enabled: enabling CSI volume support + # 2. Disabled: disabling CSI volume support + kubernetes.podspec-volumes-csi: "disabled" + + # Controls whether init containers support is enabled or not. + # 1. Enabled: enabling init containers support + # 2. Disabled: disabling init containers support + kubernetes.podspec-init-containers: "disabled" + + # Controls whether persistent volume claim support is enabled or not. + # 1. Enabled: enabling persistent volume claim support + # 2. Disabled: disabling persistent volume claim support + kubernetes.podspec-persistent-volume-claim: "disabled" + + # Controls whether write access for persistent volumes is enabled or not. + # 1. Enabled: enabling write access for persistent volumes + # 2. Disabled: disabling write access for persistent volumes + kubernetes.podspec-persistent-volume-write: "disabled" + + # Controls whether volume mount propagation support is enabled or not. + # 1. Enabled: enabling volume mount propagation support + # 2. Disabled: disabling volume mount propagation support + kubernetes.podspec-volumes-mount-propagation: "disabled" + + # Controls if the queue proxy podInfo feature is enabled, allowed or disabled + # + # This feature should be enabled/allowed when using queue proxy Options (Extensions) + # Enabling will mount a podInfo volume to the queue proxy container. + # The volume will contains an 'annotations' file (from the pod's annotation field). + # The annotations in this file include the Service annotations set by the client creating the service. + # If mounted, the annotations can be accessed by queue proxy extensions at /etc/podinfo/annotations + # + # 1. "enabled": always mount a podInfo volume + # 2. "disabled": never mount a podInfo volume + # 3. "allowed": by default, do not mount a podInfo volume + # However, a client may mount the podInfo volume on an individual Service by attaching + # the following metadata annotation to the Service: "features.knative.dev/queueproxy-podinfo":"enabled". + # + # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE + queueproxy.mount-podinfo: "disabled" + + # Default queue proxy resource requests and limits to good values for most cases if set. + queueproxy.resource-defaults: "disabled" + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-gc + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.22.1" + annotations: + knative.dev/example-checksum: "aa3813a8" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # --------------------------------------- + # Garbage Collector Settings + # --------------------------------------- + # + # Active + # * Revisions which are referenced by a Route are considered active. + # * Individual revisions may be marked with the annotation + # "serving.knative.dev/no-gc":"true" to be permanently considered active. + # * Active revisions are not considered for GC. + # Retention + # * Revisions are retained if they are any of the following: + # 1. Active + # 2. Were created within "retain-since-create-time" + # 3. Were last referenced by a route within + # "retain-since-last-active-time" + # 4. There are fewer than "min-non-active-revisions" + # If none of these conditions are met, or if the count of revisions exceed + # "max-non-active-revisions", they will be deleted by GC. + # The special value "disabled" may be used to turn off these limits. + # + # Example config to immediately collect any inactive revision: + # min-non-active-revisions: "0" + # max-non-active-revisions: "0" + # retain-since-create-time: "disabled" + # retain-since-last-active-time: "disabled" + # + # Example config to always keep around the last ten non-active revisions: + # retain-since-create-time: "disabled" + # retain-since-last-active-time: "disabled" + # max-non-active-revisions: "10" + # + # Example config to disable all garbage collection: + # retain-since-create-time: "disabled" + # retain-since-last-active-time: "disabled" + # max-non-active-revisions: "disabled" + # + # Example config to keep recently deployed or active revisions, + # always maintain the last two in case of rollback, and prevent + # burst activity from exploding the count of old revisions: + # retain-since-create-time: "48h" + # retain-since-last-active-time: "15h" + # min-non-active-revisions: "2" + # max-non-active-revisions: "1000" + + # Duration since creation before considering a revision for GC or "disabled". + retain-since-create-time: "48h" + + # Duration since active before considering a revision for GC or "disabled". + retain-since-last-active-time: "15h" + + # Minimum number of non-active revisions to retain. + min-non-active-revisions: "20" + + # Maximum number of non-active revisions to retain + # or "disabled" to disable any maximum limit. + max-non-active-revisions: "1000" + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.22.1" + annotations: + knative.dev/example-checksum: "f4b71f57" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: knative-serving + labels: + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/component: logging + app.kubernetes.io/name: knative-serving + annotations: + knative.dev/example-checksum: "9f25d429" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Common configuration for all Knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + + # Log level overrides + # For all components except the queue proxy, + # changes are picked up immediately. + # For queue proxy, changes require recreation of the pods. + loglevel.controller: "info" + loglevel.autoscaler: "info" + loglevel.queueproxy: "info" + loglevel.webhook: "info" + loglevel.activator: "info" + loglevel.hpaautoscaler: "info" + loglevel.net-istio-controller: "info" + loglevel.net-contour-controller: "info" + loglevel.net-kourier-controller: "info" + loglevel.net-gateway-api-controller: "info" + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-network + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.22.1" + annotations: + knative.dev/example-checksum: "0573e07d" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # ingress-class specifies the default ingress class + # to use when not dictated by Route annotation. + # + # If not specified, will use the Istio ingress. + # + # Note that changing the Ingress class of an existing Route + # will result in undefined behavior. Therefore it is best to only + # update this value during the setup of Knative, to avoid getting + # undefined behavior. + ingress-class: "istio.ingress.networking.knative.dev" + + # certificate-class specifies the default Certificate class + # to use when not dictated by Route annotation. + # + # If not specified, will use the Cert-Manager Certificate. + # + # Note that changing the Certificate class of an existing Route + # will result in undefined behavior. Therefore it is best to only + # update this value during the setup of Knative, to avoid getting + # undefined behavior. + certificate-class: "cert-manager.certificate.networking.knative.dev" + + # namespace-wildcard-cert-selector specifies a LabelSelector which + # determines which namespaces should have a wildcard certificate + # provisioned. + # + # Use an empty value to disable the feature (this is the default): + # namespace-wildcard-cert-selector: "" + # + # Use an empty object to enable for all namespaces + # namespace-wildcard-cert-selector: {} + # + # Useful labels include the "kubernetes.io/metadata.name" label to + # avoid provisioning a certificate for the "kube-system" namespaces. + # Use the following selector to match pre-1.0 behavior of using + # "networking.knative.dev/disableWildcardCert" to exclude namespaces: + # + # matchExpressions: + # - key: "networking.knative.dev/disableWildcardCert" + # operator: "NotIn" + # values: ["true"] + namespace-wildcard-cert-selector: "" + + # domain-template specifies the golang text template string to use + # when constructing the Knative service's DNS name. The default + # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". + # + # Valid variables defined in the template include Name, Namespace, Domain, + # Labels, and Annotations. Name will be the result of the tag-template + # below, if a tag is specified for the route. + # + # Changing this value might be necessary when the extra levels in + # the domain name generated is problematic for wildcard certificates + # that only support a single level of domain name added to the + # certificate's domain. In those cases you might consider using a value + # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace + # entirely from the template. When choosing a new value be thoughtful + # of the potential for conflicts - for example, when users choose to use + # characters such as `-` in their service, or namespace, names. + # {{.Annotations}} or {{.Labels}} can be used for any customization in the + # go template if needed. + # We strongly recommend keeping namespace part of the template to avoid + # domain name clashes: + # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' + # and you have an annotation {"sub":"foo"}, then the generated template + # would be {Name}-{Namespace}.foo.{Domain} + domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}" + + # tag-template specifies the golang text template string to use + # when constructing the DNS name for "tags" within the traffic blocks + # of Routes and Configuration. This is used in conjunction with the + # domain-template above to determine the full URL for the tag. + tag-template: "{{.Tag}}-{{.Name}}" + + # auto-tls is deprecated and replaced by external-domain-tls + auto-tls: "Disabled" + + # Controls whether TLS certificates are automatically provisioned and + # installed in the Knative ingress to terminate TLS connections + # for cluster external domains (like: app.example.com) + # - Enabled: enables the TLS certificate provisioning feature for cluster external domains. + # - Disabled: disables the TLS certificate provisioning feature for cluster external domains. + external-domain-tls: "Disabled" + + # Controls weather TLS certificates are automatically provisioned and + # installed in the Knative ingress to terminate TLS connections + # for cluster local domains (like: app.namespace.svc.) + # - Enabled: enables the TLS certificate provisioning feature for cluster cluster-local domains. + # - Disabled: disables the TLS certificate provisioning feature for cluster cluster local domains. + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + cluster-local-domain-tls: "Disabled" + + # internal-encryption is deprecated and replaced by system-internal-tls + internal-encryption: "false" + + # system-internal-tls controls weather TLS encryption is used for connections between + # the internal components of Knative: + # - ingress to activator + # - ingress to queue-proxy + # - activator to queue-proxy + # + # Possible values for this flag are: + # - Enabled: enables the TLS certificate provisioning feature for cluster cluster-local domains. + # - Disabled: disables the TLS certificate provisioning feature for cluster cluster local domains. + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + system-internal-tls: "Disabled" + + # Controls the behavior of the HTTP endpoint for the Knative ingress. + # It requires auto-tls to be enabled. + # - Enabled: The Knative ingress will be able to serve HTTP connection. + # - Redirected: The Knative ingress will send a 301 redirect for all + # http connections, asking the clients to use HTTPS. + # + # "Disabled" option is deprecated. + http-protocol: "Enabled" + + # rollout-duration contains the minimal duration in seconds over which the + # Configuration traffic targets are rolled out to the newest revision. + rollout-duration: "0" + + # autocreate-cluster-domain-claims controls whether ClusterDomainClaims should + # be automatically created (and deleted) as needed when DomainMappings are + # reconciled. + # + # If this is "false" (the default), the cluster administrator is + # responsible for creating ClusterDomainClaims and delegating them to + # namespaces via their spec.Namespace field. This setting should be used in + # multitenant environments which need to control which namespace can use a + # particular domain name in a domain mapping. + # + # If this is "true", users are able to associate arbitrary names with their + # services via the DomainMapping feature. + autocreate-cluster-domain-claims: "false" + + # If true, networking plugins can add additional information to deployed + # applications to make their pods directly accessible via their IPs even if mesh is + # enabled and thus direct-addressability is usually not possible. + # Consumers like Knative Serving can use this setting to adjust their behavior + # accordingly, i.e. to drop fallback solutions for non-pod-addressable systems. + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + enable-mesh-pod-addressability: "false" + + # mesh-compatibility-mode indicates whether consumers of network plugins + # should directly contact Pod IPs (most efficient), or should use the + # Cluster IP (less efficient, needed when mesh is enabled unless + # `enable-mesh-pod-addressability`, above, is set). + # Permitted values are: + # - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed. + # - "enabled": always use Cluster IP and do not attempt to use Pod IPs. + # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure. + mesh-compatibility-mode: "auto" + + # Defines the scheme used for external URLs if auto-tls is not enabled. + # This can be used for making Knative report all URLs as "HTTPS" for example, if you're + # fronting Knative with an external loadbalancer that deals with TLS termination and + # Knative doesn't know about that otherwise. + default-external-scheme: "http" + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: observability + app.kubernetes.io/version: "1.22.1" + annotations: + knative.dev/example-checksum: "59abacb5" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # logging.enable-var-log-collection defaults to false. + # The fluentd daemon set will be set up to collect /var/log if + # this flag is true. + logging.enable-var-log-collection: "false" + + # logging.revision-url-template provides a template to use for producing the + # logging URL that is injected into the status of each Revision. + logging.revision-url-template: "http://logging.example.com/?revisionUID=${REVISION_UID}" + + # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe + # requests. + # NB: after 0.18 release logging.enable-request-log must be explicitly set to true + # in order for request logging to be enabled. + # + # The value determines the shape of the request logs and it must be a valid go text/template. + # It is important to keep this as a single line. Multiple lines are parsed as separate entities + # by most collection agents and will split the request logs into multiple records. + # + # The following fields and functions are available to the template: + # + # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) + # representing an HTTP request received by the server. + # + # Response: + # struct { + # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) + # Size int // An int representing the size of the response. + # Latency float64 // A float64 representing the latency of the response in seconds. + # } + # + # Revision: + # struct { + # Name string // Knative revision name + # Namespace string // Knative revision namespace + # Service string // Knative service name + # Configuration string // Knative configuration name + # PodName string // Name of the pod hosting the revision + # PodIP string // IP of the pod hosting the revision + # } + # + logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{.TraceID}}"}' + + # If true, the request logging will be enabled. + logging.enable-request-log: "false" + + # If true, this enables queue proxy writing request logs for probe requests to stdout. + # It uses the same template for user requests, i.e. logging.request-log-template. + logging.enable-probe-request-log: "false" + + # metrics-protocol field specifies the protocol used when exporting metrics + # It supports either 'none' (the default), 'prometheus', 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC) + metrics-protocol: http/protobuf + + # metrics-endpoint field specifies the destination metrics should be exporter to. + # + # The endpoint MUST be set when the protocol is http/protobuf or grpc. + # The endpoint MUST NOT be set when the protocol is none. + # + # When the protocol is prometheus the endpoint can accept a 'host:port' string to customize the + # listening host interface and port. + metrics-endpoint: http://example.com/v1/traces + + # metrics-export-interval specifies the global metrics reporting period for control and data plane components. + # If a zero or negative value is passed the default reporting OTel period is used (60 secs). + metrics-export-interval: 60s + + # request-metrics-protocol field specifies the protocol used when exporting queue-proxy metrics + # It supports either 'none' (the default), 'prometheus', 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC) + request-metrics-protocol: http/protobuf + + # request-metrics-endpoint field specifies the destination metrics from the queue proxy should be exporter to. + # + # The endpoint MUST be set when the protocol is http/protobuf or grpc. + # The endpoint MUST NOT be set when the protocol is none. + # + # When the protocol is prometheus the endpoint can accept a 'host:port' string to customize the + # listening host interface and port. + request-metrics-endpoint: http://promstack-kube-prometheus-prometheus.observability:9090/api/v1/otlp/v1/metrics + + # request-metrics-export-interval specifies the global metrics reporting period for the queue-proxy. + # + # If a zero or negative value is passed the default reporting OTel period is used (60 secs). + request-metrics-export-interval: 60s + + # runtime-profiling indicates whether it is allowed to retrieve runtime profiling data from + # the pods via an HTTP server in the format expected by the pprof visualization tool. When + # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. + # The HTTP context root for profiling is then /debug/pprof/. + runtime-profiling: enabled + + # tracing-protocol field specifies the protocol used when exporting traces + # It supports either 'none' (the default), 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC) + # or `stdout` for debugging purposes + tracing-protocol: http/protobuf + + # tracing-endpoint field specifies the destination traces should be exporter to. + # + # The endpoint MUST be set when the protocol is http/protobuf or grpc. + # The endpoint MUST NOT be set when the protocol is none. + tracing-endpoint: http://jaeger-collector.observability:4318/v1/traces + + # tracing-sampling-rate allows the user to specify what percentage of all traces should be exported + # The value should be between 0 (never sample) to 1 (always sample) + tracing-sampling-rate: "1" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-tracing + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: tracing + app.kubernetes.io/version: "1.22.1" + annotations: + knative.dev/example-checksum: "04c7e9a3" +data: + _example: | + ########################################################### + # # + # This config is deprecated - use config-observability # + # # + ########################################################### + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: activator + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +spec: + minReplicas: 1 + maxReplicas: 20 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: activator + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + # Percentage of the requested CPU + averageUtilization: 100 +--- +# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time. +# Given the subsetting and that the activators are partially stateful systems, we want +# a slow rollout of the new versions and slow migration during node upgrades. +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: activator-pdb + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +spec: + minAvailable: 80% + selector: + matchLabels: + app: activator + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: activator + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-serving +spec: + selector: + matchLabels: + app: activator + role: activator + template: + metadata: + labels: + app: activator + role: activator + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: activator + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: activator + containers: + - name: activator + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:5deaef961fef8d1417f6d4a4dfae2fc338f2d30d72c4ad58c3ab392b2c04705b + # The numbers are based on performance test results from + # https://github.com/knative/serving/issues/1625#issuecomment-511930023 + resources: + requests: + cpu: 300m + memory: 60Mi + limits: + cpu: 1000m + memory: 600Mi + env: + # Run Activator with GC collection when newly generated memory is 500%. + - name: GOGC + value: "500" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: http1 + containerPort: 8012 + - name: h2c + containerPort: 8013 + readinessProbe: + httpGet: + port: 8012 + periodSeconds: 5 + failureThreshold: 5 + livenessProbe: + httpGet: + port: 8012 + periodSeconds: 10 + failureThreshold: 12 + initialDelaySeconds: 15 + # The activator (often) sits on the dataplane, and may proxy long (e.g. + # streaming, websockets) requests. We give a long grace period for the + # activator to "lame duck" and drain outstanding requests before we + # forcibly terminate the pod (and outstanding connections). This value + # should be at least as large as the upper bound on the Revision's + # timeoutSeconds property to avoid servicing events disrupting + # connections. + terminationGracePeriodSeconds: 600 +--- +apiVersion: v1 +kind: Service +metadata: + name: activator-service + namespace: knative-serving + labels: + app: activator + app.kubernetes.io/component: activator + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-serving +spec: + selector: + app: activator + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: http + port: 80 + targetPort: 8012 + - name: http2 + port: 81 + targetPort: 8013 + - name: https + port: 443 + targetPort: 8112 + type: ClusterIP + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: autoscaler + namespace: knative-serving + labels: + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +spec: + replicas: 1 + selector: + matchLabels: + app: autoscaler + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + template: + metadata: + labels: + app: autoscaler + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: autoscaler + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: autoscaler + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:5bae38655d87df86b041083fbe51791816473245f752432ba9b85a7b12f73cd5 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1000Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: websocket + containerPort: 8080 + readinessProbe: + httpGet: + port: 8080 + livenessProbe: + httpGet: + port: 8080 + failureThreshold: 6 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: autoscaler + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + name: autoscaler + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: http + port: 8080 + targetPort: 8080 + selector: + app: autoscaler + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller + namespace: knative-serving + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +spec: + selector: + matchLabels: + app: controller + template: + metadata: + labels: + app: controller + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: controller + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: controller + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:94329d85200c2fc31ed1166a26568ca1357376c149c147e71f400cf28be3c816 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1000Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + periodSeconds: 5 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + periodSeconds: 5 + failureThreshold: 3 + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: controller + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + name: controller + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + selector: + app: controller + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: webhook + namespace: knative-serving + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +spec: + minReplicas: 1 + maxReplicas: 5 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: webhook + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + # Percentage of the requested CPU + averageUtilization: 100 +--- +# Webhook PDB. +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: webhook-pdb + namespace: knative-serving + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +spec: + minAvailable: 80% + selector: + matchLabels: + app: webhook + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: webhook + namespace: knative-serving + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-serving +spec: + selector: + matchLabels: + app: webhook + role: webhook + template: + metadata: + labels: + app: webhook + role: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-serving + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: webhook + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:8470456be214e93a84e3c7b79a632aa9978bd8ecda553feaa47878a2c24ab84d + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: WEBHOOK_NAME + value: webhook + - name: WEBHOOK_PORT + value: "8443" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + readinessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + livenessProbe: + periodSeconds: 10 + httpGet: + scheme: HTTPS + port: 8443 + failureThreshold: 6 + initialDelaySeconds: 20 + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: webhook + role: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/version: "1.22.1" + app.kubernetes.io/name: knative-serving + name: webhook + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app: webhook + role: webhook + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.serving.knative.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: config.webhook.serving.knative.dev + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: ["knative-serving"] + - key: app.kubernetes.io/component + operator: In + values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing", "net-certmanager"] + timeoutSeconds: 10 + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.serving.knative.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: webhook.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - autoscaling.internal.knative.dev + - networking.internal.knative.dev + - serving.knative.dev + apiVersions: + - "*" + operations: + - CREATE + - UPDATE + scope: "*" + resources: + - metrics + - podautoscalers + - certificates + - ingresses + - serverlessservices + - configurations + - revisions + - routes + - services + - domainmappings + - domainmappings/status + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.serving.knative.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: validation.webhook.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - autoscaling.internal.knative.dev + - networking.internal.knative.dev + - serving.knative.dev + apiVersions: + - "*" + operations: + - CREATE + - UPDATE + - DELETE + scope: "*" + resources: + - metrics + - podautoscalers + - certificates + - ingresses + - serverlessservices + - configurations + - revisions + - routes + - services + - domainmappings + - domainmappings/status + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: webhook-certs + namespace: knative-serving + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +# The data is populated at install time. + +--- diff --git a/cmd/operator/kodata/knative-serving/1.22.1/3-serving-hpa.yaml b/cmd/operator/kodata/knative-serving/1.22.1/3-serving-hpa.yaml new file mode 100644 index 0000000000..9403467492 --- /dev/null +++ b/cmd/operator/kodata/knative-serving/1.22.1/3-serving-hpa.yaml @@ -0,0 +1,123 @@ +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: autoscaler-hpa + namespace: knative-serving + labels: + autoscaling.knative.dev/autoscaler-provider: hpa + app.kubernetes.io/component: autoscaler-hpa + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" +spec: + selector: + matchLabels: + app: autoscaler-hpa + template: + metadata: + labels: + app: autoscaler-hpa + app.kubernetes.io/component: autoscaler-hpa + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: autoscaler-hpa + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: autoscaler-hpa + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa@sha256:5e5cb34096b58befe77e9c27f003cde97e7707e9dd047e1d50786892cb566dbf + resources: + requests: + cpu: 30m + memory: 40Mi + limits: + cpu: 300m + memory: 400Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + periodSeconds: 5 + failureThreshold: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + periodSeconds: 5 + failureThreshold: 5 + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: autoscaler-hpa + autoscaling.knative.dev/autoscaler-provider: hpa + app.kubernetes.io/component: autoscaler-hpa + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.22.1" + name: autoscaler-hpa + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + selector: + app: autoscaler-hpa + +--- diff --git a/cmd/operator/kodata/knative-serving/1.22.1/4-serving-post-install-jobs.yaml b/cmd/operator/kodata/knative-serving/1.22.1/4-serving-post-install-jobs.yaml new file mode 100644 index 0000000000..b48cc433cb --- /dev/null +++ b/cmd/operator/kodata/knative-serving/1.22.1/4-serving-post-install-jobs.yaml @@ -0,0 +1,138 @@ + +--- +# /tmp/knative.9S0OFiAc/tmp.cR5vMiXATF/serving-storage-version-migration.yaml +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + generateName: storage-version-migration-serving- + namespace: knative-serving + labels: + app: storage-version-migration-serving + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: storage-version-migration-job + app.kubernetes.io/version: "1.22.1" +spec: + ttlSecondsAfterFinished: 600 + backoffLimit: 10 + template: + metadata: + labels: + app: storage-version-migration-serving + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: storage-version-migration-job + app.kubernetes.io/version: "1.22.1" + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: controller + restartPolicy: OnFailure + containers: + - name: migrate + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:049f9cb03f4867b3bc4eb6043a33bf8673603fc4ce99c02e7953df049ad63844 + args: + - "services.serving.knative.dev" + - "configurations.serving.knative.dev" + - "revisions.serving.knative.dev" + - "routes.serving.knative.dev" + - "domainmappings.serving.knative.dev" + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1000Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + +--- +--- +# /tmp/knative.9S0OFiAc/tmp.cR5vMiXATF/cleanup.yaml +# Copyright 2024 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + generateName: cleanup-serving- + namespace: knative-serving + labels: + app: cleanup-serving + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: cleanup-job + app.kubernetes.io/version: "1.22.1" +spec: + ttlSecondsAfterFinished: 600 + backoffLimit: 10 + template: + metadata: + labels: + app: cleanup-migration-serving + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: cleanup-job + app.kubernetes.io/version: "1.22.1" + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: controller + restartPolicy: OnFailure + containers: + - name: cleanup + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/pkg/cleanup/cmd/cleanup@sha256:6f771871352be1f9266615b119d85d949c7acf305316de021dd9c17c3d92e219 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1000Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + +--- diff --git a/go.mod b/go.mod index 4018520726..15086c0101 100644 --- a/go.mod +++ b/go.mod @@ -23,11 +23,11 @@ require ( k8s.io/client-go v0.35.5 k8s.io/code-generator v0.35.5 knative.dev/caching v0.0.0-20260529015533-df91b71e241e - knative.dev/eventing v0.49.1-0.20260529032731-e2d6b95a971e + knative.dev/eventing v0.49.1-0.20260601121530-94496617307a knative.dev/hack v0.0.0-20260428014158-b2a37f1b6e7b - knative.dev/pkg v0.0.0-20260529191007-91499a17111f + knative.dev/pkg v0.0.0-20260602142205-ac97e43f6622 knative.dev/reconciler-test v0.0.0-20260529022136-ec384da06e43 - knative.dev/serving v0.49.1-0.20260531185038-1d4c5d97c707 + knative.dev/serving v0.49.1-0.20260602134409-d8c7a7e1bb88 sigs.k8s.io/cluster-inventory-api v0.1.0 sigs.k8s.io/controller-tools v0.20.1 sigs.k8s.io/yaml v1.6.0 @@ -106,7 +106,7 @@ require ( github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/googleapis/gax-go/v2 v2.13.0 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.29.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/hcl/v2 v2.24.0 // indirect @@ -153,20 +153,20 @@ require ( go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 // indirect - go.opentelemetry.io/contrib/instrumentation/runtime v0.68.0 // indirect - go.opentelemetry.io/otel v1.43.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.43.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0 // indirect - go.opentelemetry.io/otel/exporters/prometheus v0.65.0 // indirect - go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0 // indirect - go.opentelemetry.io/otel/metric v1.43.0 // indirect - go.opentelemetry.io/otel/sdk v1.43.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.43.0 // indirect - go.opentelemetry.io/otel/trace v1.43.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.69.0 // indirect + go.opentelemetry.io/contrib/instrumentation/runtime v0.69.0 // indirect + go.opentelemetry.io/otel v1.44.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.44.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.44.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.44.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.44.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.44.0 // indirect + go.opentelemetry.io/otel/exporters/prometheus v0.66.0 // indirect + go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.44.0 // indirect + go.opentelemetry.io/otel/metric v1.44.0 // indirect + go.opentelemetry.io/otel/sdk v1.44.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.44.0 // indirect + go.opentelemetry.io/otel/trace v1.44.0 // indirect go.opentelemetry.io/proto/otlp v1.10.0 // indirect go.uber.org/atomic v1.10.0 // indirect go.uber.org/automaxprocs v1.6.0 // indirect @@ -184,9 +184,9 @@ require ( golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect - google.golang.org/grpc v1.80.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa // indirect + google.golang.org/grpc v1.81.1 // indirect google.golang.org/protobuf v1.36.11 // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index 7ce116471a..daf44bdc65 100644 --- a/go.sum +++ b/go.sum @@ -225,8 +225,8 @@ github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 h1:6xNmx7iTtyBRev0+D/Tv1FZd4SCg8axKApyNyRsAt/w= -github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5/go.mod h1:KdCmV+x/BuvyMxRnYBlmVaq4OLiKW6iRQfvC62cvdkI= +github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2 h1:aBangftG7EVZoUb69Os8IaYg++6uMOdKK83QtkkvJik= +github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2/go.mod h1:qwXFYgsP6T7XnJtbKlf1HP8AjxZZyzxMmc+Lq5GjlU4= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= @@ -281,12 +281,12 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go. github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ= github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/go-control-plane v0.14.0 h1:hbG2kr4RuFj222B6+7T83thSPqLjwBIfQawTkC++2HA= -github.com/envoyproxy/go-control-plane/envoy v1.36.0 h1:yg/JjO5E7ubRyKX3m07GF3reDNEnfOboJ0QySbH736g= -github.com/envoyproxy/go-control-plane/envoy v1.36.0/go.mod h1:ty89S1YCCVruQAm9OtKeEkQLTb+Lkz0k8v9W0Oxsv98= +github.com/envoyproxy/go-control-plane/envoy v1.37.0 h1:u3riX6BoYRfF4Dr7dwSOroNfdSbEPe9Yyl09/B6wBrQ= +github.com/envoyproxy/go-control-plane/envoy v1.37.0/go.mod h1:DReE9MMrmecPy+YvQOAOHNYMALuowAnbjjEMkkWOi6A= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws= -github.com/envoyproxy/protoc-gen-validate v1.3.0 h1:TvGH1wof4H33rezVKWSpqKz5NXWg5VPuZ0uONDT6eb4= -github.com/envoyproxy/protoc-gen-validate v1.3.0/go.mod h1:HvYl7zwPa5mffgyeTUHA9zHIH36nmrm7oCbo4YKoSWA= +github.com/envoyproxy/protoc-gen-validate v1.3.3 h1:MVQghNeW+LZcmXe7SY1V36Z+WFMDjpqGAGacLe2T0ds= +github.com/envoyproxy/protoc-gen-validate v1.3.3/go.mod h1:TsndJ/ngyIdQRhMcVVGDDHINPLWB7C82oDArY51KfB0= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -561,8 +561,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgf github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 h1:HWRh5R2+9EifMyIHV7ZV+MIZqgz+PMpZ14Jynv3O2Zs= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0/go.mod h1:JfhWUomR1baixubs02l85lZYYOm7LV6om4ceouMv45c= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.29.0 h1:5VipnvEpbqr2gA2VbM+nYVbkIF28c5ZQfqCBQ5g2xfk= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.29.0/go.mod h1:Hyl3n6Twe1hvtd9XUXDec4pTvgMSEixRuQKPTMH2bNs= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= @@ -1010,48 +1010,50 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.3 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 h1:x7wzEgXfnzJcHDwStJT+mxOz4etr2EcexjqhBvmoakw= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 h1:CqXxU8VOmDefoh0+ztfGaymYbhdB/tT3zs79QaZTNGY= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0/go.mod h1:BuhAPThV8PBHBvg8ZzZ/Ok3idOdhWIodywz2xEcRbJo= -go.opentelemetry.io/contrib/instrumentation/runtime v0.68.0 h1:jhVIQEprwUTV+KfzzliLidclhoTOoHTgdz96kAyR8mU= -go.opentelemetry.io/contrib/instrumentation/runtime v0.68.0/go.mod h1:4HsdbLUbernaTnA8CNaNE+1g026SciXb3juRYe3l8EY= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.69.0 h1:8tvICD4vSTOOsNrsI4Ljf6C+6UKvpTEH5XY3JMoyPoo= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.69.0/go.mod h1:z9+yiacE0IHRqM4qFfkbt/JYlmYXgss8GY/jXoNuPJI= +go.opentelemetry.io/contrib/instrumentation/runtime v0.69.0 h1:MtkMsuRo3zEXTTMALfyrszwCDZTkB6wolyPjbwFAdq0= +go.opentelemetry.io/contrib/instrumentation/runtime v0.69.0/go.mod h1:FYTxnpsm+UPD0erZNq20GvnM8T2YQHiHtT2vokdpoac= go.opentelemetry.io/otel v1.0.1/go.mod h1:OPEOD4jIT2SlZPMmwT6FqZz2C0ZNdQqiWcoK6M0SNFU= go.opentelemetry.io/otel v1.8.0/go.mod h1:2pkj+iMj0o03Y+cW6/m8Y4WkRdYN3AvCXCnzRMp9yvM= go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ= -go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= -go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= +go.opentelemetry.io/otel v1.44.0 h1:JjwHmHpA4iZ3wBxluu2fbbE7j4kqlE8jXyAyPXH7HqU= +go.opentelemetry.io/otel v1.44.0/go.mod h1:BMgjTHL9WPRlRjL2oZCBTL4whCGtXch2H4BhOPIAyYc= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0/go.mod h1:78XhIg8Ht9vR4tbLNUhXsiOnE2HOuSeKAiAcoVQEpOY= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0 h1:8UQVDcZxOJLtX6gxtDt3vY2WTgvZqMQRzjsqiIHQdkc= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0/go.mod h1:2lmweYCiHYpEjQ/lSJBYhj9jP1zvCvQW4BqL9dnT7FQ= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.43.0 h1:w1K+pCJoPpQifuVpsKamUdn9U0zM3xUziVOqsGksUrY= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.43.0/go.mod h1:HBy4BjzgVE8139ieRI75oXm3EcDN+6GhD88JT1Kjvxg= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.44.0 h1:SUplec5dp06reu1zaXmOXdvqH398taqrDXqUl99jxSc= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.44.0/go.mod h1:ho2g4N+ane+swq5I/VBkKWnRDY4kUINH3FuqyZqX/Ug= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.44.0 h1:RuynHbfU8JUEw7DyONgkVYg2SVtsoF28y0LGIr69jgA= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.44.0/go.mod h1:qZF+/lBs71APw8mlnEZcqZHMzqrYrsFiJOv83lX1OGo= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.0.1/go.mod h1:Kv8liBeVNFkkkbilbgWRpV+wWuu+H5xdOT6HAgd30iw= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0/go.mod h1:Krqnjl22jUJ0HgMzw5eveuCvFDXY4nSYb4F8t5gdrag= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 h1:88Y4s2C8oTui1LGM6bTWkw0ICGcOLCAI5l6zsD1j20k= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0/go.mod h1:Vl1/iaggsuRlrHf/hfPJPvVag77kKyvrLeD10kpMl+A= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.44.0 h1:4YsVu3B8+3qtWYYrsUYgn0OG78pN0rnNPRGX4SbokQI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.44.0/go.mod h1:+wnlSn0mD1ADVMe3v9Z/WIaiz6q6gL2J/ejaAmdmv80= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.0.1/go.mod h1:xOvWoTOrQjxjW61xtOmD/WKGRYb/P4NzRo3bs65U6Rk= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0/go.mod h1:OfUCyyIiDvNXHWpcWgbF+MWvqPZiNa3YDEnivcnYsV0= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 h1:RAE+JPfvEmvy+0LzyUA25/SGawPwIUbZ6u0Wug54sLc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0/go.mod h1:AGmbycVGEsRx9mXMZ75CsOyhSP6MFIcj/6dnG+vhVjk= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0 h1:3iZJKlCZufyRzPzlQhUIWVmfltrXuGyfjREgGP3UUjc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0/go.mod h1:/G+nUPfhq2e+qiXMGxMwumDrP5jtzU+mWN7/sjT2rak= -go.opentelemetry.io/otel/exporters/prometheus v0.65.0 h1:jOveH/b4lU9HT7y+Gfamf18BqlOuz2PWEvs8yM7Q6XE= -go.opentelemetry.io/otel/exporters/prometheus v0.65.0/go.mod h1:i1P8pcumauPtUI4YNopea1dhzEMuEqWP1xoUZDylLHo= -go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0 h1:mS47AX77OtFfKG4vtp+84kuGSFZHTyxtXIN269vChY0= -go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0/go.mod h1:PJnsC41lAGncJlPUniSwM81gc80GkgWJWr3cu2nKEtU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.44.0 h1:qazEJlUOQzhCpzQpFETGby7EdqjI1wsd0W+6Gg1SCTU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.44.0/go.mod h1:fOD2Yefuxixkx3ahVNf0O/PERb6r4OlbxfATVnYvzCo= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.44.0 h1:lgh3PiVrRUWMLOVSkQicxzZll5NjF1r+AtsX1XRIHw0= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.44.0/go.mod h1:5Cnhth3m/AgOeTgE3ex12pPmiu/gGtZit03kSzx9X7s= +go.opentelemetry.io/otel/exporters/prometheus v0.66.0 h1:vkrK8PAznv2NKt2r+kdu252ccGzkEqLc2aSXbQIALYQ= +go.opentelemetry.io/otel/exporters/prometheus v0.66.0/go.mod h1:V/UB6D3vMF/UBOL5igAsAYnk1nG/bzYYTzvsB16cy7o= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.44.0 h1:bl2S7Ubua0Nms+D/gAmznQTd4dxxMA93aKbcpKqiTCs= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.44.0/go.mod h1:L0hRV50XdVIODHUfWEqGRCXQvj2rV82STVo12FMFBU0= go.opentelemetry.io/otel/metric v0.31.0/go.mod h1:ohmwj9KTSIeBnDBm/ZwH2PSZxZzoOaG2xZeekTRzL5A= -go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= -go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= +go.opentelemetry.io/otel/metric v1.44.0 h1:1w0gILTcHdr3YI+ixLyjemwrVnsMURbTZFrSYCdDdmc= +go.opentelemetry.io/otel/metric v1.44.0/go.mod h1:8O7hanEPBNgEMmybD3s2VBKcgWOCsA6tzHBPODAiquo= +go.opentelemetry.io/otel/metric/x v0.66.0 h1:YkCrx1zLOChi9ZcZ6euupOcsgzbVlec7D/xoEU1+cTA= +go.opentelemetry.io/otel/metric/x v0.66.0/go.mod h1:d1+BDj9t96do0/1LoU1ayfCv79ZgNE41qbhBvnMOBZk= go.opentelemetry.io/otel/sdk v1.0.1/go.mod h1:HrdXne+BiwsOHYYkBE5ysIcv2bvdZstxzmCQhxTcZkI= go.opentelemetry.io/otel/sdk v1.10.0/go.mod h1:vO06iKzD5baltJz1zarxMCNHFpUlUiOy4s65ECtn6kE= -go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg= -go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg= -go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw= -go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= +go.opentelemetry.io/otel/sdk v1.44.0 h1:nHYwb9lK+fJPU/dnT6s7W7Z8itMWyqrnVfbheVYrZ58= +go.opentelemetry.io/otel/sdk v1.44.0/go.mod h1:Osuydd3Se74nqjAKxid74N5eC+jfEqfTegHRnq58oK0= +go.opentelemetry.io/otel/sdk/metric v1.44.0 h1:3LlKgI+VjbVsjNRFZJZAJ30WjXC5VkNRks6si09iEfI= +go.opentelemetry.io/otel/sdk/metric v1.44.0/go.mod h1:5B5pMARnXxKhltooO4xUuCBorl65a4EpnTalObqOigA= go.opentelemetry.io/otel/trace v1.0.1/go.mod h1:5g4i4fKLaX2BQpSBsxw8YYcgKpMMSW3x7ZTuYBr3sUk= go.opentelemetry.io/otel/trace v1.8.0/go.mod h1:0Bt3PXY8w+3pheS3hQUt+wow8b1ojPaTBoTCh2zIFI4= go.opentelemetry.io/otel/trace v1.10.0/go.mod h1:Sij3YYczqAdz+EhmGhE6TpTxUO5/F/AzrK+kxfGqySM= -go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= -go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= +go.opentelemetry.io/otel/trace v1.44.0 h1:jxF5CsGYCe74MCRx2X4g7WsY/VBKRqqpNvXlX/6gtIk= +go.opentelemetry.io/otel/trace v1.44.0/go.mod h1:oLl1jrMQAVo6v3GAggN+1VH9VIz9iUSvW53sW1Q8PIE= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.9.0/go.mod h1:1vKfU9rv61e9EVGthD1zNvUbiwPcimSsOPU9brfSHJg= go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= @@ -1651,10 +1653,10 @@ google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ6 google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= -google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 h1:VPWxll4HlMw1Vs/qXtN7BvhZqsS9cdAittCNvVENElA= -google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:7QBABkRtR8z+TEnmXTqIqwJLlzrZKVfAUm7tY3yGv0M= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 h1:m8qni9SQFH0tJc1X0vmnpw/0t+AImlSvp30sEupozUg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= +google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa h1:Kjn0N0tCrDgiAFW+lGO4JZ3ck44CehvJQMAwj9QF0G8= +google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa/go.mod h1:q4lMZS6kskjT5HvCPrnnypcDPVJqT/f4nfxmkE7gryY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa h1:mZHHdPZl0dbGHCflZgAq/Q468DWVFcU2whhB2KAo8fk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1690,8 +1692,8 @@ google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= -google.golang.org/grpc v1.80.0 h1:Xr6m2WmWZLETvUNvIUmeD5OAagMw3FiKmMlTdViWsHM= -google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4= +google.golang.org/grpc v1.81.1 h1:VnnIIZ88UzOOKLukQi+ImGz8O1Wdp8nAGGnvOfEIWQQ= +google.golang.org/grpc v1.81.1/go.mod h1:xGH9GfzOyMTGIOXBJmXt+BX/V0kcdQbdcuwQ/zNw42I= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1812,18 +1814,18 @@ k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0x k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= knative.dev/caching v0.0.0-20260529015533-df91b71e241e h1:bYtz5qACcFfjnaPRPAlbdvjnjoBqjoLg8jkOc1LJ6/Q= knative.dev/caching v0.0.0-20260529015533-df91b71e241e/go.mod h1:3HOVRoEw5DmGuGLg0vMjYv+EJokZx7G+wWKk88gnOc8= -knative.dev/eventing v0.49.1-0.20260529032731-e2d6b95a971e h1:R1qo705sW597mxdbkul0Yxmp3BXZvWaiX4wJxOaWLJg= -knative.dev/eventing v0.49.1-0.20260529032731-e2d6b95a971e/go.mod h1:esrMPXP79jb7ZabpI9K3WqJ+SZuqADDycMFxRBCyDDY= +knative.dev/eventing v0.49.1-0.20260601121530-94496617307a h1:4y8uPkCIqM1nmjqlgKljbe1T8hXDc6dYz5LPuw944xI= +knative.dev/eventing v0.49.1-0.20260601121530-94496617307a/go.mod h1:lZAcOxJw1vp4Qns6uFB8I2k8+021Hf/rGmS+qYc3Hmk= knative.dev/hack v0.0.0-20260428014158-b2a37f1b6e7b h1:MvbV2F2BdI8qKrYYUhDwbUZbX0BAYRSIpXM2TOtTvs0= knative.dev/hack v0.0.0-20260428014158-b2a37f1b6e7b/go.mod h1:L5RzHgbvam0u8QFHfzCX6MKxu/a/gIGEdaRBqNiVbl0= knative.dev/networking v0.0.0-20260529020035-305789141b2b h1:bVEeZ66aokJjPNHA8gwcEw6bbU/Lxhbt3jQyy4QZPP8= knative.dev/networking v0.0.0-20260529020035-305789141b2b/go.mod h1:upXhnYXpr11YRpKlKiGTB4hzDTn4kUJ7gqDaqMFJaoo= -knative.dev/pkg v0.0.0-20260529191007-91499a17111f h1:eNG7TLdIUZN/IQInFAJ3RPHZZtNsyJkZwFsOYZd1cRQ= -knative.dev/pkg v0.0.0-20260529191007-91499a17111f/go.mod h1:3/ACpFr1GwpmELPWoBIIlQc8YMZ9KqdhsE4xNbEDbbo= +knative.dev/pkg v0.0.0-20260602142205-ac97e43f6622 h1:Lf5I3oaFc0bErDP7yUbOxT+6GaGnVwuAiCAnDAn5F48= +knative.dev/pkg v0.0.0-20260602142205-ac97e43f6622/go.mod h1:A6IJjMX0nATYJ4eJAcqXGLiMTg1AXsA9QtPd7nI9Tk0= knative.dev/reconciler-test v0.0.0-20260529022136-ec384da06e43 h1:XIvFF01Hv6kvtan2MoSLYpWmk3G5MIqp/ZUgakOBaWU= knative.dev/reconciler-test v0.0.0-20260529022136-ec384da06e43/go.mod h1:QeRVuKVh7D1tvU4+Z/D4DuB/RWR3IJ+2FZHwuMdwdzg= -knative.dev/serving v0.49.1-0.20260531185038-1d4c5d97c707 h1:L/a5EK+/c1QnHYfmHHNAE3Uvw39usxF5y7tjdKM6thk= -knative.dev/serving v0.49.1-0.20260531185038-1d4c5d97c707/go.mod h1:JBk2I8KkkjLu3g4QesIyLsK2skAXGbqELL/Pq/J7TR0= +knative.dev/serving v0.49.1-0.20260602134409-d8c7a7e1bb88 h1:gT7KDayRVjPs0InNhVA/vXRXbqkNUS73ZLSzaTmo1d0= +knative.dev/serving v0.49.1-0.20260602134409-d8c7a7e1bb88/go.mod h1:aVIwAozgXB/6zWHZjCYPgP8oSR8f4hoR+zamOo5gd4g= nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw= pgregory.net/rapid v1.1.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go index 4e684c7de6..69edf5eff8 100644 --- a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go +++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go @@ -71,6 +71,7 @@ type ServeMux struct { streamErrorHandler StreamErrorHandlerFunc routingErrorHandler RoutingErrorHandlerFunc disablePathLengthFallback bool + disableHTTPMethodOverride bool unescapingMode UnescapingMode writeContentLength bool disableChunkedEncoding bool @@ -271,6 +272,19 @@ func WithDisablePathLengthFallback() ServeMuxOption { } } +// WithDisableHTTPMethodOverride returns a ServeMuxOption that disables the +// X-HTTP-Method-Override header handling. +// +// When this option is used, the mux will no longer allow POST requests with +// the X-HTTP-Method-Override header to override the HTTP method. The path +// length fallback (POST with application/x-www-form-urlencoded falling back +// to a matching GET handler) is not affected by this option. +func WithDisableHTTPMethodOverride() ServeMuxOption { + return func(serveMux *ServeMux) { + serveMux.disableHTTPMethodOverride = true + } +} + // WithWriteContentLength returns a ServeMuxOption to enable writing content length on non-streaming responses func WithWriteContentLength() ServeMuxOption { return func(serveMux *ServeMux) { @@ -405,7 +419,7 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) { path = r.URL.RawPath } - if override := r.Header.Get("X-HTTP-Method-Override"); override != "" && s.isPathLengthFallback(r) { + if override := r.Header.Get("X-HTTP-Method-Override"); override != "" && !s.disableHTTPMethodOverride && s.isPathLengthFallback(r) { if err := r.ParseForm(); err != nil { _, outboundMarshaler := MarshalerForRequest(s, r) sterr := status.Error(codes.InvalidArgument, err.Error()) @@ -467,6 +481,7 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) { HTTPStatus: http.StatusBadRequest, Err: mse, }) + return } continue } @@ -509,6 +524,7 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) { HTTPStatus: http.StatusBadRequest, Err: mse, }) + return } continue } diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go index a269fce0f7..204588b849 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go @@ -35,10 +35,6 @@ type middleware struct { semconv semconv.HTTPServer } -func defaultHandlerFormatter(operation string, _ *http.Request) string { - return operation -} - // NewHandler wraps the passed handler in a span named after the operation and // enriches it with metrics. func NewHandler(handler http.Handler, operation string, opts ...Option) http.Handler { @@ -55,12 +51,17 @@ func NewMiddleware(operation string, opts ...Option) func(http.Handler) http.Han defaultOpts := []Option{ WithSpanOptions(trace.WithSpanKind(trace.SpanKindServer)), - WithSpanNameFormatter(defaultHandlerFormatter), } c := newConfig(append(defaultOpts, opts...)...) h.configure(c) + if h.spanNameFormatter == nil { + h.spanNameFormatter = func(_ string, r *http.Request) string { + return h.semconv.SpanName(r) + } + } + return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { h.serveHTTP(w, r, next) @@ -138,7 +139,13 @@ func (h *middleware) serveHTTP(w http.ResponseWriter, r *http.Request, next http // ReadCloser fulfills a certain interface and it is indeed nil or NoBody. bw := request.NewBodyWrapper(r.Body, readRecordFunc) if r.Body != nil && r.Body != http.NoBody { + origReq := r + prevBody := r.Body r.Body = bw + + // Restore the original body after the request is processed to avoid issues + // with extra wrapper since `http/server.go` later checks type of `r.Body`. + defer func() { origReq.Body = prevBody }() } writeRecordFunc := func(int64) {} diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/client.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/client.go index 1398d85c2e..0241b08e85 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/client.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/client.go @@ -12,6 +12,7 @@ import ( "context" "fmt" "net/http" + "reflect" "slices" "strconv" "strings" @@ -19,8 +20,8 @@ import ( "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/codes" "go.opentelemetry.io/otel/metric" - "go.opentelemetry.io/otel/semconv/v1.40.0" - "go.opentelemetry.io/otel/semconv/v1.40.0/httpconv" + "go.opentelemetry.io/otel/semconv/v1.41.0" + "go.opentelemetry.io/otel/semconv/v1.41.0/httpconv" ) type HTTPClient struct { @@ -166,7 +167,7 @@ func (n HTTPClient) ResponseTraceAttrs(resp *http.Response) []attribute.KeyValue func (n HTTPClient) method(method string) (attribute.KeyValue, attribute.KeyValue) { if method == "" { - return semconv.HTTPRequestMethodGet, attribute.KeyValue{} + return semconv.HTTPRequestMethodOther, attribute.KeyValue{} } if attr, ok := methodLookup[method]; ok { return attr, attribute.KeyValue{} @@ -176,7 +177,7 @@ func (n HTTPClient) method(method string) (attribute.KeyValue, attribute.KeyValu if attr, ok := methodLookup[strings.ToUpper(method)]; ok { return attr, orig } - return semconv.HTTPRequestMethodGet, orig + return semconv.HTTPRequestMethodOther, orig } func (n HTTPClient) MetricAttributes(req *http.Request, statusCode int, additionalAttributes []attribute.KeyValue) []attribute.KeyValue { @@ -249,6 +250,9 @@ func (o MetricOpts) AddOptions() metric.AddOption { func (n HTTPClient) MetricOptions(ma MetricAttributes) MetricOpts { attributes := n.MetricAttributes(ma.Req, ma.StatusCode, ma.AdditionalAttributes) + if ma.StatusCode == 0 && ma.Err != nil { + attributes = append(attributes, n.ErrorType(ma.Err)) + } set := metric.WithAttributeSet(attribute.NewSet(attributes...)) return MetricOpts{ @@ -257,6 +261,39 @@ func (n HTTPClient) MetricOptions(ma MetricAttributes) MetricOpts { } } +// ErrorType returns an error.type attribute for the given error. The otelhttp +// Transport calls the underlying RoundTripper directly, so transport failures +// arrive as *net.OpError (connection refused, timeout, etc.) rather than +// *url.Error (which http.Client.Do adds above the Transport layer). This +// function intentionally does not unwrap further: reporting a single concrete +// type per failure keeps attribute cardinality bounded, as required by the +// OTel spec (error.type SHOULD have low cardinality). Callers that need +// finer-grained error distinctions should inspect the error themselves. +func (n HTTPClient) ErrorType(err error) attribute.KeyValue { + t := reflect.TypeOf(err) + if t == nil { + return semconv.ErrorTypeOther + } + if t.Kind() == reflect.Ptr { + t = t.Elem() + } + var value string + if t.PkgPath() == "" || t.Name() == "" { + // t.PkgPath() == "" covers builtin and unnamed types. + // t.Name() == "" covers anonymous struct types that implement error, + // which are uncommon but possible. Fall back to t.String() for both. + value = t.String() + } else { + value = fmt.Sprintf("%s.%s", t.PkgPath(), t.Name()) + } + + if value == "" { + return semconv.ErrorTypeOther + } + + return semconv.ErrorTypeKey.String(value) +} + func (n HTTPClient) RecordMetrics(ctx context.Context, md MetricData, opts MetricOpts) { recordOpts := metricRecordOptionPool.Get().(*[]metric.RecordOption) defer func() { diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/server.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/server.go index 83c6ae2465..8e0430863d 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/server.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/server.go @@ -20,8 +20,8 @@ import ( "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/codes" "go.opentelemetry.io/otel/metric" - "go.opentelemetry.io/otel/semconv/v1.40.0" - "go.opentelemetry.io/otel/semconv/v1.40.0/httpconv" + "go.opentelemetry.io/otel/semconv/v1.41.0" + "go.opentelemetry.io/otel/semconv/v1.41.0/httpconv" ) type RequestTraceAttrsOpts struct { @@ -243,6 +243,7 @@ type MetricAttributes struct { StatusCode int Route string AdditionalAttributes []attribute.KeyValue + Err error } type MetricData struct { @@ -250,13 +251,11 @@ type MetricData struct { RequestDuration time.Duration } -var ( - metricRecordOptionPool = &sync.Pool{ - New: func() any { - return &[]metric.RecordOption{} - }, - } -) +var metricRecordOptionPool = &sync.Pool{ + New: func() any { + return &[]metric.RecordOption{} + }, +} func (n HTTPServer) RecordMetrics(ctx context.Context, md ServerMetricData) { attributes := n.MetricAttributes(md.ServerName, md.Req, md.StatusCode, md.Route, md.AdditionalAttributes) @@ -270,9 +269,27 @@ func (n HTTPServer) RecordMetrics(ctx context.Context, md ServerMetricData) { metricRecordOptionPool.Put(recordOpts) } +// SpanName returns the span name for an HTTP request following the +// OpenTelemetry HTTP semantic conventions. +// It returns "{method} {route}" when the request has a pattern, +// or just "{method}" when no route is available. +// Non-standard HTTP methods are replaced by "HTTP". +func (n HTTPServer) SpanName(r *http.Request) string { + method := strings.ToUpper(r.Method) + if _, ok := methodLookup[method]; !ok { + method = "HTTP" + } + + route := httpRoute(r.Pattern) + if route != "" { + return method + " " + route + } + return method +} + func (n HTTPServer) method(method string) (attribute.KeyValue, attribute.KeyValue) { if method == "" { - return semconv.HTTPRequestMethodGet, attribute.KeyValue{} + return semconv.HTTPRequestMethodOther, attribute.KeyValue{} } if attr, ok := methodLookup[method]; ok { return attr, attribute.KeyValue{} @@ -282,7 +299,7 @@ func (n HTTPServer) method(method string) (attribute.KeyValue, attribute.KeyValu if attr, ok := methodLookup[strings.ToUpper(method)]; ok { return attr, orig } - return semconv.HTTPRequestMethodGet, orig + return semconv.HTTPRequestMethodOther, orig } func (n HTTPServer) scheme(https bool) attribute.KeyValue { //nolint:revive // ignore linter diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/util.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/util.go index 2eab2ecabd..d6842ed2ab 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/util.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/util.go @@ -15,7 +15,7 @@ import ( "go.opentelemetry.io/otel" "go.opentelemetry.io/otel/attribute" - semconvNew "go.opentelemetry.io/otel/semconv/v1.40.0" + semconvNew "go.opentelemetry.io/otel/semconv/v1.41.0" ) // SplitHostPort splits a network address hostport of the form "host", diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/transport.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/transport.go index d8d204d1f8..b15895cee2 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/transport.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/transport.go @@ -15,7 +15,7 @@ import ( "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/codes" "go.opentelemetry.io/otel/propagation" - otelsemconv "go.opentelemetry.io/otel/semconv/v1.40.0" + otelsemconv "go.opentelemetry.io/otel/semconv/v1.41.0" "go.opentelemetry.io/otel/trace" "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/request" @@ -161,6 +161,7 @@ func (t *Transport) RoundTrip(r *http.Request) (*http.Response, error) { t.semconv.MetricOptions(semconv.MetricAttributes{ Req: r, StatusCode: statusCode, + Err: err, AdditionalAttributes: append(labeler.Get(), t.metricAttributesFromRequest(r)...), }), ) diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go index 835ec5aa7e..2feb885000 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go @@ -4,4 +4,4 @@ package otelhttp // import "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp" // Version is the current release version of the otelhttp instrumentation. -const Version = "0.68.0" +const Version = "0.69.0" diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/runtime/internal/deprecatedruntime/runtime.go b/vendor/go.opentelemetry.io/contrib/instrumentation/runtime/internal/deprecatedruntime/runtime.go index 645646275a..941d55260c 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/runtime/internal/deprecatedruntime/runtime.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/runtime/internal/deprecatedruntime/runtime.go @@ -290,6 +290,9 @@ func recordGCPauses( recorder metric.Int64Histogram, pauses []uint64, ) { + if !recorder.Enabled(ctx) { + return + } for _, pause := range pauses { recorder.Record(ctx, clampUint64(pause)) } diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/runtime/runtime.go b/vendor/go.opentelemetry.io/contrib/instrumentation/runtime/runtime.go index d678dea6d4..fa44485810 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/runtime/runtime.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/runtime/runtime.go @@ -12,7 +12,7 @@ import ( "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/metric" - "go.opentelemetry.io/otel/semconv/v1.40.0/goconv" + "go.opentelemetry.io/otel/semconv/v1.41.0/goconv" "go.opentelemetry.io/contrib/instrumentation/runtime/internal/deprecatedruntime" "go.opentelemetry.io/contrib/instrumentation/runtime/internal/x" diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/runtime/version.go b/vendor/go.opentelemetry.io/contrib/instrumentation/runtime/version.go index 078888ecc0..e081072612 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/runtime/version.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/runtime/version.go @@ -4,4 +4,4 @@ package runtime // import "go.opentelemetry.io/contrib/instrumentation/runtime" // Version is the current release version of the runtime instrumentation. -const Version = "0.68.0" +const Version = "0.69.0" diff --git a/vendor/go.opentelemetry.io/otel/.golangci.yml b/vendor/go.opentelemetry.io/otel/.golangci.yml index db1f55101c..645c7e6af1 100644 --- a/vendor/go.opentelemetry.io/otel/.golangci.yml +++ b/vendor/go.opentelemetry.io/otel/.golangci.yml @@ -96,9 +96,9 @@ linters: - "!**/exporters/zipkin/**" deny: - pkg: go.opentelemetry.io/otel/semconv - desc: "Use go.opentelemetry.io/otel/semconv/v1.40.0 instead. If a newer semconv version has been released, update the depguard rule." + desc: "Use go.opentelemetry.io/otel/semconv/v1.41.0 instead. If a newer semconv version has been released, update the depguard rule." allow: - - go.opentelemetry.io/otel/semconv/v1.40.0 + - go.opentelemetry.io/otel/semconv/v1.41.0 gocritic: disabled-checks: - appendAssign @@ -134,13 +134,16 @@ linters: strconcat: true revive: confidence: 0.01 + enable-all-rules: false + enable-default-rules: true + max-open-files: 2048 rules: - name: blank-imports - name: bool-literal-in-expr - name: constant-logical-expr - name: context-as-argument arguments: - - allowTypesBefore: '*testing.T' + - allow-types-before: '*testing.T' disabled: true - name: context-keys-type - name: deep-exit @@ -152,7 +155,7 @@ linters: - name: duplicated-imports - name: early-return arguments: - - preserveScope + - preserve-scope - name: empty-block - name: empty-lines - name: error-naming @@ -161,7 +164,7 @@ linters: - name: errorf - name: exported arguments: - - sayRepetitiveInsteadOfStutters + - say-repetitive-instead-of-stutters - name: flag-parameter - name: identical-branches - name: if-return @@ -169,11 +172,12 @@ linters: - name: increment-decrement - name: indent-error-flow arguments: - - preserveScope + - preserve-scope - name: package-comments - name: range - name: range-val-in-closure - name: range-val-address + - name: receiver-naming - name: redefines-builtin-id - name: string-format arguments: @@ -183,7 +187,7 @@ linters: - name: struct-tag - name: superfluous-else arguments: - - preserveScope + - preserve-scope - name: time-equal - name: unconditional-recursion - name: unexported-return diff --git a/vendor/go.opentelemetry.io/otel/AGENTS.md b/vendor/go.opentelemetry.io/otel/AGENTS.md new file mode 100644 index 0000000000..26c0fc4ddb --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/AGENTS.md @@ -0,0 +1,109 @@ +# Agent Guide for opentelemetry-go + +This file contains active, task-oriented instructions for autonomous and semi-autonomous coding agents working in this repository. + +Before starting any task, read `.github/copilot-instructions.md`, `CONTRIBUTING.md`, and this file. +Treat `.github/copilot-instructions.md` as global passive guidance for every task, including docs-only and review-only work. + +## Core expectations + +- Preserve OpenTelemetry specification compliance, API stability, and idiomatic Go. +- Prefer minimal, surgical changes over broad refactors or speculative cleanup. +- Read the package you are editing and match its existing naming, option types, error handling, comments, tests, and concurrency patterns. +- Keep public APIs backward compatible unless the task explicitly requires a breaking change. +- Keep telemetry resilient and loosely coupled. Do not introduce behavior that can unexpectedly interfere with host applications. +- Inspect boundaries carefully: input validation, resource limits, cancellation, shutdown, error propagation, concurrency, and memory growth. +- Prefer fail-safe behavior and explicit invariants over implicit assumptions. +- Keep dependencies minimal and justified. +- Preserve host-application safety: telemetry should not panic, block indefinitely, or amplify attacker-controlled input. +- Be conservative on hot paths. Avoid unnecessary allocations, reflection, interface churn, blocking, global state, and high-cardinality telemetry. +- Write comments only for intent, invariants, and non-obvious constraints. Do not add comments that restate the code. + +## Default workflow + +For new features and behavior changes, use this order unless the task explicitly says otherwise: + +1. Read the relevant package, its tests, and any package docs or `README.md`. +2. Add or update a failing unit test that captures the required behavior or regression. +3. Implement the smallest change that makes the test pass. +4. Refactor only after the behavior is locked in, and only if the refactor keeps the diff focused. +5. If the changed code is on a hot path or performance-sensitive, inspect existing benchmarks and run them. Add a benchmark if coverage is missing. +6. Update documentation artifacts as needed while the context is fresh. Follow the documentation and changelog conventions below for the specific updates required. +7. Run `make precommit` each time before considering the work complete. + +For docs-only, test-only, or review-only tasks, still start with the required repository guidance above, then skip the workflow steps that do not apply while keeping the same discipline around scope, verification, and repository conventions. + +## Verification + +- Use `make` as the canonical repository verification command. The default target is `precommit`. +- `make precommit` is the expected final verification step for linting, generation, README checks, module checks, and tests. +- During iteration, targeted commands are fine for fast feedback, but do not stop there if the task changes code. +- If you touch performance-sensitive code, run focused benchmarks and compare the results using `benchstat` in addition to `make`. + +## Documentation and changelog + +- Non-internal, non-test packages should have Go doc comments, usually in `doc.go`. +- Non-internal, non-test, non-documentation packages should also have a `README.md` with at least a title and a `pkg.go.dev` badge. +- Prefer examples over long code snippets in GoDoc when practical. +- Keep docs aligned with actual behavior. Do not leave stale comments, stale examples, or stale package documentation behind. +- For user-visible changes, update `CHANGELOG.md` under the appropriate `Added`, `Changed`, `Deprecated`, `Fixed`, or `Removed` section within `## [Unreleased]`. + +## Repository habits + +- Prefer focused diffs. Avoid drive-by cleanup. +- Follow existing option patterns and exported API conventions instead of inventing new abstractions. +- Generated files are checked in. If your change affects generation, keep generated output up to date. +- Prefer fast local search tools such as `rg` when exploring the repository. +- When changing behavior, make the invariants explicit in tests. + +## Personas + +### Feature Agent + +Use this persona for new behavior, new API surface, or spec-driven feature work. + +- Start with a failing unit test. +- Confirm the expected behavior against the spec, existing package behavior, and public API compatibility. +- Implement the smallest viable change. +- Update GoDoc, examples, `README.md`, and `CHANGELOG.md` when the change is user-visible. +- If the feature touches a hot path, check benchmarks and add one if the coverage is missing. + +### Refactoring Agent + +Use this persona when improving structure without intentionally changing behavior. + +- Treat behavior preservation as the default contract. +- Add or tighten tests before moving code if current behavior is not already pinned down. +- Avoid broad rewrites, clever abstractions, or package-wide cleanup unless explicitly requested. +- If a refactor touches a hot path, benchmark before and after. +- Keep API shape, semantics, concurrency guarantees, and failure modes unchanged unless the task says otherwise. + +### Test Agent + +Use this persona when adding missing coverage, reproducing bugs, or hardening regressions. + +- Reproduce the bug or missing behavior with the smallest failing test you can. +- Prefer testing public behavior and externally visible invariants. +- Add targeted regression tests before changing production code. +- Only change production code when it is required to make the tested behavior correct or testable. +- Keep tests deterministic, readable, and aligned with package patterns. + +### Performance Agent + +Use this persona for hot-path work, allocation reduction, or throughput and latency improvements. + +- Benchmark first to establish a baseline. +- Prefer changes that reduce allocations, copying, interface churn, and unnecessary synchronization. +- Do not trade away correctness, spec compliance, or API stability for micro-optimizations. +- Add or update benchmarks when performance-sensitive coverage is missing. +- If you materially change a hot path, capture before-and-after results, preferably with `benchstat`. + +### Review Agent + +Use this persona when asked to review code, patches, or pull requests. + +- Lead with findings, not summaries. +- Order findings by severity and include precise file and line references when available. +- Focus on correctness, spec compliance, API compatibility, concurrency safety, resilience, performance regressions, missing tests, missing benchmarks, documentation gaps, and changelog gaps. +- Call out when a diff is broader than necessary. +- If you find no issues, say that explicitly and note any residual risks or verification gaps. diff --git a/vendor/go.opentelemetry.io/otel/CHANGELOG.md b/vendor/go.opentelemetry.io/otel/CHANGELOG.md index 20edda4418..6a90451f52 100644 --- a/vendor/go.opentelemetry.io/otel/CHANGELOG.md +++ b/vendor/go.opentelemetry.io/otel/CHANGELOG.md @@ -11,6 +11,100 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm +## [1.44.0/0.66.0/0.20.0/0.0.17] 2026-05-27 + +### Added + +- Add `ByteSlice` and `ByteSliceValue` functions for new `BYTESLICE` attribute type in `go.opentelemetry.io/otel/attribute`. (#7948) +- Apply attribute value limit to the `KindBytes` attribute type in `go.opentelemetry.io/otel/sdk/log`. (#7990) +- Apply attribute value limit to the `BYTESLICE` attribute type in `go.opentelemetry.io/otel/sdk/trace`. (#7990) +- Support `BYTESLICE` attributes in `go.opentelemetry.io/otel/trace`. (#8153) +- Support `BYTESLICE` attributes in `go.opentelemetry.io/otel/exporters/otlp/otlptrace`. (#8153) +- Support `BYTESLICE` attributes in `go.opentelemetry.io/otel/exporters/otlp/otlplog`. (#8153) +- Support `BYTESLICE` attributes in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric`. (#8153) +- Support `BYTESLICE` attributes in `go.opentelemetry.io/otel/exporters/zipkin`. (#8153) +- Add `String` method for `Value` type in `go.opentelemetry.io/otel/attribute`. (#8142) +- Add `Slice` and `SliceValue` functions for new `SLICE` attribute type in `go.opentelemetry.io/otel/attribute`. (#8166) +- Support `SLICE` attributes in `go.opentelemetry.io/otel/exporters/otlp/otlptrace`. (#8216) +- Support `SLICE` attributes in `go.opentelemetry.io/otel/exporters/otlp/otlplog`. (#8216) +- Support `SLICE` attributes in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric`. (#8216) +- Support `SLICE` attributes in `go.opentelemetry.io/otel/exporters/zipkin`. (#8216) +- Apply `AttributeValueLengthLimit` to `attribute.SLICE` type attribute values in `go.opentelemetry.io/otel/sdk/trace`, recursively truncating contained string values. (#8217) +- Add `Error` field on `Record` type in `go.opentelemetry.io/otel/log/logtest`. (#8148) +- Add `WithMaxRequestSize` option in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#8157) +- Add `WithMaxRequestSize` option in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#8157) +- Add `WithMaxRequestSize` option in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#8157) +- Add `WithMaxRequestSize` option in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#8157) +- Add `WithMaxRequestSize` option in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc`. (#8157) +- Add `WithMaxRequestSize` option in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#8157) +- Add `Settable` to `go.opentelemetry.io/otel/metric/x` to allow reusing attribute options. (#8178) +- Add experimental support for splitting metric data across multiple batches in `go.opentelemetry.io/otel/sdk/metric`. + Set `OTEL_GO_X_METRIC_EXPORT_BATCH_SIZE=` to enable for all periodic readers. + See `go.opentelemetry.io/otel/sdk/metric/internal/x` for feature documentation. (#8071) +- Add experimental self-observability metrics in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. + Enable with `OTEL_GO_X_SELF_OBSERVABILITY=true` environment variable. + See `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x` for feature documentation. (#8192) +- Add experimental self-observability metrics in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. + Enable with `OTEL_GO_X_SELF_OBSERVABILITY=true` environment variable. + See `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x` for feature documentation. (#8194) +- Add experimental self-observability metrics in `go.opentelemetry.io/otel/exporters/stdout/stdoutlog`. + Enable with `OTEL_GO_X_SELF_OBSERVABILITY=true` environment variable. + See `go.opentelemetry.io/otel/stdout/stdoutlog/internal/x` for feature documentation. (#8263) +- Add `WithDefaultAttributes` to `go.opentelemetry.io/otel/metric/x` to support setting default attributes on instruments. (#8135) +- Add `go.opentelemetry.io/otel/semconv/v1.41.0` package. + The package contains semantic conventions from the `v1.41.0` version of the OpenTelemetry Semantic Conventions. + See the [migration documentation](./semconv/v1.41.0/MIGRATION.md) for information on how to upgrade from `go.opentelemetry.io/otel/semconv/v1.40.0`. (#8324) +- Add Observable variants of instruments to `go.opentelemetry.io/otel/semconv/v1.41.0` package. (#8350) +- Generate explicit histogram bucket boundaries from weaver configuration for HTTP and RPC duration instruments in `go.opentelemetry.io/otel/semconv/v1.41.0`. (#8002) + +### Changed + +- ⚠️ **Breaking Change:** `go.opentelemetry.io/otel/sdk/metric` now applies a default cardinality limit of 2000 to comply with the Metrics SDK specification recommendation. + New attribute sets are dropped when the cardinality limit is reached. The measurement of these sets are aggregated into a special attribute set containing `attribute.Bool("otel.metric.overflow", true)`. + This can break users who relied on the previous unlimited default. + Set `WithCardinalityLimit(0)` or the deprecated `OTEL_GO_X_CARDINALITY_LIMIT=0` environment variable to preserve unlimited cardinality. + Note that support for `OTEL_GO_X_CARDINALITY_LIMIT` may be removed in a future release. (#8247) +- `ErrorType` in `go.opentelemetry.io/otel/semconv` now unwraps errors created with `fmt.Errorf` when deriving the `error.type` attribute. (#8133) +- `go.opentelemetry.io/otel/sdk/log` now unwraps error chains created with `fmt.Errorf` when deriving the `error.type` attribute from errors on log records. (#8133) +- `Set.MarshalLog` method in `go.opentelemetry.io/otel/attribute` now uses `Value.String` formatting following the [OpenTelemetry AnyValue representation for non-OTLP protocols](https://opentelemetry.io/docs/specs/otel/common/#anyvalue). (#8169) +- Optimize `go.opentelemetry.io/otel/sdk/metric` to return a drop reservoir and short-circuit `Offer` calls to the exemplar reservoir when `exemplar.AlwaysOffFilter` is configured. (#8211) (#8267) +- Optimize `go.opentelemetry.io/otel/sdk/metric` to return a drop reservoir for asynchronous instruments when `exemplar.TraceBasedFilter` is configured. (#8286) + +### Deprecated + +- Deprecate `Value.Emit` method in `go.opentelemetry.io/otel/attribute`. + Use `Value.String` instead. (#8176) + +### Fixed + +- Limit OTLP request size to 64 MiB by default in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. + The limit applies before compression, oversized requests are treated as non-retryable errors, and the limit can be configured with the new `WithMaxRequestSize` option. (#8157, #8365) +- Limit OTLP request size to 64 MiB by default in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. + The limit applies before compression, oversized requests are treated as non-retryable errors, and the limit can be configured with the new `WithMaxRequestSize` option. (#8157, #8365) +- Limit OTLP request size to 64 MiB by default in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. + The limit applies before compression, oversized requests are treated as non-retryable errors, and the limit can be configured with the new `WithMaxRequestSize` option. (#8157, #8365) +- Limit OTLP request size to 64 MiB by default in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. + The limit applies before compression, oversized requests are treated as non-retryable errors, and the limit can be configured with the new `WithMaxRequestSize` option. (#8157, #8365) +- Limit OTLP request size to 64 MiB by default in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc`. + The limit applies before compression, oversized requests are treated as non-retryable errors, and the limit can be configured with the new `WithMaxRequestSize` option. (#8157, #8365) +- Limit OTLP request size to 64 MiB by default in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. + The limit applies before compression, oversized requests are treated as non-retryable errors, and the limit can be configured with the new `WithMaxRequestSize` option. (#8157, #8365) +- Fix gzipped request body replay on redirect in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#8135) +- Fix gzipped request body replay on redirect in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#8152) +- `go.opentelemetry.io/otel/exporters/prometheus` now uses `Value.String` formatting for label values following the [OpenTelemetry AnyValue representation for non-OTLP protocols](https://opentelemetry.io/docs/specs/otel/common/#anyvalue). (#8170) +- Propagate errors from the exporter when calling `Shutdown` on `BatchSpanProcessor` in `go.opentelemetry.io/otel/sdk/trace`. (#8197) +- Fix stale status code reporting on self-observability metrics in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` and `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#8226) +- Fix a concurrent `Collect` data race and potential panic in `go.opentelemetry.io/otel/exporters/prometheus` when `WithResourceAsConstantLabels` option is used. (#8227) +- Fix race condition in `FixedSizeReservoir` in `go.opentelemetry.io/otel/sdk/metric/exemplar` by reverting #7447. (#8249) +- Fix `FixedSizeReservoir` in `go.opentelemetry.io/otel/sdk/metric/exemplar` to safely handle zero size. + A capacity check in the constructor initializes the reservoir safely and skips initialization for zero-cap; early returns in `Offer()` and `Collect()` ensure no-op behavior. (#8295) +- Fix counting of spans and logs in self-observability metrics in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`, `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`, `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc`, and `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#8254) +- Drop conflicting scope attributes named `name`, `version`, or `schema_url` from metric labels in `go.opentelemetry.io/otel/exporters/prometheus`, preserving the dedicated `otel_scope_name`, `otel_scope_version`, and `otel_scope_schema_url` labels. (#8264) +- Close schema files opened by `ParseFile` in `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1`. ([GHSA-995v-fvrw-c78m](https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-995v-fvrw-c78m)) +- Enforce the 8192-byte baggage size limit during extraction/parsing, changing behavior when the limit is exceeded in `go.opentelemetry.io/otel/baggage` and `go.opentelemetry.io/otel/propagation`. (#8222) +- Fix `go.opentelemetry.io/otel/semconv/v1.41.0` to include `Attr*` helper methods for required attributes on observable instruments. (#8361) +- Limit baggage extraction error reporting in `go.opentelemetry.io/otel/propagation` to prevent malformed or oversized baggage headers from flooding logs. ([GHSA-5wrp-cwcj-q835](https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-5wrp-cwcj-q835)) + ## [1.43.0/0.65.0/0.19.0] 2026-04-02 ### Added @@ -3619,7 +3713,8 @@ It contains api and sdk for trace and meter. - CircleCI build CI manifest files. - CODEOWNERS file to track owners of this project. -[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.43.0...HEAD +[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.44.0...HEAD +[1.44.0/0.66.0/0.20.0/0.0.17]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.44.0 [1.43.0/0.65.0/0.19.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0 [1.42.0/0.64.0/0.18.0/0.0.16]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.42.0 [1.41.0/0.63.0/0.17.0/0.0.15]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.41.0 diff --git a/vendor/go.opentelemetry.io/otel/CLAUDE.md b/vendor/go.opentelemetry.io/otel/CLAUDE.md new file mode 100644 index 0000000000..dd3c4594fc --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/CLAUDE.md @@ -0,0 +1,3 @@ +# Instructions for Claude Code + +@AGENTS.md diff --git a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md index 12de3607a3..3ec17d6832 100644 --- a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md +++ b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md @@ -11,6 +11,12 @@ for a summary description of past meetings. To request edit access, join the meeting or get in touch on [Slack](https://cloud-native.slack.com/archives/C01NPAXACKT). +The meeting is open for all to join. We invite everyone to join our +meeting, regardless of your experience level. Whether you're a +seasoned OpenTelemetry developer, just starting your journey, or +simply curious about the work we do, you're more than welcome to +participate! + ## Development You can view and edit the source code by cloning this repository: @@ -746,8 +752,8 @@ Encapsulate setup in constructor functions, ensuring clear ownership and scope: import ( "errors" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" - "go.opentelemetry.io/otel/semconv/v1.40.0/otelconv" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" + "go.opentelemetry.io/otel/semconv/v1.41.0/otelconv" ) type SDKComponent struct { @@ -808,11 +814,11 @@ func (c *Component) initObservability() { #### Performance -When observability is disabled there should be little to no overhead. +When observability is disabled or the instrument is not `Enabled`, there should be little to no overhead. ```go func (e *Exporter) ExportSpans(ctx context.Context, spans []trace.ReadOnlySpan) error { - if e.inst != nil { + if e.inst != nil && e.inst.Enabled(ctx) { attrs := expensiveOperation() e.inst.recordSpanInflight(ctx, int64(len(spans)), attrs...) } @@ -829,7 +835,7 @@ func (e *Exporter) ExportSpans(ctx context.Context, spans []trace.ReadOnlySpan) } func (i *instrumentation) recordSpanInflight(ctx context.Context, count int64, attrs ...attribute.KeyValue) { - if i == nil || i.inflight == nil { + if i == nil || i.inflight == nil || !i.inflight.Enabled(ctx) { return } i.inflight.Add(ctx, count, metric.WithAttributes(attrs...)) @@ -865,8 +871,12 @@ var ( ) func (i *instrumentation) record(ctx context.Context, value int64, baseAttrs ...attribute.KeyValue) { + if !i.counter.Enabled(ctx) { + return + } attrs := attrPool.Get().(*[]attribute.KeyValue) defer func() { + clear(*attrs) // Clear references to strings/etc to let GC collect them. *attrs = (*attrs)[:0] // Reset. attrPool.Put(attrs) }() @@ -877,6 +887,7 @@ func (i *instrumentation) record(ctx context.Context, value int64, baseAttrs ... addOpt := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*addOpt) *addOpt = (*addOpt)[:0] addOptPool.Put(addOpt) }() @@ -1007,16 +1018,20 @@ Ensure observability measurements receive the correct context, especially for tr ```go func (e *Exporter) ExportSpans(ctx context.Context, spans []trace.ReadOnlySpan) error { // Use the provided context for observability measurements - e.inst.recordSpanExportStarted(ctx, len(spans)) + if e.inst.Enabled(ctx) { + e.inst.recordSpanExportStarted(ctx, len(spans)) + } err := e.doExport(ctx, spans) - if err != nil { - e.inst.recordSpanExportFailed(ctx, len(spans), err) - } else { - e.inst.recordSpanExportSucceeded(ctx, len(spans)) + if e.inst.Enabled(ctx) { + if err != nil { + e.inst.recordSpanExportFailed(ctx, len(spans), err) + } else { + e.inst.recordSpanExportSucceeded(ctx, len(spans)) + } } - + return err } ``` @@ -1039,7 +1054,7 @@ func (e *Exporter) ExportSpans(ctx context.Context, spans []trace.ReadOnlySpan) All observability metrics should follow the [OpenTelemetry Semantic Conventions for SDK metrics](https://github.com/open-telemetry/semantic-conventions/blob/1cf2476ae5e518225a766990a28a6d5602bd5a30/docs/otel/sdk-metrics.md). -Use the metric semantic conventions convenience package [otelconv](./semconv/v1.40.0/otelconv/metric.go). +Use the metric semantic conventions convenience package [otelconv](./semconv/v1.41.0/otelconv/metric.go). ##### Component Identification @@ -1109,6 +1124,68 @@ func TestObservability(t *testing.T) { Test order should not affect results. Ensure that any global state (e.g. component ID counters) is reset between tests. +### Experimental Features + +To support the development of new features in the specification, we use the following patterns to implement in-development features without adding new public artifacts in stable modules. + +#### Experimental behavior with no API artifacts + +Features that change behavior without changing the API (e.g., exemplar collection, auto-generation of identifiers) are implemented behind a feature gate. +The implementation resides in an `/internal/x` package and is activated through environment variables with the `OTEL_GO_X_` prefix (e.g., `OTEL_GO_X_OBSERVABILITY`). +The feature must be documented in a `README.md` file in the `/internal/x` package. + +#### Experimental methods on SDK-only interfaces + +Features that require new methods on SDK interfaces are defined as a new interface in an experimental module (e.g., `go.opentelemetry.io/otel/sdk/x`). +The SDK uses type assertions (without importing the unstable package) to check if passing types implement these experimental interfaces. +The SDK must not depend on the experimental module. + +#### Experimental structs, functions, or interfaces + +Features that don't need any changes to the existing stable package are implemented in an experimental module (e.g., `go.opentelemetry.io/otel/sdk/x`). + +#### Experimental signals and components + +New telemetry signals (e.g., Logs before stabilization) and components (e.g. bridges) are hosted in new, unstable modules (e.g., `go.opentelemetry.io/otel/log` before 1.0.0). +The package should have the final name it will use once stabilized (i.e. not `/x`), and is released at a v0.x.y version to indicate it is not stable. +Most new components are hosted in [opentelemetry-go-contrib](https://github.com/open-telemetry/opentelemetry-go-contrib). + +#### Experimental options for API or SDK functions + +Experimental Options functions are implemented in an experimental module (e.g., `go.opentelemetry.io/otel/sdk/x`). +The return type of the Option function must embed the option's type (e.g. `metric.InstrumentOption`), and have an `Experimental()` method to prevent the API from panicking when the option is used. +The SDK uses type assertions (without importing the unstable package) to check if passing types implement these experimental interfaces. +The SDK must not depend on the experimental module. + +For example: + +```go +type myOption struct { + // Embed the stable option type. + metric.InstrumentOption + value string +} + +// Experimental prevents the API from panicking when the option is used. +func (o myOption) Experimental() {} + +// The SDK can use type assertions to use this function. +func (o myOption) Value() string { return o.value } + +func WithMyOption(value string) metric.InstrumentOption { + return myOption{value: value} +} +``` + +#### Not Supported + +The following kinds of experimental features are **not currently supported** on stable interfaces: + +- Experimental methods on API interfaces +- Experimental fields for API or SDK exported structs + +In some cases forks or long-lived branches may be used for prototyping these features. + ## Approvers and Maintainers ### Maintainers diff --git a/vendor/go.opentelemetry.io/otel/Makefile b/vendor/go.opentelemetry.io/otel/Makefile index 42466f2d6a..de63a5e9bc 100644 --- a/vendor/go.opentelemetry.io/otel/Makefile +++ b/vendor/go.opentelemetry.io/otel/Makefile @@ -191,8 +191,16 @@ benchmark: $(OTEL_GO_MOD_DIRS:%=benchmark/%) benchmark/%: cd $* && $(GO) test -run='^$$' -bench=. $(ARGS) ./... +# sdk/metric is split into two shards to work around CodSpeed limitations. +# See https://github.com/CodSpeedHQ/codspeed-go/issues/56 +BENCHMARK_SHARDS := $(filter-out ./sdk/metric,$(OTEL_GO_MOD_DIRS)) ./sdk/metric/root ./sdk/metric/internal +benchmark/./sdk/metric/root: + cd ./sdk/metric && $(GO) test -run='^$$' -bench=. $(ARGS) . ./exemplar/... +benchmark/./sdk/metric/internal: + cd ./sdk/metric && $(GO) test -run='^$$' -bench=. $(ARGS) ./internal/... + print-sharded-benchmarks: - @echo $(OTEL_GO_MOD_DIRS) | jq -cR 'split(" ")' + @echo $(BENCHMARK_SHARDS) | jq -cR 'split(" ")' .PHONY: golangci-lint golangci-lint-fix golangci-lint-fix: ARGS=--fix diff --git a/vendor/go.opentelemetry.io/otel/attribute/encoder.go b/vendor/go.opentelemetry.io/otel/attribute/encoder.go index 771dd69c55..ca186d8ac2 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/encoder.go +++ b/vendor/go.opentelemetry.io/otel/attribute/encoder.go @@ -105,7 +105,9 @@ func (d *defaultAttrEncoder) Encode(iter Iterator) string { if keyValue.Value.Type() == STRING { copyAndEscape(buf, keyValue.Value.AsString()) } else { - _, _ = buf.WriteString(keyValue.Value.Emit()) + _, _ = buf.WriteString( + keyValue.Value.Emit(), + ) //nolint:staticcheck // Preserve the existing default encoder output. } } return buf.String() diff --git a/vendor/go.opentelemetry.io/otel/attribute/hash.go b/vendor/go.opentelemetry.io/otel/attribute/hash.go index b09caaa6d7..92f39ffe7b 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/hash.go +++ b/vendor/go.opentelemetry.io/otel/attribute/hash.go @@ -27,6 +27,8 @@ const ( int64SliceID uint64 = 3762322556277578591 // "_[]int64" (little endian) float64SliceID uint64 = 7308324551835016539 // "[]double" (little endian) stringSliceID uint64 = 7453010373645655387 // "[]string" (little endian) + byteSliceID uint64 = 6874028470941080415 // "_[]byte_" (little endian) + sliceID uint64 = 7883494272577650031 // "__slice_" (little endian) emptyID uint64 = 7305809155345288421 // "__empty_" (little endian) ) @@ -42,53 +44,87 @@ func hashKVs(kvs []KeyValue) uint64 { // hashKV returns the xxHash64 hash of kv with h as the base. func hashKV(h xxhash.Hash, kv KeyValue) xxhash.Hash { h = h.String(string(kv.Key)) + return hashValue(h, kv.Value) +} - switch kv.Value.Type() { +func hashValue(h xxhash.Hash, v Value) xxhash.Hash { + switch v.Type() { case BOOL: h = h.Uint64(boolID) - h = h.Uint64(kv.Value.numeric) + h = h.Uint64(v.numeric) case INT64: h = h.Uint64(int64ID) - h = h.Uint64(kv.Value.numeric) + h = h.Uint64(v.numeric) case FLOAT64: h = h.Uint64(float64ID) // Assumes numeric stored with math.Float64bits. - h = h.Uint64(kv.Value.numeric) + h = h.Uint64(v.numeric) case STRING: h = h.Uint64(stringID) - h = h.String(kv.Value.stringly) + h = h.String(v.stringly) case BOOLSLICE: h = h.Uint64(boolSliceID) - rv := reflect.ValueOf(kv.Value.slice) + rv := reflect.ValueOf(v.slice) for i := 0; i < rv.Len(); i++ { h = h.Bool(rv.Index(i).Bool()) } case INT64SLICE: h = h.Uint64(int64SliceID) - rv := reflect.ValueOf(kv.Value.slice) + rv := reflect.ValueOf(v.slice) for i := 0; i < rv.Len(); i++ { h = h.Int64(rv.Index(i).Int()) } case FLOAT64SLICE: h = h.Uint64(float64SliceID) - rv := reflect.ValueOf(kv.Value.slice) + rv := reflect.ValueOf(v.slice) for i := 0; i < rv.Len(); i++ { h = h.Float64(rv.Index(i).Float()) } case STRINGSLICE: h = h.Uint64(stringSliceID) - rv := reflect.ValueOf(kv.Value.slice) + rv := reflect.ValueOf(v.slice) for i := 0; i < rv.Len(); i++ { h = h.String(rv.Index(i).String()) } + case BYTESLICE: + h = h.Uint64(byteSliceID) + h = h.String(v.stringly) + case SLICE: + h = h.Uint64(sliceID) + switch vals := v.slice.(type) { + case [0]Value: + // No values to hash, but the type identifier is still hashed above. + case [1]Value: + h = hashValueSlice(h, vals[:]) + case [2]Value: + h = hashValueSlice(h, vals[:]) + case [3]Value: + h = hashValueSlice(h, vals[:]) + case [4]Value: + h = hashValueSlice(h, vals[:]) + case [5]Value: + h = hashValueSlice(h, vals[:]) + default: + rv := reflect.ValueOf(v.slice) + for i := 0; i < rv.Len(); i++ { + h = hashValue(h, rv.Index(i).Interface().(Value)) + } + } case EMPTY: h = h.Uint64(emptyID) default: // Logging is an alternative, but using the internal logger here // causes an import cycle so it is not done. - v := kv.Value.AsInterface() - msg := fmt.Sprintf("unknown value type: %[1]v (%[1]T)", v) + val := v.AsInterface() + msg := fmt.Sprintf("unknown value type: %[1]v (%[1]T)", val) panic(msg) } return h } + +func hashValueSlice(h xxhash.Hash, vals []Value) xxhash.Hash { + for _, v := range vals { + h = hashValue(h, v) + } + return h +} diff --git a/vendor/go.opentelemetry.io/otel/attribute/key.go b/vendor/go.opentelemetry.io/otel/attribute/key.go index 80a9e5643f..cdc7089e82 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/key.go +++ b/vendor/go.opentelemetry.io/otel/attribute/key.go @@ -117,6 +117,28 @@ func (k Key) StringSlice(v []string) KeyValue { } } +// ByteSlice creates a KeyValue instance with a BYTESLICE Value. +// +// If creating both a key and value at the same time, use the provided +// convenience function instead -- ByteSlice(name, value). +func (k Key) ByteSlice(v []byte) KeyValue { + return KeyValue{ + Key: k, + Value: ByteSliceValue(v), + } +} + +// Slice creates a KeyValue instance with a SLICE Value. +// +// If creating both a key and value at the same time, use the provided +// convenience function instead -- Slice(name, values...). +func (k Key) Slice(v ...Value) KeyValue { + return KeyValue{ + Key: k, + Value: SliceValue(v...), + } +} + // Defined reports whether the key is not empty. func (k Key) Defined() bool { return len(k) != 0 diff --git a/vendor/go.opentelemetry.io/otel/attribute/kv.go b/vendor/go.opentelemetry.io/otel/attribute/kv.go index 0cc368018b..eeb76a1348 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/kv.go +++ b/vendor/go.opentelemetry.io/otel/attribute/kv.go @@ -68,6 +68,16 @@ func StringSlice(k string, v []string) KeyValue { return Key(k).StringSlice(v) } +// ByteSlice creates a KeyValue with a BYTESLICE Value type. +func ByteSlice(k string, v []byte) KeyValue { + return Key(k).ByteSlice(v) +} + +// Slice creates a KeyValue with a SLICE Value type. +func Slice(k string, v ...Value) KeyValue { + return Key(k).Slice(v...) +} + // Stringer creates a new key-value pair with a passed name and a string // value generated by the passed Stringer interface. func Stringer(k string, v fmt.Stringer) KeyValue { diff --git a/vendor/go.opentelemetry.io/otel/attribute/set.go b/vendor/go.opentelemetry.io/otel/attribute/set.go index 6572c98b12..a4b6ce81de 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/set.go +++ b/vendor/go.opentelemetry.io/otel/attribute/set.go @@ -401,7 +401,7 @@ func computeDataFixed(kvs []KeyValue) any { func computeDataReflect(kvs []KeyValue) any { at := reflect.New(reflect.ArrayOf(len(kvs), keyValueType)).Elem() for i, keyValue := range kvs { - *(at.Index(i).Addr().Interface().(*KeyValue)) = keyValue + *at.Index(i).Addr().Interface().(*KeyValue) = keyValue } return at.Interface() } @@ -415,7 +415,7 @@ func (l *Set) MarshalJSON() ([]byte, error) { func (l Set) MarshalLog() any { kvs := make(map[string]string) for _, kv := range l.ToSlice() { - kvs[string(kv.Key)] = kv.Value.Emit() + kvs[string(kv.Key)] = kv.Value.String() } return kvs } diff --git a/vendor/go.opentelemetry.io/otel/attribute/type_string.go b/vendor/go.opentelemetry.io/otel/attribute/type_string.go index 6c04448d6f..dbc01d3247 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/type_string.go +++ b/vendor/go.opentelemetry.io/otel/attribute/type_string.go @@ -17,11 +17,13 @@ func _() { _ = x[INT64SLICE-6] _ = x[FLOAT64SLICE-7] _ = x[STRINGSLICE-8] + _ = x[BYTESLICE-9] + _ = x[SLICE-10] } -const _Type_name = "EMPTYBOOLINT64FLOAT64STRINGBOOLSLICEINT64SLICEFLOAT64SLICESTRINGSLICE" +const _Type_name = "EMPTYBOOLINT64FLOAT64STRINGBOOLSLICEINT64SLICEFLOAT64SLICESTRINGSLICEBYTESLICESLICE" -var _Type_index = [...]uint8{0, 5, 9, 14, 21, 27, 36, 46, 58, 69} +var _Type_index = [...]uint8{0, 5, 9, 14, 21, 27, 36, 46, 58, 69, 78, 83} func (i Type) String() string { idx := int(i) - 0 diff --git a/vendor/go.opentelemetry.io/otel/attribute/value.go b/vendor/go.opentelemetry.io/otel/attribute/value.go index db04b1326c..0529fefae2 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/value.go +++ b/vendor/go.opentelemetry.io/otel/attribute/value.go @@ -4,9 +4,14 @@ package attribute // import "go.opentelemetry.io/otel/attribute" import ( + "encoding/base64" "encoding/json" "fmt" + "math" + "reflect" "strconv" + "strings" + "unicode/utf8" attribute "go.opentelemetry.io/otel/attribute/internal" ) @@ -45,6 +50,10 @@ const ( FLOAT64SLICE // STRINGSLICE is a slice of strings Type Value. STRINGSLICE + // BYTESLICE is a slice of bytes Type Value. + BYTESLICE + // SLICE is a slice of Value Type values. + SLICE // INVALID is used for a Value with no value set. // // Deprecated: Use EMPTY instead as an empty value is a valid value. @@ -134,6 +143,19 @@ func StringSliceValue(v []string) Value { return Value{vtype: STRINGSLICE, slice: attribute.SliceValue(v)} } +// ByteSliceValue creates a BYTESLICE Value. +func ByteSliceValue(v []byte) Value { + return Value{ + vtype: BYTESLICE, + stringly: string(v), + } +} + +// SliceValue creates a SLICE Value. +func SliceValue(v ...Value) Value { + return Value{vtype: SLICE, slice: sliceValue(v)} +} + // Type returns a type of the Value. func (v Value) Type() Type { return v.vtype @@ -215,6 +237,59 @@ func (v Value) asStringSlice() []string { return attribute.AsSlice[string](v.slice) } +// AsSlice returns the []Value value. Make sure that the Value's type is +// SLICE. +func (v Value) AsSlice() []Value { + if v.vtype != SLICE { + return nil + } + return v.asSlice() +} + +func (v Value) asSlice() []Value { + switch vals := v.slice.(type) { + case [0]Value: + return []Value{} + case [1]Value: + return []Value{vals[0]} + case [2]Value: + return []Value{vals[0], vals[1]} + case [3]Value: + return []Value{vals[0], vals[1], vals[2]} + case [4]Value: + return []Value{vals[0], vals[1], vals[2], vals[3]} + case [5]Value: + return []Value{vals[0], vals[1], vals[2], vals[3], vals[4]} + default: + return asValueSliceReflect(v.slice) + } +} + +func asValueSliceReflect(v any) []Value { + rv := reflect.ValueOf(v) + if !rv.IsValid() || rv.Kind() != reflect.Array || rv.Type().Elem() != reflect.TypeFor[Value]() { + return nil + } + cpy := make([]Value, rv.Len()) + if len(cpy) > 0 { + _ = reflect.Copy(reflect.ValueOf(cpy), rv) + } + return cpy +} + +// AsByteSlice returns the bytes value. Make sure that the Value's type +// is BYTESLICE. +func (v Value) AsByteSlice() []byte { + if v.vtype != BYTESLICE { + return nil + } + return v.asByteSlice() +} + +func (v Value) asByteSlice() []byte { + return []byte(v.stringly) +} + type unknownValueType struct{} // AsInterface returns Value's data as any. @@ -236,13 +311,60 @@ func (v Value) AsInterface() any { return v.stringly case STRINGSLICE: return v.asStringSlice() + case BYTESLICE: + return v.asByteSlice() + case SLICE: + return v.asSlice() case EMPTY: return nil } return unknownValueType{} } +// String returns a string representation of Value using the +// [OpenTelemetry AnyValue representation for non-OTLP protocols] rules. +// +// Strings are returned as-is without JSON quoting, booleans and integers use +// JSON literals, floating-point values use JSON numbers except that NaN and +// ±Inf are rendered as NaN, Infinity, and -Infinity, byte slices are +// base64-encoded, empty values are the empty string, and slices are encoded as +// JSON arrays. String, byte, and special floating-point values inside arrays +// are encoded as JSON strings, and empty values inside arrays are encoded as +// null. +// +// [OpenTelemetry AnyValue representation for non-OTLP protocols]: https://opentelemetry.io/docs/specs/otel/common/#anyvalue-representation-for-non-otlp-protocols +func (v Value) String() string { + switch v.Type() { + case BOOL: + return strconv.FormatBool(v.AsBool()) + case BOOLSLICE: + return formatBoolSliceValue(v.slice) + case INT64: + return strconv.FormatInt(v.AsInt64(), 10) + case INT64SLICE: + return formatInt64SliceValue(v.slice) + case FLOAT64: + return formatFloat64(v.AsFloat64()) + case FLOAT64SLICE: + return formatFloat64SliceValue(v.slice) + case STRING: + return v.stringly + case STRINGSLICE: + return formatStringSliceValue(v.slice) + case BYTESLICE: + return formatByteSlice(v.stringly) + case SLICE: + return formatValueSliceValue(v.slice) + case EMPTY: + return "" + default: + return "unknown" + } +} + // Emit returns a string representation of Value's data. +// +// Deprecated: Use [Value.String] instead. func (v Value) Emit() string { switch v.Type() { case BOOLSLICE: @@ -273,6 +395,10 @@ func (v Value) Emit() string { return string(j) case STRING: return v.stringly + case BYTESLICE: + return formatByteSlice(v.stringly) + case SLICE: + return formatValueSliceValue(v.slice) case EMPTY: return "" default: @@ -280,6 +406,622 @@ func (v Value) Emit() string { } } +const ( + jsonArrayBracketsLen = len("[]") + boolArrayElemMaxLen = len("false") + int64ArrayElemMaxLen = len("-9223372036854775808") + float64ArrayElemMaxLen = len("-1.7976931348623157e+308") + commaLen = len(",") +) + +func sliceValue(v []Value) any { + switch len(v) { + case 0: + return [0]Value{} + case 1: + return [1]Value{v[0]} + case 2: + return [2]Value{v[0], v[1]} + case 3: + return [3]Value{v[0], v[1], v[2]} + case 4: + return [4]Value{v[0], v[1], v[2], v[3]} + case 5: + return [5]Value{v[0], v[1], v[2], v[3], v[4]} + default: + return sliceValueReflect(v) + } +} + +func sliceValueReflect(v []Value) any { + cp := reflect.New(reflect.ArrayOf(len(v), reflect.TypeFor[Value]())).Elem() + reflect.Copy(cp, reflect.ValueOf(v)) + return cp.Interface() +} + +func formatBoolSliceValue(v any) string { + switch vals := v.(type) { + case [0]bool: + return "[]" + case [1]bool: + return formatBoolSlice(vals[:]) + case [2]bool: + return formatBoolSlice(vals[:]) + case [3]bool: + return formatBoolSlice(vals[:]) + default: + return formatBoolSliceReflect(v) + } +} + +func formatBoolSlice(vals []bool) string { + var b strings.Builder + appendBoolSlice(&b, vals) + return b.String() +} + +func formatBoolSliceReflect(v any) string { + var b strings.Builder + appendBoolSliceReflect(&b, reflect.ValueOf(v)) + return b.String() +} + +func appendBoolSliceValue(dst *strings.Builder, v any) { + switch vals := v.(type) { + case [0]bool: + _, _ = dst.WriteString("[]") + case [1]bool: + appendBoolSlice(dst, vals[:]) + case [2]bool: + appendBoolSlice(dst, vals[:]) + case [3]bool: + appendBoolSlice(dst, vals[:]) + default: + appendBoolSliceReflect(dst, reflect.ValueOf(v)) + } +} + +func appendBoolSlice(dst *strings.Builder, vals []bool) { + dst.Grow(jsonArrayBracketsLen + len(vals)*(boolArrayElemMaxLen+commaLen)) + _ = dst.WriteByte('[') + for i, val := range vals { + if i > 0 { + _ = dst.WriteByte(',') + } + if val { + _, _ = dst.WriteString("true") + } else { + _, _ = dst.WriteString("false") + } + } + _ = dst.WriteByte(']') +} + +func appendBoolSliceReflect(dst *strings.Builder, rv reflect.Value) { + dst.Grow(jsonArrayBracketsLen + rv.Len()*(boolArrayElemMaxLen+commaLen)) + _ = dst.WriteByte('[') + for i := 0; i < rv.Len(); i++ { + if i > 0 { + _ = dst.WriteByte(',') + } + if rv.Index(i).Bool() { + _, _ = dst.WriteString("true") + } else { + _, _ = dst.WriteString("false") + } + } + _ = dst.WriteByte(']') +} + +func formatInt64SliceValue(v any) string { + switch vals := v.(type) { + case [0]int64: + return "[]" + case [1]int64: + return formatInt64Slice(vals[:]) + case [2]int64: + return formatInt64Slice(vals[:]) + case [3]int64: + return formatInt64Slice(vals[:]) + default: + return formatInt64SliceReflect(v) + } +} + +func formatInt64Slice(vals []int64) string { + var b strings.Builder + appendInt64Slice(&b, vals) + return b.String() +} + +func formatInt64SliceReflect(v any) string { + var b strings.Builder + appendInt64SliceReflect(&b, reflect.ValueOf(v)) + return b.String() +} + +func appendInt64SliceValue(dst *strings.Builder, v any) { + switch vals := v.(type) { + case [0]int64: + _, _ = dst.WriteString("[]") + case [1]int64: + appendInt64Slice(dst, vals[:]) + case [2]int64: + appendInt64Slice(dst, vals[:]) + case [3]int64: + appendInt64Slice(dst, vals[:]) + default: + appendInt64SliceReflect(dst, reflect.ValueOf(v)) + } +} + +func appendInt64Slice(dst *strings.Builder, vals []int64) { + dst.Grow(jsonArrayBracketsLen + len(vals)*(int64ArrayElemMaxLen+commaLen)) + _ = dst.WriteByte('[') + + var buf [int64ArrayElemMaxLen]byte + for i, val := range vals { + if i > 0 { + _ = dst.WriteByte(',') + } + out := strconv.AppendInt(buf[:0], val, 10) + _, _ = dst.Write(out) + } + + _ = dst.WriteByte(']') +} + +func appendInt64SliceReflect(dst *strings.Builder, rv reflect.Value) { + dst.Grow(jsonArrayBracketsLen + rv.Len()*(int64ArrayElemMaxLen+commaLen)) + _ = dst.WriteByte('[') + + var scratch [int64ArrayElemMaxLen]byte + for i := 0; i < rv.Len(); i++ { + if i > 0 { + _ = dst.WriteByte(',') + } + out := strconv.AppendInt(scratch[:0], rv.Index(i).Int(), 10) + _, _ = dst.Write(out) + } + + _ = dst.WriteByte(']') +} + +func formatFloat64(v float64) string { + switch { + case math.IsNaN(v): + return "NaN" + case math.IsInf(v, 1): + return "Infinity" + case math.IsInf(v, -1): + return "-Infinity" + default: + return strconv.FormatFloat(v, 'g', -1, 64) + } +} + +func formatFloat64SliceValue(v any) string { + switch vals := v.(type) { + case [0]float64: + return "[]" + case [1]float64: + return formatFloat64Slice(vals[:]) + case [2]float64: + return formatFloat64Slice(vals[:]) + case [3]float64: + return formatFloat64Slice(vals[:]) + default: + return formatFloat64SliceReflect(v) + } +} + +func formatFloat64Slice(vals []float64) string { + var b strings.Builder + appendFloat64Slice(&b, vals) + return b.String() +} + +func formatFloat64SliceReflect(v any) string { + var b strings.Builder + appendFloat64SliceReflect(&b, reflect.ValueOf(v)) + return b.String() +} + +func appendFloat64SliceValue(dst *strings.Builder, v any) { + switch vals := v.(type) { + case [0]float64: + _, _ = dst.WriteString("[]") + case [1]float64: + appendFloat64Slice(dst, vals[:]) + case [2]float64: + appendFloat64Slice(dst, vals[:]) + case [3]float64: + appendFloat64Slice(dst, vals[:]) + default: + appendFloat64SliceReflect(dst, reflect.ValueOf(v)) + } +} + +func appendFloat64Slice(dst *strings.Builder, vals []float64) { + dst.Grow(jsonArrayBracketsLen + len(vals)*(float64ArrayElemMaxLen+commaLen)) + _ = dst.WriteByte('[') + + var buf [float64ArrayElemMaxLen]byte + for i, val := range vals { + if i > 0 { + _ = dst.WriteByte(',') + } + + switch { + case math.IsNaN(val): + _, _ = dst.WriteString(`"NaN"`) + case math.IsInf(val, 1): + _, _ = dst.WriteString(`"Infinity"`) + case math.IsInf(val, -1): + _, _ = dst.WriteString(`"-Infinity"`) + default: + out := strconv.AppendFloat(buf[:0], val, 'g', -1, 64) + _, _ = dst.Write(out) + } + } + + _ = dst.WriteByte(']') +} + +func appendFloat64SliceReflect(dst *strings.Builder, rv reflect.Value) { + dst.Grow(jsonArrayBracketsLen + rv.Len()*(float64ArrayElemMaxLen+commaLen)) + _ = dst.WriteByte('[') + + var scratch [float64ArrayElemMaxLen]byte + for i := 0; i < rv.Len(); i++ { + if i > 0 { + _ = dst.WriteByte(',') + } + val := rv.Index(i).Float() + switch { + case math.IsNaN(val): + _, _ = dst.WriteString(`"NaN"`) + case math.IsInf(val, 1): + _, _ = dst.WriteString(`"Infinity"`) + case math.IsInf(val, -1): + _, _ = dst.WriteString(`"-Infinity"`) + default: + out := strconv.AppendFloat(scratch[:0], val, 'g', -1, 64) + _, _ = dst.Write(out) + } + } + + _ = dst.WriteByte(']') +} + +func formatStringSliceValue(v any) string { + switch vals := v.(type) { + case [0]string: + return "[]" + case [1]string: + return formatStringSlice(vals[:]) + case [2]string: + return formatStringSlice(vals[:]) + case [3]string: + return formatStringSlice(vals[:]) + default: + return formatStringSliceReflect(v) + } +} + +func formatStringSlice(vals []string) string { + var b strings.Builder + appendStringSlice(&b, vals) + return b.String() +} + +func formatStringSliceReflect(v any) string { + var b strings.Builder + appendStringSliceReflect(&b, reflect.ValueOf(v)) + return b.String() +} + +func appendStringSliceValue(dst *strings.Builder, v any) { + switch vals := v.(type) { + case [0]string: + _, _ = dst.WriteString("[]") + case [1]string: + appendStringSlice(dst, vals[:]) + case [2]string: + appendStringSlice(dst, vals[:]) + case [3]string: + appendStringSlice(dst, vals[:]) + default: + appendStringSliceReflect(dst, reflect.ValueOf(v)) + } +} + +func appendStringSlice(dst *strings.Builder, vals []string) { + size := jsonArrayBracketsLen + for _, val := range vals { + size += len(val) + commaLen + 2 // Account for JSON string quotes and comma. + } + + dst.Grow(size) + _ = dst.WriteByte('[') + for i, val := range vals { + if i > 0 { + _ = dst.WriteByte(',') + } + appendJSONString(dst, val) + } + _ = dst.WriteByte(']') +} + +func appendStringSliceReflect(dst *strings.Builder, rv reflect.Value) { + size := jsonArrayBracketsLen + for i := 0; i < rv.Len(); i++ { + size += len(rv.Index(i).String()) + commaLen + 2 // Account for JSON string quotes and comma. + } + + dst.Grow(size) + _ = dst.WriteByte('[') + for i := 0; i < rv.Len(); i++ { + if i > 0 { + _ = dst.WriteByte(',') + } + appendJSONString(dst, rv.Index(i).String()) + } + _ = dst.WriteByte(']') +} + +func formatByteSlice(v string) string { + var b strings.Builder + appendBase64(&b, v) + return b.String() +} + +func formatValueSliceValue(v any) string { + switch vals := v.(type) { + case [0]Value: + return "[]" + case [1]Value: + return formatValueSlice(vals[:]) + case [2]Value: + return formatValueSlice(vals[:]) + case [3]Value: + return formatValueSlice(vals[:]) + case [4]Value: + return formatValueSlice(vals[:]) + case [5]Value: + return formatValueSlice(vals[:]) + default: + return formatValueSliceReflect(v) + } +} + +func formatValueSlice(vals []Value) string { + var b strings.Builder + appendValueSlice(&b, vals) + return b.String() +} + +func formatValueSliceReflect(v any) string { + var b strings.Builder + appendValueSliceReflect(&b, reflect.ValueOf(v)) + return b.String() +} + +func appendValueSliceValue(dst *strings.Builder, v any) { + switch vals := v.(type) { + case [0]Value: + _, _ = dst.WriteString("[]") + case [1]Value: + appendValueSlice(dst, vals[:]) + case [2]Value: + appendValueSlice(dst, vals[:]) + case [3]Value: + appendValueSlice(dst, vals[:]) + case [4]Value: + appendValueSlice(dst, vals[:]) + case [5]Value: + appendValueSlice(dst, vals[:]) + default: + appendValueSliceReflect(dst, reflect.ValueOf(v)) + } +} + +func appendValueSlice(dst *strings.Builder, vals []Value) { + // Estimate 10 bytes per value for small values and commas. + dst.Grow(jsonArrayBracketsLen + len(vals)*commaLen + len(vals)*10) + _ = dst.WriteByte('[') + for i, val := range vals { + if i > 0 { + _ = dst.WriteByte(',') + } + appendJSONValue(dst, val) + } + _ = dst.WriteByte(']') +} + +func appendValueSliceReflect(dst *strings.Builder, rv reflect.Value) { + // Estimate 10 bytes per value for small values and commas. + dst.Grow(jsonArrayBracketsLen + rv.Len()*commaLen + rv.Len()*10) + _ = dst.WriteByte('[') + for i := 0; i < rv.Len(); i++ { + if i > 0 { + _ = dst.WriteByte(',') + } + appendJSONValue(dst, rv.Index(i).Interface().(Value)) + } + _ = dst.WriteByte(']') +} + +func appendJSONValue(dst *strings.Builder, v Value) { + switch v.Type() { + case BOOL: + if v.AsBool() { + _, _ = dst.WriteString("true") + } else { + _, _ = dst.WriteString("false") + } + case BOOLSLICE: + appendBoolSliceValue(dst, v.slice) + case INT64: + var buf [int64ArrayElemMaxLen]byte + out := strconv.AppendInt(buf[:0], v.AsInt64(), 10) + _, _ = dst.Write(out) + case INT64SLICE: + appendInt64SliceValue(dst, v.slice) + case FLOAT64: + val := v.AsFloat64() + switch { + case math.IsNaN(val): + appendJSONString(dst, "NaN") + case math.IsInf(val, 1): + appendJSONString(dst, "Infinity") + case math.IsInf(val, -1): + appendJSONString(dst, "-Infinity") + default: + var buf [float64ArrayElemMaxLen]byte + out := strconv.AppendFloat(buf[:0], val, 'g', -1, 64) + _, _ = dst.Write(out) + } + case FLOAT64SLICE: + appendFloat64SliceValue(dst, v.slice) + case STRING: + appendJSONString(dst, v.stringly) + case STRINGSLICE: + appendStringSliceValue(dst, v.slice) + case BYTESLICE: + _ = dst.WriteByte('"') + appendBase64(dst, v.stringly) + _ = dst.WriteByte('"') + case SLICE: + appendValueSliceValue(dst, v.slice) + case EMPTY: + _, _ = dst.WriteString("null") + default: + appendJSONString(dst, "unknown") + } +} + +// appendJSONString appends s to dst as a JSON string literal. +// +// This is adapted from the Go standard library's encoding/json +// [appendString implementation]. It keeps the same escaping behavior we need +// here, but writes directly into a strings.Builder and intentionally does not +// apply HTML escaping because the OpenTelemetry non-OTLP AnyValue representation +// only requires JSON array string encoding. We inline this instead of using +// encoding/json so slice formatting avoids allocations and reflection. +// +// [appendString implementation]: https://github.com/golang/go/blob/3b5954c6349d31465dca409b45ab6597e0942d9f/src/encoding/json/encode.go#L998-L1064 +func appendJSONString(dst *strings.Builder, s string) { + const hex = "0123456789abcdef" // For escaping bytes to hex. + + _ = dst.WriteByte('"') + start := 0 + + for i := 0; i < len(s); { + if c := s[i]; c < utf8.RuneSelf { + if c >= 0x20 && c != '\\' && c != '"' { + i++ + continue + } + + if start < i { + _, _ = dst.WriteString(s[start:i]) + } + + switch c { + case '\\', '"': + _ = dst.WriteByte('\\') + _ = dst.WriteByte(c) + case '\b': + _, _ = dst.WriteString(`\b`) + case '\f': + _, _ = dst.WriteString(`\f`) + case '\n': + _, _ = dst.WriteString(`\n`) + case '\r': + _, _ = dst.WriteString(`\r`) + case '\t': + _, _ = dst.WriteString(`\t`) + default: + _, _ = dst.WriteString(`\u00`) + _ = dst.WriteByte(hex[c>>4]) + _ = dst.WriteByte(hex[c&0x0f]) + } + + i++ + start = i + continue + } + + r, size := utf8.DecodeRuneInString(s[i:]) + if r == utf8.RuneError && size == 1 { + if start < i { + _, _ = dst.WriteString(s[start:i]) + } + // Match encoding/json by replacing invalid UTF-8 with U+FFFD. + _, _ = dst.WriteString(`\ufffd`) + i++ + start = i + continue + } + + if r == '\u2028' || r == '\u2029' { + if start < i { + _, _ = dst.WriteString(s[start:i]) + } + // Escape JSONP-sensitive separators unconditionally, like encoding/json. + _, _ = dst.WriteString(`\u202`) + _ = dst.WriteByte(hex[r&0x0f]) + i += size + start = i + continue + } + + i += size + } + + if start < len(s) { + _, _ = dst.WriteString(s[start:]) + } + _ = dst.WriteByte('"') +} + +// This is adapted from the Go standard library's encoding/base64 +// [Encoding.Encode implementation]. It keeps the same encoding behavior we need +// here, but writes directly into a strings.Builder. We inline this instead of using +// encoding/base64 to avoid allocations. +// +// [Encoding.Encode implementation]: https://github.com/golang/go/blob/3b5954c6349d31465dca409b45ab6597e0942d9f/src/encoding/base64/base64.go#L139-L189 +func appendBase64(dst *strings.Builder, s string) { + const encode = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" + + dst.Grow(base64.StdEncoding.EncodedLen(len(s))) + + i := 0 + for ; i+2 < len(s); i += 3 { + n := uint32(s[i])<<16 | uint32(s[i+1])<<8 | uint32(s[i+2]) + _ = dst.WriteByte(encode[n>>18&0x3f]) + _ = dst.WriteByte(encode[n>>12&0x3f]) + _ = dst.WriteByte(encode[n>>6&0x3f]) + _ = dst.WriteByte(encode[n&0x3f]) + } + + switch len(s) - i { + case 1: + n := uint32(s[i]) << 16 + _ = dst.WriteByte(encode[n>>18&0x3f]) + _ = dst.WriteByte(encode[n>>12&0x3f]) + _ = dst.WriteByte('=') + _ = dst.WriteByte('=') + case 2: + n := uint32(s[i])<<16 | uint32(s[i+1])<<8 + _ = dst.WriteByte(encode[n>>18&0x3f]) + _ = dst.WriteByte(encode[n>>12&0x3f]) + _ = dst.WriteByte(encode[n>>6&0x3f]) + _ = dst.WriteByte('=') + } +} + // MarshalJSON returns the JSON encoding of the Value. func (v Value) MarshalJSON() ([]byte, error) { var jsonVal struct { diff --git a/vendor/go.opentelemetry.io/otel/baggage/baggage.go b/vendor/go.opentelemetry.io/otel/baggage/baggage.go index 878ffbe43a..b290c6d6cc 100644 --- a/vendor/go.opentelemetry.io/otel/baggage/baggage.go +++ b/vendor/go.opentelemetry.io/otel/baggage/baggage.go @@ -14,6 +14,10 @@ import ( ) const ( + maxParseErrors = 5 + + // W3C Baggage specification limits. + // https://www.w3.org/TR/baggage/#limits maxMembers = 64 maxBytesPerBaggageString = 8192 @@ -493,9 +497,15 @@ func New(members ...Member) (Baggage, error) { // from the W3C Baggage specification which allows duplicate list-members, but // conforms to the OpenTelemetry Baggage specification. // -// If the baggage-string exceeds the maximum allowed members (64) or bytes -// (8192), members are dropped until the limits are satisfied and an error is -// returned along with the partial result. +// If the raw baggage-string exceeds the maximum allowed bytes (8192), an +// empty Baggage and an error are returned. +// +// Otherwise, members are parsed left-to-right and accumulated until one of +// the following conditions is reached, at which point parsing stops and an +// error is returned alongside the partial result: +// - accepting the next member would cause the encoded baggage to exceed +// 8192 bytes, or +// - the baggage already contains 64 distinct keys. // // Invalid members are skipped and the error is returned along with the // partial result containing the valid members. @@ -504,9 +514,14 @@ func Parse(bStr string) (Baggage, error) { return Baggage{}, nil } + if n := len(bStr); n > maxBytesPerBaggageString { + return Baggage{}, fmt.Errorf("%w: %d", errBaggageBytes, n) + } + b := make(baggage.List) sizes := make(map[string]int) // Track per-key byte sizes var totalBytes int + var parseErrors int var truncateErr error for memberStr := range strings.SplitSeq(bStr, listDelimiter) { // Check member count limit. @@ -517,7 +532,10 @@ func Parse(bStr string) (Baggage, error) { m, err := parseMember(memberStr) if err != nil { - truncateErr = errors.Join(truncateErr, err) + parseErrors++ + if parseErrors <= maxParseErrors { + truncateErr = errors.Join(truncateErr, err) + } continue // skip invalid member, keep processing } @@ -553,6 +571,10 @@ func Parse(bStr string) (Baggage, error) { totalBytes = newTotalBytes } + if dropped := parseErrors - maxParseErrors; dropped > 0 { + truncateErr = errors.Join(truncateErr, fmt.Errorf("and %d more invalid member(s)", dropped)) + } + if len(b) == 0 { return Baggage{}, truncateErr } diff --git a/vendor/go.opentelemetry.io/otel/dependencies.Dockerfile b/vendor/go.opentelemetry.io/otel/dependencies.Dockerfile index 7a9b3c0559..74fa510bc8 100644 --- a/vendor/go.opentelemetry.io/otel/dependencies.Dockerfile +++ b/vendor/go.opentelemetry.io/otel/dependencies.Dockerfile @@ -1,4 +1,4 @@ # This is a renovate-friendly source of Docker images. FROM python:3.13.6-slim-bullseye@sha256:e98b521460ee75bca92175c16247bdf7275637a8faaeb2bcfa19d879ae5c4b9a AS python -FROM otel/weaver:v0.22.1@sha256:33ae522ae4b71c1c562563c1d81f46aa0f79f088a0873199143a1f11ac30e5c9 AS weaver +FROM otel/weaver:v0.23.0@sha256:7984ecb55b859eb3034ae9d836c4eeda137e2bdd0873b7ba2bb6c3d24d6ff457 AS weaver FROM avtodev/markdown-lint:v1@sha256:6aeedc2f49138ce7a1cd0adffc1b1c0321b841dc2102408967d9301c031949ee AS markdown diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/client.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/client.go index 7b7f907292..22b8450531 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/client.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/client.go @@ -6,6 +6,7 @@ package otlpmetricgrpc // import "go.opentelemetry.io/otel/exporters/otlp/otlpme import ( "context" "errors" + "fmt" "time" colmetricpb "go.opentelemetry.io/proto/otlp/collector/metrics/v1" @@ -15,6 +16,7 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal" "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/oconf" @@ -22,9 +24,10 @@ import ( ) type client struct { - metadata metadata.MD - exportTimeout time.Duration - requestFunc retry.RequestFunc + metadata metadata.MD + exportTimeout time.Duration + maxRequestSize int + requestFunc retry.RequestFunc // ourConn keeps track of where conn was created: true if created here in // NewClient, or false if passed with an option. This is important on @@ -38,9 +41,10 @@ type client struct { // newClient creates a new gRPC metric client. func newClient(_ context.Context, cfg oconf.Config) (*client, error) { c := &client{ - exportTimeout: cfg.Metrics.Timeout, - requestFunc: cfg.RetryConfig.RequestFunc(retryable), - conn: cfg.GRPCConn, + exportTimeout: cfg.Metrics.Timeout, + maxRequestSize: cfg.Metrics.MaxRequestSize, + requestFunc: cfg.RetryConfig.RequestFunc(retryable), + conn: cfg.GRPCConn, } if len(cfg.Metrics.Headers) > 0 { @@ -115,10 +119,15 @@ func (c *client) UploadMetrics(ctx context.Context, protoMetrics *metricpb.Resou ctx, cancel := c.exportContext(ctx) defer cancel() + pbRequest := &colmetricpb.ExportMetricsServiceRequest{ + ResourceMetrics: []*metricpb.ResourceMetrics{protoMetrics}, + } + if maxSize := c.maxRequestSize; maxSize > 0 && proto.Size(pbRequest) > maxSize { + return fmt.Errorf("request message too large: exceeded %d bytes", maxSize) + } + return errors.Join(uploadErr, c.requestFunc(ctx, func(iCtx context.Context) error { - resp, err := c.msc.Export(iCtx, &colmetricpb.ExportMetricsServiceRequest{ - ResourceMetrics: []*metricpb.ResourceMetrics{protoMetrics}, - }) + resp, err := c.msc.Export(iCtx, pbRequest) if resp != nil && resp.PartialSuccess != nil { msg := resp.PartialSuccess.GetErrorMessage() n := resp.PartialSuccess.GetRejectedDataPoints() diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/config.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/config.go index c831bb60b6..47eb85e9f2 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/config.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/config.go @@ -231,6 +231,16 @@ func WithTimeout(duration time.Duration) Option { return wrappedOption{oconf.WithTimeout(duration)} } +// WithMaxRequestSize sets the maximum size, in bytes, of a serialized export +// request, before compression, that the exporter will send. +// +// If size is less than or equal to zero, no request-size limit is applied. +// Disabling the limit is not recommended because it can lead to excessive +// resource consumption or abuse. +func WithMaxRequestSize(size int) Option { + return wrappedOption{oconf.WithMaxRequestSize(size)} +} + // WithRetry sets the retry policy for transient retryable errors that are // returned by the target endpoint. // diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/doc.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/doc.go index dcd8de5df4..62b05626fc 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/doc.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/doc.go @@ -77,6 +77,9 @@ default aggregation to use for histogram instruments. Supported values: The configuration can be overridden by [WithAggregationSelector] option. +See [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x] for information about +the experimental features. + [W3C Baggage HTTP Header Content Format]: https://www.w3.org/TR/baggage/#header-content [Explicit Bucket Histogram Aggregation]: https://github.com/open-telemetry/opentelemetry-specification/blob/v1.26.0/specification/metrics/sdk.md#explicit-bucket-histogram-aggregation [Base2 Exponential Bucket Histogram Aggregation]: https://github.com/open-telemetry/opentelemetry-specification/blob/v1.26.0/specification/metrics/sdk.md#base2-exponential-bucket-histogram-aggregation diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/exporter.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/exporter.go index 35cdf46612..b567800e3d 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/exporter.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/exporter.go @@ -11,8 +11,11 @@ import ( metricpb "go.opentelemetry.io/proto/otlp/metrics/v1" + "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/counter" + "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/observ" "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/oconf" "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/transform" + "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x" "go.opentelemetry.io/otel/internal/global" "go.opentelemetry.io/otel/sdk/metric" "go.opentelemetry.io/otel/sdk/metric/metricdata" @@ -31,6 +34,9 @@ type Exporter struct { aggregationSelector metric.AggregationSelector shutdownOnce sync.Once + + // Self-observability metrics + inst *observ.Instrumentation } func newExporter(c *client, cfg oconf.Config) (*Exporter, error) { @@ -46,12 +52,27 @@ func newExporter(c *client, cfg oconf.Config) (*Exporter, error) { as = metric.DefaultAggregationSelector } + var inst *observ.Instrumentation + var initErr error + if x.Observability.Enabled() { + var err error + inst, err = observ.NewInstrumentation( + counter.NextExporterID(), + c.conn.CanonicalTarget(), + ) + if err != nil { + initErr = err + } + } + return &Exporter{ client: c, temporalitySelector: ts, aggregationSelector: as, - }, nil + + inst: inst, + }, initErr } // Temporality returns the Temporality to use for an instrument kind. @@ -72,10 +93,18 @@ func (e *Exporter) Export(ctx context.Context, rm *metricdata.ResourceMetrics) e defer global.Debug("OTLP/gRPC exporter export", "Data", rm) otlpRm, err := transform.ResourceMetrics(rm) + + // Track export operation for self-observability + op := e.inst.TrackExport(ctx, otlpRm) + + var upErr error + defer func() { op.End(upErr) }() + // Best effort upload of transformable metrics. e.clientMu.Lock() - upErr := e.client.UploadMetrics(ctx, otlpRm) + upErr = e.client.UploadMetrics(ctx, otlpRm) e.clientMu.Unlock() + if upErr != nil { if err == nil { return fmt.Errorf("failed to upload metrics: %w", upErr) diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/counter/counter.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/counter/counter.go new file mode 100644 index 0000000000..df6b830d31 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/counter/counter.go @@ -0,0 +1,31 @@ +// Code generated by gotmpl. DO NOT MODIFY. +// source: internal/shared/counter/counter.go.tmpl + +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Package counter provides a simple counter for generating unique IDs. +// +// This package is used to generate unique IDs while allowing testing packages +// to reset the counter. +package counter // import "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/counter" + +import "sync/atomic" + +// exporterN is a global 0-based count of the number of exporters created. +var exporterN atomic.Int64 + +// NextExporterID returns the next unique ID for an exporter. +func NextExporterID() int64 { + const inc = 1 + return exporterN.Add(inc) - inc +} + +// SetExporterID sets the exporter ID counter to v and returns the previous +// value. +// +// This function is useful for testing purposes, allowing you to reset the +// counter. It should not be used in production code. +func SetExporterID(v int64) int64 { + return exporterN.Swap(v) +} diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/gen.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/gen.go index f6e4f0d076..c94f85ef44 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/gen.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/gen.go @@ -7,6 +7,9 @@ package internal // import "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/o //go:generate gotmpl --body=../../../../../internal/shared/otlp/partialsuccess.go.tmpl "--data={}" --out=partialsuccess.go //go:generate gotmpl --body=../../../../../internal/shared/otlp/partialsuccess_test.go.tmpl "--data={}" --out=partialsuccess_test.go +//go:generate gotmpl --body=../../../../../internal/shared/otlp/observ/target.go.tmpl "--data={ \"pkg\": \"observ\", \"pkg_path\": \"go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/observ\" }" --out=observ/target.go +//go:generate gotmpl --body=../../../../../internal/shared/otlp/observ/target_test.go.tmpl "--data={ \"pkg\": \"observ\" }" --out=observ/target_test.go + //go:generate gotmpl --body=../../../../../internal/shared/otlp/retry/retry.go.tmpl "--data={}" --out=retry/retry.go //go:generate gotmpl --body=../../../../../internal/shared/otlp/retry/retry_test.go.tmpl "--data={}" --out=retry/retry_test.go @@ -30,3 +33,9 @@ package internal // import "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/o //go:generate gotmpl --body=../../../../../internal/shared/otlp/otlpmetric/transform/error_test.go.tmpl "--data={}" --out=transform/error_test.go //go:generate gotmpl --body=../../../../../internal/shared/otlp/otlpmetric/transform/metricdata.go.tmpl "--data={}" --out=transform/metricdata.go //go:generate gotmpl --body=../../../../../internal/shared/otlp/otlpmetric/transform/metricdata_test.go.tmpl "--data={}" --out=transform/metricdata_test.go + +//go:generate gotmpl --body=../../../../../internal/shared/counter/counter.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/counter\" }" --out=counter/counter.go +//go:generate gotmpl --body=../../../../../internal/shared/counter/counter_test.go.tmpl "--data={}" --out=counter/counter_test.go + +//go:generate gotmpl --body=../../../../../internal/shared/x/x.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\" }" --out=x/x.go +//go:generate gotmpl --body=../../../../../internal/shared/x/x_test.go.tmpl "--data={}" --out=x/x_test.go diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/observ/instrumentation.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/observ/instrumentation.go new file mode 100644 index 0000000000..2b4dbb5d8a --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/observ/instrumentation.go @@ -0,0 +1,343 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Package observ provides self-observability metrics for OTLP metric exporters. +// This is an experimental feature controlled by the x.Observability feature flag. +package observ // import "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/observ" + +import ( + "context" + "errors" + "fmt" + "sync" + "time" + + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/internal/global" + "go.opentelemetry.io/otel/metric" + "go.opentelemetry.io/otel/sdk" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" + "go.opentelemetry.io/otel/semconv/v1.41.0/otelconv" + + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + + metricpb "go.opentelemetry.io/proto/otlp/metrics/v1" + + "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal" + "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x" +) + +var ( + attrPool = sync.Pool{ + New: func() any { + // Pre-allocate for common attributes and dynamic error attributes. + const n = 1 /* otel.component.type */ + + 1 /* otel.component.name */ + + 1 /* server.address */ + + 1 /* server.port */ + + 1 /* error.type */ + + 1 /* rpc.grpc.status_code */ + s := make([]attribute.KeyValue, 0, n) + return &s + }, + } + + recOptPool = sync.Pool{ + New: func() any { + o := make([]metric.RecordOption, 0, 1) + return &o + }, + } +) + +// Instrumentation holds the self-observability metric instruments for an OTLP metric exporter. +type Instrumentation struct { + exported otelconv.SDKExporterMetricDataPointExported + inflight otelconv.SDKExporterMetricDataPointInflight + duration otelconv.SDKExporterOperationDuration + attrs []attribute.KeyValue + addOpt metric.AddOption + recOpt metric.RecordOption +} + +// NewInstrumentation returns instrumentation for an OTLP over gRPC metric +// exporter with the provided ID using the global MeterProvider. +// +// The id should be the unique exporter instance ID. It is used +// to set the "component.name" attribute. +// +// The target is the endpoint the exporter is exporting to. +// +// If the experimental observability is disabled, nil is returned. +func NewInstrumentation(id int64, target string) (*Instrumentation, error) { + if !x.Observability.Enabled() { + return nil, nil + } + + em := &Instrumentation{} + + meter := otel.GetMeterProvider().Meter( + "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc", + metric.WithInstrumentationVersion(sdk.Version()), + metric.WithSchemaURL(semconv.SchemaURL), + ) + + var err error + var instrumentErr error + + em.exported, instrumentErr = otelconv.NewSDKExporterMetricDataPointExported(meter) + if instrumentErr != nil { + err = errors.Join(err, fmt.Errorf("failed to create exported metric: %w", instrumentErr)) + } + + em.inflight, instrumentErr = otelconv.NewSDKExporterMetricDataPointInflight(meter) + if instrumentErr != nil { + err = errors.Join(err, fmt.Errorf("failed to create inflight metric: %w", instrumentErr)) + } + + em.duration, instrumentErr = otelconv.NewSDKExporterOperationDuration(meter) + if instrumentErr != nil { + err = errors.Join(err, fmt.Errorf("failed to create duration metric: %w", instrumentErr)) + } + + em.attrs = BaseAttrs(id, target) + + attrSet := attribute.NewSet(em.attrs...) + em.addOpt = metric.WithAttributeSet(attrSet) + em.recOpt = metric.WithAttributeSet(attribute.NewSet(append( + []attribute.KeyValue{semconv.RPCResponseStatusCode(codes.OK.String())}, + em.attrs..., + )...)) + + return em, err +} + +// ComponentName returns the component name for the exporter with the +// provided ID. +func ComponentName(id int64) string { + t := string(otelconv.ComponentTypeOtlpGRPCMetricExporter) + return fmt.Sprintf("%s/%d", t, id) +} + +// BaseAttrs returns the base attributes for the exporter with the provided ID +// and target. +// +// The id should be the unique exporter instance ID. It is used +// to set the "component.name" attribute. +// +// The target is the gRPC target the exporter is exporting to. It is expected +// to be the output of the Client's CanonicalTarget method. +func BaseAttrs(id int64, target string) []attribute.KeyValue { + host, port, err := ParseCanonicalTarget(target) + if err != nil || (host == "" && port < 0) { + if err != nil { + global.Debug("failed to parse target", "target", target, "error", err) + } + return []attribute.KeyValue{ + semconv.OTelComponentName(ComponentName(id)), + semconv.OTelComponentTypeKey.String(string(otelconv.ComponentTypeOtlpGRPCMetricExporter)), + } + } + + // Do not use append so the slice is exactly allocated. + + if port < 0 { + return []attribute.KeyValue{ + semconv.OTelComponentName(ComponentName(id)), + semconv.OTelComponentTypeKey.String(string(otelconv.ComponentTypeOtlpGRPCMetricExporter)), + semconv.ServerAddress(host), + } + } + + if host == "" { + return []attribute.KeyValue{ + semconv.OTelComponentName(ComponentName(id)), + semconv.OTelComponentTypeKey.String(string(otelconv.ComponentTypeOtlpGRPCMetricExporter)), + semconv.ServerPort(port), + } + } + + return []attribute.KeyValue{ + semconv.OTelComponentName(ComponentName(id)), + semconv.OTelComponentTypeKey.String(string(otelconv.ComponentTypeOtlpGRPCMetricExporter)), + semconv.ServerAddress(host), + semconv.ServerPort(port), + } +} + +// TrackExport tracks an export operation and returns an ExportOp to complete the tracking. +func (em *Instrumentation) TrackExport(ctx context.Context, rm *metricpb.ResourceMetrics) ExportOp { + if em == nil { + return ExportOp{} + } + start := time.Now() + + var dataPointCount int64 + inflightEnabled := em.inflight.Enabled(ctx) + exportedEnabled := em.exported.Enabled(ctx) + + if inflightEnabled || exportedEnabled { + dataPointCount = countProtoDataPoints(rm) + } + + if inflightEnabled { + em.inflight.Inst().Add(ctx, dataPointCount, em.addOpt) + } + + return ExportOp{ + ctx: ctx, + start: start, + dataPointCount: dataPointCount, + inst: em, + } +} + +// ExportOp tracks the operation being observed by [Instrumentation.TrackExport]. +type ExportOp struct { + ctx context.Context + start time.Time + dataPointCount int64 + + inst *Instrumentation +} + +// End completes the observation of the operation being observed by a call to +// [Instrumentation.TrackExport]. +// +// Any error that is encountered is provided as err. +func (e ExportOp) End(err error) { + if e.inst == nil { + return + } + if e.inst.inflight.Enabled(e.ctx) { + e.inst.inflight.Inst().Add(e.ctx, -e.dataPointCount, e.inst.addOpt) + } + + success := successful(e.dataPointCount, err) + // Record successfully exported data points, even if the value is 0 which are + // meaningful to distribution aggregations. + if e.inst.exported.Enabled(e.ctx) { + e.inst.exported.Inst().Add(e.ctx, success, e.inst.addOpt) + } + + if err != nil && e.inst.exported.Enabled(e.ctx) { + attrsPtr := attrPool.Get().(*[]attribute.KeyValue) + defer func() { + *attrsPtr = (*attrsPtr)[:0] + attrPool.Put(attrsPtr) + }() + + *attrsPtr = append(*attrsPtr, e.inst.attrs...) + *attrsPtr = append(*attrsPtr, semconv.ErrorType(err)) + + set := attribute.NewSet(*attrsPtr...) + e.inst.exported.Inst().Add(e.ctx, e.dataPointCount-success, metric.WithAttributeSet(set)) + } + + if e.inst.duration.Enabled(e.ctx) { + d := time.Since(e.start).Seconds() + if err != nil { + recOptPtr := recOptPool.Get().(*[]metric.RecordOption) + defer func() { + *recOptPtr = (*recOptPtr)[:0] + recOptPool.Put(recOptPtr) + }() + + attrsPtr := attrPool.Get().(*[]attribute.KeyValue) + defer func() { + *attrsPtr = (*attrsPtr)[:0] + attrPool.Put(attrsPtr) + }() + + *attrsPtr = append(*attrsPtr, e.inst.attrs...) + *attrsPtr = append( + *attrsPtr, + semconv.ErrorType(err), + semconv.RPCResponseStatusCode(status.Code(err).String()), + ) + + set := attribute.NewSet(*attrsPtr...) + *recOptPtr = append(*recOptPtr, metric.WithAttributeSet(set)) + + e.inst.duration.Inst().Record(e.ctx, d, *recOptPtr...) + } else { + e.inst.duration.Inst().Record(e.ctx, d, e.inst.recOpt) + } + } +} + +// countProtoDataPoints counts the total number of data points in a ResourceMetrics. +func countProtoDataPoints(rm *metricpb.ResourceMetrics) int64 { + if rm == nil { + return 0 + } + + var total int64 + for _, sm := range rm.ScopeMetrics { + for _, m := range sm.Metrics { + switch data := m.Data.(type) { + case *metricpb.Metric_Gauge: + if data.Gauge != nil { + total += int64(len(data.Gauge.DataPoints)) + } + case *metricpb.Metric_Sum: + if data.Sum != nil { + total += int64(len(data.Sum.DataPoints)) + } + case *metricpb.Metric_Histogram: + if data.Histogram != nil { + total += int64(len(data.Histogram.DataPoints)) + } + case *metricpb.Metric_ExponentialHistogram: + if data.ExponentialHistogram != nil { + total += int64(len(data.ExponentialHistogram.DataPoints)) + } + case *metricpb.Metric_Summary: + if data.Summary != nil { + total += int64(len(data.Summary.DataPoints)) + } + } + } + } + return total +} + +// successful returns the number of successfully exported data points out of the n +// that were exported based on the provided error. +// +// If err is nil, n is returned. All data points were successfully exported. +// +// If err is not nil and not an [internal.PartialSuccess] error, 0 is returned. +// It is assumed all data points failed to be exported. +// +// If err is an [internal.PartialSuccess] error, the number of successfully +// exported data points is computed by subtracting the RejectedItems field from n. If +// RejectedItems is negative, n is returned. If RejectedItems is greater than +// n, 0 is returned. +func successful(n int64, err error) int64 { + if err == nil { + return n // All data points successfully exported. + } + // Split rejection calculation so successful is inlinable. + return n - rejected(n, err) +} + +var errPartialPool = &sync.Pool{ + New: func() any { return new(internal.PartialSuccess) }, +} + +// rejected returns how many out of the n data points exporter were rejected based on +// the provided non-nil err. +func rejected(n int64, err error) int64 { + ps := errPartialPool.Get().(*internal.PartialSuccess) + defer errPartialPool.Put(ps) + // Check for partial success. + if errors.As(err, ps) { + // Bound RejectedItems to [0, n]. This should not be needed, + // but be defensive as this is from an external source. + return min(max(ps.RejectedItems, 0), n) + } + return n // All data points rejected. +} diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/observ/target.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/observ/target.go new file mode 100644 index 0000000000..0be4501ece --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/observ/target.go @@ -0,0 +1,143 @@ +// Code generated by gotmpl. DO NOT MODIFY. +// source: internal/shared/otlp/observ/target.go.tmpl + +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package observ // import "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/observ" + +import ( + "errors" + "fmt" + "net" + "net/netip" + "strconv" + "strings" +) + +const ( + schemeUnix = "unix" + schemeUnixAbstract = "unix-abstract" +) + +// ParseCanonicalTarget parses a target string and returns the extracted host +// (domain address or IP), the target port, or an error. +// +// If no port is specified, -1 is returned. +// +// If no host is specified, an empty string is returned. +// +// The target string is expected to always have the form +// "://[authority]/". For example: +// - "dns:///example.com:42" +// - "dns://8.8.8.8/example.com:42" +// - "unix:///path/to/socket" +// - "unix-abstract:///socket-name" +// - "passthrough:///192.34.2.1:42" +// +// The target is expected to come from the CanonicalTarget method of a gRPC +// Client. +func ParseCanonicalTarget(target string) (string, int, error) { + const sep = "://" + + // Find scheme. Do not allocate the string by using url.Parse. + idx := strings.Index(target, sep) + if idx == -1 { + return "", -1, fmt.Errorf("invalid target %q: missing scheme", target) + } + scheme, endpoint := target[:idx], target[idx+len(sep):] + + // Check for unix schemes. + if scheme == schemeUnix || scheme == schemeUnixAbstract { + return parseUnix(endpoint) + } + + // Strip leading slash and any authority. + if i := strings.Index(endpoint, "/"); i != -1 { + endpoint = endpoint[i+1:] + } + + // DNS, passthrough, and custom resolvers. + return parseEndpoint(endpoint) +} + +// parseUnix parses unix socket targets. +func parseUnix(endpoint string) (string, int, error) { + // Format: unix[-abstract]://path + // + // We should have "/path" (empty authority) if valid. + if len(endpoint) >= 1 && endpoint[0] == '/' { + // Return the full path including leading slash. + return endpoint, -1, nil + } + + // If there's no leading slash, it means there might be an authority + // Check for authority case (should error): "authority/path" + if slashIdx := strings.Index(endpoint, "/"); slashIdx > 0 { + return "", -1, fmt.Errorf("invalid (non-empty) authority: %s", endpoint[:slashIdx]) + } + + return "", -1, errors.New("invalid unix target format") +} + +// parseEndpoint parses an endpoint from a gRPC target. +// +// It supports the following formats: +// - "host" +// - "host%zone" +// - "host:port" +// - "host%zone:port" +// - "ipv4" +// - "ipv4%zone" +// - "ipv4:port" +// - "ipv4%zone:port" +// - "ipv6" +// - "ipv6%zone" +// - "[ipv6]" +// - "[ipv6%zone]" +// - "[ipv6]:port" +// - "[ipv6%zone]:port" +// +// It returns the host or host%zone (domain address or IP), the port (or -1 if +// not specified), or an error if the input is not a valid. +func parseEndpoint(endpoint string) (string, int, error) { + // First check if the endpoint is just an IP address. + if ip := parseIP(endpoint); ip != "" { + return ip, -1, nil + } + + // If there's no colon, there is no port (IPv6 with no port checked above). + if !strings.Contains(endpoint, ":") { + return endpoint, -1, nil + } + + host, portStr, err := net.SplitHostPort(endpoint) + if err != nil { + return "", -1, fmt.Errorf("invalid host:port %q: %w", endpoint, err) + } + + const base, bitSize = 10, 16 + port16, err := strconv.ParseUint(portStr, base, bitSize) + if err != nil { + return "", -1, fmt.Errorf("invalid port %q: %w", portStr, err) + } + port := int(port16) // port is guaranteed to be in the range [0, 65535]. + + return host, port, nil +} + +// parseIP attempts to parse the entire endpoint as an IP address. +// It returns the normalized string form of the IP if successful, +// or an empty string if parsing fails. +func parseIP(ip string) string { + // Strip leading and trailing brackets for IPv6 addresses. + if len(ip) >= 2 && ip[0] == '[' && ip[len(ip)-1] == ']' { + ip = ip[1 : len(ip)-1] + } + addr, err := netip.ParseAddr(ip) + if err != nil { + return "" + } + // Return the normalized string form of the IP. + return addr.String() +} diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/oconf/options.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/oconf/options.go index 758d1ea32d..b89d7eeb71 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/oconf/options.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/oconf/options.go @@ -35,6 +35,9 @@ const ( // DefaultMetricsPath is a default URL path for endpoint that // receives metrics. DefaultMetricsPath string = "/v1/metrics" + // DefaultMaxRequestSize is the default maximum size of a serialized export + // request, before compression. + DefaultMaxRequestSize int = 64 * 1024 * 1024 // DefaultBackoff is a default base backoff time used in the // exponential backoff strategy. DefaultBackoff time.Duration = 300 * time.Millisecond @@ -49,13 +52,14 @@ type ( HTTPTransportProxyFunc func(*http.Request) (*url.URL, error) SignalConfig struct { - Endpoint string - Insecure bool - TLSCfg *tls.Config - Headers map[string]string - Compression Compression - Timeout time.Duration - URLPath string + Endpoint string + Insecure bool + TLSCfg *tls.Config + Headers map[string]string + Compression Compression + MaxRequestSize int + Timeout time.Duration + URLPath string TemporalitySelector metric.TemporalitySelector AggregationSelector metric.AggregationSelector @@ -87,10 +91,11 @@ type ( func NewHTTPConfig(opts ...HTTPOption) Config { cfg := Config{ Metrics: SignalConfig{ - Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorHTTPPort), - URLPath: DefaultMetricsPath, - Compression: NoCompression, - Timeout: DefaultTimeout, + Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorHTTPPort), + URLPath: DefaultMetricsPath, + Compression: NoCompression, + MaxRequestSize: DefaultMaxRequestSize, + Timeout: DefaultTimeout, TemporalitySelector: metric.DefaultTemporalitySelector, AggregationSelector: metric.DefaultAggregationSelector, @@ -123,10 +128,11 @@ func cleanPath(urlPath string, defaultPath string) string { func NewGRPCConfig(opts ...GRPCOption) Config { cfg := Config{ Metrics: SignalConfig{ - Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorGRPCPort), - URLPath: DefaultMetricsPath, - Compression: NoCompression, - Timeout: DefaultTimeout, + Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorGRPCPort), + URLPath: DefaultMetricsPath, + Compression: NoCompression, + MaxRequestSize: DefaultMaxRequestSize, + Timeout: DefaultTimeout, TemporalitySelector: metric.DefaultTemporalitySelector, AggregationSelector: metric.DefaultAggregationSelector, @@ -354,6 +360,13 @@ func WithTimeout(duration time.Duration) GenericOption { }) } +func WithMaxRequestSize(size int) GenericOption { + return newGenericOption(func(cfg Config) Config { + cfg.Metrics.MaxRequestSize = size + return cfg + }) +} + func WithTemporalitySelector(selector metric.TemporalitySelector) GenericOption { return newGenericOption(func(cfg Config) Config { cfg.Metrics.TemporalitySelector = selector diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/transform/attribute.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/transform/attribute.go index 3e616a9274..96420d421e 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/transform/attribute.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/transform/attribute.go @@ -81,6 +81,16 @@ func Value(v attribute.Value) *cpb.AnyValue { av.Value = &cpb.AnyValue_StringValue{ StringValue: v.AsString(), } + case attribute.BYTESLICE: + av.Value = &cpb.AnyValue_BytesValue{ + BytesValue: v.AsByteSlice(), + } + case attribute.SLICE: + av.Value = &cpb.AnyValue_ArrayValue{ + ArrayValue: &cpb.ArrayValue{ + Values: attrValues(v.AsSlice()), + }, + } case attribute.STRINGSLICE: av.Value = &cpb.AnyValue_ArrayValue{ ArrayValue: &cpb.ArrayValue{ @@ -143,3 +153,11 @@ func stringSliceValues(vals []string) []*cpb.AnyValue { } return converted } + +func attrValues(vals []attribute.Value) []*cpb.AnyValue { + converted := make([]*cpb.AnyValue, len(vals)) + for i, v := range vals { + converted[i] = Value(v) + } + return converted +} diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x/README.md b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x/README.md new file mode 100644 index 0000000000..8da02ee13b --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x/README.md @@ -0,0 +1,55 @@ +# Experimental Features + +The OTLP gRPC metric exporter contains features that have not yet stabilized in the OpenTelemetry specification. +These features are added to the OpenTelemetry Go OTLP exporters prior to stabilization in the specification so that users can start experimenting with them and provide feedback. + +These features may change in backwards incompatible ways as feedback is applied. +See the [Compatibility and Stability](#compatibility-and-stability) section for more information. + +## Features + +- [Self-Observability](#self-observability) + +### Self-Observability + +The OTLP gRPC metric exporter can emit self-observability metrics to track its own operation. + +This experimental feature can be enabled by setting the `OTEL_GO_X_OBSERVABILITY` environment variable. +The value must be the case-insensitive string of `"true"` to enable the feature. +All other values are ignored. + +When enabled, the exporter will emit the following metrics using the global MeterProvider: + +- `otel.sdk.exporter.metric_data_point.exported`: Counter tracking successfully exported data points +- `otel.sdk.exporter.metric_data_point.inflight`: UpDownCounter tracking data points currently being exported +- `otel.sdk.exporter.operation.duration`: Histogram tracking export operation duration in seconds + +All metrics include attributes identifying the exporter component and destination server: + +- `otel.component.type`: Type of component (e.g., "otlp_grpc_metric_exporter") +- `otel.component.name`: Unique component instance name (e.g., "otlp_grpc_metric_exporter/0") +- `server.address`: Server hostname or address +- `server.port`: Server port number + +#### Examples + +Enable self-observability metrics. + +```console +export OTEL_GO_X_OBSERVABILITY=true +``` + +Disable self-observability metrics. + +```console +unset OTEL_GO_X_OBSERVABILITY +``` + +## Compatibility and Stability + +Experimental features do not fall within the scope of the OpenTelemetry Go versioning and stability [policy](../../../../../../VERSIONING.md). +These features may be removed or modified in successive version releases, including patch versions. + +When an experimental feature is promoted to a stable feature, a migration path will be included in the changelog entry of the release. +There is no guarantee that any environment variable feature flags that enabled the experimental feature will be supported by the stable version. +If they are supported, they may be accompanied with a deprecation notice stating a timeline for the removal of that support. diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x/observ.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x/observ.go new file mode 100644 index 0000000000..cc055ea479 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x/observ.go @@ -0,0 +1,22 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package x // import "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x" + +import "strings" + +// Observability is an experimental feature flag that defines if OTLP +// gRPC metric exporter should include self-observability metrics. +// +// To enable this feature set the OTEL_GO_X_OBSERVABILITY environment variable +// to the case-insensitive string value of "true" (i.e. "True" and "TRUE" +// will also enable this). +var Observability = newFeature( + []string{"OBSERVABILITY"}, + func(v string) (string, bool) { + if strings.EqualFold(v, "true") { + return v, true + } + return "", false + }, +) diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x/x.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x/x.go new file mode 100644 index 0000000000..d42827877a --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x/x.go @@ -0,0 +1,58 @@ +// Code generated by gotmpl. DO NOT MODIFY. +// source: internal/shared/x/x.go.tmpl + +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Package x documents experimental features for [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc]. +package x // import "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x" + +import ( + "os" +) + +// Feature is an experimental feature control flag. It provides a uniform way +// to interact with these feature flags and parse their values. +type Feature[T any] struct { + keys []string + parse func(v string) (T, bool) +} + +func newFeature[T any](suffix []string, parse func(string) (T, bool)) Feature[T] { + const envKeyRoot = "OTEL_GO_X_" + keys := make([]string, 0, len(suffix)) + for _, s := range suffix { + keys = append(keys, envKeyRoot+s) + } + return Feature[T]{ + keys: keys, + parse: parse, + } +} + +// Keys returns the environment variable keys that can be set to enable the +// feature. +func (f Feature[T]) Keys() []string { return f.keys } + +// Lookup returns the user configured value for the feature and true if the +// user has enabled the feature. Otherwise, if the feature is not enabled, a +// zero-value and false are returned. +func (f Feature[T]) Lookup() (v T, ok bool) { + // https://github.com/open-telemetry/opentelemetry-specification/blob/62effed618589a0bec416a87e559c0a9d96289bb/specification/configuration/sdk-environment-variables.md#parsing-empty-value + // + // > The SDK MUST interpret an empty value of an environment variable the + // > same way as when the variable is unset. + for _, key := range f.keys { + vRaw := os.Getenv(key) + if vRaw != "" { + return f.parse(vRaw) + } + } + return v, ok +} + +// Enabled reports whether the feature is enabled. +func (f Feature[T]) Enabled() bool { + _, ok := f.Lookup() + return ok +} diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/version.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/version.go index 0606277b38..8ee005c633 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/version.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/version.go @@ -5,5 +5,5 @@ package otlpmetricgrpc // import "go.opentelemetry.io/otel/exporters/otlp/otlpme // Version is the current release version of the OpenTelemetry OTLP over gRPC metrics exporter in use. func Version() string { - return "1.43.0" + return "1.44.0" } diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/client.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/client.go index 1958f9d1b3..b7ca17fe33 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/client.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/client.go @@ -23,16 +23,21 @@ import ( "google.golang.org/protobuf/proto" "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal" + "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/counter" + "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/observ" "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/oconf" "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/retry" ) type client struct { // req is cloned for every upload the client makes. - req *http.Request - compression Compression - requestFunc retry.RequestFunc - httpClient *http.Client + req *http.Request + compression Compression + maxRequestSize int + requestFunc retry.RequestFunc + httpClient *http.Client + + inst *observ.Instrumentation } // Keep it in sync with golang's DefaultTransport from net/http! We @@ -111,12 +116,17 @@ func newClient(cfg oconf.Config) (*client, error) { } req.Header.Set("Content-Type", "application/x-protobuf") + // Initialize the instrumentation. + inst, err := observ.NewInstrumentation(counter.NextExporterID(), cfg.Metrics.Endpoint) + return &client{ - compression: Compression(cfg.Metrics.Compression), - req: req, - requestFunc: cfg.RetryConfig.RequestFunc(evaluate), - httpClient: httpClient, - }, nil + compression: Compression(cfg.Metrics.Compression), + maxRequestSize: cfg.Metrics.MaxRequestSize, + req: req, + requestFunc: cfg.RetryConfig.RequestFunc(evaluate), + httpClient: httpClient, + inst: inst, + }, err } // Shutdown shuts down the client, freeing all resources. @@ -146,11 +156,20 @@ func (c *client) UploadMetrics(ctx context.Context, protoMetrics *metricpb.Resou if err != nil { return err } + if maxSize := c.maxRequestSize; maxSize > 0 && len(body) > maxSize { + return fmt.Errorf("request body too large: exceeded %d bytes", maxSize) + } request, err := c.newRequest(ctx, body) if err != nil { return err } + var statusCode int + if c.inst != nil { + op := c.inst.ExportMetrics(ctx, protoMetrics) + defer func() { op.End(uploadErr, statusCode) }() + } + return errors.Join(uploadErr, c.requestFunc(ctx, func(iCtx context.Context) error { select { case <-iCtx.Done(): @@ -158,6 +177,7 @@ func (c *client) UploadMetrics(ctx context.Context, protoMetrics *metricpb.Resou default: } + statusCode = 0 request.reset(iCtx) // nolint:gosec // URL is constructed from validated OTLP endpoint configuration resp, err := c.httpClient.Do(request.Request) @@ -168,15 +188,18 @@ func (c *client) UploadMetrics(ctx context.Context, protoMetrics *metricpb.Resou if err != nil { return err } - if resp != nil && resp.Body != nil { - defer func() { - if err := resp.Body.Close(); err != nil { - uploadErr = errors.Join(uploadErr, err) - } - }() + if resp != nil { + statusCode = resp.StatusCode + if resp.Body != nil { + defer func() { + if err := resp.Body.Close(); err != nil { + uploadErr = errors.Join(uploadErr, err) + } + }() + } } - if sc := resp.StatusCode; sc >= 200 && sc <= 299 { + if statusCode >= 200 && statusCode <= 299 { // Success, do not retry. // Read the partial success message, if any. @@ -265,7 +288,10 @@ func (c *client) newRequest(ctx context.Context, body []byte) (request, error) { r.Header.Set("Content-Encoding", "gzip") gz := gzPool.Get().(*gzip.Writer) - defer gzPool.Put(gz) + defer func() { + gz.Reset(io.Discard) + gzPool.Put(gz) + }() var b bytes.Buffer gz.Reset(&b) @@ -279,7 +305,7 @@ func (c *client) newRequest(ctx context.Context, body []byte) (request, error) { } req.bodyReader = bodyReader(b.Bytes()) - req.GetBody = bodyReaderErr(body) + req.GetBody = bodyReaderErr(b.Bytes()) } return req, nil diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/config.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/config.go index 2b144f7eb5..c6175507a9 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/config.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/config.go @@ -185,6 +185,16 @@ func WithTimeout(duration time.Duration) Option { return wrappedOption{oconf.WithTimeout(duration)} } +// WithMaxRequestSize sets the maximum size, in bytes, of a serialized export +// request, before compression, that the exporter will send. +// +// If size is less than or equal to zero, no request-size limit is applied. +// Disabling the limit is not recommended because it can lead to excessive +// resource consumption or abuse. +func WithMaxRequestSize(size int) Option { + return wrappedOption{oconf.WithMaxRequestSize(size)} +} + // WithRetry sets the retry policy for transient retryable errors that are // returned by the target endpoint. // diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/counter/counter.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/counter/counter.go new file mode 100644 index 0000000000..267cb03d92 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/counter/counter.go @@ -0,0 +1,31 @@ +// Code generated by gotmpl. DO NOT MODIFY. +// source: internal/shared/counter/counter.go.tmpl + +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Package counter provides a simple counter for generating unique IDs. +// +// This package is used to generate unique IDs while allowing testing packages +// to reset the counter. +package counter // import "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/counter" + +import "sync/atomic" + +// exporterN is a global 0-based count of the number of exporters created. +var exporterN atomic.Int64 + +// NextExporterID returns the next unique ID for an exporter. +func NextExporterID() int64 { + const inc = 1 + return exporterN.Add(inc) - inc +} + +// SetExporterID sets the exporter ID counter to v and returns the previous +// value. +// +// This function is useful for testing purposes, allowing you to reset the +// counter. It should not be used in production code. +func SetExporterID(v int64) int64 { + return exporterN.Swap(v) +} diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/gen.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/gen.go index a8b709268d..f3d165a571 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/gen.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/gen.go @@ -30,3 +30,9 @@ package internal // import "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/o //go:generate gotmpl --body=../../../../../internal/shared/otlp/otlpmetric/transform/error_test.go.tmpl "--data={}" --out=transform/error_test.go //go:generate gotmpl --body=../../../../../internal/shared/otlp/otlpmetric/transform/metricdata.go.tmpl "--data={}" --out=transform/metricdata.go //go:generate gotmpl --body=../../../../../internal/shared/otlp/otlpmetric/transform/metricdata_test.go.tmpl "--data={}" --out=transform/metricdata_test.go + +//go:generate gotmpl --body=../../../../../internal/shared/counter/counter.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/counter\" }" --out=counter/counter.go +//go:generate gotmpl --body=../../../../../internal/shared/counter/counter_test.go.tmpl "--data={}" --out=counter/counter_test.go + +//go:generate gotmpl --body=../../../../../internal/shared/x/x.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x\" }" --out=x/x.go +//go:generate gotmpl --body=../../../../../internal/shared/x/x_test.go.tmpl "--data={}" --out=x/x_test.go diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/observ/count.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/observ/count.go new file mode 100644 index 0000000000..8b5bb1faaf --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/observ/count.go @@ -0,0 +1,42 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package observ // import "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/observ" + +import metricpb "go.opentelemetry.io/proto/otlp/metrics/v1" + +// countDataPoints counts the total number of data points in a ResourceMetrics. +func countDataPoints(rm *metricpb.ResourceMetrics) int64 { + if rm == nil { + return 0 + } + + var total int64 + for _, sm := range rm.ScopeMetrics { + for _, m := range sm.Metrics { + switch data := m.Data.(type) { + case *metricpb.Metric_Gauge: + if data.Gauge != nil { + total += int64(len(data.Gauge.DataPoints)) + } + case *metricpb.Metric_Sum: + if data.Sum != nil { + total += int64(len(data.Sum.DataPoints)) + } + case *metricpb.Metric_Histogram: + if data.Histogram != nil { + total += int64(len(data.Histogram.DataPoints)) + } + case *metricpb.Metric_ExponentialHistogram: + if data.ExponentialHistogram != nil { + total += int64(len(data.ExponentialHistogram.DataPoints)) + } + case *metricpb.Metric_Summary: + if data.Summary != nil { + total += int64(len(data.Summary.DataPoints)) + } + } + } + } + return total +} diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/observ/instrumentation.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/observ/instrumentation.go new file mode 100644 index 0000000000..5db984a235 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/observ/instrumentation.go @@ -0,0 +1,411 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Package observ provides experimental observability instrumentation for the +// otlpmetrichttp exporter. +package observ // import "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/observ" + +import ( + "context" + "errors" + "fmt" + "net" + "net/http" + "net/netip" + "strconv" + "strings" + "sync" + "time" + + metricpb "go.opentelemetry.io/proto/otlp/metrics/v1" + + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal" + "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x" + "go.opentelemetry.io/otel/internal/global" + "go.opentelemetry.io/otel/metric" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" + "go.opentelemetry.io/otel/semconv/v1.41.0/otelconv" +) + +const ( + // ScopeName is the unique name of the meter used for instrumentation. + ScopeName = "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/observ" + + // SchemaURL is the schema URL of the metrics produced by this + // instrumentation. + SchemaURL = semconv.SchemaURL + + // Version is the current version of this instrumentation. + // + // This matches the version of the exporter. + Version = internal.Version +) + +var ( + measureAttrsPool = &sync.Pool{ + New: func() any { + const n = 1 + // component.name + 1 + // component.type + 1 + // server.addr + 1 + // server.port + 1 + // error.type + 1 // http.response.status_code + s := make([]attribute.KeyValue, 0, n) + // Return a pointer to a slice instead of a slice itself + // to avoid allocations on every call. + return &s + }, + } + + addOptPool = &sync.Pool{ + New: func() any { + const n = 1 // WithAttributeSet + o := make([]metric.AddOption, 0, n) + return &o + }, + } + + recordOptPool = &sync.Pool{ + New: func() any { + const n = 1 // WithAttributeSet + o := make([]metric.RecordOption, 0, n) + return &o + }, + } +) + +func get[T any](p *sync.Pool) *[]T { return p.Get().(*[]T) } + +func put[T any](p *sync.Pool, s *[]T) { + *s = (*s)[:0] // Reset. + p.Put(s) +} + +// ComponentName returns the component name for the exporter with the +// provided ID. +func ComponentName(id int64) string { + t := semconv.OTelComponentTypeOtlpHTTPMetricExporter.Value.AsString() + return fmt.Sprintf("%s/%d", t, id) +} + +// Instrumentation is experimental instrumentation for the exporter. +type Instrumentation struct { + inflightMetric metric.Int64UpDownCounter + exportedMetric metric.Int64Counter + opDuration metric.Float64Histogram + + attrs []attribute.KeyValue + addOpt metric.AddOption + recOpt metric.RecordOption +} + +// NewInstrumentation returns instrumentation for an OTLP over HTTP metric +// exporter with the provided ID and endpoint. It uses the global +// MeterProvider to create the instrumentation. +// +// The id should be the unique exporter instance ID. It is used +// to set the "component.name" attribute. +// +// The endpoint is the HTTP endpoint the exporter is exporting to. +// +// If the experimental observability is disabled, nil is returned. +func NewInstrumentation(id int64, endpoint string) (*Instrumentation, error) { + if !x.Observability.Enabled() { + return nil, nil + } + + attrs := BaseAttrs(id, endpoint) + i := &Instrumentation{ + attrs: attrs, + addOpt: metric.WithAttributeSet(attribute.NewSet(attrs...)), + + // Do not modify attrs (NewSet sorts in-place), make a new slice. + recOpt: metric.WithAttributeSet(attribute.NewSet(append( + // Default to OK status code (200). + []attribute.KeyValue{semconv.HTTPResponseStatusCode(http.StatusOK)}, + attrs..., + )...)), + } + + mp := otel.GetMeterProvider() + m := mp.Meter( + ScopeName, + metric.WithInstrumentationVersion(Version), + metric.WithSchemaURL(SchemaURL), + ) + + var err error + + inflightMetric, e := otelconv.NewSDKExporterMetricDataPointInflight(m) + if e != nil { + e = fmt.Errorf("failed to create inflight metric: %w", e) + err = errors.Join(err, e) + } + i.inflightMetric = inflightMetric.Inst() + + exportedMetric, e := otelconv.NewSDKExporterMetricDataPointExported(m) + if e != nil { + e = fmt.Errorf("failed to create exported metric: %w", e) + err = errors.Join(err, e) + } + i.exportedMetric = exportedMetric.Inst() + + opDuration, e := otelconv.NewSDKExporterOperationDuration(m) + if e != nil { + e = fmt.Errorf("failed to create operation duration metric: %w", e) + err = errors.Join(err, e) + } + i.opDuration = opDuration.Inst() + + return i, err +} + +// BaseAttrs returns the base attributes for the exporter with the provided ID +// and endpoint. +// +// The id should be the unique exporter instance ID. It is used +// to set the "component.name" attribute. +// +// The endpoint is the HTTP endpoint the exporter is exporting to. It should be +// in the format "host[:port]". +func BaseAttrs(id int64, endpoint string) []attribute.KeyValue { + host, port, err := parseEndpoint(endpoint) + if err != nil || (host == "" && port < 0) { + if err != nil { + global.Debug("failed to parse endpoint", "endpoint", endpoint, "error", err) + } + return []attribute.KeyValue{ + semconv.OTelComponentName(ComponentName(id)), + semconv.OTelComponentTypeOtlpHTTPMetricExporter, + } + } + + // Do not use append so the slice is exactly allocated. + + if port < 0 { + return []attribute.KeyValue{ + semconv.OTelComponentName(ComponentName(id)), + semconv.OTelComponentTypeOtlpHTTPMetricExporter, + semconv.ServerAddress(host), + } + } + + if host == "" { + return []attribute.KeyValue{ + semconv.OTelComponentName(ComponentName(id)), + semconv.OTelComponentTypeOtlpHTTPMetricExporter, + semconv.ServerPort(port), + } + } + + return []attribute.KeyValue{ + semconv.OTelComponentName(ComponentName(id)), + semconv.OTelComponentTypeOtlpHTTPMetricExporter, + semconv.ServerAddress(host), + semconv.ServerPort(port), + } +} + +// parseEndpoint parses the host and port from endpoint that has the form +// "host[:port]", or it returns an error if the endpoint is not parsable. +// +// If no port is specified, -1 is returned. +// +// If no host is specified, an empty string is returned. +func parseEndpoint(endpoint string) (string, int, error) { + // First check if the endpoint is just an IP address. + if ip := parseIP(endpoint); ip != "" { + return ip, -1, nil + } + + // If there's no colon, there is no port (IPv6 with no port checked above). + if !strings.Contains(endpoint, ":") { + return endpoint, -1, nil + } + + // Otherwise, parse as host:port. + host, portStr, err := net.SplitHostPort(endpoint) + if err != nil { + return "", -1, fmt.Errorf("invalid host:port %q: %w", endpoint, err) + } + + const base, bitSize = 10, 16 + port16, err := strconv.ParseUint(portStr, base, bitSize) + if err != nil { + return "", -1, fmt.Errorf("invalid port %q: %w", portStr, err) + } + port := int(port16) // port is guaranteed to be in the range [0, 65535]. + + return host, port, nil +} + +// parseIP attempts to parse the entire endpoint as an IP address. +// It returns the normalized string form of the IP if successful, +// or an empty string if parsing fails. +func parseIP(ip string) string { + // Strip leading and trailing brackets for IPv6 addresses. + if len(ip) >= 2 && ip[0] == '[' && ip[len(ip)-1] == ']' { + ip = ip[1 : len(ip)-1] + } + addr, err := netip.ParseAddr(ip) + if err != nil { + return "" + } + // Return the normalized string form of the IP. + return addr.String() +} + +// ExportMetrics instruments the UploadMetrics method of the client. It returns an +// [ExportOp] that must have its [ExportOp.End] method called when the +// operation ends. +func (i *Instrumentation) ExportMetrics(ctx context.Context, rm *metricpb.ResourceMetrics) ExportOp { + start := time.Now() + + nMetrics := countDataPoints(rm) + + if i.inflightMetric.Enabled(ctx) { + addOpt := get[metric.AddOption](addOptPool) + defer put(addOptPool, addOpt) + *addOpt = append(*addOpt, i.addOpt) + i.inflightMetric.Add(ctx, nMetrics, *addOpt...) + } + + return ExportOp{ + ctx: ctx, + start: start, + nMetrics: nMetrics, + inst: i, + } +} + +// ExportOp tracks the export operation being observed by +// [Instrumentation.ExportMetrics]. +type ExportOp struct { + ctx context.Context + start time.Time + nMetrics int64 + + inst *Instrumentation +} + +// End completes the observation of the operation being observed by a call to +// [Instrumentation.ExportMetrics]. +// +// Any error that is encountered is provided as err. +// The HTTP status code from the response is provided as status. +// +// If err is not nil, all metrics will be recorded as failures unless error is of +// type [internal.PartialSuccess]. In the case of a PartialSuccess, the number +// of successfully exported metrics will be determined by inspecting the +// RejectedItems field of the PartialSuccess. +func (e ExportOp) End(err error, status int) { + addOpt := get[metric.AddOption](addOptPool) + defer put(addOptPool, addOpt) + *addOpt = append(*addOpt, e.inst.addOpt) + + if e.inst.inflightMetric.Enabled(e.ctx) { + e.inst.inflightMetric.Add(e.ctx, -e.nMetrics, *addOpt...) + } + + success := successful(e.nMetrics, err) + // Record successfully exported metrics, even if the value is 0 which are + // meaningful to distribution aggregations. + if e.inst.exportedMetric.Enabled(e.ctx) { + e.inst.exportedMetric.Add(e.ctx, success, *addOpt...) + } + + if err != nil && e.inst.exportedMetric.Enabled(e.ctx) { + attrs := get[attribute.KeyValue](measureAttrsPool) + defer put(measureAttrsPool, attrs) + *attrs = append(*attrs, e.inst.attrs...) + *attrs = append(*attrs, semconv.ErrorType(err)) + + // Do not inefficiently make a copy of attrs by using + // WithAttributes instead of WithAttributeSet. + o := metric.WithAttributeSet(attribute.NewSet(*attrs...)) + // Reset addOpt with new attribute set. + *addOpt = append((*addOpt)[:0], o) + + e.inst.exportedMetric.Add(e.ctx, e.nMetrics-success, *addOpt...) + } + + if e.inst.opDuration.Enabled(e.ctx) { + recOpt := get[metric.RecordOption](recordOptPool) + defer put(recordOptPool, recOpt) + *recOpt = append(*recOpt, e.inst.recordOption(err, status)) + + d := time.Since(e.start).Seconds() + e.inst.opDuration.Record(e.ctx, d, *recOpt...) + } +} + +// recordOption returns a RecordOption with attributes representing the +// outcome of the operation being recorded. +// +// If err is nil and status is 200, the default recOpt of the +// Instrumentation is returned. +// +// Otherwise, a new RecordOption is returned with the base attributes of the +// Instrumentation plus the http.response.status_code attribute set to the +// provided status (if non-zero), and if err is not nil, the error.type attribute set +// to the type of the error. +func (i *Instrumentation) recordOption(err error, status int) metric.RecordOption { + if err == nil && status == http.StatusOK { + return i.recOpt + } + + attrs := get[attribute.KeyValue](measureAttrsPool) + defer put(measureAttrsPool, attrs) + *attrs = append(*attrs, i.attrs...) + + if status != 0 { + *attrs = append(*attrs, semconv.HTTPResponseStatusCode(status)) + } + if err != nil { + *attrs = append(*attrs, semconv.ErrorType(err)) + } + + // Do not inefficiently make a copy of attrs by using WithAttributes + // instead of WithAttributeSet. + return metric.WithAttributeSet(attribute.NewSet(*attrs...)) +} + +// successful returns the number of successfully exported metrics out of the n +// that were exported based on the provided error. +// +// If err is nil, n is returned. All metrics were successfully exported. +// +// If err is not nil and not an [internal.PartialSuccess] error, 0 is returned. +// It is assumed all metrics failed to be exported. +// +// If err is an [internal.PartialSuccess] error, the number of successfully +// exported metrics is computed by subtracting the RejectedItems field from n. If +// RejectedItems is negative, n is returned. If RejectedItems is greater than +// n, 0 is returned. +func successful(n int64, err error) int64 { + if err == nil { + return n // All metrics successfully exported. + } + // Split rejection calculation so successful is inlinable. + return n - rejected(n, err) +} + +var errPartialPool = &sync.Pool{ + New: func() any { return new(internal.PartialSuccess) }, +} + +// rejected returns how many out of the n metrics were rejected based on the +// provided non-nil err. +func rejected(n int64, err error) int64 { + ps := errPartialPool.Get().(*internal.PartialSuccess) + defer errPartialPool.Put(ps) + // Check for partial success. + if errors.As(err, ps) { + // Bound RejectedItems to [0, n]. This should not be needed, + // but be defensive as this is from an external source. + return min(max(ps.RejectedItems, 0), n) + } + return n // All metrics rejected. +} diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/oconf/options.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/oconf/options.go index ed66bb0682..3fa7cbe5f6 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/oconf/options.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/oconf/options.go @@ -35,6 +35,9 @@ const ( // DefaultMetricsPath is a default URL path for endpoint that // receives metrics. DefaultMetricsPath string = "/v1/metrics" + // DefaultMaxRequestSize is the default maximum size of a serialized export + // request, before compression. + DefaultMaxRequestSize int = 64 * 1024 * 1024 // DefaultBackoff is a default base backoff time used in the // exponential backoff strategy. DefaultBackoff time.Duration = 300 * time.Millisecond @@ -49,13 +52,14 @@ type ( HTTPTransportProxyFunc func(*http.Request) (*url.URL, error) SignalConfig struct { - Endpoint string - Insecure bool - TLSCfg *tls.Config - Headers map[string]string - Compression Compression - Timeout time.Duration - URLPath string + Endpoint string + Insecure bool + TLSCfg *tls.Config + Headers map[string]string + Compression Compression + MaxRequestSize int + Timeout time.Duration + URLPath string TemporalitySelector metric.TemporalitySelector AggregationSelector metric.AggregationSelector @@ -87,10 +91,11 @@ type ( func NewHTTPConfig(opts ...HTTPOption) Config { cfg := Config{ Metrics: SignalConfig{ - Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorHTTPPort), - URLPath: DefaultMetricsPath, - Compression: NoCompression, - Timeout: DefaultTimeout, + Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorHTTPPort), + URLPath: DefaultMetricsPath, + Compression: NoCompression, + MaxRequestSize: DefaultMaxRequestSize, + Timeout: DefaultTimeout, TemporalitySelector: metric.DefaultTemporalitySelector, AggregationSelector: metric.DefaultAggregationSelector, @@ -123,10 +128,11 @@ func cleanPath(urlPath string, defaultPath string) string { func NewGRPCConfig(opts ...GRPCOption) Config { cfg := Config{ Metrics: SignalConfig{ - Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorGRPCPort), - URLPath: DefaultMetricsPath, - Compression: NoCompression, - Timeout: DefaultTimeout, + Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorGRPCPort), + URLPath: DefaultMetricsPath, + Compression: NoCompression, + MaxRequestSize: DefaultMaxRequestSize, + Timeout: DefaultTimeout, TemporalitySelector: metric.DefaultTemporalitySelector, AggregationSelector: metric.DefaultAggregationSelector, @@ -354,6 +360,13 @@ func WithTimeout(duration time.Duration) GenericOption { }) } +func WithMaxRequestSize(size int) GenericOption { + return newGenericOption(func(cfg Config) Config { + cfg.Metrics.MaxRequestSize = size + return cfg + }) +} + func WithTemporalitySelector(selector metric.TemporalitySelector) GenericOption { return newGenericOption(func(cfg Config) Config { cfg.Metrics.TemporalitySelector = selector diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/transform/attribute.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/transform/attribute.go index 9e3d8da1ee..6a91ff2af2 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/transform/attribute.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/transform/attribute.go @@ -81,6 +81,16 @@ func Value(v attribute.Value) *cpb.AnyValue { av.Value = &cpb.AnyValue_StringValue{ StringValue: v.AsString(), } + case attribute.BYTESLICE: + av.Value = &cpb.AnyValue_BytesValue{ + BytesValue: v.AsByteSlice(), + } + case attribute.SLICE: + av.Value = &cpb.AnyValue_ArrayValue{ + ArrayValue: &cpb.ArrayValue{ + Values: attrValues(v.AsSlice()), + }, + } case attribute.STRINGSLICE: av.Value = &cpb.AnyValue_ArrayValue{ ArrayValue: &cpb.ArrayValue{ @@ -143,3 +153,11 @@ func stringSliceValues(vals []string) []*cpb.AnyValue { } return converted } + +func attrValues(vals []attribute.Value) []*cpb.AnyValue { + converted := make([]*cpb.AnyValue, len(vals)) + for i, v := range vals { + converted[i] = Value(v) + } + return converted +} diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/version.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/version.go new file mode 100644 index 0000000000..103ac79d0e --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/version.go @@ -0,0 +1,8 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package internal // import "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal" + +// Version is the current release version of the OpenTelemetry OTLP HTTP metric +// exporter in use. +const Version = "1.44.0" diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x/README.md b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x/README.md new file mode 100644 index 0000000000..ef239cbae0 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x/README.md @@ -0,0 +1,36 @@ +# Experimental Features + +The `otlpmetrichttp` exporter contains features that have not yet stabilized in the OpenTelemetry specification. +These features are added to the `otlpmetrichttp` exporter prior to stabilization in the specification so that users can start experimenting with them and provide feedback. + +These features may change in backwards incompatible ways as feedback is applied. +See the [Compatibility and Stability](#compatibility-and-stability) section for more information. + +## Features + +- [Observability](#observability) + +### Observability + +The `otlpmetrichttp` exporter can be configured to provide observability about itself using OpenTelemetry metrics. + +To opt-in, set the environment variable `OTEL_GO_X_OBSERVABILITY` to `true`. + +When enabled, the exporter will create the following metrics using the global `MeterProvider`: + +- `otel.sdk.exporter.metric_data_point.inflight` +- `otel.sdk.exporter.metric_data_point.exported` +- `otel.sdk.exporter.operation.duration` + +Please see the [Semantic conventions for OpenTelemetry SDK metrics] documentation for more details on these metrics. + +[Semantic conventions for OpenTelemetry SDK metrics]: https://github.com/open-telemetry/semantic-conventions/blob/v1.41.0/docs/otel/sdk-metrics.md + +## Compatibility and Stability + +Experimental features do not fall within the scope of the OpenTelemetry Go versioning and stability [policy](../../../../../../VERSIONING.md). +These features may be removed or modified in successive version releases, including patch versions. + +When an experimental feature is promoted to a stable feature, a migration path will be included in the changelog entry of the release. +There is no guarantee that any environment variable feature flags that enabled the experimental feature will be supported by the stable version. +If they are supported, they may be accompanied with a deprecation notice stating a timeline for the removal of that support. diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x/observ.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x/observ.go new file mode 100644 index 0000000000..296946a3b7 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x/observ.go @@ -0,0 +1,22 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package x // import "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x" + +import "strings" + +// Observability is an experimental feature flag that determines if exporter +// observability metrics are enabled. +// +// To enable this feature set the OTEL_GO_X_OBSERVABILITY environment variable +// to the case-insensitive string value of "true" (i.e. "True" and "TRUE" +// will also enable this). +var Observability = newFeature( + []string{"OBSERVABILITY"}, + func(v string) (string, bool) { + if strings.EqualFold(v, "true") { + return v, true + } + return "", false + }, +) diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x/x.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x/x.go new file mode 100644 index 0000000000..663375f63a --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x/x.go @@ -0,0 +1,58 @@ +// Code generated by gotmpl. DO NOT MODIFY. +// source: internal/shared/x/x.go.tmpl + +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Package x documents experimental features for [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x]. +package x // import "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x" + +import ( + "os" +) + +// Feature is an experimental feature control flag. It provides a uniform way +// to interact with these feature flags and parse their values. +type Feature[T any] struct { + keys []string + parse func(v string) (T, bool) +} + +func newFeature[T any](suffix []string, parse func(string) (T, bool)) Feature[T] { + const envKeyRoot = "OTEL_GO_X_" + keys := make([]string, 0, len(suffix)) + for _, s := range suffix { + keys = append(keys, envKeyRoot+s) + } + return Feature[T]{ + keys: keys, + parse: parse, + } +} + +// Keys returns the environment variable keys that can be set to enable the +// feature. +func (f Feature[T]) Keys() []string { return f.keys } + +// Lookup returns the user configured value for the feature and true if the +// user has enabled the feature. Otherwise, if the feature is not enabled, a +// zero-value and false are returned. +func (f Feature[T]) Lookup() (v T, ok bool) { + // https://github.com/open-telemetry/opentelemetry-specification/blob/62effed618589a0bec416a87e559c0a9d96289bb/specification/configuration/sdk-environment-variables.md#parsing-empty-value + // + // > The SDK MUST interpret an empty value of an environment variable the + // > same way as when the variable is unset. + for _, key := range f.keys { + vRaw := os.Getenv(key) + if vRaw != "" { + return f.parse(vRaw) + } + } + return v, ok +} + +// Enabled reports whether the feature is enabled. +func (f Feature[T]) Enabled() bool { + _, ok := f.Lookup() + return ok +} diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform/attribute.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform/attribute.go index 12e243e042..0d43a5dc5b 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform/attribute.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform/attribute.go @@ -87,6 +87,16 @@ func Value(v attribute.Value) *commonpb.AnyValue { av.Value = &commonpb.AnyValue_StringValue{ StringValue: v.AsString(), } + case attribute.BYTESLICE: + av.Value = &commonpb.AnyValue_BytesValue{ + BytesValue: v.AsByteSlice(), + } + case attribute.SLICE: + av.Value = &commonpb.AnyValue_ArrayValue{ + ArrayValue: &commonpb.ArrayValue{ + Values: values(v.AsSlice()), + }, + } case attribute.STRINGSLICE: av.Value = &commonpb.AnyValue_ArrayValue{ ArrayValue: &commonpb.ArrayValue{ @@ -149,3 +159,11 @@ func stringSliceValues(vals []string) []*commonpb.AnyValue { } return converted } + +func values(vals []attribute.Value) []*commonpb.AnyValue { + converted := make([]*commonpb.AnyValue, len(vals)) + for i, v := range vals { + converted[i] = Value(v) + } + return converted +} diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go index 258d0ca6a5..e8b33d3fa5 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go @@ -6,6 +6,7 @@ package otlptracegrpc // import "go.opentelemetry.io/otel/exporters/otlp/otlptra import ( "context" "errors" + "fmt" "sync" "time" @@ -16,6 +17,7 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" "go.opentelemetry.io/otel/exporters/otlp/otlptrace" "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal" @@ -26,11 +28,12 @@ import ( ) type client struct { - endpoint string - dialOpts []grpc.DialOption - metadata metadata.MD - exportTimeout time.Duration - requestFunc retry.RequestFunc + endpoint string + dialOpts []grpc.DialOption + metadata metadata.MD + exportTimeout time.Duration + maxRequestSize int + requestFunc retry.RequestFunc // stopCtx is used as a parent context for all exports. Therefore, when it // is canceled with the stopFunc all exports are canceled. @@ -65,14 +68,15 @@ func newClient(opts ...Option) *client { ctx, cancel := context.WithCancel(context.Background()) //nolint:gosec // cancel called in client shutdown. c := &client{ - endpoint: cfg.Traces.Endpoint, - exportTimeout: cfg.Traces.Timeout, - requestFunc: cfg.RetryConfig.RequestFunc(retryable), - dialOpts: cfg.DialOptions, - stopCtx: ctx, - stopFunc: cancel, - conn: cfg.GRPCConn, - instID: counter.NextExporterID(), + endpoint: cfg.Traces.Endpoint, + exportTimeout: cfg.Traces.Timeout, + maxRequestSize: cfg.Traces.MaxRequestSize, + requestFunc: cfg.RetryConfig.RequestFunc(retryable), + dialOpts: cfg.DialOptions, + stopCtx: ctx, + stopFunc: cancel, + conn: cfg.GRPCConn, + instID: counter.NextExporterID(), } if len(cfg.Traces.Headers) > 0 { @@ -205,16 +209,28 @@ func (c *client) UploadTraces(ctx context.Context, protoSpans []*tracepb.Resourc ctx, cancel := c.exportContext(ctx) defer cancel() - var code codes.Code + pbRequest := &coltracepb.ExportTraceServiceRequest{ + ResourceSpans: protoSpans, + } + + code := codes.Unknown if c.inst != nil { - op := c.inst.ExportSpans(ctx, len(protoSpans)) + var spanCount int + for _, rs := range protoSpans { + for _, ss := range rs.ScopeSpans { + spanCount += len(ss.Spans) + } + } + op := c.inst.ExportSpans(ctx, spanCount) defer func() { op.End(uploadErr, code) }() } + if maxSize := c.maxRequestSize; maxSize > 0 && proto.Size(pbRequest) > maxSize { + return fmt.Errorf("request message too large: exceeded %d bytes", maxSize) + } + return c.requestFunc(ctx, func(iCtx context.Context) error { - resp, err := c.tsc.Export(iCtx, &coltracepb.ExportTraceServiceRequest{ - ResourceSpans: protoSpans, - }) + resp, err := c.tsc.Export(iCtx, pbRequest) if resp != nil && resp.PartialSuccess != nil { msg := resp.PartialSuccess.GetErrorMessage() n := resp.PartialSuccess.GetRejectedSpans() diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/observ/instrumentation.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/observ/instrumentation.go index a84733174e..676a93514b 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/observ/instrumentation.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/observ/instrumentation.go @@ -18,8 +18,8 @@ import ( "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/x" "go.opentelemetry.io/otel/internal/global" "go.opentelemetry.io/otel/metric" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" - "go.opentelemetry.io/otel/semconv/v1.40.0/otelconv" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" + "go.opentelemetry.io/otel/semconv/v1.41.0/otelconv" ) const ( @@ -72,6 +72,7 @@ var ( func get[T any](p *sync.Pool) *[]T { return p.Get().(*[]T) } func put[T any](p *sync.Pool, s *[]T) { + clear(*s) // erase elements to allow GC to collect what they refer to. *s = (*s)[:0] // Reset. p.Put(s) } @@ -339,7 +340,10 @@ var errPartialPool = &sync.Pool{ // the provided non-nil err. func rejected(n int64, err error) int64 { ps := errPartialPool.Get().(*internal.PartialSuccess) - defer errPartialPool.Put(ps) + defer func() { + *ps = internal.PartialSuccess{} // erase fields to allow GC to collect them. + errPartialPool.Put(ps) + }() // Check for partial success. if errors.As(err, ps) { // Bound RejectedItems to [0, n]. This should not be needed, diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/options.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/options.go index 4f47117a58..d940b67625 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/options.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/options.go @@ -31,6 +31,9 @@ const ( // DefaultTracesPath is a default URL path for endpoint that // receives spans. DefaultTracesPath string = "/v1/traces" + // DefaultMaxRequestSize is the default maximum size of a serialized export + // request, before compression. + DefaultMaxRequestSize int = 64 * 1024 * 1024 // DefaultTimeout is a default max waiting time for the backend to process // each span batch. DefaultTimeout time.Duration = 10 * time.Second @@ -42,13 +45,14 @@ type ( HTTPTransportProxyFunc func(*http.Request) (*url.URL, error) SignalConfig struct { - Endpoint string - Insecure bool - TLSCfg *tls.Config - Headers map[string]string - Compression Compression - Timeout time.Duration - URLPath string + Endpoint string + Insecure bool + TLSCfg *tls.Config + Headers map[string]string + Compression Compression + MaxRequestSize int + Timeout time.Duration + URLPath string // gRPC configurations GRPCCredentials credentials.TransportCredentials @@ -77,10 +81,11 @@ type ( func NewHTTPConfig(opts ...HTTPOption) Config { cfg := Config{ Traces: SignalConfig{ - Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorHTTPPort), - URLPath: DefaultTracesPath, - Compression: NoCompression, - Timeout: DefaultTimeout, + Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorHTTPPort), + URLPath: DefaultTracesPath, + Compression: NoCompression, + MaxRequestSize: DefaultMaxRequestSize, + Timeout: DefaultTimeout, }, RetryConfig: retry.DefaultConfig, } @@ -111,10 +116,11 @@ func NewGRPCConfig(opts ...GRPCOption) Config { userAgent := "OTel OTLP Exporter Go/" + otlptrace.Version() cfg := Config{ Traces: SignalConfig{ - Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorGRPCPort), - URLPath: DefaultTracesPath, - Compression: NoCompression, - Timeout: DefaultTimeout, + Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorGRPCPort), + URLPath: DefaultTracesPath, + Compression: NoCompression, + MaxRequestSize: DefaultMaxRequestSize, + Timeout: DefaultTimeout, }, RetryConfig: retry.DefaultConfig, DialOptions: []grpc.DialOption{grpc.WithUserAgent(userAgent)}, @@ -345,6 +351,13 @@ func WithTimeout(duration time.Duration) GenericOption { }) } +func WithMaxRequestSize(size int) GenericOption { + return newGenericOption(func(cfg Config) Config { + cfg.Traces.MaxRequestSize = size + return cfg + }) +} + func WithProxy(pf HTTPTransportProxyFunc) GenericOption { return newGenericOption(func(cfg Config) Config { cfg.Traces.Proxy = pf diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/version.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/version.go index 7a1c420ecb..28e51e443f 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/version.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/version.go @@ -5,4 +5,4 @@ package internal // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/ot // Version is the current release version of the OpenTelemetry OTLP gRPC trace // exporter in use. -const Version = "1.43.0" +const Version = "1.44.0" diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/options.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/options.go index 2da2298701..b320060525 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/options.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/options.go @@ -192,6 +192,16 @@ func WithTimeout(duration time.Duration) Option { return wrappedOption{otlpconfig.WithTimeout(duration)} } +// WithMaxRequestSize sets the maximum size, in bytes, of a serialized export +// request, before compression, that the exporter will send. +// +// If size is less than or equal to zero, no request-size limit is applied. +// Disabling the limit is not recommended because it can lead to excessive +// resource consumption or abuse. +func WithMaxRequestSize(size int) Option { + return wrappedOption{otlpconfig.WithMaxRequestSize(size)} +} + // WithRetry sets the retry policy for transient retryable errors that may be // returned by the target endpoint when exporting a batch of spans. // diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go index 4ae569ff4b..f81098b381 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go @@ -143,9 +143,9 @@ func (c *client) Start(ctx context.Context) error { } // Stop shuts down the client and interrupt any in-flight request. -func (d *client) Stop(ctx context.Context) error { - d.stopOnce.Do(func() { - close(d.stopCh) +func (c *client) Stop(ctx context.Context) error { + c.stopOnce.Do(func() { + close(c.stopCh) }) select { case <-ctx.Done(): @@ -156,7 +156,7 @@ func (d *client) Stop(ctx context.Context) error { } // UploadTraces sends a batch of spans to the collector. -func (d *client) UploadTraces(ctx context.Context, protoSpans []*tracepb.ResourceSpans) (uploadErr error) { +func (c *client) UploadTraces(ctx context.Context, protoSpans []*tracepb.ResourceSpans) (uploadErr error) { pbRequest := &coltracepb.ExportTraceServiceRequest{ ResourceSpans: protoSpans, } @@ -165,30 +165,41 @@ func (d *client) UploadTraces(ctx context.Context, protoSpans []*tracepb.Resourc return err } - ctx, cancel := d.contextWithStop(ctx) + ctx, cancel := c.contextWithStop(ctx) defer cancel() - request, err := d.newRequest(rawRequest) + if maxSize := c.cfg.MaxRequestSize; maxSize > 0 && len(rawRequest) > maxSize { + return fmt.Errorf("request body too large: exceeded %d bytes", maxSize) + } + + request, err := c.newRequest(rawRequest) if err != nil { return err } var statusCode int - if d.inst != nil { - op := d.inst.ExportSpans(ctx, len(protoSpans)) + if c.inst != nil { + var spanCount int + for _, rs := range protoSpans { + for _, ss := range rs.ScopeSpans { + spanCount += len(ss.Spans) + } + } + op := c.inst.ExportSpans(ctx, spanCount) defer func() { op.End(uploadErr, statusCode) }() } - return errors.Join(uploadErr, d.requestFunc(ctx, func(ctx context.Context) error { + return errors.Join(uploadErr, c.requestFunc(ctx, func(ctx context.Context) error { select { case <-ctx.Done(): return ctx.Err() default: } + statusCode = 0 request.reset(ctx) // nolint:gosec // URL is constructed from validated OTLP endpoint configuration - resp, err := d.client.Do(request.Request) + resp, err := c.client.Do(request.Request) var urlErr *url.Error if errors.As(err, &urlErr) && urlErr.Temporary() { return newResponseError(http.Header{}, err) @@ -272,8 +283,8 @@ func (d *client) UploadTraces(ctx context.Context, protoSpans []*tracepb.Resourc })) } -func (d *client) newRequest(body []byte) (request, error) { - u := url.URL{Scheme: d.getScheme(), Host: d.cfg.Endpoint, Path: d.cfg.URLPath} +func (c *client) newRequest(body []byte) (request, error) { + u := url.URL{Scheme: c.getScheme(), Host: c.cfg.Endpoint, Path: c.cfg.URLPath} r, err := http.NewRequestWithContext(context.Background(), http.MethodPost, u.String(), http.NoBody) if err != nil { return request{Request: r}, err @@ -282,13 +293,13 @@ func (d *client) newRequest(body []byte) (request, error) { userAgent := "OTel OTLP Exporter Go/" + otlptrace.Version() r.Header.Set("User-Agent", userAgent) - for k, v := range d.cfg.Headers { + for k, v := range c.cfg.Headers { r.Header.Set(k, v) } r.Header.Set("Content-Type", contentTypeProto) req := request{Request: r} - switch Compression(d.cfg.Compression) { + switch Compression(c.cfg.Compression) { case NoCompression: r.ContentLength = int64(len(body)) req.bodyReader = bodyReader(body) @@ -299,7 +310,10 @@ func (d *client) newRequest(body []byte) (request, error) { r.Header.Set("Content-Encoding", "gzip") gz := gzPool.Get().(*gzip.Writer) - defer gzPool.Put(gz) + defer func() { + gz.Reset(io.Discard) + gzPool.Put(gz) + }() var b bytes.Buffer gz.Reset(&b) @@ -320,15 +334,15 @@ func (d *client) newRequest(body []byte) (request, error) { } // MarshalLog is the marshaling function used by the logging system to represent this Client. -func (d *client) MarshalLog() any { +func (c *client) MarshalLog() any { return struct { Type string Endpoint string Insecure bool }{ Type: "otlptracehttp", - Endpoint: d.cfg.Endpoint, - Insecure: d.cfg.Insecure, + Endpoint: c.cfg.Endpoint, + Insecure: c.cfg.Insecure, } } @@ -425,14 +439,14 @@ func evaluate(err error) (bool, time.Duration) { return true, time.Duration(rErr.throttle) } -func (d *client) getScheme() string { - if d.cfg.Insecure { +func (c *client) getScheme() string { + if c.cfg.Insecure { return "http" } return "https" } -func (d *client) contextWithStop(ctx context.Context) (context.Context, context.CancelFunc) { +func (c *client) contextWithStop(ctx context.Context) (context.Context, context.CancelFunc) { // Unify the parent context Done signal with the client's stop // channel. ctx, cancel := context.WithCancel(ctx) @@ -441,7 +455,7 @@ func (d *client) contextWithStop(ctx context.Context) (context.Context, context. case <-ctx.Done(): // Nothing to do, either cancelled or deadline // happened. - case <-d.stopCh: + case <-c.stopCh: cancel() } }(ctx, cancel) diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/observ/instrumentation.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/observ/instrumentation.go index 3f2556e7a6..1f4fc55c6f 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/observ/instrumentation.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/observ/instrumentation.go @@ -23,8 +23,8 @@ import ( "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/x" "go.opentelemetry.io/otel/internal/global" "go.opentelemetry.io/otel/metric" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" - "go.opentelemetry.io/otel/semconv/v1.40.0/otelconv" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" + "go.opentelemetry.io/otel/semconv/v1.41.0/otelconv" ) const ( @@ -77,6 +77,7 @@ var ( func get[T any](p *sync.Pool) *[]T { return p.Get().(*[]T) } func put[T any](p *sync.Pool, s *[]T) { + clear(*s) // erase elements to allow GC to collect what they refer to. *s = (*s)[:0] // Reset. p.Put(s) } @@ -167,7 +168,7 @@ func NewInstrumentation(id int64, endpoint string) (*Instrumentation, error) { // to set the "component.name" attribute. // // The endpoint is the HTTP endpoint the exporter is exporting to. It should be -// in the format "host:port" or a full URL. +// in the format "host[:port]". func BaseAttrs(id int64, endpoint string) []attribute.KeyValue { host, port, err := parseEndpoint(endpoint) if err != nil || (host == "" && port < 0) { @@ -345,7 +346,7 @@ func (e ExportOp) End(err error, status int) { // // Otherwise, a new RecordOption is returned with the base attributes of the // Instrumentation plus the http.response.status_code attribute set to the -// provided status, and if err is not nil, the error.type attribute set +// provided status (if non-zero), and if err is not nil, the error.type attribute set // to the type of the error. func (i *Instrumentation) recordOption(err error, status int) metric.RecordOption { if err == nil && status == http.StatusOK { @@ -356,7 +357,9 @@ func (i *Instrumentation) recordOption(err error, status int) metric.RecordOptio defer put(measureAttrsPool, attrs) *attrs = append(*attrs, i.attrs...) - *attrs = append(*attrs, semconv.HTTPResponseStatusCode(status)) + if status != 0 { + *attrs = append(*attrs, semconv.HTTPResponseStatusCode(status)) + } if err != nil { *attrs = append(*attrs, semconv.ErrorType(err)) } @@ -394,7 +397,10 @@ var errPartialPool = &sync.Pool{ // the provided non-nil err. func rejected(n int64, err error) int64 { ps := errPartialPool.Get().(*internal.PartialSuccess) - defer errPartialPool.Put(ps) + defer func() { + *ps = internal.PartialSuccess{} // erase fields to allow GC to collect them. + errPartialPool.Put(ps) + }() // Check for partial success. if errors.As(err, ps) { // Bound RejectedItems to [0, n]. This should not be needed, diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/otlpconfig/options.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/otlpconfig/options.go index e415feea6e..2abde66150 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/otlpconfig/options.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/otlpconfig/options.go @@ -31,6 +31,9 @@ const ( // DefaultTracesPath is a default URL path for endpoint that // receives spans. DefaultTracesPath string = "/v1/traces" + // DefaultMaxRequestSize is the default maximum size of a serialized export + // request, before compression. + DefaultMaxRequestSize int = 64 * 1024 * 1024 // DefaultTimeout is a default max waiting time for the backend to process // each span batch. DefaultTimeout time.Duration = 10 * time.Second @@ -42,13 +45,14 @@ type ( HTTPTransportProxyFunc func(*http.Request) (*url.URL, error) SignalConfig struct { - Endpoint string - Insecure bool - TLSCfg *tls.Config - Headers map[string]string - Compression Compression - Timeout time.Duration - URLPath string + Endpoint string + Insecure bool + TLSCfg *tls.Config + Headers map[string]string + Compression Compression + MaxRequestSize int + Timeout time.Duration + URLPath string // gRPC configurations GRPCCredentials credentials.TransportCredentials @@ -77,10 +81,11 @@ type ( func NewHTTPConfig(opts ...HTTPOption) Config { cfg := Config{ Traces: SignalConfig{ - Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorHTTPPort), - URLPath: DefaultTracesPath, - Compression: NoCompression, - Timeout: DefaultTimeout, + Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorHTTPPort), + URLPath: DefaultTracesPath, + Compression: NoCompression, + MaxRequestSize: DefaultMaxRequestSize, + Timeout: DefaultTimeout, }, RetryConfig: retry.DefaultConfig, } @@ -111,10 +116,11 @@ func NewGRPCConfig(opts ...GRPCOption) Config { userAgent := "OTel OTLP Exporter Go/" + otlptrace.Version() cfg := Config{ Traces: SignalConfig{ - Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorGRPCPort), - URLPath: DefaultTracesPath, - Compression: NoCompression, - Timeout: DefaultTimeout, + Endpoint: fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorGRPCPort), + URLPath: DefaultTracesPath, + Compression: NoCompression, + MaxRequestSize: DefaultMaxRequestSize, + Timeout: DefaultTimeout, }, RetryConfig: retry.DefaultConfig, DialOptions: []grpc.DialOption{grpc.WithUserAgent(userAgent)}, @@ -345,6 +351,13 @@ func WithTimeout(duration time.Duration) GenericOption { }) } +func WithMaxRequestSize(size int) GenericOption { + return newGenericOption(func(cfg Config) Config { + cfg.Traces.MaxRequestSize = size + return cfg + }) +} + func WithProxy(pf HTTPTransportProxyFunc) GenericOption { return newGenericOption(func(cfg Config) Config { cfg.Traces.Proxy = pf diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/version.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/version.go index 3e43f77113..882b671380 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/version.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/version.go @@ -5,4 +5,4 @@ package internal // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/ot // Version is the current release version of the OpenTelemetry OTLP HTTP trace // exporter in use. -const Version = "1.43.0" +const Version = "1.44.0" diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/options.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/options.go index cfe21dbfb0..291b5f9b64 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/options.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/options.go @@ -138,6 +138,16 @@ func WithTimeout(duration time.Duration) Option { return wrappedOption{otlpconfig.WithTimeout(duration)} } +// WithMaxRequestSize sets the maximum size, in bytes, of a serialized export +// request, before compression, that the exporter will send. +// +// If size is less than or equal to zero, no request-size limit is applied. +// Disabling the limit is not recommended because it can lead to excessive +// resource consumption or abuse. +func WithMaxRequestSize(size int) Option { + return wrappedOption{otlpconfig.WithMaxRequestSize(size)} +} + // WithRetry configures the retry policy for transient errors that may occurs // when exporting traces. An exponential back-off algorithm is used to ensure // endpoints are not overwhelmed with retries. If unset, the default retry diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/version.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/version.go index 087e95f7b8..d847210dba 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/version.go +++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/version.go @@ -5,5 +5,5 @@ package otlptrace // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace" // Version is the current release version of the OpenTelemetry OTLP trace exporter in use. func Version() string { - return "1.43.0" + return "1.44.0" } diff --git a/vendor/go.opentelemetry.io/otel/exporters/prometheus/exporter.go b/vendor/go.opentelemetry.io/otel/exporters/prometheus/exporter.go index 0f2259af38..bc01038937 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/prometheus/exporter.go +++ b/vendor/go.opentelemetry.io/otel/exporters/prometheus/exporter.go @@ -91,14 +91,18 @@ type collector struct { namespace string resourceAttributesFilter attribute.Filter - mu sync.Mutex // mu protects all members below from the concurrent access. + mu sync.Mutex disableTargetInfo bool targetInfo prometheus.Metric metricFamilies map[string]*dto.MetricFamily - resourceKeyVals keyVals - metricNamer otlptranslator.MetricNamer - labelNamer otlptranslator.LabelNamer - unitNamer otlptranslator.UnitNamer + + resourceKeyValsOnce sync.Once + resourceKeyVals keyVals + resourceKeyValsErr error + + metricNamer otlptranslator.MetricNamer + labelNamer otlptranslator.LabelNamer + unitNamer otlptranslator.UnitNamer inst *observ.Instrumentation @@ -178,7 +182,10 @@ func (c *collector) Collect(ch chan<- prometheus.Metric) { } metrics := metricsPool.Get().(*metricdata.ResourceMetrics) - defer metricsPool.Put(metrics) + defer func() { + *metrics = metricdata.ResourceMetrics{} // erase fields to allow GC to collect them. + metricsPool.Put(metrics) + }() endCollection := func(error) {} if c.inst != nil { @@ -226,11 +233,13 @@ func (c *collector) Collect(ch chan<- prometheus.Metric) { ch <- c.targetInfo } - if c.resourceAttributesFilter != nil && len(c.resourceKeyVals.keys) == 0 { - e := c.createResourceAttributes(metrics.Resource) - if e != nil { - otel.Handle(e) - err = errors.Join(err, fmt.Errorf("failed to createResourceAttributes: %w", e)) + if c.resourceAttributesFilter != nil { + c.resourceKeyValsOnce.Do(func() { + c.resourceKeyVals, c.resourceKeyValsErr = c.createResourceAttributes(metrics.Resource) + }) + if c.resourceKeyValsErr != nil { + otel.Handle(c.resourceKeyValsErr) + err = errors.Join(err, fmt.Errorf("failed to createResourceAttributes: %w", c.resourceKeyValsErr)) return } } @@ -242,7 +251,8 @@ func (c *collector) Collect(ch chan<- prometheus.Metric) { }) continue } - n := len(c.resourceKeyVals.keys) + 2 // resource attrs + scope name + scope version + // resource attributes + scope attributes + scope name + scope version + scope schema url + n := len(c.resourceKeyVals.keys) + 3 + scopeMetrics.Scope.Attributes.Len() kv := keyVals{ keys: make([]string, 0, n), vals: make([]string, 0, n), @@ -252,15 +262,12 @@ func (c *collector) Collect(ch chan<- prometheus.Metric) { kv.keys = append(kv.keys, scopeNameLabel, scopeVersionLabel, scopeSchemaLabel) kv.vals = append(kv.vals, scopeMetrics.Scope.Name, scopeMetrics.Scope.Version, scopeMetrics.Scope.SchemaURL) - attrKeys, attrVals, e := getAttrs(scopeMetrics.Scope.Attributes, c.labelNamer) + attrKeys, attrVals, e := getScopeAttrs(scopeMetrics.Scope.Attributes, c.labelNamer) if e != nil { reportError(ch, nil, e) - err = errors.Join(err, fmt.Errorf("failed to getAttrs for ScopeMetrics %d: %w", j, e)) + err = errors.Join(err, fmt.Errorf("failed to translate scope attributes for ScopeMetrics %d: %w", j, e)) continue } - for i := range attrKeys { - attrKeys[i] = scopeLabelPrefix + attrKeys[i] - } kv.keys = append(kv.keys, attrKeys...) kv.vals = append(kv.vals, attrVals...) } @@ -451,7 +458,8 @@ func addExponentialHistogramMetric[N int64 | float64]( scale, dp.ZeroThreshold, dp.StartTime, - values...) + values..., + ) if e != nil { reportError(ch, desc, e) err = errors.Join( @@ -617,7 +625,7 @@ func getAttrs(attrs attribute.Set, labelNamer otlptranslator.LabelNamer) ([]stri for itr.Next() { kv := itr.Attribute() keys = append(keys, string(kv.Key)) - values = append(values, kv.Value.Emit()) + values = append(values, kv.Value.String()) } } else { // It sanitizes invalid characters and handles duplicate keys @@ -631,10 +639,10 @@ func getAttrs(attrs attribute.Set, labelNamer otlptranslator.LabelNamer) ([]stri return nil, nil, err } if _, ok := keysMap[key]; !ok { - keysMap[key] = []string{kv.Value.Emit()} + keysMap[key] = []string{kv.Value.String()} } else { // if the sanitized key is a duplicate, append to the list of keys - keysMap[key] = append(keysMap[key], kv.Value.Emit()) + keysMap[key] = append(keysMap[key], kv.Value.String()) } } for key, vals := range keysMap { @@ -646,6 +654,56 @@ func getAttrs(attrs attribute.Set, labelNamer otlptranslator.LabelNamer) ([]stri return keys, values, nil } +func getScopeAttrs(attrs attribute.Set, labelNamer otlptranslator.LabelNamer) ([]string, []string, error) { + keys := make([]string, 0, attrs.Len()) + values := make([]string, 0, attrs.Len()) + itr := attrs.Iter() + + if labelNamer.UTF8Allowed { + for itr.Next() { + kv := itr.Attribute() + key := string(kv.Key) + if isReservedScopeLabel(key) { + continue + } + keys = append(keys, scopeLabelPrefix+key) + values = append(values, kv.Value.String()) + } + return keys, values, nil + } + + keysMap := make(map[string][]string) + for itr.Next() { + kv := itr.Attribute() + key, err := labelNamer.Build(string(kv.Key)) + if err != nil { + // TODO(#7066) Handle this error better. + return nil, nil, err + } + if isReservedScopeLabel(key) { + continue + } + keysMap[key] = append(keysMap[key], kv.Value.String()) + } + + for key, vals := range keysMap { + keys = append(keys, scopeLabelPrefix+key) + slices.Sort(vals) + values = append(values, strings.Join(vals, ";")) + } + + return keys, values, nil +} + +func isReservedScopeLabel(key string) bool { + switch key { + case "name", "version", "schema_url": + return true + default: + return false + } +} + func (c *collector) createInfoMetric(name, description string, res *resource.Resource) (prometheus.Metric, error) { keys, values, err := getAttrs(*res.Set(), c.labelNamer) if err != nil { @@ -719,18 +777,14 @@ func (c *collector) namingMetricType(m metricdata.Metrics) otlptranslator.Metric return otlptranslator.MetricTypeUnknown } -func (c *collector) createResourceAttributes(res *resource.Resource) error { - c.mu.Lock() - defer c.mu.Unlock() - +func (c *collector) createResourceAttributes(res *resource.Resource) (keyVals, error) { resourceAttrs, _ := res.Set().Filter(c.resourceAttributesFilter) resourceKeys, resourceValues, err := getAttrs(resourceAttrs, c.labelNamer) if err != nil { - return err + return keyVals{}, err } - c.resourceKeyVals = keyVals{keys: resourceKeys, vals: resourceValues} - return nil + return keyVals{keys: resourceKeys, vals: resourceValues}, nil } func (c *collector) validateMetrics(name, description string, metricType *dto.MetricType) (drop bool, help string) { @@ -812,7 +866,7 @@ func attributesToLabels(attrs []attribute.KeyValue, labelNamer otlptranslator.La if err != nil { return nil, err } - labels[name] = attr.Value.Emit() + labels[name] = attr.Value.String() } return labels, nil } diff --git a/vendor/go.opentelemetry.io/otel/exporters/prometheus/internal/observ/instrumentation.go b/vendor/go.opentelemetry.io/otel/exporters/prometheus/internal/observ/instrumentation.go index bc6f33fe62..c995b982c6 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/prometheus/internal/observ/instrumentation.go +++ b/vendor/go.opentelemetry.io/otel/exporters/prometheus/internal/observ/instrumentation.go @@ -17,8 +17,8 @@ import ( "go.opentelemetry.io/otel/exporters/prometheus/internal" "go.opentelemetry.io/otel/exporters/prometheus/internal/x" "go.opentelemetry.io/otel/metric" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" - "go.opentelemetry.io/otel/semconv/v1.40.0/otelconv" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" + "go.opentelemetry.io/otel/semconv/v1.41.0/otelconv" ) const ( @@ -71,6 +71,7 @@ var ( func get[T any](p *sync.Pool) *[]T { return p.Get().(*[]T) } func put[T any](p *sync.Pool, s *[]T) { + clear(*s) // erase elements to allow GC to collect what they refer to. *s = (*s)[:0] // Reset. p.Put(s) } diff --git a/vendor/go.opentelemetry.io/otel/exporters/prometheus/internal/version.go b/vendor/go.opentelemetry.io/otel/exporters/prometheus/internal/version.go index a3527e265d..5616fe25a1 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/prometheus/internal/version.go +++ b/vendor/go.opentelemetry.io/otel/exporters/prometheus/internal/version.go @@ -6,4 +6,4 @@ package internal // import "go.opentelemetry.io/otel/exporters/prometheus/intern // Version is the current release version of the OpenTelemetry prometheus // exporter in use. -const Version = "0.65.0" +const Version = "0.66.0" diff --git a/vendor/go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal/observ/instrumentation.go b/vendor/go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal/observ/instrumentation.go index 901cc938c4..08e276786a 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal/observ/instrumentation.go +++ b/vendor/go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal/observ/instrumentation.go @@ -17,8 +17,8 @@ import ( "go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal" "go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal/x" "go.opentelemetry.io/otel/metric" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" - "go.opentelemetry.io/otel/semconv/v1.40.0/otelconv" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" + "go.opentelemetry.io/otel/semconv/v1.41.0/otelconv" ) const ( @@ -75,6 +75,7 @@ var ( func get[T any](p *sync.Pool) *[]T { return p.Get().(*[]T) } func put[T any](p *sync.Pool, s *[]T) { + clear(*s) *s = (*s)[:0] // Reset. p.Put(s) } diff --git a/vendor/go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal/version.go b/vendor/go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal/version.go index 78e618c47f..c22b38fd5e 100644 --- a/vendor/go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal/version.go +++ b/vendor/go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal/version.go @@ -5,4 +5,4 @@ package internal // import "go.opentelemetry.io/otel/exporters/stdout/stdouttrac // Version is the current release version of the OpenTelemetry stdouttrace // exporter in use. -const Version = "1.43.0" +const Version = "1.44.0" diff --git a/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go b/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go index 466812d343..1d21e2eb75 100644 --- a/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go +++ b/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go @@ -51,6 +51,9 @@ type Float64ObservableCounterConfig struct { func NewFloat64ObservableCounterConfig(opts ...Float64ObservableCounterOption) Float64ObservableCounterConfig { var config Float64ObservableCounterConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyFloat64ObservableCounter(config) } return config @@ -111,6 +114,9 @@ func NewFloat64ObservableUpDownCounterConfig( ) Float64ObservableUpDownCounterConfig { var config Float64ObservableUpDownCounterConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyFloat64ObservableUpDownCounter(config) } return config @@ -168,6 +174,9 @@ type Float64ObservableGaugeConfig struct { func NewFloat64ObservableGaugeConfig(opts ...Float64ObservableGaugeOption) Float64ObservableGaugeConfig { var config Float64ObservableGaugeConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyFloat64ObservableGauge(config) } return config diff --git a/vendor/go.opentelemetry.io/otel/metric/asyncint64.go b/vendor/go.opentelemetry.io/otel/metric/asyncint64.go index 66c971bd8a..9d45a4d416 100644 --- a/vendor/go.opentelemetry.io/otel/metric/asyncint64.go +++ b/vendor/go.opentelemetry.io/otel/metric/asyncint64.go @@ -50,6 +50,9 @@ type Int64ObservableCounterConfig struct { func NewInt64ObservableCounterConfig(opts ...Int64ObservableCounterOption) Int64ObservableCounterConfig { var config Int64ObservableCounterConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyInt64ObservableCounter(config) } return config @@ -110,6 +113,9 @@ func NewInt64ObservableUpDownCounterConfig( ) Int64ObservableUpDownCounterConfig { var config Int64ObservableUpDownCounterConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyInt64ObservableUpDownCounter(config) } return config @@ -167,6 +173,9 @@ type Int64ObservableGaugeConfig struct { func NewInt64ObservableGaugeConfig(opts ...Int64ObservableGaugeOption) Int64ObservableGaugeConfig { var config Int64ObservableGaugeConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyInt64ObservableGauge(config) } return config diff --git a/vendor/go.opentelemetry.io/otel/metric/config.go b/vendor/go.opentelemetry.io/otel/metric/config.go index e42dd6e70a..889545e235 100644 --- a/vendor/go.opentelemetry.io/otel/metric/config.go +++ b/vendor/go.opentelemetry.io/otel/metric/config.go @@ -42,11 +42,18 @@ type MeterOption interface { applyMeter(MeterConfig) MeterConfig } +type experimentalOption interface { + Experimental() +} + // NewMeterConfig creates a new MeterConfig and applies // all the given options. func NewMeterConfig(opts ...MeterOption) MeterConfig { var config MeterConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyMeter(config) } return config diff --git a/vendor/go.opentelemetry.io/otel/metric/doc.go b/vendor/go.opentelemetry.io/otel/metric/doc.go index f153745b00..794e1a8bae 100644 --- a/vendor/go.opentelemetry.io/otel/metric/doc.go +++ b/vendor/go.opentelemetry.io/otel/metric/doc.go @@ -24,10 +24,10 @@ all instruments fall into two overlapping logical categories: asynchronous or synchronous, and int64 or float64. All synchronous instruments ([Int64Counter], [Int64UpDownCounter], -[Int64Histogram], [Float64Counter], [Float64UpDownCounter], and -[Float64Histogram]) are used to measure the operation and performance of source -code during the source code execution. These instruments only make measurements -when the source code they instrument is run. +[Int64Histogram], [Int64Gauge], [Float64Counter], [Float64UpDownCounter], +[Float64Histogram], and [Float64Gauge]) are used to measure the operation and +performance of source code during the source code execution. These instruments +only make measurements when the source code they instrument is run. All asynchronous instruments ([Int64ObservableCounter], [Int64ObservableUpDownCounter], [Int64ObservableGauge], @@ -50,9 +50,11 @@ incrementally increase in value. UpDownCounters ([Int64UpDownCounter], values that can increase and decrease. When more information needs to be conveyed about all the synchronous measurements made during a collection cycle, a Histogram ([Int64Histogram] and [Float64Histogram]) should be used. Finally, -when just the most recent measurement needs to be conveyed about an -asynchronous measurement, a Gauge ([Int64ObservableGauge] and -[Float64ObservableGauge]) should be used. +when just the most recent measurement needs to be conveyed, a Gauge +([Int64Gauge], [Float64Gauge], [Int64ObservableGauge], and +[Float64ObservableGauge]) should be used: the synchronous variants record an +instantaneous value at a specific point in code, while the observable variants +sample the value via a callback once per collection cycle. See the [OpenTelemetry documentation] for more information about instruments and their intended use. @@ -80,11 +82,11 @@ Measurements are made by recording values and information about the values with an instrument. How these measurements are recorded depends on the instrument. Measurements for synchronous instruments ([Int64Counter], [Int64UpDownCounter], -[Int64Histogram], [Float64Counter], [Float64UpDownCounter], and -[Float64Histogram]) are recorded using the instrument methods directly. All -counter instruments have an Add method that is used to measure an increment -value, and all histogram instruments have a Record method to measure a data -point. +[Int64Histogram], [Int64Gauge], [Float64Counter], [Float64UpDownCounter], +[Float64Histogram], and [Float64Gauge]) are recorded using the instrument +methods directly. All counter instruments have an Add method that is used to +measure an increment value, and all histogram and synchronous gauge +instruments have a Record method to measure a data point. Asynchronous instruments ([Int64ObservableCounter], [Int64ObservableUpDownCounter], [Int64ObservableGauge], @@ -107,6 +109,31 @@ respectively): If the criteria are not met, use the RegisterCallback method of the [Meter] that created the instrument to register a [Callback]. +# Avoiding Expensive Computations + +All synchronous instruments provide an Enabled method that reports whether the +instrument will process measurements for the given context. When no SDK is +registered or the instrument is otherwise disabled, Enabled returns false. This +can be used to avoid expensive measurement work when a measurement will not be +recorded: + + if counter.Enabled(ctx) { + counter.Add(ctx, 1, metric.WithAttributes(expensiveAttributes()...)) + } + +This is especially valuable when computing attributes is expensive. +[WithAttributes] performs non-trivial work on every call to build an +[attribute.Set] from the provided attributes, and that work is wasted if the +measurement is not recorded. + +For performance sensitive code where the same attribute set is used repeatedly, +prefer [WithAttributeSet]. It accepts a pre-built [attribute.Set], letting you +pay the construction cost once and reuse it across many measurements: + + attrs := attribute.NewSet(attribute.String("key", "val")) + // ... later, on each call: + counter.Add(ctx, 1, metric.WithAttributeSet(attrs)) + # API Implementations This package does not conform to the standard Go versioning policy, all of its diff --git a/vendor/go.opentelemetry.io/otel/metric/instrument.go b/vendor/go.opentelemetry.io/otel/metric/instrument.go index 9f48d5f117..2e79ab5683 100644 --- a/vendor/go.opentelemetry.io/otel/metric/instrument.go +++ b/vendor/go.opentelemetry.io/otel/metric/instrument.go @@ -3,7 +3,9 @@ package metric // import "go.opentelemetry.io/otel/metric" -import "go.opentelemetry.io/otel/attribute" +import ( + "go.opentelemetry.io/otel/attribute" +) // Observable is used as a grouping mechanism for all instruments that are // updated within a Callback. @@ -228,6 +230,9 @@ type AddConfig struct { func NewAddConfig(opts []AddOption) AddConfig { config := AddConfig{attrs: *attribute.EmptySet()} for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyAdd(config) } return config @@ -253,6 +258,9 @@ type RecordConfig struct { func NewRecordConfig(opts []RecordOption) RecordConfig { config := RecordConfig{attrs: *attribute.EmptySet()} for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyRecord(config) } return config @@ -278,6 +286,9 @@ type ObserveConfig struct { func NewObserveConfig(opts []ObserveOption) ObserveConfig { config := ObserveConfig{attrs: *attribute.EmptySet()} for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyObserve(config) } return config @@ -299,6 +310,10 @@ type attrOpt struct { set attribute.Set } +func (o *attrOpt) Set(set attribute.Set) { + o.set = set +} + // mergeSets returns the union of keys between a and b. Any duplicate keys will // use the value associated with b. func mergeSets(a, b attribute.Set) attribute.Set { @@ -311,7 +326,7 @@ func mergeSets(a, b attribute.Set) attribute.Set { return attribute.NewSet(merged...) } -func (o attrOpt) applyAdd(c AddConfig) AddConfig { +func (o *attrOpt) applyAdd(c AddConfig) AddConfig { switch { case o.set.Len() == 0: case c.attrs.Len() == 0: @@ -322,7 +337,7 @@ func (o attrOpt) applyAdd(c AddConfig) AddConfig { return c } -func (o attrOpt) applyRecord(c RecordConfig) RecordConfig { +func (o *attrOpt) applyRecord(c RecordConfig) RecordConfig { switch { case o.set.Len() == 0: case c.attrs.Len() == 0: @@ -333,7 +348,7 @@ func (o attrOpt) applyRecord(c RecordConfig) RecordConfig { return c } -func (o attrOpt) applyObserve(c ObserveConfig) ObserveConfig { +func (o *attrOpt) applyObserve(c ObserveConfig) ObserveConfig { switch { case o.set.Len() == 0: case c.attrs.Len() == 0: @@ -350,8 +365,14 @@ func (o attrOpt) applyObserve(c ObserveConfig) ObserveConfig { // If multiple WithAttributeSet or WithAttributes options are passed the // attributes will be merged together in the order they are passed. Attributes // with duplicate keys will use the last value passed. +// +// Experimental: The returned option may implement +// [go.opentelemetry.io/otel/metric/x.Settable][attribute.Set], which can be +// used to replace the option's attribute set and reuse the option without +// additional allocations. This behavior is experimental and may be changed or +// removed in a future release without notice. func WithAttributeSet(attributes attribute.Set) MeasurementOption { - return attrOpt{set: attributes} + return &attrOpt{set: attributes} } // WithAttributes converts attributes into an attribute Set and sets the Set to @@ -369,8 +390,14 @@ func WithAttributeSet(attributes attribute.Set) MeasurementOption { // // See [WithAttributeSet] for information about how multiple WithAttributes are // merged. +// +// Experimental: The returned option may implement +// [go.opentelemetry.io/otel/metric/x.Settable][[]attribute.KeyValue], which can be +// used to replace the option's attributes and reuse the option without +// additional allocations. This behavior is experimental and may be changed or +// removed in a future release without notice. func WithAttributes(attributes ...attribute.KeyValue) MeasurementOption { cp := make([]attribute.KeyValue, len(attributes)) copy(cp, attributes) - return attrOpt{set: attribute.NewSet(cp...)} + return &attrOpt{set: attribute.NewSet(cp...)} } diff --git a/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go b/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go index abb3051d7f..2101f686ae 100644 --- a/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go +++ b/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go @@ -51,6 +51,9 @@ type Float64CounterConfig struct { func NewFloat64CounterConfig(opts ...Float64CounterOption) Float64CounterConfig { var config Float64CounterConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyFloat64Counter(config) } return config @@ -116,6 +119,9 @@ type Float64UpDownCounterConfig struct { func NewFloat64UpDownCounterConfig(opts ...Float64UpDownCounterOption) Float64UpDownCounterConfig { var config Float64UpDownCounterConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyFloat64UpDownCounter(config) } return config @@ -182,6 +188,9 @@ type Float64HistogramConfig struct { func NewFloat64HistogramConfig(opts ...Float64HistogramOption) Float64HistogramConfig { var config Float64HistogramConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyFloat64Histogram(config) } return config @@ -251,6 +260,9 @@ type Float64GaugeConfig struct { func NewFloat64GaugeConfig(opts ...Float64GaugeOption) Float64GaugeConfig { var config Float64GaugeConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyFloat64Gauge(config) } return config diff --git a/vendor/go.opentelemetry.io/otel/metric/syncint64.go b/vendor/go.opentelemetry.io/otel/metric/syncint64.go index 5bbfaf0397..425c1a0d51 100644 --- a/vendor/go.opentelemetry.io/otel/metric/syncint64.go +++ b/vendor/go.opentelemetry.io/otel/metric/syncint64.go @@ -51,6 +51,9 @@ type Int64CounterConfig struct { func NewInt64CounterConfig(opts ...Int64CounterOption) Int64CounterConfig { var config Int64CounterConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyInt64Counter(config) } return config @@ -116,6 +119,9 @@ type Int64UpDownCounterConfig struct { func NewInt64UpDownCounterConfig(opts ...Int64UpDownCounterOption) Int64UpDownCounterConfig { var config Int64UpDownCounterConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyInt64UpDownCounter(config) } return config @@ -182,6 +188,9 @@ type Int64HistogramConfig struct { func NewInt64HistogramConfig(opts ...Int64HistogramOption) Int64HistogramConfig { var config Int64HistogramConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyInt64Histogram(config) } return config @@ -251,6 +260,9 @@ type Int64GaugeConfig struct { func NewInt64GaugeConfig(opts ...Int64GaugeOption) Int64GaugeConfig { var config Int64GaugeConfig for _, o := range opts { + if _, ok := o.(experimentalOption); ok { + continue + } config = o.applyInt64Gauge(config) } return config diff --git a/vendor/go.opentelemetry.io/otel/propagation/baggage.go b/vendor/go.opentelemetry.io/otel/propagation/baggage.go index 2ecca3fed1..d81b709a2c 100644 --- a/vendor/go.opentelemetry.io/otel/propagation/baggage.go +++ b/vendor/go.opentelemetry.io/otel/propagation/baggage.go @@ -5,6 +5,9 @@ package propagation // import "go.opentelemetry.io/otel/propagation" import ( "context" + "errors" + "fmt" + "sync" "go.opentelemetry.io/otel/baggage" "go.opentelemetry.io/otel/internal/errorhandler" @@ -13,11 +16,18 @@ import ( const ( baggageHeader = "baggage" + maxParseErrors = 5 + // W3C Baggage specification limits. // https://www.w3.org/TR/baggage/#limits - maxMembers = 64 + maxMembers = 64 + maxBytesPerBaggageString = 8192 ) +// handleExtractErrOnce limits error reporting for attacker-controlled baggage headers +// to one process-wide emission, preventing repeated extraction from flooding logs. +var handleExtractErrOnce sync.Once + // Baggage is a propagator that supports the W3C Baggage format. // // This propagates user-defined baggage associated with a trace. The complete @@ -57,7 +67,9 @@ func extractSingleBaggage(parent context.Context, carrier TextMapCarrier) contex bag, err := baggage.Parse(bStr) if err != nil { - errorhandler.GetErrorHandler().Handle(err) + handleExtractErrOnce.Do(func() { + errorhandler.GetErrorHandler().Handle(err) + }) } if bag.Len() == 0 { return parent @@ -72,24 +84,60 @@ func extractMultiBaggage(parent context.Context, carrier ValuesGetter) context.C } var members []baggage.Member - for _, bStr := range bVals { - currBag, err := baggage.Parse(bStr) - if err != nil { - errorhandler.GetErrorHandler().Handle(err) + var totalBytes int + var parseErrors int + var truncateErr error + for i, bStr := range bVals { + if i > 0 { + totalBytes++ // comma separator between combined header values } - if currBag.Len() == 0 { - continue + totalBytes += len(bStr) + if totalBytes > maxBytesPerBaggageString { + // Per the W3C Baggage spec, the byte limit applies to the + // combination of all baggage headers, not each header + // individually. Mirror the single-header behavior of + // reporting the error and returning the parent context + // with no baggage attached. + handleExtractErrOnce.Do(func() { + errorhandler.GetErrorHandler().Handle(fmt.Errorf( + "baggage: aggregate header size %d exceeds %d byte limit", + totalBytes, + maxBytesPerBaggageString, + )) + }) + return parent } - members = append(members, currBag.Members()...) - if len(members) >= maxMembers { - break + + // If members exceed the limit, stop parsing baggage. + if len(members) <= maxMembers { + currBag, err := baggage.Parse(bStr) + if err != nil { + parseErrors++ + if parseErrors <= maxParseErrors { + truncateErr = errors.Join(truncateErr, err) + } + } + if currBag.Len() == 0 { + continue + } + members = append(members, currBag.Members()...) } } + if dropped := parseErrors - maxParseErrors; dropped > 0 { + truncateErr = errors.Join(truncateErr, fmt.Errorf("and %d more error(s)", dropped)) + } + b, err := baggage.New(members...) if err != nil { - errorhandler.GetErrorHandler().Handle(err) + truncateErr = errors.Join(truncateErr, err) } + if truncateErr != nil { + handleExtractErrOnce.Do(func() { + errorhandler.GetErrorHandler().Handle(truncateErr) + }) + } + if b.Len() == 0 { return parent } diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/config.go b/vendor/go.opentelemetry.io/otel/sdk/metric/config.go index 306e5e3cdc..dda4e086db 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/config.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/config.go @@ -25,7 +25,7 @@ type config struct { cardinalityLimit int } -const defaultCardinalityLimit = 0 +const defaultCardinalityLimit = 2000 // readerSignals returns a force-flush and shutdown function for a // MeterProvider to call in their respective options. All Readers c contains @@ -70,6 +70,10 @@ func unifyShutdown(funcs []func(context.Context) error) func(context.Context) er } } +type experimentalOption interface { + Experimental() +} + // newConfig returns a config configured with options. func newConfig(options []Option) config { conf := config{ @@ -81,6 +85,9 @@ func newConfig(options []Option) config { conf = o.apply(conf) } for _, o := range options { + if _, ok := o.(experimentalOption); ok { + continue + } conf = o.apply(conf) } return conf @@ -150,7 +157,7 @@ func WithView(views ...View) Option { // exemplar reservoir, but the exemplar reservoir makes the final decision of // whether to store an exemplar. // -// By default, the [exemplar.SampledFilter] +// By default, the [exemplar.TraceBasedFilter] // is used. Exemplars can be entirely disabled by providing the // [exemplar.AlwaysOffFilter]. func WithExemplarFilter(filter exemplar.Filter) Option { @@ -165,7 +172,10 @@ func WithExemplarFilter(filter exemplar.Filter) Option { // The cardinality limit is the hard limit on the number of metric datapoints // that can be collected for a single instrument in a single collect cycle. // -// Setting this to a zero or negative value means no limit is applied. +// By default, if this option is not used, a limit of +// 2000 is applied. +// +// Setting this to a zero or negative means no limit is applied. // This value applies to all instrument kinds, but can be overridden per kind by // the reader's cardinality limit selector (see [WithCardinalityLimitSelector]). func WithCardinalityLimit(limit int) Option { diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/doc.go b/vendor/go.opentelemetry.io/otel/sdk/metric/doc.go index dd75eefac1..51e168c750 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/doc.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/doc.go @@ -24,6 +24,10 @@ // View. Views allow users that run OpenTelemetry instrumented code to modify // the generated data of that instrumentation. // +// Note that attributes filtered out by a View may still appear on Exemplars, +// because Exemplars are recorded with the dropped measurement attributes +// when View attribute filtering is applied. +// // The data generated by a MeterProvider needs to include information about its // origin. A MeterProvider needs to be configured with a Resource, using the // WithResource MeterProviderOption, to include this information. This Resource @@ -44,9 +48,7 @@ // Cardinality refers to the number of unique attributes collected. High cardinality can lead to // excessive memory usage, increased storage costs, and backend performance issues. // -// Currently, the OpenTelemetry Go Metric SDK does not enforce a cardinality limit by default -// (note that this may change in a future release). Use [WithCardinalityLimit] to set the -// cardinality limit as desired. +// By default, the OpenTelemetry Go Metric SDK enforces a cardinality limit of 2000. // // New attribute sets are dropped when the cardinality limit is reached. The measurement of // these sets are aggregated into @@ -57,8 +59,8 @@ // // Recommendations: // -// - Set the limit based on the theoretical maximum combinations or expected -// active combinations. The OpenTelemetry Specification recommends a default of 2000. +// - Tune the limit based on the theoretical maximum combinations or expected +// active combinations. The SDK default is 2000. // - A too high of a limit increases worst-case memory overhead in the SDK and may cause downstream // issues for databases that cannot handle high cardinality. // - A too low of a limit causes loss of attribute detail as more data falls into overflow. diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/exemplar.go b/vendor/go.opentelemetry.io/otel/sdk/metric/exemplar.go index 38b8745e67..993f001ae9 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/exemplar.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/exemplar.go @@ -4,6 +4,7 @@ package metric // import "go.opentelemetry.io/otel/sdk/metric" import ( + "reflect" "runtime" "go.opentelemetry.io/otel/attribute" @@ -19,9 +20,19 @@ type ExemplarReservoirProviderSelector func(Aggregation) exemplar.ReservoirProvi // reservoirFunc returns the appropriately configured exemplar reservoir // creation func based on the passed InstrumentKind and filter configuration. func reservoirFunc[N int64 | float64]( + kind InstrumentKind, provider exemplar.ReservoirProvider, filter exemplar.Filter, ) func(attribute.Set) aggregate.FilteredExemplarReservoir[N] { + if reflect.ValueOf(filter).Pointer() == reflect.ValueOf(exemplar.AlwaysOffFilter).Pointer() { + return aggregate.DropReservoir[N] + } + if (kind == InstrumentKindObservableCounter || kind == InstrumentKindObservableUpDownCounter || kind == InstrumentKindObservableGauge) && + reflect.ValueOf(filter).Pointer() == reflect.ValueOf(exemplar.TraceBasedFilter).Pointer() { + // Asynchronous instruments do not accept context, so TraceBasedFilter + // will never record any exemplars. + return aggregate.DropReservoir[N] + } return func(attrs attribute.Set) aggregate.FilteredExemplarReservoir[N] { return aggregate.NewFilteredExemplarReservoir[N](filter, provider(attrs)) } diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/exemplar/fixed_size_reservoir.go b/vendor/go.opentelemetry.io/otel/sdk/metric/exemplar/fixed_size_reservoir.go index 15d7138996..ce97ab1bf7 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/exemplar/fixed_size_reservoir.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/exemplar/fixed_size_reservoir.go @@ -8,7 +8,6 @@ import ( "math" "math/rand/v2" "sync" - "sync/atomic" "time" "go.opentelemetry.io/otel/attribute" @@ -27,19 +26,7 @@ func FixedSizeReservoirProvider(k int) ReservoirProvider { // sample each one. If there are more than k, the Reservoir will then randomly // sample all additional measurement with a decreasing probability. func NewFixedSizeReservoir(k int) *FixedSizeReservoir { - if k < 0 { - k = 0 - } - // Use math.MaxInt32 instead of math.MaxUint32 to prevent overflowing int - // on 32-bit systems. - if k > math.MaxInt32 { - k = math.MaxInt32 - } - return &FixedSizeReservoir{ - storage: newStorage(k), - // Above we ensure k is positive, and less than MaxInt32. - nextTracker: newNextTracker(uint32(k)), // nolint: gosec - } + return newFixedSizeReservoir(newStorage(k)) } var _ Reservoir = &FixedSizeReservoir{} @@ -51,7 +38,42 @@ var _ Reservoir = &FixedSizeReservoir{} type FixedSizeReservoir struct { reservoir.ConcurrentSafe *storage - *nextTracker + mu sync.Mutex + + // count is the number of measurement seen. + count int64 + // next is the next count that will store a measurement at a random index + // once the reservoir has been filled. + next int64 + // w is the largest random number in a distribution that is used to compute + // the next next. + w float64 +} + +func newFixedSizeReservoir(s *storage) *FixedSizeReservoir { + r := &FixedSizeReservoir{ + storage: s, + } + if cap(r.measurements) > 0 { + r.reset() + } + return r +} + +// randomFloat64 returns, as a float64, a uniform pseudo-random number in the +// open interval (0.0,1.0). +func (*FixedSizeReservoir) randomFloat64() float64 { + // TODO: Use an algorithm that avoids rejection sampling. For example: + // + // const precision = 1 << 53 // 2^53 + // // Generate an integer in [1, 2^53 - 1] + // v := rand.Uint64() % (precision - 1) + 1 + // return float64(v) / float64(precision) + f := rand.Float64() + for f == 0 { + f = rand.Float64() + } + return f } // Offer accepts the parameters associated with a measurement. The @@ -66,6 +88,10 @@ type FixedSizeReservoir struct { // parameters are the value and dropped (filtered) attributes of the // measurement respectively. func (r *FixedSizeReservoir) Offer(ctx context.Context, t time.Time, n Value, a []attribute.KeyValue) { + if cap(r.measurements) == 0 { + return + } + // The following algorithm is "Algorithm L" from Li, Kim-Hung (4 December // 1994). "Reservoir-Sampling Algorithms of Time Complexity // O(n(1+log(N/n)))". ACM Transactions on Mathematical Software. 20 (4): @@ -107,65 +133,25 @@ func (r *FixedSizeReservoir) Offer(ctx context.Context, t time.Time, n Value, a // https://github.com/MrAlias/reservoir-sampling for a performance // comparison of reservoir sampling algorithms. - count, next := r.incrementCount() - if count < r.k { - r.store(ctx, int(count), t, n, a) - } else if count == next { + r.mu.Lock() + defer r.mu.Unlock() + if int(r.count) < cap(r.measurements) { + r.store(ctx, int(r.count), t, n, a) + } else if r.count == r.next { // Overwrite a random existing measurement with the one offered. - idx := rand.IntN(int(r.k)) + idx := int(rand.Int64N(int64(cap(r.measurements)))) r.store(ctx, idx, t, n, a) - r.wMu.Lock() - defer r.wMu.Unlock() - newCount, newNext := r.loadCountAndNext() - if newNext < next || newCount < count { - // This Observe() raced with Collect(), and r.reset() has been - // called since r.incrementCount(). Skip the call to advance in - // this case because our exemplar may have been collected in the - // previous interval. - return - } r.advance() } -} - -// Collect returns all the held exemplars. -// -// The Reservoir state is preserved after this call. -func (r *FixedSizeReservoir) Collect(dest *[]Exemplar) { - r.storage.Collect(dest) - // Call reset here even though it will reset r.count and restart the random - // number series. This will persist any old exemplars as long as no new - // measurements are offered, but it will also prioritize those new - // measurements that are made over the older collection cycle ones. - r.reset() -} - -func newNextTracker(k uint32) *nextTracker { - nt := &nextTracker{k: k} - nt.reset() - return nt -} - -type nextTracker struct { - // countAndNext holds the current counts in the lower 32 bits and the next - // value in the upper 32 bits. - countAndNext atomic.Uint64 - // w is the largest random number in a distribution that is used to compute - // the next next. - w float64 - // wMu ensures w is kept consistent with next during advance and reset. - wMu sync.Mutex - // k is the number of measurements that can be stored in the reservoir. - k uint32 + r.count++ } // reset resets r to the initial state. -func (r *nextTracker) reset() { - r.wMu.Lock() - defer r.wMu.Unlock() +func (r *FixedSizeReservoir) reset() { // This resets the number of exemplars known. + r.count = 0 // Random index inserts should only happen after the storage is full. - r.setCountAndNext(0, r.k) + r.next = int64(cap(r.measurements)) // Initial random number in the series used to generate r.next. // @@ -176,40 +162,14 @@ func (r *nextTracker) reset() { // This maps the uniform random number in (0,1) to a geometric distribution // over the same interval. The mean of the distribution is inversely // proportional to the storage capacity. - r.w = math.Exp(math.Log(randomFloat64()) / float64(r.k)) + r.w = math.Exp(math.Log(r.randomFloat64()) / float64(cap(r.measurements))) r.advance() } -// incrementCount increments the count. It returns the count before the -// increment and the current next value. -func (r *nextTracker) incrementCount() (uint32, uint32) { - n := r.countAndNext.Add(1) - // Both count and next are stored in the upper and lower 32 bits, and thus - // can't overflow. - return uint32(n&((1<<32)-1) - 1), uint32(n >> 32) // nolint: gosec -} - -// incrementNext increments the next value. -func (r *nextTracker) incrementNext(inc uint32) { - r.countAndNext.Add(uint64(inc) << 32) -} - -// setCountAndNext sets the count and next values. -func (r *nextTracker) setCountAndNext(count, next uint32) { - r.countAndNext.Store(uint64(next)<<32 + uint64(count)) -} - -func (r *nextTracker) loadCountAndNext() (uint32, uint32) { - n := r.countAndNext.Load() - // Both count and next are stored in the upper and lower 32 bits, and thus - // can't overflow. - return uint32(n&((1<<32)-1) - 1), uint32(n >> 32) // nolint: gosec -} - // advance updates the count at which the offered measurement will overwrite an // existing exemplar. -func (r *nextTracker) advance() { +func (r *FixedSizeReservoir) advance() { // Calculate the next value in the random number series. // // The current value of r.w is based on the max of a distribution of random @@ -222,7 +182,7 @@ func (r *nextTracker) advance() { // therefore the next r.w will be based on the same distribution (i.e. // `max(u_1,u_2,...,u_k)`). Therefore, we can sample the next r.w by // computing the next random number `u` and take r.w as `w * u^(1/k)`. - r.w *= math.Exp(math.Log(randomFloat64()) / float64(r.k)) + r.w *= math.Exp(math.Log(r.randomFloat64()) / float64(cap(r.measurements))) // Use the new random number in the series to calculate the count of the // next measurement that will be stored. // @@ -233,21 +193,23 @@ func (r *nextTracker) advance() { // // Important to note, the new r.next will always be at least 1 more than // the last r.next. - r.incrementNext(uint32(math.Log(randomFloat64())/math.Log(1-r.w)) + 1) + r.next += int64(math.Log(r.randomFloat64())/math.Log(1-r.w)) + 1 } -// randomFloat64 returns, as a float64, a uniform pseudo-random number in the -// open interval (0.0,1.0). -func randomFloat64() float64 { - // TODO: Use an algorithm that avoids rejection sampling. For example: - // - // const precision = 1 << 53 // 2^53 - // // Generate an integer in [1, 2^53 - 1] - // v := rand.Uint64() % (precision - 1) + 1 - // return float64(v) / float64(precision) - f := rand.Float64() - for f == 0 { - f = rand.Float64() +// Collect returns all the held exemplars. +// +// The Reservoir state is preserved after this call. +func (r *FixedSizeReservoir) Collect(dest *[]Exemplar) { + if cap(r.measurements) == 0 { + *dest = (*dest)[:0] + return } - return f + r.mu.Lock() + defer r.mu.Unlock() + r.storage.Collect(dest) + // Call reset here even though it will reset r.count and restart the random + // number series. This will persist any old exemplars as long as no new + // measurements are offered, but it will also prioritize those new + // measurements that are made over the older collection cycle ones. + r.reset() } diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/instrument.go b/vendor/go.opentelemetry.io/otel/sdk/metric/instrument.go index b080525592..dfb4964d9f 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/instrument.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/instrument.go @@ -141,6 +141,10 @@ type Stream struct { // the attribute will not be recorded, otherwise, if it returns true, it // will record the attribute. // + // Note that attributes filtered out by a View may still appear on Exemplars, + // because Exemplars are recorded with the dropped measurement attributes + // when View attribute filtering is applied. + // // Use NewAllowKeysFilter from "go.opentelemetry.io/otel/attribute" to // provide an allow-list of attribute keys here. AttributeFilter attribute.Filter diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/aggregate.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/aggregate.go index a1ae557372..a35f3bcc1b 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/aggregate.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/aggregate.go @@ -36,8 +36,8 @@ type Builder[N int64 | float64] struct { // ReservoirFunc is the factory function used by aggregate functions to // create new exemplar reservoirs for a new seen attribute set. // - // If this is not provided a default factory function that returns an - // dropReservoir reservoir will be used. + // If this is not provided a default factory function that returns a + // DropReservoir reservoir will be used. ReservoirFunc func(attribute.Set) FilteredExemplarReservoir[N] // AggregationLimit is the cardinality limit of measurement attributes. Any // measurement for new attributes once the limit has been reached will be @@ -54,7 +54,7 @@ func (b Builder[N]) resFunc() func(attribute.Set) FilteredExemplarReservoir[N] { return b.ReservoirFunc } - return dropReservoir + return DropReservoir } type fltrMeasure[N int64 | float64] func(ctx context.Context, value N, fltrAttr attribute.Set, droppedAttr []attribute.KeyValue) diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/drop.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/drop.go index 129920cbdd..7adfcaf853 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/drop.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/drop.go @@ -10,8 +10,8 @@ import ( "go.opentelemetry.io/otel/sdk/metric/exemplar" ) -// dropReservoir returns a [FilteredReservoir] that drops all measurements it is offered. -func dropReservoir[N int64 | float64](attribute.Set) FilteredExemplarReservoir[N] { +// DropReservoir returns a [FilteredExemplarReservoir] that drops all measurements it is offered. +func DropReservoir[N int64 | float64](attribute.Set) FilteredExemplarReservoir[N] { return &dropRes[N]{} } diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/exponential_histogram.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/exponential_histogram.go index 312d73c457..767b1d6dc7 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/exponential_histogram.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/exponential_histogram.go @@ -26,8 +26,9 @@ const ( // expoHistogramDataPoint is a single data point in an exponential histogram. type expoHistogramDataPoint[N int64 | float64] struct { - attrs attribute.Set - res FilteredExemplarReservoir[N] + attrs attribute.Set + res FilteredExemplarReservoir[N] + dropExemplars bool minMax atomicMinMax[N] sum atomicCounter[N] @@ -349,13 +350,18 @@ func (e *expoHistogram[N]) measure( v, ok = e.values[fltrAttr.Equivalent()] if !ok { v = newExpoHistogramDataPoint[N](fltrAttr, e.maxSize, e.maxScale, e.noMinMax, e.noSum) - v.res = e.newRes(fltrAttr) + r := e.newRes(fltrAttr) + _, isDrop := r.(*dropRes[N]) + v.res = r + v.dropExemplars = isDrop e.values[fltrAttr.Equivalent()] = v } } v.record(value) - v.res.Offer(ctx, value, droppedAttr) + if !v.dropExemplars { + v.res.Offer(ctx, value, droppedAttr) + } } func (e *expoHistogram[N]) delta( diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/histogram.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/histogram.go index 83582c670c..50c82ff32f 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/histogram.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/histogram.go @@ -17,8 +17,9 @@ import ( // histogramPoint is a single histogram point, used in delta aggregations. type histogramPoint[N int64 | float64] struct { - attrs attribute.Set - res FilteredExemplarReservoir[N] + attrs attribute.Set + res FilteredExemplarReservoir[N] + dropExemplars bool histogramPointCounters[N] } @@ -28,9 +29,10 @@ type hotColdHistogramPoint[N int64 | float64] struct { hcwg hotColdWaitGroup hotColdPoint [2]histogramPointCounters[N] - attrs attribute.Set - res FilteredExemplarReservoir[N] - startTime time.Time + attrs attribute.Set + res FilteredExemplarReservoir[N] + startTime time.Time + dropExemplars bool } // histogramPointCounters contains only the atomic counter data, and is used by @@ -113,9 +115,12 @@ func (s *deltaHistogram[N]) measure( hotIdx := s.hcwg.start() defer s.hcwg.done(hotIdx) h := s.hotColdValMap[hotIdx].LoadOrStoreAttr(fltrAttr, func(attr attribute.Set) any { + r := s.newRes(attr) + _, isDrop := r.(*dropRes[N]) hPt := &histogramPoint[N]{ - res: s.newRes(attr), - attrs: attr, + res: r, + attrs: attr, + dropExemplars: isDrop, // N+1 buckets. For example: // // bounds = [0, 5, 10] @@ -141,7 +146,9 @@ func (s *deltaHistogram[N]) measure( if !s.noSum { h.total.add(value) } - h.res.Offer(ctx, value, droppedAttr) + if !h.dropExemplars { + h.res.Offer(ctx, value, droppedAttr) + } } // newDeltaHistogram returns a histogram that is reset each time it is @@ -282,9 +289,13 @@ func (s *cumulativeHistogram[N]) measure( droppedAttr []attribute.KeyValue, ) { h := s.values.LoadOrStoreAttr(fltrAttr, func(attr attribute.Set) any { + r := s.newRes(attr) + _, isDrop := r.(*dropRes[N]) hPt := &hotColdHistogramPoint[N]{ - res: s.newRes(attr), - attrs: attr, + res: r, + attrs: attr, + startTime: now(), + dropExemplars: isDrop, // N+1 buckets. For example: // // bounds = [0, 5, 10] @@ -300,7 +311,6 @@ func (s *cumulativeHistogram[N]) measure( counts: make([]atomic.Uint64, len(s.bounds)+1), }, }, - startTime: now(), } return hPt }).(*hotColdHistogramPoint[N]) @@ -322,7 +332,9 @@ func (s *cumulativeHistogram[N]) measure( if !s.noSum { h.hotColdPoint[hotIdx].total.add(value) } - h.res.Offer(ctx, value, droppedAttr) + if !h.dropExemplars { + h.res.Offer(ctx, value, droppedAttr) + } } func (s *cumulativeHistogram[N]) collect( diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/lastvalue.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/lastvalue.go index 4c004bc99d..2af252ec5d 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/lastvalue.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/lastvalue.go @@ -14,10 +14,11 @@ import ( // lastValuePoint is timestamped measurement data. type lastValuePoint[N int64 | float64] struct { - attrs attribute.Set - value atomicN[N] - res FilteredExemplarReservoir[N] - startTime time.Time + attrs attribute.Set + value atomicN[N] + res FilteredExemplarReservoir[N] + startTime time.Time + dropExemplars bool } // lastValueMap summarizes a set of measurements as the last one made. @@ -33,17 +34,22 @@ func (s *lastValueMap[N]) measure( droppedAttr []attribute.KeyValue, ) { lv := s.values.LoadOrStoreAttr(fltrAttr, func(attr attribute.Set) any { + r := s.newRes(attr) + _, isDrop := r.(*dropRes[N]) p := &lastValuePoint[N]{ - res: s.newRes(attr), - attrs: attr, - startTime: now(), + res: r, + attrs: attr, + startTime: now(), + dropExemplars: isDrop, } p.value.Store(value) return p }).(*lastValuePoint[N]) lv.value.Store(value) - lv.res.Offer(ctx, value, droppedAttr) + if !lv.dropExemplars { + lv.res.Offer(ctx, value, droppedAttr) + } } func newDeltaLastValue[N int64 | float64]( diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/sum.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/sum.go index 3fe7c7cf04..0cd3c94575 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/sum.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/aggregate/sum.go @@ -13,10 +13,11 @@ import ( ) type sumValue[N int64 | float64] struct { - n atomicCounter[N] - res FilteredExemplarReservoir[N] - attrs attribute.Set - startTime time.Time + n atomicCounter[N] + res FilteredExemplarReservoir[N] + attrs attribute.Set + startTime time.Time + dropExemplars bool } type sumValueMap[N int64 | float64] struct { @@ -31,17 +32,22 @@ func (s *sumValueMap[N]) measure( droppedAttr []attribute.KeyValue, ) { sv := s.values.LoadOrStoreAttr(fltrAttr, func(attr attribute.Set) any { + r := s.newRes(attr) + _, isDrop := r.(*dropRes[N]) return &sumValue[N]{ - res: s.newRes(attr), - attrs: attr, - startTime: now(), + res: r, + attrs: attr, + startTime: now(), + dropExemplars: isDrop, } }).(*sumValue[N]) sv.n.add(value) // It is possible for collection to race with measurement and observe the // exemplar in the batch of metrics after the add() for cumulative sums. // This is an accepted tradeoff to avoid locking during measurement. - sv.res.Offer(ctx, value, droppedAttr) + if !sv.dropExemplars { + sv.res.Offer(ctx, value, droppedAttr) + } } // newDeltaSum returns an aggregator that summarizes a set of measurements as diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/observ/instrumentation.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/observ/instrumentation.go index 2d2b987c5d..c580dcc30d 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/observ/instrumentation.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/observ/instrumentation.go @@ -16,8 +16,8 @@ import ( "go.opentelemetry.io/otel/metric" "go.opentelemetry.io/otel/sdk" "go.opentelemetry.io/otel/sdk/internal/x" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" - "go.opentelemetry.io/otel/semconv/v1.40.0/otelconv" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" + "go.opentelemetry.io/otel/semconv/v1.41.0/otelconv" ) const ( @@ -54,6 +54,7 @@ var ( func get[T any](p *sync.Pool) *[]T { return p.Get().(*[]T) } func put[T any](p *sync.Pool, s *[]T) { + clear(*s) *s = (*s)[:0] // Reset. p.Put(s) } diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/x/README.md b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/x/README.md new file mode 100644 index 0000000000..41a4c29969 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/x/README.md @@ -0,0 +1,42 @@ +# Experimental Features + +The Metric SDK contains features that have not yet stabilized in the OpenTelemetry specification. +These features are added to the OpenTelemetry Go Metric SDK prior to stabilization in the specification so that users can start experimenting with them and provide feedback. + +These feature may change in backwards incompatible ways as feedback is applied. +See the [Compatibility and Stability](#compatibility-and-stability) section for more information. + +## Features + +- [Metric Export Batch Size](#metric-export-batch-size) + +### Metric Export Batch Size + +The metric export can be split into batches before exporting by specifying a maximum number of data points per batch. + +This experimental feature can be enabled by setting the `OTEL_GO_X_METRIC_EXPORT_BATCH_SIZE` environment variable. +The value MUST be a positive integer. +All other values or an empty value will result in the default behavior of not batching. + +#### Examples + +Enable metrics to be batched by maximum export batch size of 200. + +```console +export OTEL_GO_X_METRIC_EXPORT_BATCH_SIZE=200 +``` + +Disable metric export batching. + +```console +unset OTEL_GO_X_METRIC_EXPORT_BATCH_SIZE +``` + +## Compatibility and Stability + +Experimental features do not fall within the scope of the OpenTelemetry Go versioning and stability [policy](../../../../VERSIONING.md). +These features may be removed or modified in successive version releases, including patch versions. + +When an experimental feature is promoted to a stable feature, a migration path will be included in the changelog entry of the release. +There is no guarantee that any environment variable feature flags that enabled the experimental feature will be supported by the stable version. +If they are supported, they may be accompanied with a deprecation notice stating a timeline for the removal of that support. diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/internal/x/x.go b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/x/x.go new file mode 100644 index 0000000000..8e3c62a13d --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/internal/x/x.go @@ -0,0 +1,70 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Package x contains support for OTel metric SDK experimental features. +// +// This package should only be used for features defined in the specification. +// It should not be used for experiments or new project ideas. +package x // import "go.opentelemetry.io/otel/sdk/metric/internal/x" + +import ( + "os" + "strconv" +) + +// Feature is an experimental feature control flag. It provides a uniform way +// to interact with these feature flags and parse their values. +type Feature[T any] struct { + key string + parse func(v string) (T, bool) +} + +//nolint:unused +func newFeature[T any](suffix string, parse func(string) (T, bool)) Feature[T] { + const envKeyRoot = "OTEL_GO_X_" + return Feature[T]{ + key: envKeyRoot + suffix, + parse: parse, + } +} + +// Key returns the environment variable key that needs to be set to enable the +// feature. +func (f Feature[T]) Key() string { return f.key } + +// Lookup returns the user configured value for the feature and true if the +// user has enabled the feature. Otherwise, if the feature is not enabled, a +// zero-value and false are returned. +func (f Feature[T]) Lookup() (v T, ok bool) { + // https://github.com/open-telemetry/opentelemetry-specification/blob/62effed618589a0bec416a87e559c0a9d96289bb/specification/configuration/sdk-environment-variables.md#parsing-empty-value + // + // > The SDK MUST interpret an empty value of an environment variable the + // > same way as when the variable is unset. + vRaw := os.Getenv(f.key) + if vRaw == "" { + return v, ok + } + return f.parse(vRaw) +} + +// Enabled reports whether the feature is enabled. +func (f Feature[T]) Enabled() bool { + _, ok := f.Lookup() + return ok +} + +// MetricExportBatchSize is an experimental feature flag that controls the +// max export batch size for metric data. +// +// To enable this feature set the OTEL_GO_X_METRIC_EXPORT_BATCH_SIZE environment +// variable to a positive integer value. +var MetricExportBatchSize = newFeature( + "METRIC_EXPORT_BATCH_SIZE", + func(v string) (int, bool) { + val, err := strconv.Atoi(v) + if err == nil && val > 0 { + return val, true + } + return 0, false + }, +) diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/manual_reader.go b/vendor/go.opentelemetry.io/otel/sdk/metric/manual_reader.go index 0357afd455..7e0cccdff6 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/manual_reader.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/manual_reader.go @@ -169,17 +169,17 @@ func (mr *ManualReader) Collect(ctx context.Context, rm *metricdata.ResourceMetr } // MarshalLog returns logging data about the ManualReader. -func (r *ManualReader) MarshalLog() any { - r.mu.Lock() - down := r.isShutdown - r.mu.Unlock() +func (mr *ManualReader) MarshalLog() any { + mr.mu.Lock() + down := mr.isShutdown + mr.mu.Unlock() return struct { Type string Registered bool Shutdown bool }{ Type: "ManualReader", - Registered: r.sdkProducer.Load() != nil, + Registered: mr.sdkProducer.Load() != nil, Shutdown: down, } } diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/meter.go b/vendor/go.opentelemetry.io/otel/sdk/metric/meter.go index e0a1e90e77..e9a2d59572 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/meter.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/meter.go @@ -8,6 +8,7 @@ import ( "errors" "fmt" + "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/internal/global" "go.opentelemetry.io/otel/metric" "go.opentelemetry.io/otel/metric/embedded" @@ -70,7 +71,7 @@ func (m *meter) Int64Counter(name string, options ...metric.Int64CounterOption) cfg := metric.NewInt64CounterConfig(options...) const kind = InstrumentKindCounter p := int64InstProvider{m} - i, err := p.lookup(kind, name, cfg.Description(), cfg.Unit()) + i, err := p.lookup(kind, name, cfg.Description(), cfg.Unit(), defaultAttributes(options)) if err != nil { return i, err } @@ -88,7 +89,7 @@ func (m *meter) Int64UpDownCounter( cfg := metric.NewInt64UpDownCounterConfig(options...) const kind = InstrumentKindUpDownCounter p := int64InstProvider{m} - i, err := p.lookup(kind, name, cfg.Description(), cfg.Unit()) + i, err := p.lookup(kind, name, cfg.Description(), cfg.Unit(), defaultAttributes(options)) if err != nil { return i, err } @@ -102,7 +103,7 @@ func (m *meter) Int64UpDownCounter( func (m *meter) Int64Histogram(name string, options ...metric.Int64HistogramOption) (metric.Int64Histogram, error) { cfg := metric.NewInt64HistogramConfig(options...) p := int64InstProvider{m} - i, err := p.lookupHistogram(name, cfg) + i, err := p.lookupHistogram(name, cfg, defaultAttributes(options)) if err != nil { return i, err } @@ -117,7 +118,7 @@ func (m *meter) Int64Gauge(name string, options ...metric.Int64GaugeOption) (met cfg := metric.NewInt64GaugeConfig(options...) const kind = InstrumentKindGauge p := int64InstProvider{m} - i, err := p.lookup(kind, name, cfg.Description(), cfg.Unit()) + i, err := p.lookup(kind, name, cfg.Description(), cfg.Unit(), defaultAttributes(options)) if err != nil { return i, err } @@ -127,7 +128,11 @@ func (m *meter) Int64Gauge(name string, options ...metric.Int64GaugeOption) (met // int64ObservableInstrument returns a new observable identified by the Instrument. // It registers callbacks for each reader's pipeline. -func (m *meter) int64ObservableInstrument(id Instrument, callbacks []metric.Int64Callback) (int64Observable, error) { +func (m *meter) int64ObservableInstrument( + id Instrument, + allowedKeys []attribute.Key, + callbacks []metric.Int64Callback, +) (int64Observable, error) { key := instID{ Name: id.Name, Description: id.Description, @@ -142,7 +147,7 @@ func (m *meter) int64ObservableInstrument(id Instrument, callbacks []metric.Int6 for _, insert := range m.int64Resolver.inserters { // Connect the measure functions for instruments in this pipeline with the // callbacks for this pipeline. - in, err := insert.Instrument(id, insert.readerDefaultAggregation(id.Kind)) + in, err := insert.Instrument(id, allowedKeys, insert.readerDefaultAggregation(id.Kind)) if err != nil { return inst, err } @@ -188,7 +193,7 @@ func (m *meter) Int64ObservableCounter( Kind: InstrumentKindObservableCounter, Scope: m.scope, } - return m.int64ObservableInstrument(id, cfg.Callbacks()) + return m.int64ObservableInstrument(id, defaultAttributes(options), cfg.Callbacks()) } // Int64ObservableUpDownCounter returns a new instrument identified by name and @@ -212,7 +217,7 @@ func (m *meter) Int64ObservableUpDownCounter( Kind: InstrumentKindObservableUpDownCounter, Scope: m.scope, } - return m.int64ObservableInstrument(id, cfg.Callbacks()) + return m.int64ObservableInstrument(id, defaultAttributes(options), cfg.Callbacks()) } // Int64ObservableGauge returns a new instrument identified by name and @@ -236,7 +241,7 @@ func (m *meter) Int64ObservableGauge( Kind: InstrumentKindObservableGauge, Scope: m.scope, } - return m.int64ObservableInstrument(id, cfg.Callbacks()) + return m.int64ObservableInstrument(id, defaultAttributes(options), cfg.Callbacks()) } // Float64Counter returns a new instrument identified by name and configured @@ -246,7 +251,7 @@ func (m *meter) Float64Counter(name string, options ...metric.Float64CounterOpti cfg := metric.NewFloat64CounterConfig(options...) const kind = InstrumentKindCounter p := float64InstProvider{m} - i, err := p.lookup(kind, name, cfg.Description(), cfg.Unit()) + i, err := p.lookup(kind, name, cfg.Description(), cfg.Unit(), defaultAttributes(options)) if err != nil { return i, err } @@ -264,7 +269,7 @@ func (m *meter) Float64UpDownCounter( cfg := metric.NewFloat64UpDownCounterConfig(options...) const kind = InstrumentKindUpDownCounter p := float64InstProvider{m} - i, err := p.lookup(kind, name, cfg.Description(), cfg.Unit()) + i, err := p.lookup(kind, name, cfg.Description(), cfg.Unit(), defaultAttributes(options)) if err != nil { return i, err } @@ -281,7 +286,7 @@ func (m *meter) Float64Histogram( ) (metric.Float64Histogram, error) { cfg := metric.NewFloat64HistogramConfig(options...) p := float64InstProvider{m} - i, err := p.lookupHistogram(name, cfg) + i, err := p.lookupHistogram(name, cfg, defaultAttributes(options)) if err != nil { return i, err } @@ -296,7 +301,7 @@ func (m *meter) Float64Gauge(name string, options ...metric.Float64GaugeOption) cfg := metric.NewFloat64GaugeConfig(options...) const kind = InstrumentKindGauge p := float64InstProvider{m} - i, err := p.lookup(kind, name, cfg.Description(), cfg.Unit()) + i, err := p.lookup(kind, name, cfg.Description(), cfg.Unit(), defaultAttributes(options)) if err != nil { return i, err } @@ -308,6 +313,7 @@ func (m *meter) Float64Gauge(name string, options ...metric.Float64GaugeOption) // It registers callbacks for each reader's pipeline. func (m *meter) float64ObservableInstrument( id Instrument, + allowedKeys []attribute.Key, callbacks []metric.Float64Callback, ) (float64Observable, error) { key := instID{ @@ -316,7 +322,7 @@ func (m *meter) float64ObservableInstrument( Unit: id.Unit, Kind: id.Kind, } - if m.int64ObservableInsts.HasKey(key) && len(callbacks) > 0 { + if m.float64ObservableInsts.HasKey(key) && len(callbacks) > 0 { warnRepeatedObservableCallbacks(id) } return m.float64ObservableInsts.Lookup(key, func() (float64Observable, error) { @@ -324,7 +330,7 @@ func (m *meter) float64ObservableInstrument( for _, insert := range m.float64Resolver.inserters { // Connect the measure functions for instruments in this pipeline with the // callbacks for this pipeline. - in, err := insert.Instrument(id, insert.readerDefaultAggregation(id.Kind)) + in, err := insert.Instrument(id, allowedKeys, insert.readerDefaultAggregation(id.Kind)) if err != nil { return inst, err } @@ -370,7 +376,7 @@ func (m *meter) Float64ObservableCounter( Kind: InstrumentKindObservableCounter, Scope: m.scope, } - return m.float64ObservableInstrument(id, cfg.Callbacks()) + return m.float64ObservableInstrument(id, defaultAttributes(options), cfg.Callbacks()) } // Float64ObservableUpDownCounter returns a new instrument identified by name @@ -394,7 +400,7 @@ func (m *meter) Float64ObservableUpDownCounter( Kind: InstrumentKindObservableUpDownCounter, Scope: m.scope, } - return m.float64ObservableInstrument(id, cfg.Callbacks()) + return m.float64ObservableInstrument(id, defaultAttributes(options), cfg.Callbacks()) } // Float64ObservableGauge returns a new instrument identified by name and @@ -418,7 +424,7 @@ func (m *meter) Float64ObservableGauge( Kind: InstrumentKindObservableGauge, Scope: m.scope, } - return m.float64ObservableInstrument(id, cfg.Callbacks()) + return m.float64ObservableInstrument(id, defaultAttributes(options), cfg.Callbacks()) } func validateInstrumentName(name string) error { @@ -576,7 +582,8 @@ func (r observer) ObserveFloat64(o metric.Float64Observable, v float64, opts ... if _, registered := r.float64[oImpl.observableID]; !registered { if !oImpl.dropAggregation { - global.Error(errUnregObserver, "failed to record", + global.Error( + errUnregObserver, "failed to record", "name", oImpl.name, "description", oImpl.description, "unit", oImpl.unit, @@ -606,7 +613,8 @@ func (r observer) ObserveInt64(o metric.Int64Observable, v int64, opts ...metric if _, registered := r.int64[oImpl.observableID]; !registered { if !oImpl.dropAggregation { - global.Error(errUnregObserver, "failed to record", + global.Error( + errUnregObserver, "failed to record", "name", oImpl.name, "description", oImpl.description, "unit", oImpl.unit, @@ -633,7 +641,11 @@ func (noopRegister) Unregister() error { // int64InstProvider provides int64 OpenTelemetry instruments. type int64InstProvider struct{ *meter } -func (p int64InstProvider) aggs(kind InstrumentKind, name, desc, u string) ([]aggregate.Measure[int64], error) { +func (p int64InstProvider) aggs( + kind InstrumentKind, + name, desc, u string, + allowedKeys []attribute.Key, +) ([]aggregate.Measure[int64], error) { inst := Instrument{ Name: name, Description: desc, @@ -641,12 +653,13 @@ func (p int64InstProvider) aggs(kind InstrumentKind, name, desc, u string) ([]ag Kind: kind, Scope: p.scope, } - return p.int64Resolver.Aggregators(inst) + return p.int64Resolver.Aggregators(inst, allowedKeys) } func (p int64InstProvider) histogramAggs( name string, cfg metric.Int64HistogramConfig, + allowedKeys []attribute.Key, ) ([]aggregate.Measure[int64], error) { boundaries := cfg.ExplicitBucketBoundaries() aggError := AggregationExplicitBucketHistogram{Boundaries: boundaries}.err() @@ -661,32 +674,40 @@ func (p int64InstProvider) histogramAggs( Kind: InstrumentKindHistogram, Scope: p.scope, } - measures, err := p.int64Resolver.HistogramAggregators(inst, boundaries) + measures, err := p.int64Resolver.HistogramAggregators(inst, allowedKeys, boundaries) return measures, errors.Join(aggError, err) } // lookup returns the resolved instrumentImpl. -func (p int64InstProvider) lookup(kind InstrumentKind, name, desc, u string) (*int64Inst, error) { +func (p int64InstProvider) lookup( + kind InstrumentKind, + name, desc, u string, + allowedKeys []attribute.Key, +) (*int64Inst, error) { return p.int64Insts.Lookup(instID{ Name: name, Description: desc, Unit: u, Kind: kind, }, func() (*int64Inst, error) { - aggs, err := p.aggs(kind, name, desc, u) + aggs, err := p.aggs(kind, name, desc, u, allowedKeys) return &int64Inst{measures: aggs}, err }) } // lookupHistogram returns the resolved instrumentImpl. -func (p int64InstProvider) lookupHistogram(name string, cfg metric.Int64HistogramConfig) (*int64Inst, error) { +func (p int64InstProvider) lookupHistogram( + name string, + cfg metric.Int64HistogramConfig, + allowedKeys []attribute.Key, +) (*int64Inst, error) { return p.int64Insts.Lookup(instID{ Name: name, Description: cfg.Description(), Unit: cfg.Unit(), Kind: InstrumentKindHistogram, }, func() (*int64Inst, error) { - aggs, err := p.histogramAggs(name, cfg) + aggs, err := p.histogramAggs(name, cfg, allowedKeys) return &int64Inst{measures: aggs}, err }) } @@ -694,7 +715,11 @@ func (p int64InstProvider) lookupHistogram(name string, cfg metric.Int64Histogra // float64InstProvider provides float64 OpenTelemetry instruments. type float64InstProvider struct{ *meter } -func (p float64InstProvider) aggs(kind InstrumentKind, name, desc, u string) ([]aggregate.Measure[float64], error) { +func (p float64InstProvider) aggs( + kind InstrumentKind, + name, desc, u string, + allowedKeys []attribute.Key, +) ([]aggregate.Measure[float64], error) { inst := Instrument{ Name: name, Description: desc, @@ -702,12 +727,13 @@ func (p float64InstProvider) aggs(kind InstrumentKind, name, desc, u string) ([] Kind: kind, Scope: p.scope, } - return p.float64Resolver.Aggregators(inst) + return p.float64Resolver.Aggregators(inst, allowedKeys) } func (p float64InstProvider) histogramAggs( name string, cfg metric.Float64HistogramConfig, + allowedKeys []attribute.Key, ) ([]aggregate.Measure[float64], error) { boundaries := cfg.ExplicitBucketBoundaries() aggError := AggregationExplicitBucketHistogram{Boundaries: boundaries}.err() @@ -722,32 +748,40 @@ func (p float64InstProvider) histogramAggs( Kind: InstrumentKindHistogram, Scope: p.scope, } - measures, err := p.float64Resolver.HistogramAggregators(inst, boundaries) + measures, err := p.float64Resolver.HistogramAggregators(inst, allowedKeys, boundaries) return measures, errors.Join(aggError, err) } // lookup returns the resolved instrumentImpl. -func (p float64InstProvider) lookup(kind InstrumentKind, name, desc, u string) (*float64Inst, error) { +func (p float64InstProvider) lookup( + kind InstrumentKind, + name, desc, u string, + allowedKeys []attribute.Key, +) (*float64Inst, error) { return p.float64Insts.Lookup(instID{ Name: name, Description: desc, Unit: u, Kind: kind, }, func() (*float64Inst, error) { - aggs, err := p.aggs(kind, name, desc, u) + aggs, err := p.aggs(kind, name, desc, u, allowedKeys) return &float64Inst{measures: aggs}, err }) } // lookupHistogram returns the resolved instrumentImpl. -func (p float64InstProvider) lookupHistogram(name string, cfg metric.Float64HistogramConfig) (*float64Inst, error) { +func (p float64InstProvider) lookupHistogram( + name string, + cfg metric.Float64HistogramConfig, + allowedKeys []attribute.Key, +) (*float64Inst, error) { return p.float64Insts.Lookup(instID{ Name: name, Description: cfg.Description(), Unit: cfg.Unit(), Kind: InstrumentKindHistogram, }, func() (*float64Inst, error) { - aggs, err := p.histogramAggs(name, cfg) + aggs, err := p.histogramAggs(name, cfg, allowedKeys) return &float64Inst{measures: aggs}, err }) } @@ -771,3 +805,18 @@ func (o float64Observer) Observe(val float64, opts ...metric.ObserveOption) { c := metric.NewObserveConfig(opts) o.observe(val, c.Attributes()) } + +func defaultAttributes[T any](opts []T) []attribute.Key { + var keys []attribute.Key + var found bool + for _, o := range opts { + if exp, ok := any(o).(interface{ AllowedKeys() []attribute.Key }); ok { + found = true + keys = append(keys, exp.AllowedKeys()...) + } + } + if found && keys == nil { + return []attribute.Key{} + } + return keys +} diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/periodic_reader.go b/vendor/go.opentelemetry.io/otel/sdk/metric/periodic_reader.go index d1efc9f374..c1c2e3e2f0 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/periodic_reader.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/periodic_reader.go @@ -14,8 +14,9 @@ import ( "go.opentelemetry.io/otel" "go.opentelemetry.io/otel/internal/global" "go.opentelemetry.io/otel/sdk/metric/internal/observ" + "go.opentelemetry.io/otel/sdk/metric/internal/x" "go.opentelemetry.io/otel/sdk/metric/metricdata" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" ) // Default periodic reader timing. @@ -126,6 +127,9 @@ func NewPeriodicReader(exporter Exporter, options ...PeriodicReaderOption) *Peri }, }, } + if val, ok := x.MetricExportBatchSize.Lookup(); ok { + r.batcher = batcher{size: val} + } r.externalProducers.Store(conf.producers) go func() { @@ -164,6 +168,7 @@ type PeriodicReader struct { interval time.Duration timeout time.Duration + batcher batcher exporter Exporter flushCh chan chan error @@ -235,16 +240,28 @@ func (r *PeriodicReader) cardinalityLimit(kind InstrumentKind) (int, bool) { // collectAndExport gather all metric data related to the periodicReader r from // the SDK and exports it with r's exporter. func (r *PeriodicReader) collectAndExport(ctx context.Context) error { + originalCtx := ctx ctx, cancel := context.WithTimeoutCause(ctx, r.timeout, errors.New("reader collect and export timeout")) defer cancel() - // TODO (#3047): Use a sync.Pool or persistent pointer instead of allocating rm every Collect. rm := r.rmPool.Get().(*metricdata.ResourceMetrics) + defer func() { + *rm = metricdata.ResourceMetrics{} // erase fields to allow GC to collect them. + r.rmPool.Put(rm) + }() err := r.Collect(ctx, rm) if err == nil { - err = r.export(ctx, rm) + if r.batcher.size > 0 { + batches := r.batcher.splitResourceMetrics(rm) + for _, batch := range batches { + // The export timeout is applied individually to each batch by using + // the original context. + err = errors.Join(err, r.exportWithTimeout(originalCtx, batch)) + } + } else { + err = r.exporter.Export(ctx, rm) + } } - r.rmPool.Put(rm) return err } @@ -307,7 +324,10 @@ func (r *PeriodicReader) collect(ctx context.Context, p any, rm *metricdata.Reso } // export exports metric data m using r's exporter. -func (r *PeriodicReader) export(ctx context.Context, m *metricdata.ResourceMetrics) error { +func (r *PeriodicReader) exportWithTimeout(ctx context.Context, m *metricdata.ResourceMetrics) error { + var cancel context.CancelFunc + ctx, cancel = context.WithTimeoutCause(ctx, r.timeout, errors.New("reader export timeout")) + defer cancel() return r.exporter.Export(ctx, m) } @@ -349,7 +369,9 @@ func (r *PeriodicReader) Shutdown(ctx context.Context) error { err := ErrReaderShutdown r.shutdownOnce.Do(func() { // Prioritize the ctx timeout if it is set. - if _, ok := ctx.Deadline(); !ok { + originalCtx := ctx + _, userProvidedContext := ctx.Deadline() + if !userProvidedContext { var cancel context.CancelFunc ctx, cancel = context.WithTimeoutCause(ctx, r.timeout, errors.New("reader shutdown timeout")) defer cancel() @@ -369,7 +391,24 @@ func (r *PeriodicReader) Shutdown(ctx context.Context) error { m := r.rmPool.Get().(*metricdata.ResourceMetrics) err = r.collect(ctx, ph, m) if err == nil { - err = r.export(ctx, m) + if r.batcher.size > 0 { + batches := r.batcher.splitResourceMetrics(m) + for _, batch := range batches { + if userProvidedContext { + // Do not apply the export timeout if the user passed a timeout to + // Shutdown(). + err = errors.Join(err, r.exporter.Export(ctx, batch)) + } else { + // The export timeout is applied individually to each batch by using + // the original context. + err = errors.Join(err, r.exportWithTimeout(originalCtx, batch)) + } + } + } else { + // Do not apply the export timeout if the user passed a timeout to + // Shutdown(). + err = r.exporter.Export(ctx, m) + } } r.rmPool.Put(m) } diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/pipeline.go b/vendor/go.opentelemetry.io/otel/sdk/metric/pipeline.go index 34300a786c..09d10eeb5f 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/pipeline.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/pipeline.go @@ -11,6 +11,7 @@ import ( "sync" "sync/atomic" + "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/internal/global" "go.opentelemetry.io/otel/metric/embedded" "go.opentelemetry.io/otel/sdk/instrumentation" @@ -236,7 +237,11 @@ func newInserter[N int64 | float64](p *pipeline, vc *cache[string, instID]) *ins // // If an instrument is determined to use a Drop aggregation, that instrument is // not inserted nor returned. -func (i *inserter[N]) Instrument(inst Instrument, readerAggregation Aggregation) ([]aggregate.Measure[N], error) { +func (i *inserter[N]) Instrument( + inst Instrument, + allowedKeys []attribute.Key, + readerAggregation Aggregation, +) ([]aggregate.Measure[N], error) { var ( matched bool measures []aggregate.Measure[N] @@ -279,6 +284,12 @@ func (i *inserter[N]) Instrument(inst Instrument, readerAggregation Aggregation) Description: inst.Description, Unit: inst.Unit, } + // allowedKeys == nil indicates that the WithDefaultAttributes option was not passed, + // and all keys are allowed. An empty (non-nil) slice indicates that the option was passed + // with an empty set of keys, and no keys are allowed. + if allowedKeys != nil { + stream.AttributeFilter = attribute.NewAllowKeysFilter(allowedKeys...) + } in, _, e := i.cachedAggregator(inst.Scope, inst.Kind, stream, readerAggregation) if e != nil { if err == nil { @@ -388,6 +399,7 @@ func (i *inserter[N]) cachedAggregator( b := aggregate.Builder[N]{ Temporality: i.pipeline.reader.temporality(kind), ReservoirFunc: reservoirFunc[N]( + kind, stream.ExemplarReservoirProviderSelector(stream.Aggregation), i.pipeline.exemplarFilter, ), @@ -661,12 +673,12 @@ func newResolver[N int64 | float64](p pipelines, vc *cache[string, instID]) reso // Aggregators returns the Aggregators that must be updated by the instrument // defined by key. -func (r resolver[N]) Aggregators(id Instrument) ([]aggregate.Measure[N], error) { +func (r resolver[N]) Aggregators(id Instrument, allowedKeys []attribute.Key) ([]aggregate.Measure[N], error) { var measures []aggregate.Measure[N] var err error for _, i := range r.inserters { - in, e := i.Instrument(id, i.readerDefaultAggregation(id.Kind)) + in, e := i.Instrument(id, allowedKeys, i.readerDefaultAggregation(id.Kind)) if e != nil { err = errors.Join(err, e) } @@ -678,7 +690,11 @@ func (r resolver[N]) Aggregators(id Instrument) ([]aggregate.Measure[N], error) // HistogramAggregators returns the histogram Aggregators that must be updated by the instrument // defined by key. If boundaries were provided on instrument instantiation, those take precedence // over boundaries provided by the reader. -func (r resolver[N]) HistogramAggregators(id Instrument, boundaries []float64) ([]aggregate.Measure[N], error) { +func (r resolver[N]) HistogramAggregators( + id Instrument, + allowedKeys []attribute.Key, + boundaries []float64, +) ([]aggregate.Measure[N], error) { var measures []aggregate.Measure[N] var err error @@ -688,7 +704,7 @@ func (r resolver[N]) HistogramAggregators(id Instrument, boundaries []float64) ( histAgg.Boundaries = boundaries agg = histAgg } - in, e := i.Instrument(id, agg) + in, e := i.Instrument(id, allowedKeys, agg) if e != nil { err = errors.Join(err, e) } diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/provider.go b/vendor/go.opentelemetry.io/otel/sdk/metric/provider.go index b0a6ec5808..fd4cdccd0f 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/provider.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/provider.go @@ -47,7 +47,8 @@ func NewMeterProvider(options ...Option) *MeterProvider { shutdown: sdown, } // Log after creation so all readers show correctly they are registered. - global.Info("MeterProvider created", + global.Info( + "MeterProvider created", "Resource", conf.res, "Readers", conf.readers, "Views", len(conf.views), @@ -82,7 +83,8 @@ func (mp *MeterProvider) Meter(name string, options ...metric.MeterOption) metri Attributes: c.InstrumentationAttributes(), } - global.Info("Meter created", + global.Info( + "Meter created", "Name", s.Name, "Version", s.Version, "SchemaURL", s.SchemaURL, diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/reader.go b/vendor/go.opentelemetry.io/otel/sdk/metric/reader.go index 99079dd278..556afcea6b 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/reader.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/reader.go @@ -183,6 +183,15 @@ type AggregationSelector func(InstrumentKind) Aggregation // mapping: Counter ⇨ Sum, Observable Counter ⇨ Sum, UpDownCounter ⇨ Sum, // Observable UpDownCounter ⇨ Sum, Observable Gauge ⇨ LastValue, // Histogram ⇨ ExplicitBucketHistogram. +// +// The default ExplicitBucketHistogram boundaries are designed for +// millisecond-scale latency values. Boundaries are interpreted relative to the +// values recorded for the instrument and are not rescaled when an instrument is +// created with a different unit (e.g. via +// [go.opentelemetry.io/otel/metric.WithUnit]). Instrumentation authors should +// supply appropriate boundaries per instrument via +// [go.opentelemetry.io/otel/metric.WithExplicitBucketBoundaries]; end users +// can also override boundaries for a specific instrument with a [View]. func DefaultAggregationSelector(ik InstrumentKind) Aggregation { switch ik { case InstrumentKindCounter, diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/splitmetrics.go b/vendor/go.opentelemetry.io/otel/sdk/metric/splitmetrics.go new file mode 100644 index 0000000000..a7931412bb --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/splitmetrics.go @@ -0,0 +1,191 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package metric // import "go.opentelemetry.io/otel/sdk/metric" + +import ( + "go.opentelemetry.io/otel/sdk/metric/metricdata" +) + +// batcher splits metrics into batches. +type batcher struct { + size int +} + +// splitResourceMetrics splits a metricdata.ResourceMetrics into multiple ResourceMetrics, sequentially, +// ensuring no ResourceMetrics has more than `size` data points. It does not mutate the `src` object. +func (b batcher) splitResourceMetrics(src *metricdata.ResourceMetrics) []*metricdata.ResourceMetrics { + if b.size <= 0 || len(src.ScopeMetrics) == 0 { + return []*metricdata.ResourceMetrics{src} + } + var batches []*metricdata.ResourceMetrics + var currentBatch *metricdata.ResourceMetrics + currentPoints := 0 + + for i := 0; i < len(src.ScopeMetrics); i++ { + sm := src.ScopeMetrics[i] + + take := b.size - currentPoints + smChunks := b.splitScopeMetrics(sm, take) + + for _, chunk := range smChunks { + if currentBatch == nil { + currentBatch = &metricdata.ResourceMetrics{Resource: src.Resource} + batches = append(batches, currentBatch) + } + currentBatch.ScopeMetrics = append(currentBatch.ScopeMetrics, chunk) + currentPoints += scopeMetricsDPC(chunk) + + if currentPoints == b.size { + currentBatch = nil + currentPoints = 0 + } + } + } + return batches +} + +// splitScopeMetrics splits a metricdata.ScopeMetrics into chunks. The first chunk will have at most firstSize data points. +func (b batcher) splitScopeMetrics(sm metricdata.ScopeMetrics, firstSize int) []metricdata.ScopeMetrics { + smPoints := scopeMetricsDPC(sm) + if smPoints <= firstSize { + return []metricdata.ScopeMetrics{sm} + } + + var chunks []metricdata.ScopeMetrics + var currentChunk *metricdata.ScopeMetrics + currentPoints := 0 + targetSize := firstSize + + for i := 0; i < len(sm.Metrics); i++ { + m := sm.Metrics[i] + + take := targetSize - currentPoints + mChunks := b.splitMetric(m, take) + + for _, mc := range mChunks { + if currentChunk == nil { + chunks = append(chunks, metricdata.ScopeMetrics{Scope: sm.Scope}) + currentChunk = &chunks[len(chunks)-1] + } + currentChunk.Metrics = append(currentChunk.Metrics, mc) + currentPoints += metricDPC(mc) + + if currentPoints == targetSize { + currentChunk = nil + currentPoints = 0 + targetSize = b.size + } + } + } + return chunks +} + +// splitMetric splits a metricdata.Metrics into chunks. The first chunk will have at most firstSize data points. +func (b batcher) splitMetric(m metricdata.Metrics, firstSize int) []metricdata.Metrics { + mPoints := metricDPC(m) + if mPoints <= firstSize { + return []metricdata.Metrics{m} + } + + var chunks []metricdata.Metrics + mRemaining := mPoints + mOffset := 0 + take := firstSize + + for mRemaining > 0 { + if take > mRemaining { + take = mRemaining + } + chunks = append(chunks, copyMetricData(m, mOffset, take)) + mRemaining -= take + mOffset += take + take = b.size + } + return chunks +} + +// copyMetricData creates a copy of the metricdata.Metrics with the specified offset and number of datapoints to take. +func copyMetricData(m metricdata.Metrics, offset, take int) metricdata.Metrics { + dest := metricdata.Metrics{ + Name: m.Name, + Description: m.Description, + Unit: m.Unit, + } + switch a := m.Data.(type) { + case metricdata.Gauge[int64]: + dest.Data = metricdata.Gauge[int64]{DataPoints: a.DataPoints[offset : offset+take]} + case metricdata.Gauge[float64]: + dest.Data = metricdata.Gauge[float64]{DataPoints: a.DataPoints[offset : offset+take]} + case metricdata.Sum[int64]: + dest.Data = metricdata.Sum[int64]{ + DataPoints: a.DataPoints[offset : offset+take], + Temporality: a.Temporality, + IsMonotonic: a.IsMonotonic, + } + case metricdata.Sum[float64]: + dest.Data = metricdata.Sum[float64]{ + DataPoints: a.DataPoints[offset : offset+take], + Temporality: a.Temporality, + IsMonotonic: a.IsMonotonic, + } + case metricdata.Histogram[int64]: + dest.Data = metricdata.Histogram[int64]{ + DataPoints: a.DataPoints[offset : offset+take], + Temporality: a.Temporality, + } + case metricdata.Histogram[float64]: + dest.Data = metricdata.Histogram[float64]{ + DataPoints: a.DataPoints[offset : offset+take], + Temporality: a.Temporality, + } + case metricdata.ExponentialHistogram[int64]: + dest.Data = metricdata.ExponentialHistogram[int64]{ + DataPoints: a.DataPoints[offset : offset+take], + Temporality: a.Temporality, + } + case metricdata.ExponentialHistogram[float64]: + dest.Data = metricdata.ExponentialHistogram[float64]{ + DataPoints: a.DataPoints[offset : offset+take], + Temporality: a.Temporality, + } + case metricdata.Summary: + dest.Data = metricdata.Summary{DataPoints: a.DataPoints[offset : offset+take]} + } + return dest +} + +// scopeMetricsDPC calculates the total number of data points in the metricdata.ScopeMetrics. +func scopeMetricsDPC(sm metricdata.ScopeMetrics) int { + dataPointCount := 0 + ms := sm.Metrics + for k := range ms { + dataPointCount += metricDPC(ms[k]) + } + return dataPointCount +} + +// metricDPC calculates the total number of data points in the metricdata.Metrics. +func metricDPC(m metricdata.Metrics) int { + switch a := m.Data.(type) { + case metricdata.Gauge[int64]: + return len(a.DataPoints) + case metricdata.Gauge[float64]: + return len(a.DataPoints) + case metricdata.Sum[int64]: + return len(a.DataPoints) + case metricdata.Sum[float64]: + return len(a.DataPoints) + case metricdata.Histogram[int64]: + return len(a.DataPoints) + case metricdata.Histogram[float64]: + return len(a.DataPoints) + case metricdata.ExponentialHistogram[int64]: + return len(a.DataPoints) + case metricdata.ExponentialHistogram[float64]: + return len(a.DataPoints) + case metricdata.Summary: + return len(a.DataPoints) + } + return 0 +} diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/version.go b/vendor/go.opentelemetry.io/otel/sdk/metric/version.go index 26752be7d7..3e1bea4b44 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/version.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/version.go @@ -5,5 +5,5 @@ package metric // import "go.opentelemetry.io/otel/sdk/metric" // version is the current release version of the metric SDK in use. func version() string { - return "1.43.0" + return "1.44.0" } diff --git a/vendor/go.opentelemetry.io/otel/sdk/metric/view.go b/vendor/go.opentelemetry.io/otel/sdk/metric/view.go index 630890f426..13fb7143ce 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/metric/view.go +++ b/vendor/go.opentelemetry.io/otel/sdk/metric/view.go @@ -22,6 +22,10 @@ var ( // should be collected for certain instruments. It returns true and the exact // Stream to use for matching Instruments. Otherwise, if the view does not // match, false is returned. +// +// Note that attributes filtered out by a View may still appear on Exemplars, +// because Exemplars are recorded with the dropped measurement attributes +// when View attribute filtering is applied. type View func(Instrument) (Stream, bool) // NewView returns a View that applies the Stream mask for all instruments that diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go b/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go index 04f15fcd21..28823edd53 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go @@ -13,7 +13,7 @@ import ( "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/sdk" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" ) type ( @@ -79,7 +79,7 @@ func (sd stringDetector) Detect(context.Context) (*Resource, error) { } a := sd.K.String(value) if !a.Valid() { - return nil, fmt.Errorf("invalid attribute: %q -> %q", a.Key, a.Value.Emit()) + return nil, fmt.Errorf("invalid attribute: %q -> %q", a.Key, a.Value.String()) } return NewWithAttributes(sd.schemaURL, sd.K.String(value)), nil } diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/container.go b/vendor/go.opentelemetry.io/otel/sdk/resource/container.go index e977ff1c48..ce03e24c41 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/container.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/container.go @@ -11,7 +11,7 @@ import ( "os" "regexp" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" ) type containerIDProvider func() (string, error) diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/env.go b/vendor/go.opentelemetry.io/otel/sdk/resource/env.go index bc0e5c19e3..ac5691c08d 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/env.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/env.go @@ -12,7 +12,7 @@ import ( "go.opentelemetry.io/otel" "go.opentelemetry.io/otel/attribute" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" ) const ( diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go index 755c082427..cb38fa1a8b 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go @@ -8,7 +8,7 @@ import ( "errors" "strings" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" ) type hostIDProvider func() (string, error) diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_exec.go b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_exec.go index d9e5d1a8ff..e239ead028 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_exec.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_exec.go @@ -5,10 +5,13 @@ package resource // import "go.opentelemetry.io/otel/sdk/resource" -import "os/exec" +import ( + "context" + "os/exec" +) func execCommand(name string, arg ...string) (string, error) { - cmd := exec.Command(name, arg...) + cmd := exec.CommandContext(context.Background(), name, arg...) b, err := cmd.Output() if err != nil { return "", err diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/os.go b/vendor/go.opentelemetry.io/otel/sdk/resource/os.go index f5682cad41..4c0def4148 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/os.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/os.go @@ -8,7 +8,7 @@ import ( "strings" "go.opentelemetry.io/otel/attribute" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" ) type osDescriptionProvider func() (string, error) diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/os_unix.go b/vendor/go.opentelemetry.io/otel/sdk/resource/os_unix.go index 6c50ab6867..1cd87c3983 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/os_unix.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/os_unix.go @@ -55,7 +55,8 @@ func uname() (string, error) { return "", err } - return fmt.Sprintf("%s %s %s %s %s", + return fmt.Sprintf( + "%s %s %s %s %s", unix.ByteSliceToString(utsName.Sysname[:]), unix.ByteSliceToString(utsName.Nodename[:]), unix.ByteSliceToString(utsName.Release[:]), diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/os_windows.go b/vendor/go.opentelemetry.io/otel/sdk/resource/os_windows.go index a6a5a53c0e..ebd50826d6 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/os_windows.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/os_windows.go @@ -16,7 +16,8 @@ import ( // resembles the one displayed by the Version Reporter Applet (winver.exe). func platformOSDescription() (string, error) { k, err := registry.OpenKey( - registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE) + registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE, + ) if err != nil { return "", err } @@ -37,7 +38,8 @@ func platformOSDescription() (string, error) { displayVersion += " " } - return fmt.Sprintf("%s %s(%s) [Version %s.%s.%s.%s]", + return fmt.Sprintf( + "%s %s(%s) [Version %s.%s.%s.%s]", productName, displayVersion, releaseID, diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/process.go b/vendor/go.opentelemetry.io/otel/sdk/resource/process.go index 99dce64f6d..b015f8233c 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/process.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/process.go @@ -11,7 +11,7 @@ import ( "path/filepath" "runtime" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" ) type ( @@ -164,7 +164,8 @@ func (processRuntimeVersionDetector) Detect(context.Context) (*Resource, error) // Detect returns a *Resource that describes the runtime of this process. func (processRuntimeDescriptionDetector) Detect(context.Context) (*Resource, error) { runtimeDescription := fmt.Sprintf( - "go version %s %s/%s", runtimeVersion(), runtimeOS(), runtimeArch()) + "go version %s %s/%s", runtimeVersion(), runtimeOS(), runtimeArch(), + ) return NewWithAttributes( semconv.SchemaURL, diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go b/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go index 32854b14a3..f9f2a6c2c8 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go @@ -163,19 +163,21 @@ func (bsp *batchSpanProcessor) Shutdown(ctx context.Context) error { bsp.stopOnce.Do(func() { bsp.stopped.Store(true) wait := make(chan struct{}) + // exportErr is written by the goroutine before closing wait. + // It is only read in the <-wait case, so there is no race. + var exportErr error go func() { close(bsp.stopCh) bsp.stopWait.Wait() if bsp.e != nil { - if err := bsp.e.Shutdown(ctx); err != nil { - otel.Handle(err) - } + exportErr = bsp.e.Shutdown(ctx) } close(wait) }() - // Wait until the wait group is done or the context is cancelled + // Wait until the channel is ready or the context is canceled. select { case <-wait: + err = exportErr case <-ctx.Done(): err = ctx.Err() } diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/batch_span_processor.go b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/batch_span_processor.go index c31e03aa0a..c725ebf372 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/batch_span_processor.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/batch_span_processor.go @@ -13,8 +13,8 @@ import ( "go.opentelemetry.io/otel/metric" "go.opentelemetry.io/otel/sdk" "go.opentelemetry.io/otel/sdk/internal/x" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" - "go.opentelemetry.io/otel/semconv/v1.40.0/otelconv" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" + "go.opentelemetry.io/otel/semconv/v1.41.0/otelconv" ) const ( diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/simple_span_processor.go b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/simple_span_processor.go index 0e77cd9537..cf4b5d481f 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/simple_span_processor.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/simple_span_processor.go @@ -13,8 +13,8 @@ import ( "go.opentelemetry.io/otel/metric" "go.opentelemetry.io/otel/sdk" "go.opentelemetry.io/otel/sdk/internal/x" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" - "go.opentelemetry.io/otel/semconv/v1.40.0/otelconv" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" + "go.opentelemetry.io/otel/semconv/v1.41.0/otelconv" ) var measureAttrsPool = sync.Pool{ @@ -86,6 +86,7 @@ func (ssp *SSP) addOption(err error) []metric.AddOption { } attrs := measureAttrsPool.Get().(*[]attribute.KeyValue) defer func() { + clear(*attrs) *attrs = (*attrs)[:0] // reset the slice for reuse measureAttrsPool.Put(attrs) }() diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/tracer.go b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/tracer.go index 560d316f2f..5aae89e883 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/tracer.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/tracer.go @@ -13,7 +13,7 @@ import ( "go.opentelemetry.io/otel/metric" "go.opentelemetry.io/otel/sdk" "go.opentelemetry.io/otel/sdk/internal/x" - "go.opentelemetry.io/otel/semconv/v1.40.0/otelconv" + "go.opentelemetry.io/otel/semconv/v1.41.0/otelconv" "go.opentelemetry.io/otel/trace" ) diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go b/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go index cd40d299d6..9d90c2eda5 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go @@ -82,6 +82,10 @@ type TracerProvider struct { var _ trace.TracerProvider = &TracerProvider{} +type experimentalOption interface { + Experimental() +} + // NewTracerProvider returns a new and configured TracerProvider. // // By default the returned TracerProvider is configured with: @@ -99,6 +103,9 @@ func NewTracerProvider(opts ...TracerProviderOption) *TracerProvider { o = applyTracerProviderEnvConfigs(o) for _, opt := range opts { + if _, ok := opt.(experimentalOption); ok { + continue + } o = opt.apply(o) } @@ -310,7 +317,7 @@ func (p *TracerProvider) Shutdown(ctx context.Context) error { } func (p *TracerProvider) getSpanProcessors() spanProcessorStates { - return *(p.spanProcessors.Load()) + return *p.spanProcessors.Load() } // TracerProviderOption configures a TracerProvider. diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go b/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go index 845e292c2b..5a4c74318b 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go @@ -297,8 +297,9 @@ func (pb parentBased) ShouldSample(p SamplingParameters) SamplingResult { } func (pb parentBased) Description() string { - return fmt.Sprintf("ParentBased{root:%s,remoteParentSampled:%s,"+ - "remoteParentNotSampled:%s,localParentSampled:%s,localParentNotSampled:%s}", + return fmt.Sprintf( + "ParentBased{root:%s,remoteParentSampled:%s,"+ + "remoteParentNotSampled:%s,localParentSampled:%s,localParentNotSampled:%s}", pb.root.Description(), pb.config.remoteParentSampled.Description(), pb.config.remoteParentNotSampled.Description(), diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/span.go b/vendor/go.opentelemetry.io/otel/sdk/trace/span.go index 7d55ce1dc2..d1d9af29d7 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/span.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/span.go @@ -20,7 +20,7 @@ import ( "go.opentelemetry.io/otel/internal/global" "go.opentelemetry.io/otel/sdk/instrumentation" "go.opentelemetry.io/otel/sdk/resource" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" "go.opentelemetry.io/otel/trace" "go.opentelemetry.io/otel/trace/embedded" ) @@ -346,10 +346,12 @@ func (s *recordingSpan) addOverCapAttrs(limit int, attrs []attribute.KeyValue) { } } -// truncateAttr returns a truncated version of attr. Only string and string -// slice attribute values are truncated. String values are truncated to at -// most a length of limit. Each string slice value is truncated in this fashion -// (the slice length itself is unaffected). +// truncateAttr returns a truncated version of attr. Only string, string +// slice, byte slice, and slice attribute values are truncated. String values are truncated +// to at most a length of limit. Each string slice value is truncated in this +// fashion (the slice length itself is unaffected), and byte slice values are truncated to at most +// limit bytes. For slice attribute values, the limit is applied to each +// element recursively. // // No truncation is performed for a negative limit. func truncateAttr(limit int, attr attribute.KeyValue) attribute.KeyValue { @@ -366,10 +368,95 @@ func truncateAttr(limit int, attr attribute.KeyValue) attribute.KeyValue { v[i] = truncate(limit, v[i]) } return attr.Key.StringSlice(v) + case attribute.BYTESLICE: + v := attr.Value.AsString() + if len(v) > limit { + return attr.Key.ByteSlice([]byte(v[:limit])) + } + return attr + case attribute.SLICE: + v := attr.Value.AsSlice() + if !slices.ContainsFunc(v, func(e attribute.Value) bool { return needsTruncation(limit, e) }) { + return attr + } + newV := make([]attribute.Value, len(v)) + for i, elem := range v { + newV[i] = truncateValue(limit, elem) + } + return attr.Key.Slice(newV...) } return attr } +// truncateValue returns a truncated version of v. Only string, string slice, +// byte slice, and (recursively) slice values are modified. +// +// No truncation is performed for a negative limit. +func truncateValue(limit int, v attribute.Value) attribute.Value { + switch v.Type() { + case attribute.STRING: + return attribute.StringValue(truncate(limit, v.AsString())) + case attribute.STRINGSLICE: + ss := v.AsStringSlice() + for i := range ss { + ss[i] = truncate(limit, ss[i]) + } + return attribute.StringSliceValue(ss) + + case attribute.BYTESLICE: + // len(v.AsString()) is identical to len(v.AsByteSlice()) but + // avoids allocating the full slice before truncation. + s := v.AsString() + if limit >= 0 && len(s) > limit { + return attribute.ByteSliceValue([]byte(s[:limit])) + } + case attribute.SLICE: + sl := v.AsSlice() + if !slices.ContainsFunc(sl, func(e attribute.Value) bool { return needsTruncation(limit, e) }) { + return v + } + newSl := make([]attribute.Value, len(sl)) + for i, elem := range sl { + newSl[i] = truncateValue(limit, elem) + } + return attribute.SliceValue(newSl...) + } + return v +} + +// stringNeedsTruncation reports whether s would be modified by truncate for the +// given limit. +func stringNeedsTruncation(limit int, s string) bool { + if limit < 0 || len(s) <= limit { + return false + } + return utf8.RuneCountInString(s) > limit || !utf8.ValidString(s) +} + +// needsTruncation reports whether v would be modified by truncateValue for the +// given limit. +func needsTruncation(limit int, v attribute.Value) bool { + switch v.Type() { + case attribute.STRING: + return stringNeedsTruncation(limit, v.AsString()) + case attribute.BYTESLICE: + // len(v.AsString()) is identical to len(v.AsByteSlice()) but + // avoids memory allocation. + if limit >= 0 && len(v.AsString()) > limit { + return true + } + case attribute.STRINGSLICE: + for _, s := range v.AsStringSlice() { + if stringNeedsTruncation(limit, s) { + return true + } + } + case attribute.SLICE: + return slices.ContainsFunc(v.AsSlice(), func(e attribute.Value) bool { return needsTruncation(limit, e) }) + } + return false +} + // truncate returns a truncated version of s such that it contains less than // the limit number of characters. Truncation is applied by returning the limit // number of valid characters contained in s. diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/span_limits.go b/vendor/go.opentelemetry.io/otel/sdk/trace/span_limits.go index 321d974305..348ee0e808 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/span_limits.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/span_limits.go @@ -35,8 +35,10 @@ const ( type SpanLimits struct { // AttributeValueLengthLimit is the maximum allowed attribute value length. // - // This limit only applies to string and string slice attribute values. - // Any string longer than this value will be truncated to this length. + // This limit only applies to string, string slice, byte slice, and slice attribute + // values. Any string and byte slice longer than this value will be truncated to this + // length. For slice attribute values, the limit is applied to each string and byte slice + // element recursively. // // Setting this to a negative value means no limit is applied. AttributeValueLengthLimit int diff --git a/vendor/go.opentelemetry.io/otel/sdk/version.go b/vendor/go.opentelemetry.io/otel/sdk/version.go index 766731dd25..218dce1f56 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/version.go +++ b/vendor/go.opentelemetry.io/otel/sdk/version.go @@ -6,5 +6,5 @@ package sdk // import "go.opentelemetry.io/otel/sdk" // Version is the current release version of the OpenTelemetry SDK in use. func Version() string { - return "1.43.0" + return "1.44.0" } diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/attribute_group.go b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/attribute_group.go index b6b27498f2..2fcab24352 100644 --- a/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/attribute_group.go +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/attribute_group.go @@ -1447,9 +1447,11 @@ func AWSExtendedRequestID(val string) attribute.KeyValue { // AWSKinesisStreamName returns an attribute KeyValue conforming to the // "aws.kinesis.stream_name" semantic conventions. It represents the name of the // AWS Kinesis [stream] the request refers to. Corresponds to the `--stream-name` -// parameter of the Kinesis [describe-stream] operation. +// +// parameter of the Kinesis [describe-stream] operation. // // [stream]: https://docs.aws.amazon.com/streams/latest/dev/introduction.html +// // [describe-stream]: https://docs.aws.amazon.com/cli/latest/reference/kinesis/describe-stream.html func AWSKinesisStreamName(val string) attribute.KeyValue { return AWSKinesisStreamNameKey.String(val) @@ -1459,7 +1461,8 @@ func AWSKinesisStreamName(val string) attribute.KeyValue { // "aws.lambda.invoked_arn" semantic conventions. It represents the full invoked // ARN as provided on the `Context` passed to the function ( // `Lambda-Runtime-Invoked-Function-Arn` header on the `/runtime/invocation/next` -// applicable). +// +// applicable). func AWSLambdaInvokedARN(val string) attribute.KeyValue { return AWSLambdaInvokedARNKey.String(val) } @@ -2635,7 +2638,8 @@ func CloudRegion(val string) attribute.KeyValue { // "cloud.resource_id" semantic conventions. It represents the cloud // provider-specific native identifier of the monitored cloud resource (e.g. an // [ARN] on AWS, a [fully qualified resource ID] on Azure, a [full resource name] -// on GCP). +// +// on GCP). // // [ARN]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html // [fully qualified resource ID]: https://learn.microsoft.com/rest/api/resources/resources/get-by-id @@ -15190,4 +15194,4 @@ func ZOSSmfID(val string) attribute.KeyValue { // to which the z/OS system belongs too. func ZOSSysplexName(val string) attribute.KeyValue { return ZOSSysplexNameKey.String(val) -} \ No newline at end of file +} diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/README.md b/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/README.md deleted file mode 100644 index c51b7fb7b0..0000000000 --- a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Semconv v1.40.0 - -[![PkgGoDev](https://pkg.go.dev/badge/go.opentelemetry.io/otel/semconv/v1.40.0)](https://pkg.go.dev/go.opentelemetry.io/otel/semconv/v1.40.0) diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/MIGRATION.md b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/MIGRATION.md similarity index 63% rename from vendor/go.opentelemetry.io/otel/semconv/v1.40.0/MIGRATION.md rename to vendor/go.opentelemetry.io/otel/semconv/v1.41.0/MIGRATION.md index e246b1692d..ba52cadf71 100644 --- a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/MIGRATION.md +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/MIGRATION.md @@ -1,7 +1,7 @@ -# Migration from v1.39.0 to v1.40.0 +# Migration from v1.40.0 to v1.41.0 -The `go.opentelemetry.io/otel/semconv/v1.40.0` package should be a drop-in replacement for `go.opentelemetry.io/otel/semconv/v1.39.0` with the following exceptions. +The `go.opentelemetry.io/otel/semconv/v1.41.0` package should be a drop-in replacement for `go.opentelemetry.io/otel/semconv/v1.40.0` with the following exceptions. ## Removed @@ -11,17 +11,7 @@ Refer to the [OpenTelemetry Semantic Conventions documentation] for deprecation If the type is not listed in the documentation as deprecated, it has been removed in this version due to lack of applicability or use. If you use any of these non-deprecated declarations in your Go application, please [open an issue] describing your use-case. -- `ErrorMessage` -- `ErrorMessageKey` -- `RPCMessageCompressedSize` -- `RPCMessageCompressedSizeKey` -- `RPCMessageID` -- `RPCMessageIDKey` -- `RPCMessageTypeKey` -- `RPCMessageTypeReceived` -- `RPCMessageTypeSent` -- `RPCMessageUncompressedSize` -- `RPCMessageUncompressedSizeKey` +- `DeploymentEnvironmentName` [OpenTelemetry Semantic Conventions documentation]: https://github.com/open-telemetry/semantic-conventions [open an issue]: https://github.com/open-telemetry/opentelemetry-go/issues/new?template=Blank+issue diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/README.md b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/README.md new file mode 100644 index 0000000000..8353bb7152 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/README.md @@ -0,0 +1,3 @@ +# Semconv v1.41.0 + +[![PkgGoDev](https://pkg.go.dev/badge/go.opentelemetry.io/otel/semconv/v1.41.0)](https://pkg.go.dev/go.opentelemetry.io/otel/semconv/v1.41.0) diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/attribute_group.go b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/attribute_group.go similarity index 96% rename from vendor/go.opentelemetry.io/otel/semconv/v1.40.0/attribute_group.go rename to vendor/go.opentelemetry.io/otel/semconv/v1.41.0/attribute_group.go index ee6b1f79d6..7cee086802 100644 --- a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/attribute_group.go +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/attribute_group.go @@ -3,7 +3,7 @@ // Code generated from semantic convention specification. DO NOT EDIT. -package semconv // import "go.opentelemetry.io/otel/semconv/v1.40.0" +package semconv // import "go.opentelemetry.io/otel/semconv/v1.41.0" import "go.opentelemetry.io/otel/attribute" @@ -950,7 +950,7 @@ const ( // of the [AWS Lambda EvenSource Mapping]. An event source is mapped to a lambda // function. It's contents are read by Lambda and used to trigger a function. // This isn't available in the lambda execution context or the lambda runtime - // environtment. This is going to be populated by the AWS SDK for each language + // environment. This is going to be populated by the AWS SDK for each language // when that UUID is present. Some of these operations are // Create/Delete/Get/List/Update EventSourceMapping. // @@ -1186,7 +1186,7 @@ const ( // AWSSecretsmanagerSecretARNKey is the attribute Key conforming to the // "aws.secretsmanager.secret.arn" semantic conventions. It represents the ARN - // of the Secret stored in the Secrets Mangger. + // of the Secret stored in the Secrets Manager. // // Type: string // RequirementLevel: Recommended @@ -1515,7 +1515,7 @@ func AWSLambdaInvokedARN(val string) attribute.KeyValue { // of the [AWS Lambda EvenSource Mapping]. An event source is mapped to a lambda // function. It's contents are read by Lambda and used to trigger a function. // This isn't available in the lambda execution context or the lambda runtime -// environtment. This is going to be populated by the AWS SDK for each language +// environment. This is going to be populated by the AWS SDK for each language // when that UUID is present. Some of these operations are // Create/Delete/Get/List/Update EventSourceMapping. // @@ -1609,7 +1609,7 @@ func AWSS3UploadID(val string) attribute.KeyValue { // AWSSecretsmanagerSecretARN returns an attribute KeyValue conforming to the // "aws.secretsmanager.secret.arn" semantic conventions. It represents the ARN of -// the Secret stored in the Secrets Mangger. +// the Secret stored in the Secrets Manager. func AWSSecretsmanagerSecretARN(val string) attribute.KeyValue { return AWSSecretsmanagerSecretARNKey.String(val) } @@ -2196,6 +2196,11 @@ const ( // Stability: Development // // Examples: "12097" + // Note: For a given pipeline run and task, the `cicd.pipeline.task.run.id` MUST + // be unique within that run. For the same task across different runs of the + // same pipeline, the `cicd.pipeline.task.run.id` MAY remain the same, enabling + // correlation of `cicd.pipeline.task.run.result` values across multiple + // pipeline runs. CICDPipelineTaskRunIDKey = attribute.Key("cicd.pipeline.task.run.id") // CICDPipelineTaskRunResultKey is the attribute Key conforming to the @@ -3431,7 +3436,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "a3bf90e006b2" // @@ -3467,7 +3472,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "gcr.io/opentelemetry/operator" ContainerImageNameKey = attribute.Key("container.image.name") @@ -3478,7 +3483,7 @@ const ( // // Type: string[] // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: // "example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb", @@ -3497,7 +3502,7 @@ const ( // // Type: string[] // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "v1.27.1", "3.5.7-0" // @@ -3518,7 +3523,7 @@ const ( // ContainerRuntimeDescriptionKey is the attribute Key conforming to the // "container.runtime.description" semantic conventions. It represents a // description about the runtime which could include, for example details about - // the CRI/API version being used or other customisations. + // the CRI/API version being used or other customizations. // // Type: string // RequirementLevel: Recommended @@ -3649,7 +3654,7 @@ func ContainerName(val string) attribute.KeyValue { // ContainerRuntimeDescription returns an attribute KeyValue conforming to the // "container.runtime.description" semantic conventions. It represents a // description about the runtime which could include, for example details about -// the CRI/API version being used or other customisations. +// the CRI/API version being used or other customizations. func ContainerRuntimeDescription(val string) attribute.KeyValue { return ContainerRuntimeDescriptionKey.String(val) } @@ -4260,9 +4265,9 @@ const ( // "deployment.environment.name" semantic conventions. It represents the name of // the [deployment environment] (aka deployment tier). // - // Type: string + // Type: Enum // RequirementLevel: Recommended - // Stability: Development + // Stability: Stable // // Examples: "staging", "production" // Note: `deployment.environment.name` does not affect the uniqueness @@ -4312,15 +4317,6 @@ const ( DeploymentStatusKey = attribute.Key("deployment.status") ) -// DeploymentEnvironmentName returns an attribute KeyValue conforming to the -// "deployment.environment.name" semantic conventions. It represents the name of -// the [deployment environment] (aka deployment tier). -// -// [deployment environment]: https://wikipedia.org/wiki/Deployment_environment -func DeploymentEnvironmentName(val string) attribute.KeyValue { - return DeploymentEnvironmentNameKey.String(val) -} - // DeploymentID returns an attribute KeyValue conforming to the "deployment.id" // semantic conventions. It represents the id of the deployment. func DeploymentID(val string) attribute.KeyValue { @@ -4334,6 +4330,22 @@ func DeploymentName(val string) attribute.KeyValue { return DeploymentNameKey.String(val) } +// Enum values for deployment.environment.name +var ( + // Production environment + // Stability: stable + DeploymentEnvironmentNameProduction = DeploymentEnvironmentNameKey.String("production") + // Staging environment + // Stability: stable + DeploymentEnvironmentNameStaging = DeploymentEnvironmentNameKey.String("staging") + // Testing environment + // Stability: stable + DeploymentEnvironmentNameTest = DeploymentEnvironmentNameKey.String("test") + // Development environment + // Stability: stable + DeploymentEnvironmentNameDevelopment = DeploymentEnvironmentNameKey.String("development") +) + // Enum values for deployment.status var ( // failed @@ -4645,6 +4657,12 @@ const ( // When `error.type` is set to a type (e.g., an exception type), its // canonical class name identifying the type within the artifact SHOULD be used. // + // If the recorded error type is a wrapper that is not meaningful for + // failure classification, instrumentation MAY use the type of the inner + // error instead. For example, in Go, errors created with `fmt.Errorf` + // using `%w` MAY be unwrapped when the wrapper type does not help + // classify the failure. + // // Instrumentations SHOULD document the list of errors they report. // // The cardinality of `error.type` within one instrumentation library SHOULD be @@ -4718,6 +4736,11 @@ const ( // Stability: Stable // // Examples: "java.net.ConnectException", "OSError" + // Note: If the recorded exception type is a wrapper that is not meaningful for + // failure classification, instrumentation MAY use the type of the inner + // exception instead. For example, in Go, errors created with `fmt.Errorf` + // using `%w` MAY be unwrapped when the wrapper type does not help + // classify the failure. ExceptionTypeKey = attribute.Key("exception.type") ) @@ -6667,6 +6690,17 @@ const ( // Examples: "forest", "lived" GenAIRequestStopSequencesKey = attribute.Key("gen_ai.request.stop_sequences") + // GenAIRequestStreamKey is the attribute Key conforming to the + // "gen_ai.request.stream" semantic conventions. It represents the indicates + // whether the GenAI request was made in streaming mode. + // + // Type: boolean + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + GenAIRequestStreamKey = attribute.Key("gen_ai.request.stream") + // GenAIRequestTemperatureKey is the attribute Key conforming to the // "gen_ai.request.temperature" semantic conventions. It represents the // temperature setting for the GenAI request. @@ -6734,6 +6768,19 @@ const ( // Examples: "gpt-4-0613" GenAIResponseModelKey = attribute.Key("gen_ai.response.model") + // GenAIResponseTimeToFirstChunkKey is the attribute Key conforming to the + // "gen_ai.response.time_to_first_chunk" semantic conventions. It represents the + // time to first chunk in a streaming response, measured from request issuance, + // in seconds. The value is measured from when the client issues the generation + // request to when the first chunk is received in the response stream. + // + // Type: double + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 0.5, 1.2 + GenAIResponseTimeToFirstChunkKey = attribute.Key("gen_ai.response.time_to_first_chunk") + // GenAIRetrievalDocumentsKey is the attribute Key conforming to the // "gen_ai.retrieval.documents" semantic conventions. It represents the // documents retrieved. @@ -6875,7 +6922,7 @@ const ( // GenAIToolDefinitionsKey is the attribute Key conforming to the // "gen_ai.tool.definitions" semantic conventions. It represents the list of - // source system tool definitions available to the GenAI agent or model. + // tool definitions available to the GenAI agent or model. // // Type: any // RequirementLevel: Recommended @@ -6887,19 +6934,18 @@ const ( // "description": "The city and state, e.g. San Francisco, CA"\n },\n "unit": // {\n "type": "string",\n "enum": [\n "celsius",\n "fahrenheit"\n ]\n }\n },\n // "required": [\n "location",\n "unit"\n ]\n }\n }\n]\n" - // Note: The value of this attribute matches source system tool definition - // format. + // Note: Instrumentations MUST follow [Tool Definitions JSON Schema]. // - // It's expected to be an array of objects where each object represents a tool - // definition. In case a serialized string is available - // to the instrumentation, the instrumentation SHOULD do the best effort to - // deserialize it to an array. When recorded on spans, it MAY be recorded as a - // JSON string if structured format is not supported and SHOULD be recorded in - // structured form otherwise. + // When the attribute is recorded on events, it MUST be recorded in structured + // form. When recorded on spans, it MAY be recorded as a JSON string if + // structured + // format is not supported and SHOULD be recorded in structured form otherwise. // // Since this attribute could be large, it's NOT RECOMMENDED to populate - // it by default. Instrumentations MAY provide a way to enable - // populating this attribute. + // non-required properties by default. Instrumentations MAY provide a way + // to enable populating optional properties. + // + // [Tool Definitions JSON Schema]: /docs/gen-ai/gen-ai-tool-definitions.json GenAIToolDefinitionsKey = attribute.Key("gen_ai.tool.definitions") // GenAIToolDescriptionKey is the attribute Key conforming to the @@ -6997,6 +7043,32 @@ const ( // // Examples: 180 GenAIUsageOutputTokensKey = attribute.Key("gen_ai.usage.output_tokens") + + // GenAIUsageReasoningOutputTokensKey is the attribute Key conforming to the + // "gen_ai.usage.reasoning.output_tokens" semantic conventions. It represents + // the number of output tokens used for reasoning (e.g. chain-of-thought, + // extended thinking). + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 50 + // Note: The value SHOULD be included in `gen_ai.usage.output_tokens`. + GenAIUsageReasoningOutputTokensKey = attribute.Key("gen_ai.usage.reasoning.output_tokens") + + // GenAIWorkflowNameKey is the attribute Key conforming to the + // "gen_ai.workflow.name" semantic conventions. It represents the human-readable + // name of the GenAI workflow provided by the application. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "multi_agent_rag", "customer_support_pipeline" + // Note: This attribute can be populated in different frameworks eg: name of the + // first chain in LangChain OR name of the crew in CrewAI. + GenAIWorkflowNameKey = attribute.Key("gen_ai.workflow.name") ) // GenAIAgentDescription returns an attribute KeyValue conforming to the @@ -7139,6 +7211,13 @@ func GenAIRequestStopSequences(val ...string) attribute.KeyValue { return GenAIRequestStopSequencesKey.StringSlice(val) } +// GenAIRequestStream returns an attribute KeyValue conforming to the +// "gen_ai.request.stream" semantic conventions. It represents the indicates +// whether the GenAI request was made in streaming mode. +func GenAIRequestStream(val bool) attribute.KeyValue { + return GenAIRequestStreamKey.Bool(val) +} + // GenAIRequestTemperature returns an attribute KeyValue conforming to the // "gen_ai.request.temperature" semantic conventions. It represents the // temperature setting for the GenAI request. @@ -7182,6 +7261,15 @@ func GenAIResponseModel(val string) attribute.KeyValue { return GenAIResponseModelKey.String(val) } +// GenAIResponseTimeToFirstChunk returns an attribute KeyValue conforming to the +// "gen_ai.response.time_to_first_chunk" semantic conventions. It represents the +// time to first chunk in a streaming response, measured from request issuance, +// in seconds. The value is measured from when the client issues the generation +// request to when the first chunk is received in the response stream. +func GenAIResponseTimeToFirstChunk(val float64) attribute.KeyValue { + return GenAIResponseTimeToFirstChunkKey.Float64(val) +} + // GenAIRetrievalQueryText returns an attribute KeyValue conforming to the // "gen_ai.retrieval.query.text" semantic conventions. It represents the query // text used for retrieval. @@ -7245,6 +7333,21 @@ func GenAIUsageOutputTokens(val int) attribute.KeyValue { return GenAIUsageOutputTokensKey.Int(val) } +// GenAIUsageReasoningOutputTokens returns an attribute KeyValue conforming to +// the "gen_ai.usage.reasoning.output_tokens" semantic conventions. It represents +// the number of output tokens used for reasoning (e.g. chain-of-thought, +// extended thinking). +func GenAIUsageReasoningOutputTokens(val int) attribute.KeyValue { + return GenAIUsageReasoningOutputTokensKey.Int(val) +} + +// GenAIWorkflowName returns an attribute KeyValue conforming to the +// "gen_ai.workflow.name" semantic conventions. It represents the human-readable +// name of the GenAI workflow provided by the application. +func GenAIWorkflowName(val string) attribute.KeyValue { + return GenAIWorkflowNameKey.String(val) +} + // Enum values for gen_ai.operation.name var ( // Chat completion operation such as [OpenAI Chat API] @@ -7281,6 +7384,9 @@ var ( // Execute a tool // Stability: development GenAIOperationNameExecuteTool = GenAIOperationNameKey.String("execute_tool") + // Invoke GenAI workflow + // Stability: development + GenAIOperationNameInvokeWorkflow = GenAIOperationNameKey.String("invoke_workflow") ) // Enum values for gen_ai.output.type @@ -7335,7 +7441,7 @@ var ( // [Azure OpenAI] // Stability: development // - // [Azure OpenAI]: https://azure.microsoft.com/products/ai-services/openai-service/ + // [Azure OpenAI]: https://learn.microsoft.com/en-us/azure/ai-services/openai/overview GenAIProviderNameAzureAIOpenAI = GenAIProviderNameKey.String("azure.ai.openai") // [IBM Watsonx AI] // Stability: development @@ -7551,6 +7657,44 @@ var ( // Namespace: go const ( + // GoCPUDetailedStateKey is the attribute Key conforming to the + // "go.cpu.detailed_state" semantic conventions. It represents the detailed + // state of the CPU. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "gc/pause", "gc/mark/assist" + // Note: Value SHOULD match the specific CPU class reported by the Go runtime + // under `/cpu/classes/...`. The list of possible values is subject to change + // with the Go version used. + GoCPUDetailedStateKey = attribute.Key("go.cpu.detailed_state") + + // GoCPUStateKey is the attribute Key conforming to the "go.cpu.state" semantic + // conventions. It represents the state of the CPU. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "user", "gc" + GoCPUStateKey = attribute.Key("go.cpu.state") + + // GoMemoryDetailedTypeKey is the attribute Key conforming to the + // "go.memory.detailed_type" semantic conventions. It represents the detailed + // type of memory. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "heap/objects", "heap/free" + // Note: Value SHOULD match the specific memory class reported by the Go runtime + // under `/memory/classes/...`. The list of possible values is subject to change + // with the Go version used. + GoMemoryDetailedTypeKey = attribute.Key("go.memory.detailed_type") + // GoMemoryTypeKey is the attribute Key conforming to the "go.memory.type" // semantic conventions. It represents the type of memory. // @@ -7562,6 +7706,36 @@ const ( GoMemoryTypeKey = attribute.Key("go.memory.type") ) +// GoCPUDetailedState returns an attribute KeyValue conforming to the +// "go.cpu.detailed_state" semantic conventions. It represents the detailed state +// of the CPU. +func GoCPUDetailedState(val string) attribute.KeyValue { + return GoCPUDetailedStateKey.String(val) +} + +// GoMemoryDetailedType returns an attribute KeyValue conforming to the +// "go.memory.detailed_type" semantic conventions. It represents the detailed +// type of memory. +func GoMemoryDetailedType(val string) attribute.KeyValue { + return GoMemoryDetailedTypeKey.String(val) +} + +// Enum values for go.cpu.state +var ( + // CPU time spent running user Go code. + // Stability: development + GoCPUStateUser = GoCPUStateKey.String("user") + // CPU time spent performing garbage collection tasks. + // Stability: development + GoCPUStateGC = GoCPUStateKey.String("gc") + // CPU time spent returning unused memory to the underlying platform. + // Stability: development + GoCPUStateScavenge = GoCPUStateKey.String("scavenge") + // Available CPU time not spent executing any Go or Go runtime code. + // Stability: development + GoCPUStateIdle = GoCPUStateKey.String("idle") +) + // Enum values for go.memory.type var ( // Memory allocated from the heap that is reserved for stack space, whether or @@ -7584,7 +7758,8 @@ const ( // Stability: Development // // Examples: query findBookById { bookById(id: ?) { name } } - // Note: The value may be sanitized to exclude sensitive information. + // Note: If instrumentation can reliably identify and redact sensitive + // information it SHOULD do it. GraphQLDocumentKey = attribute.Key("graphql.document") // GraphQLOperationNameKey is the attribute Key conforming to the @@ -8335,7 +8510,7 @@ var ( const ( // HwBatteryCapacityKey is the attribute Key conforming to the // "hw.battery.capacity" semantic conventions. It represents the design capacity - // in Watts-hours or Amper-hours. + // in Watts-hours or Ampere-hours. // // Type: string // RequirementLevel: Recommended @@ -8637,7 +8812,7 @@ const ( // HwBatteryCapacity returns an attribute KeyValue conforming to the // "hw.battery.capacity" semantic conventions. It represents the design capacity -// in Watts-hours or Amper-hours. +// in Watts-hours or Ampere-hours. func HwBatteryCapacity(val string) attribute.KeyValue { return HwBatteryCapacityKey.String(val) } @@ -9026,7 +9201,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "opentelemetry-cluster" K8SClusterNameKey = attribute.Key("k8s.cluster.name") @@ -9037,7 +9212,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "218fc5a9-a5f1-4b54-aa05-46717d0ab26d" // Note: K8s doesn't have support for obtaining a cluster ID. If this is ever @@ -9073,7 +9248,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "redis" K8SContainerNameKey = attribute.Key("k8s.container.name") @@ -9085,7 +9260,7 @@ const ( // // Type: int // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: K8SContainerRestartCountKey = attribute.Key("k8s.container.restart_count") @@ -9136,7 +9311,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "opentelemetry" K8SCronJobNameKey = attribute.Key("k8s.cronjob.name") @@ -9146,7 +9321,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" K8SCronJobUIDKey = attribute.Key("k8s.cronjob.uid") @@ -9157,7 +9332,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "opentelemetry" K8SDaemonSetNameKey = attribute.Key("k8s.daemonset.name") @@ -9167,7 +9342,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" K8SDaemonSetUIDKey = attribute.Key("k8s.daemonset.uid") @@ -9178,7 +9353,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "opentelemetry" K8SDeploymentNameKey = attribute.Key("k8s.deployment.name") @@ -9189,7 +9364,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" K8SDeploymentUIDKey = attribute.Key("k8s.deployment.uid") @@ -9279,7 +9454,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "opentelemetry" K8SJobNameKey = attribute.Key("k8s.job.name") @@ -9289,7 +9464,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" K8SJobUIDKey = attribute.Key("k8s.job.uid") @@ -9300,7 +9475,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "default" K8SNamespaceNameKey = attribute.Key("k8s.namespace.name") @@ -9365,27 +9540,128 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "node-1" K8SNodeNameKey = attribute.Key("k8s.node.name") + // K8SNodeSystemContainerNameKey is the attribute Key conforming to the + // "k8s.node.system_container.name" semantic conventions. It represents the name + // of the system container running on the K8s Node. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "kubelet", "runtime", "pods", "misc" + K8SNodeSystemContainerNameKey = attribute.Key("k8s.node.system_container.name") + // K8SNodeUIDKey is the attribute Key conforming to the "k8s.node.uid" semantic // conventions. It represents the UID of the Node. // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "1eb3a0c6-0477-4080-a9cb-0cb7db65c6a2" K8SNodeUIDKey = attribute.Key("k8s.node.uid") + // K8SPersistentvolumeNameKey is the attribute Key conforming to the + // "k8s.persistentvolume.name" semantic conventions. It represents the name of + // the PersistentVolume. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "pv-data-01" + K8SPersistentvolumeNameKey = attribute.Key("k8s.persistentvolume.name") + + // K8SPersistentvolumeReclaimPolicyKey is the attribute Key conforming to the + // "k8s.persistentvolume.reclaim_policy" semantic conventions. It represents the + // reclaim policy of the PersistentVolume. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Delete", "Retain", "Recycle" + // Note: This attribute aligns with the `persistentVolumeReclaimPolicy` field of + // the + // [K8s PersistentVolumeSpec]. + // + // [K8s PersistentVolumeSpec]: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1/#PersistentVolumeSpec + K8SPersistentvolumeReclaimPolicyKey = attribute.Key("k8s.persistentvolume.reclaim_policy") + + // K8SPersistentvolumeStatusPhaseKey is the attribute Key conforming to the + // "k8s.persistentvolume.status.phase" semantic conventions. It represents the + // phase of the PersistentVolume. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Pending", "Available", "Bound", "Released", "Failed" + // Note: This attribute aligns with the `phase` field of the + // [K8s PersistentVolumeStatus]. + // + // [K8s PersistentVolumeStatus]: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1/#PersistentVolumeStatus + K8SPersistentvolumeStatusPhaseKey = attribute.Key("k8s.persistentvolume.status.phase") + + // K8SPersistentvolumeUIDKey is the attribute Key conforming to the + // "k8s.persistentvolume.uid" semantic conventions. It represents the UID of the + // PersistentVolume. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" + K8SPersistentvolumeUIDKey = attribute.Key("k8s.persistentvolume.uid") + + // K8SPersistentvolumeclaimNameKey is the attribute Key conforming to the + // "k8s.persistentvolumeclaim.name" semantic conventions. It represents the name + // of the PersistentVolumeClaim. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "pvc-data-01" + K8SPersistentvolumeclaimNameKey = attribute.Key("k8s.persistentvolumeclaim.name") + + // K8SPersistentvolumeclaimStatusPhaseKey is the attribute Key conforming to the + // "k8s.persistentvolumeclaim.status.phase" semantic conventions. It represents + // the phase of the PersistentVolumeClaim. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Pending", "Bound", "Lost" + // Note: This attribute aligns with the `phase` field of the + // [K8s PersistentVolumeClaimStatus]. + // + // [K8s PersistentVolumeClaimStatus]: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#PersistentVolumeClaimStatus + K8SPersistentvolumeclaimStatusPhaseKey = attribute.Key("k8s.persistentvolumeclaim.status.phase") + + // K8SPersistentvolumeclaimUIDKey is the attribute Key conforming to the + // "k8s.persistentvolumeclaim.uid" semantic conventions. It represents the UID + // of the PersistentVolumeClaim. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" + K8SPersistentvolumeclaimUIDKey = attribute.Key("k8s.persistentvolumeclaim.uid") + // K8SPodHostnameKey is the attribute Key conforming to the "k8s.pod.hostname" // semantic conventions. It represents the specifies the hostname of the Pod. // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "collector-gateway" // Note: The K8s Pod spec has an optional hostname field, which can be used to @@ -9405,7 +9681,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "172.18.0.2" // Note: This attribute aligns with the `podIP` field of the @@ -9419,7 +9695,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "opentelemetry-pod-autoconf" K8SPodNameKey = attribute.Key("k8s.pod.name") @@ -9430,7 +9706,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "2025-12-04T08:41:03Z" // Note: Date and time at which the object was acknowledged by the Kubelet. @@ -9474,7 +9750,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" K8SPodUIDKey = attribute.Key("k8s.pod.uid") @@ -9485,7 +9761,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "opentelemetry" K8SReplicaSetNameKey = attribute.Key("k8s.replicaset.name") @@ -9496,7 +9772,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" K8SReplicaSetUIDKey = attribute.Key("k8s.replicaset.uid") @@ -9709,7 +9985,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "opentelemetry" K8SStatefulSetNameKey = attribute.Key("k8s.statefulset.name") @@ -9720,7 +9996,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Beta + // Stability: Release_Candidate // // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" K8SStatefulSetUIDKey = attribute.Key("k8s.statefulset.uid") @@ -10005,12 +10281,80 @@ func K8SNodeName(val string) attribute.KeyValue { return K8SNodeNameKey.String(val) } +// K8SNodeSystemContainerName returns an attribute KeyValue conforming to the +// "k8s.node.system_container.name" semantic conventions. It represents the name +// of the system container running on the K8s Node. +func K8SNodeSystemContainerName(val string) attribute.KeyValue { + return K8SNodeSystemContainerNameKey.String(val) +} + // K8SNodeUID returns an attribute KeyValue conforming to the "k8s.node.uid" // semantic conventions. It represents the UID of the Node. func K8SNodeUID(val string) attribute.KeyValue { return K8SNodeUIDKey.String(val) } +// K8SPersistentvolumeAnnotation returns an attribute KeyValue conforming to the +// "k8s.persistentvolume.annotation" semantic conventions. It represents the +// annotation placed on the PersistentVolume, the `` being the annotation +// name, the value being the annotation value, even if the value is empty. +func K8SPersistentvolumeAnnotation(key string, val string) attribute.KeyValue { + return attribute.String("k8s.persistentvolume.annotation."+key, val) +} + +// K8SPersistentvolumeLabel returns an attribute KeyValue conforming to the +// "k8s.persistentvolume.label" semantic conventions. It represents the label +// placed on the PersistentVolume, the `` being the label name, the value +// being the label value, even if the value is empty. +func K8SPersistentvolumeLabel(key string, val string) attribute.KeyValue { + return attribute.String("k8s.persistentvolume.label."+key, val) +} + +// K8SPersistentvolumeName returns an attribute KeyValue conforming to the +// "k8s.persistentvolume.name" semantic conventions. It represents the name of +// the PersistentVolume. +func K8SPersistentvolumeName(val string) attribute.KeyValue { + return K8SPersistentvolumeNameKey.String(val) +} + +// K8SPersistentvolumeUID returns an attribute KeyValue conforming to the +// "k8s.persistentvolume.uid" semantic conventions. It represents the UID of the +// PersistentVolume. +func K8SPersistentvolumeUID(val string) attribute.KeyValue { + return K8SPersistentvolumeUIDKey.String(val) +} + +// K8SPersistentvolumeclaimAnnotation returns an attribute KeyValue conforming to +// the "k8s.persistentvolumeclaim.annotation" semantic conventions. It represents +// the annotation placed on the PersistentVolumeClaim, the `` being the +// annotation name, the value being the annotation value, even if the value is +// empty. +func K8SPersistentvolumeclaimAnnotation(key string, val string) attribute.KeyValue { + return attribute.String("k8s.persistentvolumeclaim.annotation."+key, val) +} + +// K8SPersistentvolumeclaimLabel returns an attribute KeyValue conforming to the +// "k8s.persistentvolumeclaim.label" semantic conventions. It represents the +// label placed on the PersistentVolumeClaim, the `` being the label name, +// the value being the label value, even if the value is empty. +func K8SPersistentvolumeclaimLabel(key string, val string) attribute.KeyValue { + return attribute.String("k8s.persistentvolumeclaim.label."+key, val) +} + +// K8SPersistentvolumeclaimName returns an attribute KeyValue conforming to the +// "k8s.persistentvolumeclaim.name" semantic conventions. It represents the name +// of the PersistentVolumeClaim. +func K8SPersistentvolumeclaimName(val string) attribute.KeyValue { + return K8SPersistentvolumeclaimNameKey.String(val) +} + +// K8SPersistentvolumeclaimUID returns an attribute KeyValue conforming to the +// "k8s.persistentvolumeclaim.uid" semantic conventions. It represents the UID of +// the PersistentVolumeClaim. +func K8SPersistentvolumeclaimUID(val string) attribute.KeyValue { + return K8SPersistentvolumeclaimUIDKey.String(val) +} + // K8SPodAnnotation returns an attribute KeyValue conforming to the // "k8s.pod.annotation" semantic conventions. It represents the annotation placed // on the Pod, the `` being the annotation name, the value being the @@ -10318,6 +10662,51 @@ var ( K8SNodeConditionTypeNetworkUnavailable = K8SNodeConditionTypeKey.String("NetworkUnavailable") ) +// Enum values for k8s.persistentvolume.reclaim_policy +var ( + // The volume will be deleted when released from its claim. + // Stability: development + K8SPersistentvolumeReclaimPolicyDelete = K8SPersistentvolumeReclaimPolicyKey.String("Delete") + // The volume will be recycled (basic scrub) when released from its claim. + // Stability: development + K8SPersistentvolumeReclaimPolicyRecycle = K8SPersistentvolumeReclaimPolicyKey.String("Recycle") + // The volume will be retained when released from its claim. + // Stability: development + K8SPersistentvolumeReclaimPolicyRetain = K8SPersistentvolumeReclaimPolicyKey.String("Retain") +) + +// Enum values for k8s.persistentvolume.status.phase +var ( + // The volume is available and not yet bound to a claim. + // Stability: development + K8SPersistentvolumeStatusPhaseAvailable = K8SPersistentvolumeStatusPhaseKey.String("Available") + // The volume is bound to a claim. + // Stability: development + K8SPersistentvolumeStatusPhaseBound = K8SPersistentvolumeStatusPhaseKey.String("Bound") + // The volume has failed its automatic reclamation. + // Stability: development + K8SPersistentvolumeStatusPhaseFailed = K8SPersistentvolumeStatusPhaseKey.String("Failed") + // The volume is being provisioned. + // Stability: development + K8SPersistentvolumeStatusPhasePending = K8SPersistentvolumeStatusPhaseKey.String("Pending") + // The claim has been deleted but the volume is not yet available. + // Stability: development + K8SPersistentvolumeStatusPhaseReleased = K8SPersistentvolumeStatusPhaseKey.String("Released") +) + +// Enum values for k8s.persistentvolumeclaim.status.phase +var ( + // The claim is bound to a volume. + // Stability: development + K8SPersistentvolumeclaimStatusPhaseBound = K8SPersistentvolumeclaimStatusPhaseKey.String("Bound") + // The claim has lost its underlying volume (the volume does not exist anymore). + // Stability: development + K8SPersistentvolumeclaimStatusPhaseLost = K8SPersistentvolumeclaimStatusPhaseKey.String("Lost") + // The claim has not yet been bound to a volume. + // Stability: development + K8SPersistentvolumeclaimStatusPhasePending = K8SPersistentvolumeclaimStatusPhaseKey.String("Pending") +) + // Enum values for k8s.pod.status.phase var ( // The pod has been accepted by the system, but one or more of the containers @@ -12669,7 +13058,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Development + // Stability: Stable // // Examples: "browser.mouse.click", "device.app.lifecycle" // Note: This attribute SHOULD be used by non-OTLP exporters when destination @@ -13240,14 +13629,27 @@ const ( // ProcessExecutableBuildIDHtlhashKey is the attribute Key conforming to the // "process.executable.build_id.htlhash" semantic conventions. It represents the - // profiling specific build ID for executables. See the OTel specification for - // Profiles for more information. + // deterministic build ID for executables. // // Type: string // RequirementLevel: Recommended // Stability: Development // // Examples: "600DCAFE4A110000F2BF38C493F5FB92" + // Note: GNU and Go build IDs may be stripped or unavailable in some + // environments + // (e.g., Alpine Linux, Docker images). This attribute provides a deterministic + // build ID computed by hashing the first and last 4096 bytes of the file + // along with its length: + // + // ``` + // Input ← Concat(File[:4096], File[-4096:], BigEndianUInt64(Len(File))) + // Digest ← SHA256(Input) + // BuildID ← Digest[:16] + // ``` + // + // The result is the first 16 bytes (128 bits) of the SHA256 digest, + // represented as a hex string. ProcessExecutableBuildIDHtlhashKey = attribute.Key("process.executable.build_id.htlhash") // ProcessExecutableNameKey is the attribute Key conforming to the @@ -13603,8 +14005,7 @@ func ProcessExecutableBuildIDGo(val string) attribute.KeyValue { // ProcessExecutableBuildIDHtlhash returns an attribute KeyValue conforming to // the "process.executable.build_id.htlhash" semantic conventions. It represents -// the profiling specific build ID for executables. See the OTel specification -// for Profiles for more information. +// the deterministic build ID for executables. func ProcessExecutableBuildIDHtlhash(val string) attribute.KeyValue { return ProcessExecutableBuildIDHtlhashKey.String(val) } @@ -14317,9 +14718,11 @@ const ( // Examples: "shoppingcart" // Note: MUST be the same for all instances of horizontally scaled services. If // the value was not specified, SDKs MUST fallback to `unknown_service:` - // concatenated with [`process.executable.name`], e.g. `unknown_service:bash`. - // If `process.executable.name` is not available, the value MUST be set to + // concatenated with the process executable name, e.g. `unknown_service:bash`. + // If the process executable name is not available, the value MUST be set to // `unknown_service`. + // The process executable name is the name of the process executable, the same + // value as described by the [`process.executable.name`] resource attribute. // // [`process.executable.name`]: process.md ServiceNameKey = attribute.Key("service.name") @@ -14643,6 +15046,17 @@ const ( // Examples: "ext4" SystemFilesystemTypeKey = attribute.Key("system.filesystem.type") + // SystemMemoryLinuxHugepagesStateKey is the attribute Key conforming to the + // "system.memory.linux.hugepages.state" semantic conventions. It represents the + // Linux HugePages memory state. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "free", "used" + SystemMemoryLinuxHugepagesStateKey = attribute.Key("system.memory.linux.hugepages.state") + // SystemMemoryLinuxSlabStateKey is the attribute Key conforming to the // "system.memory.linux.slab.state" semantic conventions. It represents the // Linux Slab memory state. @@ -14753,6 +15167,16 @@ var ( SystemFilesystemTypeExt4 = SystemFilesystemTypeKey.String("ext4") ) +// Enum values for system.memory.linux.hugepages.state +var ( + // free + // Stability: development + SystemMemoryLinuxHugepagesStateFree = SystemMemoryLinuxHugepagesStateKey.String("free") + // used + // Stability: development + SystemMemoryLinuxHugepagesStateUsed = SystemMemoryLinuxHugepagesStateKey.String("used") +) + // Enum values for system.memory.linux.slab.state var ( // reclaimable @@ -14817,7 +15241,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Development + // Stability: Stable // // Examples: "parts-unlimited-java" // Note: Official auto instrumentation agents and distributions SHOULD set the @@ -14832,7 +15256,7 @@ const ( // // Type: string // RequirementLevel: Recommended - // Stability: Development + // Stability: Stable // // Examples: "1.2.3" TelemetryDistroVersionKey = attribute.Key("telemetry.distro.version") diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/doc.go b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/doc.go similarity index 82% rename from vendor/go.opentelemetry.io/otel/semconv/v1.40.0/doc.go rename to vendor/go.opentelemetry.io/otel/semconv/v1.41.0/doc.go index c5c41e4d27..a45d424d88 100644 --- a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/doc.go +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/doc.go @@ -1,9 +1,11 @@ +// Code generated from semantic convention specification. DO NOT EDIT. + // Copyright The OpenTelemetry Authors // SPDX-License-Identifier: Apache-2.0 // Package semconv implements OpenTelemetry semantic conventions. // // OpenTelemetry semantic conventions are agreed standardized naming -// patterns for OpenTelemetry things. This package represents the v1.40.0 +// patterns for OpenTelemetry things. This package represents the v1.41.0 // version of the OpenTelemetry semantic conventions. -package semconv // import "go.opentelemetry.io/otel/semconv/v1.40.0" +package semconv // import "go.opentelemetry.io/otel/semconv/v1.41.0" diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/error_type.go b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/error_type.go similarity index 75% rename from vendor/go.opentelemetry.io/otel/semconv/v1.40.0/error_type.go rename to vendor/go.opentelemetry.io/otel/semconv/v1.41.0/error_type.go index 6d26e52821..0b13f0de8e 100644 --- a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/error_type.go +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/error_type.go @@ -1,10 +1,13 @@ +// Code generated from semantic convention specification. DO NOT EDIT. + // Copyright The OpenTelemetry Authors // SPDX-License-Identifier: Apache-2.0 -package semconv // import "go.opentelemetry.io/otel/semconv/v1.40.0" +package semconv // import "go.opentelemetry.io/otel/semconv/v1.41.0" import ( "errors" + "fmt" "reflect" "go.opentelemetry.io/otel/attribute" @@ -22,7 +25,8 @@ import ( // the returned attribute has that method's return value. If multiple errors in // the chain implement this method, the value from the first match found by // [errors.As] is used. Otherwise, the returned attribute has a value derived -// from the concrete type of err. +// from the concrete type of err after unwrapping any wrappers created with +// [fmt.Errorf]. // // The key of the returned attribute is [ErrorTypeKey]. func ErrorType(err error) attribute.KeyValue { @@ -50,7 +54,7 @@ func errorType(err error) string { // Fallback to reflection if the ErrorType method is not supported or // returns an empty value. - t := reflect.TypeOf(err) + t := reflect.TypeOf(unwrapFmtWrapped(err)) pkg, name := t.PkgPath(), t.Name() if pkg != "" && name != "" { s = pkg + "." + name @@ -64,3 +68,16 @@ func errorType(err error) string { } return s } + +var fmtWrapErrorType = reflect.TypeOf(fmt.Errorf("wrapped: %w", errors.New("err"))) + +func unwrapFmtWrapped(err error) error { + for reflect.TypeOf(err) == fmtWrapErrorType { + u := errors.Unwrap(err) + if u == nil { + return err // When the wrapped error is nil, use the concrete type of the wrapper. + } + err = u + } + return err +} diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/exception.go b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/exception.go similarity index 77% rename from vendor/go.opentelemetry.io/otel/semconv/v1.40.0/exception.go rename to vendor/go.opentelemetry.io/otel/semconv/v1.41.0/exception.go index 6a26231a1a..5f0151affa 100644 --- a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/exception.go +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/exception.go @@ -1,7 +1,9 @@ +// Code generated from semantic convention specification. DO NOT EDIT. + // Copyright The OpenTelemetry Authors // SPDX-License-Identifier: Apache-2.0 -package semconv // import "go.opentelemetry.io/otel/semconv/v1.40.0" +package semconv // import "go.opentelemetry.io/otel/semconv/v1.41.0" const ( // ExceptionEventName is the name of the Span event representing an exception. diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/goconv/metric.go b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/goconv/metric.go similarity index 55% rename from vendor/go.opentelemetry.io/otel/semconv/v1.40.0/goconv/metric.go rename to vendor/go.opentelemetry.io/otel/semconv/v1.41.0/goconv/metric.go index ba37763b93..2efa623811 100644 --- a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/goconv/metric.go +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/goconv/metric.go @@ -21,6 +21,23 @@ var ( recOptPool = &sync.Pool{New: func() any { return &[]metric.RecordOption{} }} ) +// CPUStateAttr is an attribute conforming to the go.cpu.state semantic +// conventions. It represents the state of the CPU. +type CPUStateAttr string + +var ( + // CPUStateUser is the CPU time spent running user Go code. + CPUStateUser CPUStateAttr = "user" + // CPUStateGC is the CPU time spent performing garbage collection tasks. + CPUStateGC CPUStateAttr = "gc" + // CPUStateScavenge is the CPU time spent returning unused memory to the + // underlying platform. + CPUStateScavenge CPUStateAttr = "scavenge" + // CPUStateIdle is the available CPU time not spent executing any Go or Go + // runtime code. + CPUStateIdle CPUStateAttr = "idle" +) + // MemoryTypeAttr is an attribute conforming to the go.memory.type semantic // conventions. It represents the type of memory. type MemoryTypeAttr string @@ -92,6 +109,212 @@ func (ConfigGogc) Description() string { return "Heap size target percentage configured by the user, otherwise 100." } +// CPUTime is an instrument used to record metric values conforming to the +// "go.cpu.time" semantic conventions. It represents the estimated CPU time spent +// by the Go runtime. +type CPUTime struct { + metric.Float64Counter +} + +var newCPUTimeOpts = []metric.Float64CounterOption{ + metric.WithDescription("Estimated CPU time spent by the Go runtime."), + metric.WithUnit("s"), +} + +// NewCPUTime returns a new CPUTime instrument. +func NewCPUTime( + m metric.Meter, + opt ...metric.Float64CounterOption, +) (CPUTime, error) { + // Check if the meter is nil. + if m == nil { + return CPUTime{noop.Float64Counter{}}, nil + } + + if len(opt) == 0 { + opt = newCPUTimeOpts + } else { + opt = append(opt, newCPUTimeOpts...) + } + + i, err := m.Float64Counter( + "go.cpu.time", + opt..., + ) + if err != nil { + return CPUTime{noop.Float64Counter{}}, err + } + return CPUTime{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m CPUTime) Inst() metric.Float64Counter { + return m.Float64Counter +} + +// Name returns the semantic convention name of the instrument. +func (CPUTime) Name() string { + return "go.cpu.time" +} + +// Unit returns the semantic convention unit of the instrument +func (CPUTime) Unit() string { + return "s" +} + +// Description returns the semantic convention description of the instrument +func (CPUTime) Description() string { + return "Estimated CPU time spent by the Go runtime." +} + +// Add adds incr to the existing count for attrs. +// +// The cpuState is the the state of the CPU. +// +// All additional attrs passed are included in the recorded value. +// +// Computed from `/cpu/classes/...` metrics. This metric is an overestimate, and +// not directly comparable to system CPU time measurements. Compare only with +// other `go.cpu.time` metrics. +func (m CPUTime) Add( + ctx context.Context, + incr float64, + cpuState CPUStateAttr, + attrs ...attribute.KeyValue, +) { + if !m.Float64Counter.Enabled(ctx) { + return + } + if len(attrs) == 0 { + m.Float64Counter.Add(ctx, incr, metric.WithAttributes( + attribute.String("go.cpu.state", string(cpuState)), + )) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + clear(*o) + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append( + *o, + metric.WithAttributes( + append( + attrs[:len(attrs):len(attrs)], + attribute.String("go.cpu.state", string(cpuState)), + )..., + ), + ) + + m.Float64Counter.Add(ctx, incr, *o...) +} + +// AddSet adds incr to the existing count for set. +// +// Computed from `/cpu/classes/...` metrics. This metric is an overestimate, and +// not directly comparable to system CPU time measurements. Compare only with +// other `go.cpu.time` metrics. +func (m CPUTime) AddSet(ctx context.Context, incr float64, set attribute.Set) { + if !m.Float64Counter.Enabled(ctx) { + return + } + if set.Len() == 0 { + m.Float64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + clear(*o) + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Float64Counter.Add(ctx, incr, *o...) +} + +// AttrCPUDetailedState returns an optional attribute for the +// "go.cpu.detailed_state" semantic convention. It represents the detailed state +// of the CPU. +func (CPUTime) AttrCPUDetailedState(val string) attribute.KeyValue { + return attribute.String("go.cpu.detailed_state", val) +} + +// CPUTimeObservable is an instrument used to record metric values conforming to +// the "go.cpu.time" semantic conventions. It represents the estimated CPU time +// spent by the Go runtime. +type CPUTimeObservable struct { + metric.Float64ObservableCounter +} + +var newCPUTimeObservableOpts = []metric.Float64ObservableCounterOption{ + metric.WithDescription("Estimated CPU time spent by the Go runtime."), + metric.WithUnit("s"), +} + +// NewCPUTimeObservable returns a new CPUTimeObservable instrument. +func NewCPUTimeObservable( + m metric.Meter, + opt ...metric.Float64ObservableCounterOption, +) (CPUTimeObservable, error) { + // Check if the meter is nil. + if m == nil { + return CPUTimeObservable{noop.Float64ObservableCounter{}}, nil + } + + if len(opt) == 0 { + opt = newCPUTimeObservableOpts + } else { + opt = append(opt, newCPUTimeObservableOpts...) + } + + i, err := m.Float64ObservableCounter( + "go.cpu.time", + opt..., + ) + if err != nil { + return CPUTimeObservable{noop.Float64ObservableCounter{}}, err + } + return CPUTimeObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m CPUTimeObservable) Inst() metric.Float64ObservableCounter { + return m.Float64ObservableCounter +} + +// Name returns the semantic convention name of the instrument. +func (CPUTimeObservable) Name() string { + return "go.cpu.time" +} + +// Unit returns the semantic convention unit of the instrument +func (CPUTimeObservable) Unit() string { + return "s" +} + +// Description returns the semantic convention description of the instrument +func (CPUTimeObservable) Description() string { + return "Estimated CPU time spent by the Go runtime." +} + +// AttrCPUState returns a required attribute for the "go.cpu.state" semantic +// convention. It represents the state of the CPU. +func (CPUTimeObservable) AttrCPUState(val CPUStateAttr) attribute.KeyValue { + return attribute.String("go.cpu.state", string(val)) +} + +// AttrCPUDetailedState returns an optional attribute for the +// "go.cpu.detailed_state" semantic convention. It represents the detailed state +// of the CPU. +func (CPUTimeObservable) AttrCPUDetailedState(val string) attribute.KeyValue { + return attribute.String("go.cpu.detailed_state", val) +} + // GoroutineCount is an instrument used to record metric values conforming to the // "go.goroutine.count" semantic conventions. It represents the count of live // goroutines. @@ -266,6 +489,168 @@ func (MemoryAllocations) Description() string { return "Count of allocations to the heap by the application." } +// MemoryGCCycles is an instrument used to record metric values conforming to the +// "go.memory.gc.cycles" semantic conventions. It represents the number of +// completed GC cycles. +type MemoryGCCycles struct { + metric.Int64Counter +} + +var newMemoryGCCyclesOpts = []metric.Int64CounterOption{ + metric.WithDescription("Number of completed GC cycles."), + metric.WithUnit("{gc_cycle}"), +} + +// NewMemoryGCCycles returns a new MemoryGCCycles instrument. +func NewMemoryGCCycles( + m metric.Meter, + opt ...metric.Int64CounterOption, +) (MemoryGCCycles, error) { + // Check if the meter is nil. + if m == nil { + return MemoryGCCycles{noop.Int64Counter{}}, nil + } + + if len(opt) == 0 { + opt = newMemoryGCCyclesOpts + } else { + opt = append(opt, newMemoryGCCyclesOpts...) + } + + i, err := m.Int64Counter( + "go.memory.gc.cycles", + opt..., + ) + if err != nil { + return MemoryGCCycles{noop.Int64Counter{}}, err + } + return MemoryGCCycles{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m MemoryGCCycles) Inst() metric.Int64Counter { + return m.Int64Counter +} + +// Name returns the semantic convention name of the instrument. +func (MemoryGCCycles) Name() string { + return "go.memory.gc.cycles" +} + +// Unit returns the semantic convention unit of the instrument +func (MemoryGCCycles) Unit() string { + return "{gc_cycle}" +} + +// Description returns the semantic convention description of the instrument +func (MemoryGCCycles) Description() string { + return "Number of completed GC cycles." +} + +// Add adds incr to the existing count for attrs. +// +// Computed from `/gc/cycles/total:gc-cycles`. +func (m MemoryGCCycles) Add(ctx context.Context, incr int64, attrs ...attribute.KeyValue) { + if !m.Int64Counter.Enabled(ctx) { + return + } + if len(attrs) == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + clear(*o) + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributes(attrs...)) + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AddSet adds incr to the existing count for set. +// +// Computed from `/gc/cycles/total:gc-cycles`. +func (m MemoryGCCycles) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64Counter.Enabled(ctx) { + return + } + if set.Len() == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + clear(*o) + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Int64Counter.Add(ctx, incr, *o...) +} + +// MemoryGCCyclesObservable is an instrument used to record metric values +// conforming to the "go.memory.gc.cycles" semantic conventions. It represents +// the number of completed GC cycles. +type MemoryGCCyclesObservable struct { + metric.Int64ObservableCounter +} + +var newMemoryGCCyclesObservableOpts = []metric.Int64ObservableCounterOption{ + metric.WithDescription("Number of completed GC cycles."), + metric.WithUnit("{gc_cycle}"), +} + +// NewMemoryGCCyclesObservable returns a new MemoryGCCyclesObservable instrument. +func NewMemoryGCCyclesObservable( + m metric.Meter, + opt ...metric.Int64ObservableCounterOption, +) (MemoryGCCyclesObservable, error) { + // Check if the meter is nil. + if m == nil { + return MemoryGCCyclesObservable{noop.Int64ObservableCounter{}}, nil + } + + if len(opt) == 0 { + opt = newMemoryGCCyclesObservableOpts + } else { + opt = append(opt, newMemoryGCCyclesObservableOpts...) + } + + i, err := m.Int64ObservableCounter( + "go.memory.gc.cycles", + opt..., + ) + if err != nil { + return MemoryGCCyclesObservable{noop.Int64ObservableCounter{}}, err + } + return MemoryGCCyclesObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m MemoryGCCyclesObservable) Inst() metric.Int64ObservableCounter { + return m.Int64ObservableCounter +} + +// Name returns the semantic convention name of the instrument. +func (MemoryGCCyclesObservable) Name() string { + return "go.memory.gc.cycles" +} + +// Unit returns the semantic convention unit of the instrument +func (MemoryGCCyclesObservable) Unit() string { + return "{gc_cycle}" +} + +// Description returns the semantic convention description of the instrument +func (MemoryGCCyclesObservable) Description() string { + return "Number of completed GC cycles." +} + // MemoryGCGoal is an instrument used to record metric values conforming to the // "go.memory.gc.goal" semantic conventions. It represents the heap size target // for the end of the GC cycle. @@ -324,6 +709,113 @@ func (MemoryGCGoal) Description() string { return "Heap size target for the end of the GC cycle." } +// MemoryGCPauseDuration is an instrument used to record metric values conforming +// to the "go.memory.gc.pause.duration" semantic conventions. It represents the +// distribution of individual GC-related stop-the-world pause latencies. This is +// the time from deciding to stop the world until the world is started again. +type MemoryGCPauseDuration struct { + metric.Float64Histogram +} + +var newMemoryGCPauseDurationOpts = []metric.Float64HistogramOption{ + metric.WithDescription("Distribution of individual GC-related stop-the-world pause latencies. This is the time from deciding to stop the world until the world is started again."), + metric.WithUnit("s"), +} + +// NewMemoryGCPauseDuration returns a new MemoryGCPauseDuration instrument. +func NewMemoryGCPauseDuration( + m metric.Meter, + opt ...metric.Float64HistogramOption, +) (MemoryGCPauseDuration, error) { + // Check if the meter is nil. + if m == nil { + return MemoryGCPauseDuration{noop.Float64Histogram{}}, nil + } + + if len(opt) == 0 { + opt = newMemoryGCPauseDurationOpts + } else { + opt = append(opt, newMemoryGCPauseDurationOpts...) + } + + i, err := m.Float64Histogram( + "go.memory.gc.pause.duration", + opt..., + ) + if err != nil { + return MemoryGCPauseDuration{noop.Float64Histogram{}}, err + } + return MemoryGCPauseDuration{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m MemoryGCPauseDuration) Inst() metric.Float64Histogram { + return m.Float64Histogram +} + +// Name returns the semantic convention name of the instrument. +func (MemoryGCPauseDuration) Name() string { + return "go.memory.gc.pause.duration" +} + +// Unit returns the semantic convention unit of the instrument +func (MemoryGCPauseDuration) Unit() string { + return "s" +} + +// Description returns the semantic convention description of the instrument +func (MemoryGCPauseDuration) Description() string { + return "Distribution of individual GC-related stop-the-world pause latencies. This is the time from deciding to stop the world until the world is started again." +} + +// Record records val to the current distribution for attrs. +// +// Computed from `/sched/pauses/total/gc:seconds`. Bucket boundaries are provided +// by the runtime, and are subject to change. +func (m MemoryGCPauseDuration) Record(ctx context.Context, val float64, attrs ...attribute.KeyValue) { + if !m.Float64Histogram.Enabled(ctx) { + return + } + if len(attrs) == 0 { + m.Float64Histogram.Record(ctx, val) + return + } + + o := recOptPool.Get().(*[]metric.RecordOption) + defer func() { + clear(*o) + *o = (*o)[:0] + recOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributes(attrs...)) + m.Float64Histogram.Record(ctx, val, *o...) +} + +// RecordSet records val to the current distribution for set. +// +// Computed from `/sched/pauses/total/gc:seconds`. Bucket boundaries are provided +// by the runtime, and are subject to change. +func (m MemoryGCPauseDuration) RecordSet(ctx context.Context, val float64, set attribute.Set) { + if !m.Float64Histogram.Enabled(ctx) { + return + } + if set.Len() == 0 { + m.Float64Histogram.Record(ctx, val) + return + } + + o := recOptPool.Get().(*[]metric.RecordOption) + defer func() { + clear(*o) + *o = (*o)[:0] + recOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Float64Histogram.Record(ctx, val, *o...) +} + // MemoryLimit is an instrument used to record metric values conforming to the // "go.memory.limit" semantic conventions. It represents the go runtime memory // limit configured by the user, if a limit exists. @@ -446,6 +938,13 @@ func (MemoryUsed) AttrMemoryType(val MemoryTypeAttr) attribute.KeyValue { return attribute.String("go.memory.type", string(val)) } +// AttrMemoryDetailedType returns an optional attribute for the +// "go.memory.detailed_type" semantic convention. It represents the detailed type +// of memory. +func (MemoryUsed) AttrMemoryDetailedType(val string) attribute.KeyValue { + return attribute.String("go.memory.detailed_type", val) +} + // ProcessorLimit is an instrument used to record metric values conforming to the // "go.processor.limit" semantic conventions. It represents the number of OS // threads that can execute user-level Go code simultaneously. @@ -568,6 +1067,9 @@ func (ScheduleDuration) Description() string { // Computed from `/sched/latencies:seconds`. Bucket boundaries are provided by // the runtime, and are subject to change. func (m ScheduleDuration) Record(ctx context.Context, val float64, attrs ...attribute.KeyValue) { + if !m.Float64Histogram.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Float64Histogram.Record(ctx, val) return @@ -575,6 +1077,7 @@ func (m ScheduleDuration) Record(ctx context.Context, val float64, attrs ...attr o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -588,6 +1091,9 @@ func (m ScheduleDuration) Record(ctx context.Context, val float64, attrs ...attr // Computed from `/sched/latencies:seconds`. Bucket boundaries are provided by // the runtime, and are subject to change. func (m ScheduleDuration) RecordSet(ctx context.Context, val float64, set attribute.Set) { + if !m.Float64Histogram.Enabled(ctx) { + return + } if set.Len() == 0 { m.Float64Histogram.Record(ctx, val) return @@ -595,6 +1101,7 @@ func (m ScheduleDuration) RecordSet(ctx context.Context, val float64, set attrib o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/httpconv/metric.go b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/httpconv/metric.go similarity index 82% rename from vendor/go.opentelemetry.io/otel/semconv/v1.40.0/httpconv/metric.go rename to vendor/go.opentelemetry.io/otel/semconv/v1.41.0/httpconv/metric.go index 7264925ba9..1b811e2d72 100644 --- a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/httpconv/metric.go +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/httpconv/metric.go @@ -159,6 +159,9 @@ func (m ClientActiveRequests) Add( serverPort int, attrs ...attribute.KeyValue, ) { + if !m.Int64UpDownCounter.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64UpDownCounter.Add(ctx, incr, metric.WithAttributes( attribute.String("server.address", serverAddress), @@ -169,6 +172,7 @@ func (m ClientActiveRequests) Add( o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -189,6 +193,9 @@ func (m ClientActiveRequests) Add( // AddSet adds incr to the existing count for set. func (m ClientActiveRequests) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64UpDownCounter.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64UpDownCounter.Add(ctx, incr) return @@ -196,6 +203,7 @@ func (m ClientActiveRequests) AddSet(ctx context.Context, incr int64, set attrib o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -228,6 +236,102 @@ func (ClientActiveRequests) AttrURLScheme(val string) attribute.KeyValue { return attribute.String("url.scheme", val) } +// ClientActiveRequestsObservable is an instrument used to record metric values +// conforming to the "http.client.active_requests" semantic conventions. It +// represents the number of active HTTP requests. +type ClientActiveRequestsObservable struct { + metric.Int64ObservableUpDownCounter +} + +var newClientActiveRequestsObservableOpts = []metric.Int64ObservableUpDownCounterOption{ + metric.WithDescription("Number of active HTTP requests."), + metric.WithUnit("{request}"), +} + +// NewClientActiveRequestsObservable returns a new ClientActiveRequestsObservable +// instrument. +func NewClientActiveRequestsObservable( + m metric.Meter, + opt ...metric.Int64ObservableUpDownCounterOption, +) (ClientActiveRequestsObservable, error) { + // Check if the meter is nil. + if m == nil { + return ClientActiveRequestsObservable{noop.Int64ObservableUpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newClientActiveRequestsObservableOpts + } else { + opt = append(opt, newClientActiveRequestsObservableOpts...) + } + + i, err := m.Int64ObservableUpDownCounter( + "http.client.active_requests", + opt..., + ) + if err != nil { + return ClientActiveRequestsObservable{noop.Int64ObservableUpDownCounter{}}, err + } + return ClientActiveRequestsObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m ClientActiveRequestsObservable) Inst() metric.Int64ObservableUpDownCounter { + return m.Int64ObservableUpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (ClientActiveRequestsObservable) Name() string { + return "http.client.active_requests" +} + +// Unit returns the semantic convention unit of the instrument +func (ClientActiveRequestsObservable) Unit() string { + return "{request}" +} + +// Description returns the semantic convention description of the instrument +func (ClientActiveRequestsObservable) Description() string { + return "Number of active HTTP requests." +} + +// AttrServerAddress returns a required attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (ClientActiveRequestsObservable) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns a required attribute for the "server.port" semantic +// convention. It represents the server port number. +func (ClientActiveRequestsObservable) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + +// AttrURLTemplate returns an optional attribute for the "url.template" semantic +// convention. It represents the low-cardinality template of an +// [absolute path reference]. +// +// [absolute path reference]: https://www.rfc-editor.org/rfc/rfc3986#section-4.2 +func (ClientActiveRequestsObservable) AttrURLTemplate(val string) attribute.KeyValue { + return attribute.String("url.template", val) +} + +// AttrRequestMethod returns an optional attribute for the "http.request.method" +// semantic convention. It represents the HTTP request method. +func (ClientActiveRequestsObservable) AttrRequestMethod(val RequestMethodAttr) attribute.KeyValue { + return attribute.String("http.request.method", string(val)) +} + +// AttrURLScheme returns an optional attribute for the "url.scheme" semantic +// convention. It represents the [URI scheme] component identifying the used +// protocol. +// +// [URI scheme]: https://www.rfc-editor.org/rfc/rfc3986#section-3.1 +func (ClientActiveRequestsObservable) AttrURLScheme(val string) attribute.KeyValue { + return attribute.String("url.scheme", val) +} + // ClientConnectionDuration is an instrument used to record metric values // conforming to the "http.client.connection.duration" semantic conventions. It // represents the duration of the successfully established outbound HTTP @@ -302,6 +406,9 @@ func (m ClientConnectionDuration) Record( serverPort int, attrs ...attribute.KeyValue, ) { + if !m.Float64Histogram.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Float64Histogram.Record(ctx, val, metric.WithAttributes( attribute.String("server.address", serverAddress), @@ -312,6 +419,7 @@ func (m ClientConnectionDuration) Record( o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -332,6 +440,9 @@ func (m ClientConnectionDuration) Record( // RecordSet records val to the current distribution for set. func (m ClientConnectionDuration) RecordSet(ctx context.Context, val float64, set attribute.Set) { + if !m.Float64Histogram.Enabled(ctx) { + return + } if set.Len() == 0 { m.Float64Histogram.Record(ctx, val) return @@ -339,6 +450,7 @@ func (m ClientConnectionDuration) RecordSet(ctx context.Context, val float64, se o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -448,6 +560,9 @@ func (m ClientOpenConnections) Add( serverPort int, attrs ...attribute.KeyValue, ) { + if !m.Int64UpDownCounter.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64UpDownCounter.Add(ctx, incr, metric.WithAttributes( attribute.String("http.connection.state", string(connectionState)), @@ -459,6 +574,7 @@ func (m ClientOpenConnections) Add( o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -480,6 +596,9 @@ func (m ClientOpenConnections) Add( // AddSet adds incr to the existing count for set. func (m ClientOpenConnections) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64UpDownCounter.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64UpDownCounter.Add(ctx, incr) return @@ -487,6 +606,7 @@ func (m ClientOpenConnections) AddSet(ctx context.Context, incr int64, set attri o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -518,6 +638,109 @@ func (ClientOpenConnections) AttrURLScheme(val string) attribute.KeyValue { return attribute.String("url.scheme", val) } +// ClientOpenConnectionsObservable is an instrument used to record metric values +// conforming to the "http.client.open_connections" semantic conventions. It +// represents the number of outbound HTTP connections that are currently active +// or idle on the client. +type ClientOpenConnectionsObservable struct { + metric.Int64ObservableUpDownCounter +} + +var newClientOpenConnectionsObservableOpts = []metric.Int64ObservableUpDownCounterOption{ + metric.WithDescription("Number of outbound HTTP connections that are currently active or idle on the client."), + metric.WithUnit("{connection}"), +} + +// NewClientOpenConnectionsObservable returns a new +// ClientOpenConnectionsObservable instrument. +func NewClientOpenConnectionsObservable( + m metric.Meter, + opt ...metric.Int64ObservableUpDownCounterOption, +) (ClientOpenConnectionsObservable, error) { + // Check if the meter is nil. + if m == nil { + return ClientOpenConnectionsObservable{noop.Int64ObservableUpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newClientOpenConnectionsObservableOpts + } else { + opt = append(opt, newClientOpenConnectionsObservableOpts...) + } + + i, err := m.Int64ObservableUpDownCounter( + "http.client.open_connections", + opt..., + ) + if err != nil { + return ClientOpenConnectionsObservable{noop.Int64ObservableUpDownCounter{}}, err + } + return ClientOpenConnectionsObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m ClientOpenConnectionsObservable) Inst() metric.Int64ObservableUpDownCounter { + return m.Int64ObservableUpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (ClientOpenConnectionsObservable) Name() string { + return "http.client.open_connections" +} + +// Unit returns the semantic convention unit of the instrument +func (ClientOpenConnectionsObservable) Unit() string { + return "{connection}" +} + +// Description returns the semantic convention description of the instrument +func (ClientOpenConnectionsObservable) Description() string { + return "Number of outbound HTTP connections that are currently active or idle on the client." +} + +// AttrConnectionState returns a required attribute for the +// "http.connection.state" semantic convention. It represents the state of the +// HTTP connection in the HTTP connection pool. +func (ClientOpenConnectionsObservable) AttrConnectionState(val ConnectionStateAttr) attribute.KeyValue { + return attribute.String("http.connection.state", string(val)) +} + +// AttrServerAddress returns a required attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (ClientOpenConnectionsObservable) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns a required attribute for the "server.port" semantic +// convention. It represents the server port number. +func (ClientOpenConnectionsObservable) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + +// AttrNetworkPeerAddress returns an optional attribute for the +// "network.peer.address" semantic convention. It represents the peer address of +// the network connection - IP address or Unix domain socket name. +func (ClientOpenConnectionsObservable) AttrNetworkPeerAddress(val string) attribute.KeyValue { + return attribute.String("network.peer.address", val) +} + +// AttrNetworkProtocolVersion returns an optional attribute for the +// "network.protocol.version" semantic convention. It represents the actual +// version of the protocol used for network communication. +func (ClientOpenConnectionsObservable) AttrNetworkProtocolVersion(val string) attribute.KeyValue { + return attribute.String("network.protocol.version", val) +} + +// AttrURLScheme returns an optional attribute for the "url.scheme" semantic +// convention. It represents the [URI scheme] component identifying the used +// protocol. +// +// [URI scheme]: https://www.rfc-editor.org/rfc/rfc3986#section-3.1 +func (ClientOpenConnectionsObservable) AttrURLScheme(val string) attribute.KeyValue { + return attribute.String("url.scheme", val) +} + // ClientRequestBodySize is an instrument used to record metric values conforming // to the "http.client.request.body.size" semantic conventions. It represents the // size of HTTP client request bodies. @@ -601,6 +824,9 @@ func (m ClientRequestBodySize) Record( serverPort int, attrs ...attribute.KeyValue, ) { + if !m.Int64Histogram.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64Histogram.Record(ctx, val, metric.WithAttributes( attribute.String("http.request.method", string(requestMethod)), @@ -612,6 +838,7 @@ func (m ClientRequestBodySize) Record( o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -640,6 +867,9 @@ func (m ClientRequestBodySize) Record( // // [Content-Length]: https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length func (m ClientRequestBodySize) RecordSet(ctx context.Context, val int64, set attribute.Set) { + if !m.Int64Histogram.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64Histogram.Record(ctx, val) return @@ -647,6 +877,7 @@ func (m ClientRequestBodySize) RecordSet(ctx context.Context, val int64, set att o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -715,6 +946,7 @@ type ClientRequestDuration struct { var newClientRequestDurationOpts = []metric.Float64HistogramOption{ metric.WithDescription("Duration of HTTP client requests."), metric.WithUnit("s"), + metric.WithExplicitBucketBoundaries([]float64{0.005, 0.01, 0.025, 0.05, 0.075, 0.1, 0.25, 0.5, 0.75, 1, 2.5, 5, 7.5, 10}...), } // NewClientRequestDuration returns a new ClientRequestDuration instrument. @@ -781,6 +1013,9 @@ func (m ClientRequestDuration) Record( serverPort int, attrs ...attribute.KeyValue, ) { + if !m.Float64Histogram.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Float64Histogram.Record(ctx, val, metric.WithAttributes( attribute.String("http.request.method", string(requestMethod)), @@ -792,6 +1027,7 @@ func (m ClientRequestDuration) Record( o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -813,6 +1049,9 @@ func (m ClientRequestDuration) Record( // RecordSet records val to the current distribution for set. func (m ClientRequestDuration) RecordSet(ctx context.Context, val float64, set attribute.Set) { + if !m.Float64Histogram.Enabled(ctx) { + return + } if set.Len() == 0 { m.Float64Histogram.Record(ctx, val) return @@ -820,6 +1059,7 @@ func (m ClientRequestDuration) RecordSet(ctx context.Context, val float64, set a o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -961,6 +1201,9 @@ func (m ClientResponseBodySize) Record( serverPort int, attrs ...attribute.KeyValue, ) { + if !m.Int64Histogram.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64Histogram.Record(ctx, val, metric.WithAttributes( attribute.String("http.request.method", string(requestMethod)), @@ -972,6 +1215,7 @@ func (m ClientResponseBodySize) Record( o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -1000,6 +1244,9 @@ func (m ClientResponseBodySize) Record( // // [Content-Length]: https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length func (m ClientResponseBodySize) RecordSet(ctx context.Context, val int64, set attribute.Set) { + if !m.Int64Histogram.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64Histogram.Record(ctx, val) return @@ -1007,6 +1254,7 @@ func (m ClientResponseBodySize) RecordSet(ctx context.Context, val int64, set at o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -1139,6 +1387,9 @@ func (m ServerActiveRequests) Add( urlScheme string, attrs ...attribute.KeyValue, ) { + if !m.Int64UpDownCounter.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64UpDownCounter.Add(ctx, incr, metric.WithAttributes( attribute.String("http.request.method", string(requestMethod)), @@ -1149,6 +1400,7 @@ func (m ServerActiveRequests) Add( o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -1169,6 +1421,9 @@ func (m ServerActiveRequests) Add( // AddSet adds incr to the existing count for set. func (m ServerActiveRequests) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64UpDownCounter.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64UpDownCounter.Add(ctx, incr) return @@ -1176,6 +1431,7 @@ func (m ServerActiveRequests) AddSet(ctx context.Context, incr int64, set attrib o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -1198,6 +1454,94 @@ func (ServerActiveRequests) AttrServerPort(val int) attribute.KeyValue { return attribute.Int("server.port", val) } +// ServerActiveRequestsObservable is an instrument used to record metric values +// conforming to the "http.server.active_requests" semantic conventions. It +// represents the number of active HTTP server requests. +type ServerActiveRequestsObservable struct { + metric.Int64ObservableUpDownCounter +} + +var newServerActiveRequestsObservableOpts = []metric.Int64ObservableUpDownCounterOption{ + metric.WithDescription("Number of active HTTP server requests."), + metric.WithUnit("{request}"), +} + +// NewServerActiveRequestsObservable returns a new ServerActiveRequestsObservable +// instrument. +func NewServerActiveRequestsObservable( + m metric.Meter, + opt ...metric.Int64ObservableUpDownCounterOption, +) (ServerActiveRequestsObservable, error) { + // Check if the meter is nil. + if m == nil { + return ServerActiveRequestsObservable{noop.Int64ObservableUpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newServerActiveRequestsObservableOpts + } else { + opt = append(opt, newServerActiveRequestsObservableOpts...) + } + + i, err := m.Int64ObservableUpDownCounter( + "http.server.active_requests", + opt..., + ) + if err != nil { + return ServerActiveRequestsObservable{noop.Int64ObservableUpDownCounter{}}, err + } + return ServerActiveRequestsObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m ServerActiveRequestsObservable) Inst() metric.Int64ObservableUpDownCounter { + return m.Int64ObservableUpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (ServerActiveRequestsObservable) Name() string { + return "http.server.active_requests" +} + +// Unit returns the semantic convention unit of the instrument +func (ServerActiveRequestsObservable) Unit() string { + return "{request}" +} + +// Description returns the semantic convention description of the instrument +func (ServerActiveRequestsObservable) Description() string { + return "Number of active HTTP server requests." +} + +// AttrRequestMethod returns a required attribute for the "http.request.method" +// semantic convention. It represents the HTTP request method. +func (ServerActiveRequestsObservable) AttrRequestMethod(val RequestMethodAttr) attribute.KeyValue { + return attribute.String("http.request.method", string(val)) +} + +// AttrURLScheme returns a required attribute for the "url.scheme" semantic +// convention. It represents the [URI scheme] component identifying the used +// protocol. +// +// [URI scheme]: https://www.rfc-editor.org/rfc/rfc3986#section-3.1 +func (ServerActiveRequestsObservable) AttrURLScheme(val string) attribute.KeyValue { + return attribute.String("url.scheme", val) +} + +// AttrServerAddress returns an optional attribute for the "server.address" +// semantic convention. It represents the name of the local HTTP server that +// received the request. +func (ServerActiveRequestsObservable) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns an optional attribute for the "server.port" semantic +// convention. It represents the port of the local HTTP server that received the +// request. +func (ServerActiveRequestsObservable) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + // ServerRequestBodySize is an instrument used to record metric values conforming // to the "http.server.request.body.size" semantic conventions. It represents the // size of HTTP server request bodies. @@ -1279,6 +1623,9 @@ func (m ServerRequestBodySize) Record( urlScheme string, attrs ...attribute.KeyValue, ) { + if !m.Int64Histogram.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64Histogram.Record(ctx, val, metric.WithAttributes( attribute.String("http.request.method", string(requestMethod)), @@ -1289,6 +1636,7 @@ func (m ServerRequestBodySize) Record( o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -1316,6 +1664,9 @@ func (m ServerRequestBodySize) Record( // // [Content-Length]: https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length func (m ServerRequestBodySize) RecordSet(ctx context.Context, val int64, set attribute.Set) { + if !m.Int64Histogram.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64Histogram.Record(ctx, val) return @@ -1323,6 +1674,7 @@ func (m ServerRequestBodySize) RecordSet(ctx context.Context, val int64, set att o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -1402,6 +1754,7 @@ type ServerRequestDuration struct { var newServerRequestDurationOpts = []metric.Float64HistogramOption{ metric.WithDescription("Duration of HTTP server requests."), metric.WithUnit("s"), + metric.WithExplicitBucketBoundaries([]float64{0.005, 0.01, 0.025, 0.05, 0.075, 0.1, 0.25, 0.5, 0.75, 1, 2.5, 5, 7.5, 10}...), } // NewServerRequestDuration returns a new ServerRequestDuration instrument. @@ -1466,6 +1819,9 @@ func (m ServerRequestDuration) Record( urlScheme string, attrs ...attribute.KeyValue, ) { + if !m.Float64Histogram.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Float64Histogram.Record(ctx, val, metric.WithAttributes( attribute.String("http.request.method", string(requestMethod)), @@ -1476,6 +1832,7 @@ func (m ServerRequestDuration) Record( o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -1496,6 +1853,9 @@ func (m ServerRequestDuration) Record( // RecordSet records val to the current distribution for set. func (m ServerRequestDuration) RecordSet(ctx context.Context, val float64, set attribute.Set) { + if !m.Float64Histogram.Enabled(ctx) { + return + } if set.Len() == 0 { m.Float64Histogram.Record(ctx, val) return @@ -1503,6 +1863,7 @@ func (m ServerRequestDuration) RecordSet(ctx context.Context, val float64, set a o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -1653,6 +2014,9 @@ func (m ServerResponseBodySize) Record( urlScheme string, attrs ...attribute.KeyValue, ) { + if !m.Int64Histogram.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64Histogram.Record(ctx, val, metric.WithAttributes( attribute.String("http.request.method", string(requestMethod)), @@ -1663,6 +2027,7 @@ func (m ServerResponseBodySize) Record( o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -1690,6 +2055,9 @@ func (m ServerResponseBodySize) Record( // // [Content-Length]: https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length func (m ServerResponseBodySize) RecordSet(ctx context.Context, val int64, set attribute.Set) { + if !m.Int64Histogram.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64Histogram.Record(ctx, val) return @@ -1697,6 +2065,7 @@ func (m ServerResponseBodySize) RecordSet(ctx context.Context, val int64, set at o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/otelconv/metric.go b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/otelconv/metric.go similarity index 66% rename from vendor/go.opentelemetry.io/otel/semconv/v1.40.0/otelconv/metric.go rename to vendor/go.opentelemetry.io/otel/semconv/v1.41.0/otelconv/metric.go index 901da86985..d50e198493 100644 --- a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/otelconv/metric.go +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/otelconv/metric.go @@ -197,6 +197,9 @@ func (m SDKExporterLogExported) Add( incr int64, attrs ...attribute.KeyValue, ) { + if !m.Int64Counter.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64Counter.Add(ctx, incr) return @@ -204,6 +207,7 @@ func (m SDKExporterLogExported) Add( o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -228,6 +232,9 @@ func (m SDKExporterLogExported) Add( // If no rejection reason is available, `rejected` SHOULD be used as value for // `error.type`. func (m SDKExporterLogExported) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64Counter.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64Counter.Add(ctx, incr) return @@ -235,6 +242,7 @@ func (m SDKExporterLogExported) AddSet(ctx context.Context, incr int64, set attr o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -277,6 +285,100 @@ func (SDKExporterLogExported) AttrServerPort(val int) attribute.KeyValue { return attribute.Int("server.port", val) } +// SDKExporterLogExportedObservable is an instrument used to record metric values +// conforming to the "otel.sdk.exporter.log.exported" semantic conventions. It +// represents the number of log records for which the export has finished, either +// successful or failed. +type SDKExporterLogExportedObservable struct { + metric.Int64ObservableCounter +} + +var newSDKExporterLogExportedObservableOpts = []metric.Int64ObservableCounterOption{ + metric.WithDescription("The number of log records for which the export has finished, either successful or failed."), + metric.WithUnit("{log_record}"), +} + +// NewSDKExporterLogExportedObservable returns a new +// SDKExporterLogExportedObservable instrument. +func NewSDKExporterLogExportedObservable( + m metric.Meter, + opt ...metric.Int64ObservableCounterOption, +) (SDKExporterLogExportedObservable, error) { + // Check if the meter is nil. + if m == nil { + return SDKExporterLogExportedObservable{noop.Int64ObservableCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKExporterLogExportedObservableOpts + } else { + opt = append(opt, newSDKExporterLogExportedObservableOpts...) + } + + i, err := m.Int64ObservableCounter( + "otel.sdk.exporter.log.exported", + opt..., + ) + if err != nil { + return SDKExporterLogExportedObservable{noop.Int64ObservableCounter{}}, err + } + return SDKExporterLogExportedObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKExporterLogExportedObservable) Inst() metric.Int64ObservableCounter { + return m.Int64ObservableCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKExporterLogExportedObservable) Name() string { + return "otel.sdk.exporter.log.exported" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKExporterLogExportedObservable) Unit() string { + return "{log_record}" +} + +// Description returns the semantic convention description of the instrument +func (SDKExporterLogExportedObservable) Description() string { + return "The number of log records for which the export has finished, either successful or failed." +} + +// AttrErrorType returns an optional attribute for the "error.type" semantic +// convention. It represents the describes a class of error the operation ended +// with. +func (SDKExporterLogExportedObservable) AttrErrorType(val ErrorTypeAttr) attribute.KeyValue { + return attribute.String("error.type", string(val)) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKExporterLogExportedObservable) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKExporterLogExportedObservable) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// AttrServerAddress returns an optional attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (SDKExporterLogExportedObservable) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns an optional attribute for the "server.port" semantic +// convention. It represents the server port number. +func (SDKExporterLogExportedObservable) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + // SDKExporterLogInflight is an instrument used to record metric values // conforming to the "otel.sdk.exporter.log.inflight" semantic conventions. It // represents the number of log records which were passed to the exporter, but @@ -347,6 +449,9 @@ func (m SDKExporterLogInflight) Add( incr int64, attrs ...attribute.KeyValue, ) { + if !m.Int64UpDownCounter.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64UpDownCounter.Add(ctx, incr) return @@ -354,6 +459,7 @@ func (m SDKExporterLogInflight) Add( o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -373,6 +479,9 @@ func (m SDKExporterLogInflight) Add( // For successful exports, `error.type` MUST NOT be set. For failed exports, // `error.type` MUST contain the failure cause. func (m SDKExporterLogInflight) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64UpDownCounter.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64UpDownCounter.Add(ctx, incr) return @@ -380,6 +489,7 @@ func (m SDKExporterLogInflight) AddSet(ctx context.Context, incr int64, set attr o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -415,6 +525,93 @@ func (SDKExporterLogInflight) AttrServerPort(val int) attribute.KeyValue { return attribute.Int("server.port", val) } +// SDKExporterLogInflightObservable is an instrument used to record metric values +// conforming to the "otel.sdk.exporter.log.inflight" semantic conventions. It +// represents the number of log records which were passed to the exporter, but +// that have not been exported yet (neither successful, nor failed). +type SDKExporterLogInflightObservable struct { + metric.Int64ObservableUpDownCounter +} + +var newSDKExporterLogInflightObservableOpts = []metric.Int64ObservableUpDownCounterOption{ + metric.WithDescription("The number of log records which were passed to the exporter, but that have not been exported yet (neither successful, nor failed)."), + metric.WithUnit("{log_record}"), +} + +// NewSDKExporterLogInflightObservable returns a new +// SDKExporterLogInflightObservable instrument. +func NewSDKExporterLogInflightObservable( + m metric.Meter, + opt ...metric.Int64ObservableUpDownCounterOption, +) (SDKExporterLogInflightObservable, error) { + // Check if the meter is nil. + if m == nil { + return SDKExporterLogInflightObservable{noop.Int64ObservableUpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKExporterLogInflightObservableOpts + } else { + opt = append(opt, newSDKExporterLogInflightObservableOpts...) + } + + i, err := m.Int64ObservableUpDownCounter( + "otel.sdk.exporter.log.inflight", + opt..., + ) + if err != nil { + return SDKExporterLogInflightObservable{noop.Int64ObservableUpDownCounter{}}, err + } + return SDKExporterLogInflightObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKExporterLogInflightObservable) Inst() metric.Int64ObservableUpDownCounter { + return m.Int64ObservableUpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKExporterLogInflightObservable) Name() string { + return "otel.sdk.exporter.log.inflight" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKExporterLogInflightObservable) Unit() string { + return "{log_record}" +} + +// Description returns the semantic convention description of the instrument +func (SDKExporterLogInflightObservable) Description() string { + return "The number of log records which were passed to the exporter, but that have not been exported yet (neither successful, nor failed)." +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKExporterLogInflightObservable) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKExporterLogInflightObservable) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// AttrServerAddress returns an optional attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (SDKExporterLogInflightObservable) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns an optional attribute for the "server.port" semantic +// convention. It represents the server port number. +func (SDKExporterLogInflightObservable) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + // SDKExporterMetricDataPointExported is an instrument used to record metric // values conforming to the "otel.sdk.exporter.metric_data_point.exported" // semantic conventions. It represents the number of metric data points for which @@ -491,6 +688,9 @@ func (m SDKExporterMetricDataPointExported) Add( incr int64, attrs ...attribute.KeyValue, ) { + if !m.Int64Counter.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64Counter.Add(ctx, incr) return @@ -498,6 +698,7 @@ func (m SDKExporterMetricDataPointExported) Add( o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -522,6 +723,9 @@ func (m SDKExporterMetricDataPointExported) Add( // If no rejection reason is available, `rejected` SHOULD be used as value for // `error.type`. func (m SDKExporterMetricDataPointExported) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64Counter.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64Counter.Add(ctx, incr) return @@ -529,6 +733,7 @@ func (m SDKExporterMetricDataPointExported) AddSet(ctx context.Context, incr int o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -571,6 +776,100 @@ func (SDKExporterMetricDataPointExported) AttrServerPort(val int) attribute.KeyV return attribute.Int("server.port", val) } +// SDKExporterMetricDataPointExportedObservable is an instrument used to record +// metric values conforming to the "otel.sdk.exporter.metric_data_point.exported" +// semantic conventions. It represents the number of metric data points for which +// the export has finished, either successful or failed. +type SDKExporterMetricDataPointExportedObservable struct { + metric.Int64ObservableCounter +} + +var newSDKExporterMetricDataPointExportedObservableOpts = []metric.Int64ObservableCounterOption{ + metric.WithDescription("The number of metric data points for which the export has finished, either successful or failed."), + metric.WithUnit("{data_point}"), +} + +// NewSDKExporterMetricDataPointExportedObservable returns a new +// SDKExporterMetricDataPointExportedObservable instrument. +func NewSDKExporterMetricDataPointExportedObservable( + m metric.Meter, + opt ...metric.Int64ObservableCounterOption, +) (SDKExporterMetricDataPointExportedObservable, error) { + // Check if the meter is nil. + if m == nil { + return SDKExporterMetricDataPointExportedObservable{noop.Int64ObservableCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKExporterMetricDataPointExportedObservableOpts + } else { + opt = append(opt, newSDKExporterMetricDataPointExportedObservableOpts...) + } + + i, err := m.Int64ObservableCounter( + "otel.sdk.exporter.metric_data_point.exported", + opt..., + ) + if err != nil { + return SDKExporterMetricDataPointExportedObservable{noop.Int64ObservableCounter{}}, err + } + return SDKExporterMetricDataPointExportedObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKExporterMetricDataPointExportedObservable) Inst() metric.Int64ObservableCounter { + return m.Int64ObservableCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKExporterMetricDataPointExportedObservable) Name() string { + return "otel.sdk.exporter.metric_data_point.exported" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKExporterMetricDataPointExportedObservable) Unit() string { + return "{data_point}" +} + +// Description returns the semantic convention description of the instrument +func (SDKExporterMetricDataPointExportedObservable) Description() string { + return "The number of metric data points for which the export has finished, either successful or failed." +} + +// AttrErrorType returns an optional attribute for the "error.type" semantic +// convention. It represents the describes a class of error the operation ended +// with. +func (SDKExporterMetricDataPointExportedObservable) AttrErrorType(val ErrorTypeAttr) attribute.KeyValue { + return attribute.String("error.type", string(val)) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKExporterMetricDataPointExportedObservable) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKExporterMetricDataPointExportedObservable) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// AttrServerAddress returns an optional attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (SDKExporterMetricDataPointExportedObservable) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns an optional attribute for the "server.port" semantic +// convention. It represents the server port number. +func (SDKExporterMetricDataPointExportedObservable) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + // SDKExporterMetricDataPointInflight is an instrument used to record metric // values conforming to the "otel.sdk.exporter.metric_data_point.inflight" // semantic conventions. It represents the number of metric data points which @@ -643,6 +942,9 @@ func (m SDKExporterMetricDataPointInflight) Add( incr int64, attrs ...attribute.KeyValue, ) { + if !m.Int64UpDownCounter.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64UpDownCounter.Add(ctx, incr) return @@ -650,6 +952,7 @@ func (m SDKExporterMetricDataPointInflight) Add( o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -669,6 +972,9 @@ func (m SDKExporterMetricDataPointInflight) Add( // For successful exports, `error.type` MUST NOT be set. For failed exports, // `error.type` MUST contain the failure cause. func (m SDKExporterMetricDataPointInflight) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64UpDownCounter.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64UpDownCounter.Add(ctx, incr) return @@ -676,6 +982,7 @@ func (m SDKExporterMetricDataPointInflight) AddSet(ctx context.Context, incr int o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -711,6 +1018,94 @@ func (SDKExporterMetricDataPointInflight) AttrServerPort(val int) attribute.KeyV return attribute.Int("server.port", val) } +// SDKExporterMetricDataPointInflightObservable is an instrument used to record +// metric values conforming to the "otel.sdk.exporter.metric_data_point.inflight" +// semantic conventions. It represents the number of metric data points which +// were passed to the exporter, but that have not been exported yet (neither +// successful, nor failed). +type SDKExporterMetricDataPointInflightObservable struct { + metric.Int64ObservableUpDownCounter +} + +var newSDKExporterMetricDataPointInflightObservableOpts = []metric.Int64ObservableUpDownCounterOption{ + metric.WithDescription("The number of metric data points which were passed to the exporter, but that have not been exported yet (neither successful, nor failed)."), + metric.WithUnit("{data_point}"), +} + +// NewSDKExporterMetricDataPointInflightObservable returns a new +// SDKExporterMetricDataPointInflightObservable instrument. +func NewSDKExporterMetricDataPointInflightObservable( + m metric.Meter, + opt ...metric.Int64ObservableUpDownCounterOption, +) (SDKExporterMetricDataPointInflightObservable, error) { + // Check if the meter is nil. + if m == nil { + return SDKExporterMetricDataPointInflightObservable{noop.Int64ObservableUpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKExporterMetricDataPointInflightObservableOpts + } else { + opt = append(opt, newSDKExporterMetricDataPointInflightObservableOpts...) + } + + i, err := m.Int64ObservableUpDownCounter( + "otel.sdk.exporter.metric_data_point.inflight", + opt..., + ) + if err != nil { + return SDKExporterMetricDataPointInflightObservable{noop.Int64ObservableUpDownCounter{}}, err + } + return SDKExporterMetricDataPointInflightObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKExporterMetricDataPointInflightObservable) Inst() metric.Int64ObservableUpDownCounter { + return m.Int64ObservableUpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKExporterMetricDataPointInflightObservable) Name() string { + return "otel.sdk.exporter.metric_data_point.inflight" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKExporterMetricDataPointInflightObservable) Unit() string { + return "{data_point}" +} + +// Description returns the semantic convention description of the instrument +func (SDKExporterMetricDataPointInflightObservable) Description() string { + return "The number of metric data points which were passed to the exporter, but that have not been exported yet (neither successful, nor failed)." +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKExporterMetricDataPointInflightObservable) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKExporterMetricDataPointInflightObservable) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// AttrServerAddress returns an optional attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (SDKExporterMetricDataPointInflightObservable) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns an optional attribute for the "server.port" semantic +// convention. It represents the server port number. +func (SDKExporterMetricDataPointInflightObservable) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + // SDKExporterOperationDuration is an instrument used to record metric values // conforming to the "otel.sdk.exporter.operation.duration" semantic conventions. // It represents the duration of exporting a batch of telemetry records. @@ -788,6 +1183,9 @@ func (m SDKExporterOperationDuration) Record( val float64, attrs ...attribute.KeyValue, ) { + if !m.Float64Histogram.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Float64Histogram.Record(ctx, val) return @@ -795,6 +1193,7 @@ func (m SDKExporterOperationDuration) Record( o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -821,6 +1220,9 @@ func (m SDKExporterOperationDuration) Record( // [http]: https://github.com/open-telemetry/opentelemetry-proto/blob/v1.5.0/docs/specification.md#full-success-1 // [grpc]: https://github.com/open-telemetry/opentelemetry-proto/blob/v1.5.0/docs/specification.md#full-success func (m SDKExporterOperationDuration) RecordSet(ctx context.Context, val float64, set attribute.Set) { + if !m.Float64Histogram.Enabled(ctx) { + return + } if set.Len() == 0 { m.Float64Histogram.Record(ctx, val) return @@ -828,6 +1230,7 @@ func (m SDKExporterOperationDuration) RecordSet(ctx context.Context, val float64 o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -959,6 +1362,9 @@ func (m SDKExporterSpanExported) Add( incr int64, attrs ...attribute.KeyValue, ) { + if !m.Int64Counter.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64Counter.Add(ctx, incr) return @@ -966,6 +1372,7 @@ func (m SDKExporterSpanExported) Add( o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -990,6 +1397,9 @@ func (m SDKExporterSpanExported) Add( // If no rejection reason is available, `rejected` SHOULD be used as value for // `error.type`. func (m SDKExporterSpanExported) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64Counter.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64Counter.Add(ctx, incr) return @@ -997,6 +1407,7 @@ func (m SDKExporterSpanExported) AddSet(ctx context.Context, incr int64, set att o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -1039,6 +1450,100 @@ func (SDKExporterSpanExported) AttrServerPort(val int) attribute.KeyValue { return attribute.Int("server.port", val) } +// SDKExporterSpanExportedObservable is an instrument used to record metric +// values conforming to the "otel.sdk.exporter.span.exported" semantic +// conventions. It represents the number of spans for which the export has +// finished, either successful or failed. +type SDKExporterSpanExportedObservable struct { + metric.Int64ObservableCounter +} + +var newSDKExporterSpanExportedObservableOpts = []metric.Int64ObservableCounterOption{ + metric.WithDescription("The number of spans for which the export has finished, either successful or failed."), + metric.WithUnit("{span}"), +} + +// NewSDKExporterSpanExportedObservable returns a new +// SDKExporterSpanExportedObservable instrument. +func NewSDKExporterSpanExportedObservable( + m metric.Meter, + opt ...metric.Int64ObservableCounterOption, +) (SDKExporterSpanExportedObservable, error) { + // Check if the meter is nil. + if m == nil { + return SDKExporterSpanExportedObservable{noop.Int64ObservableCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKExporterSpanExportedObservableOpts + } else { + opt = append(opt, newSDKExporterSpanExportedObservableOpts...) + } + + i, err := m.Int64ObservableCounter( + "otel.sdk.exporter.span.exported", + opt..., + ) + if err != nil { + return SDKExporterSpanExportedObservable{noop.Int64ObservableCounter{}}, err + } + return SDKExporterSpanExportedObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKExporterSpanExportedObservable) Inst() metric.Int64ObservableCounter { + return m.Int64ObservableCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKExporterSpanExportedObservable) Name() string { + return "otel.sdk.exporter.span.exported" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKExporterSpanExportedObservable) Unit() string { + return "{span}" +} + +// Description returns the semantic convention description of the instrument +func (SDKExporterSpanExportedObservable) Description() string { + return "The number of spans for which the export has finished, either successful or failed." +} + +// AttrErrorType returns an optional attribute for the "error.type" semantic +// convention. It represents the describes a class of error the operation ended +// with. +func (SDKExporterSpanExportedObservable) AttrErrorType(val ErrorTypeAttr) attribute.KeyValue { + return attribute.String("error.type", string(val)) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKExporterSpanExportedObservable) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKExporterSpanExportedObservable) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// AttrServerAddress returns an optional attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (SDKExporterSpanExportedObservable) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns an optional attribute for the "server.port" semantic +// convention. It represents the server port number. +func (SDKExporterSpanExportedObservable) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + // SDKExporterSpanInflight is an instrument used to record metric values // conforming to the "otel.sdk.exporter.span.inflight" semantic conventions. It // represents the number of spans which were passed to the exporter, but that @@ -1109,6 +1614,9 @@ func (m SDKExporterSpanInflight) Add( incr int64, attrs ...attribute.KeyValue, ) { + if !m.Int64UpDownCounter.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64UpDownCounter.Add(ctx, incr) return @@ -1116,6 +1624,7 @@ func (m SDKExporterSpanInflight) Add( o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -1135,6 +1644,9 @@ func (m SDKExporterSpanInflight) Add( // For successful exports, `error.type` MUST NOT be set. For failed exports, // `error.type` MUST contain the failure cause. func (m SDKExporterSpanInflight) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64UpDownCounter.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64UpDownCounter.Add(ctx, incr) return @@ -1142,6 +1654,7 @@ func (m SDKExporterSpanInflight) AddSet(ctx context.Context, incr int64, set att o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -1177,6 +1690,94 @@ func (SDKExporterSpanInflight) AttrServerPort(val int) attribute.KeyValue { return attribute.Int("server.port", val) } +// SDKExporterSpanInflightObservable is an instrument used to record metric +// values conforming to the "otel.sdk.exporter.span.inflight" semantic +// conventions. It represents the number of spans which were passed to the +// exporter, but that have not been exported yet (neither successful, nor +// failed). +type SDKExporterSpanInflightObservable struct { + metric.Int64ObservableUpDownCounter +} + +var newSDKExporterSpanInflightObservableOpts = []metric.Int64ObservableUpDownCounterOption{ + metric.WithDescription("The number of spans which were passed to the exporter, but that have not been exported yet (neither successful, nor failed)."), + metric.WithUnit("{span}"), +} + +// NewSDKExporterSpanInflightObservable returns a new +// SDKExporterSpanInflightObservable instrument. +func NewSDKExporterSpanInflightObservable( + m metric.Meter, + opt ...metric.Int64ObservableUpDownCounterOption, +) (SDKExporterSpanInflightObservable, error) { + // Check if the meter is nil. + if m == nil { + return SDKExporterSpanInflightObservable{noop.Int64ObservableUpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKExporterSpanInflightObservableOpts + } else { + opt = append(opt, newSDKExporterSpanInflightObservableOpts...) + } + + i, err := m.Int64ObservableUpDownCounter( + "otel.sdk.exporter.span.inflight", + opt..., + ) + if err != nil { + return SDKExporterSpanInflightObservable{noop.Int64ObservableUpDownCounter{}}, err + } + return SDKExporterSpanInflightObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKExporterSpanInflightObservable) Inst() metric.Int64ObservableUpDownCounter { + return m.Int64ObservableUpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKExporterSpanInflightObservable) Name() string { + return "otel.sdk.exporter.span.inflight" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKExporterSpanInflightObservable) Unit() string { + return "{span}" +} + +// Description returns the semantic convention description of the instrument +func (SDKExporterSpanInflightObservable) Description() string { + return "The number of spans which were passed to the exporter, but that have not been exported yet (neither successful, nor failed)." +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKExporterSpanInflightObservable) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKExporterSpanInflightObservable) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// AttrServerAddress returns an optional attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (SDKExporterSpanInflightObservable) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns an optional attribute for the "server.port" semantic +// convention. It represents the server port number. +func (SDKExporterSpanInflightObservable) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + // SDKLogCreated is an instrument used to record metric values conforming to the // "otel.sdk.log.created" semantic conventions. It represents the number of logs // submitted to enabled SDK Loggers. @@ -1237,6 +1838,9 @@ func (SDKLogCreated) Description() string { // Add adds incr to the existing count for attrs. func (m SDKLogCreated) Add(ctx context.Context, incr int64, attrs ...attribute.KeyValue) { + if !m.Int64Counter.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64Counter.Add(ctx, incr) return @@ -1244,29 +1848,92 @@ func (m SDKLogCreated) Add(ctx context.Context, incr int64, attrs ...attribute.K o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() - *o = append(*o, metric.WithAttributes(attrs...)) - m.Int64Counter.Add(ctx, incr, *o...) + *o = append(*o, metric.WithAttributes(attrs...)) + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AddSet adds incr to the existing count for set. +func (m SDKLogCreated) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64Counter.Enabled(ctx) { + return + } + if set.Len() == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + clear(*o) + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Int64Counter.Add(ctx, incr, *o...) +} + +// SDKLogCreatedObservable is an instrument used to record metric values +// conforming to the "otel.sdk.log.created" semantic conventions. It represents +// the number of logs submitted to enabled SDK Loggers. +type SDKLogCreatedObservable struct { + metric.Int64ObservableCounter +} + +var newSDKLogCreatedObservableOpts = []metric.Int64ObservableCounterOption{ + metric.WithDescription("The number of logs submitted to enabled SDK Loggers."), + metric.WithUnit("{log_record}"), +} + +// NewSDKLogCreatedObservable returns a new SDKLogCreatedObservable instrument. +func NewSDKLogCreatedObservable( + m metric.Meter, + opt ...metric.Int64ObservableCounterOption, +) (SDKLogCreatedObservable, error) { + // Check if the meter is nil. + if m == nil { + return SDKLogCreatedObservable{noop.Int64ObservableCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKLogCreatedObservableOpts + } else { + opt = append(opt, newSDKLogCreatedObservableOpts...) + } + + i, err := m.Int64ObservableCounter( + "otel.sdk.log.created", + opt..., + ) + if err != nil { + return SDKLogCreatedObservable{noop.Int64ObservableCounter{}}, err + } + return SDKLogCreatedObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKLogCreatedObservable) Inst() metric.Int64ObservableCounter { + return m.Int64ObservableCounter } -// AddSet adds incr to the existing count for set. -func (m SDKLogCreated) AddSet(ctx context.Context, incr int64, set attribute.Set) { - if set.Len() == 0 { - m.Int64Counter.Add(ctx, incr) - return - } +// Name returns the semantic convention name of the instrument. +func (SDKLogCreatedObservable) Name() string { + return "otel.sdk.log.created" +} - o := addOptPool.Get().(*[]metric.AddOption) - defer func() { - *o = (*o)[:0] - addOptPool.Put(o) - }() +// Unit returns the semantic convention unit of the instrument +func (SDKLogCreatedObservable) Unit() string { + return "{log_record}" +} - *o = append(*o, metric.WithAttributeSet(set)) - m.Int64Counter.Add(ctx, incr, *o...) +// Description returns the semantic convention description of the instrument +func (SDKLogCreatedObservable) Description() string { + return "The number of logs submitted to enabled SDK Loggers." } // SDKMetricReaderCollectionDuration is an instrument used to record metric @@ -1343,6 +2010,9 @@ func (m SDKMetricReaderCollectionDuration) Record( val float64, attrs ...attribute.KeyValue, ) { + if !m.Float64Histogram.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Float64Histogram.Record(ctx, val) return @@ -1350,6 +2020,7 @@ func (m SDKMetricReaderCollectionDuration) Record( o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -1372,6 +2043,9 @@ func (m SDKMetricReaderCollectionDuration) Record( // while others fail. In that case `error.type` SHOULD be set to any of the // failure causes. func (m SDKMetricReaderCollectionDuration) RecordSet(ctx context.Context, val float64, set attribute.Set) { + if !m.Float64Histogram.Enabled(ctx) { + return + } if set.Len() == 0 { m.Float64Histogram.Record(ctx, val) return @@ -1379,6 +2053,7 @@ func (m SDKMetricReaderCollectionDuration) RecordSet(ctx context.Context, val fl o := recOptPool.Get().(*[]metric.RecordOption) defer func() { + clear(*o) *o = (*o)[:0] recOptPool.Put(o) }() @@ -1481,6 +2156,9 @@ func (m SDKProcessorLogProcessed) Add( incr int64, attrs ...attribute.KeyValue, ) { + if !m.Int64Counter.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64Counter.Add(ctx, incr) return @@ -1488,6 +2166,7 @@ func (m SDKProcessorLogProcessed) Add( o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -1510,6 +2189,9 @@ func (m SDKProcessorLogProcessed) Add( // considered to be processed already when it has been submitted to the exporter, // not when the corresponding export call has finished. func (m SDKProcessorLogProcessed) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64Counter.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64Counter.Add(ctx, incr) return @@ -1517,6 +2199,7 @@ func (m SDKProcessorLogProcessed) AddSet(ctx context.Context, incr int64, set at o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -1547,6 +2230,88 @@ func (SDKProcessorLogProcessed) AttrComponentType(val ComponentTypeAttr) attribu return attribute.String("otel.component.type", string(val)) } +// SDKProcessorLogProcessedObservable is an instrument used to record metric +// values conforming to the "otel.sdk.processor.log.processed" semantic +// conventions. It represents the number of log records for which the processing +// has finished, either successful or failed. +type SDKProcessorLogProcessedObservable struct { + metric.Int64ObservableCounter +} + +var newSDKProcessorLogProcessedObservableOpts = []metric.Int64ObservableCounterOption{ + metric.WithDescription("The number of log records for which the processing has finished, either successful or failed."), + metric.WithUnit("{log_record}"), +} + +// NewSDKProcessorLogProcessedObservable returns a new +// SDKProcessorLogProcessedObservable instrument. +func NewSDKProcessorLogProcessedObservable( + m metric.Meter, + opt ...metric.Int64ObservableCounterOption, +) (SDKProcessorLogProcessedObservable, error) { + // Check if the meter is nil. + if m == nil { + return SDKProcessorLogProcessedObservable{noop.Int64ObservableCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKProcessorLogProcessedObservableOpts + } else { + opt = append(opt, newSDKProcessorLogProcessedObservableOpts...) + } + + i, err := m.Int64ObservableCounter( + "otel.sdk.processor.log.processed", + opt..., + ) + if err != nil { + return SDKProcessorLogProcessedObservable{noop.Int64ObservableCounter{}}, err + } + return SDKProcessorLogProcessedObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKProcessorLogProcessedObservable) Inst() metric.Int64ObservableCounter { + return m.Int64ObservableCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKProcessorLogProcessedObservable) Name() string { + return "otel.sdk.processor.log.processed" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKProcessorLogProcessedObservable) Unit() string { + return "{log_record}" +} + +// Description returns the semantic convention description of the instrument +func (SDKProcessorLogProcessedObservable) Description() string { + return "The number of log records for which the processing has finished, either successful or failed." +} + +// AttrErrorType returns an optional attribute for the "error.type" semantic +// convention. It represents a low-cardinality description of the failure reason. +// SDK Batching Log Record Processors MUST use `queue_full` for log records +// dropped due to a full queue. +func (SDKProcessorLogProcessedObservable) AttrErrorType(val ErrorTypeAttr) attribute.KeyValue { + return attribute.String("error.type", string(val)) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKProcessorLogProcessedObservable) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKProcessorLogProcessedObservable) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + // SDKProcessorLogQueueCapacity is an instrument used to record metric values // conforming to the "otel.sdk.processor.log.queue.capacity" semantic // conventions. It represents the maximum number of log records the queue of a @@ -1768,6 +2533,9 @@ func (m SDKProcessorSpanProcessed) Add( incr int64, attrs ...attribute.KeyValue, ) { + if !m.Int64Counter.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64Counter.Add(ctx, incr) return @@ -1775,6 +2543,7 @@ func (m SDKProcessorSpanProcessed) Add( o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -1797,6 +2566,9 @@ func (m SDKProcessorSpanProcessed) Add( // processed already when it has been submitted to the exporter, not when the // corresponding export call has finished. func (m SDKProcessorSpanProcessed) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64Counter.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64Counter.Add(ctx, incr) return @@ -1804,6 +2576,7 @@ func (m SDKProcessorSpanProcessed) AddSet(ctx context.Context, incr int64, set a o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -1834,6 +2607,88 @@ func (SDKProcessorSpanProcessed) AttrComponentType(val ComponentTypeAttr) attrib return attribute.String("otel.component.type", string(val)) } +// SDKProcessorSpanProcessedObservable is an instrument used to record metric +// values conforming to the "otel.sdk.processor.span.processed" semantic +// conventions. It represents the number of spans for which the processing has +// finished, either successful or failed. +type SDKProcessorSpanProcessedObservable struct { + metric.Int64ObservableCounter +} + +var newSDKProcessorSpanProcessedObservableOpts = []metric.Int64ObservableCounterOption{ + metric.WithDescription("The number of spans for which the processing has finished, either successful or failed."), + metric.WithUnit("{span}"), +} + +// NewSDKProcessorSpanProcessedObservable returns a new +// SDKProcessorSpanProcessedObservable instrument. +func NewSDKProcessorSpanProcessedObservable( + m metric.Meter, + opt ...metric.Int64ObservableCounterOption, +) (SDKProcessorSpanProcessedObservable, error) { + // Check if the meter is nil. + if m == nil { + return SDKProcessorSpanProcessedObservable{noop.Int64ObservableCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKProcessorSpanProcessedObservableOpts + } else { + opt = append(opt, newSDKProcessorSpanProcessedObservableOpts...) + } + + i, err := m.Int64ObservableCounter( + "otel.sdk.processor.span.processed", + opt..., + ) + if err != nil { + return SDKProcessorSpanProcessedObservable{noop.Int64ObservableCounter{}}, err + } + return SDKProcessorSpanProcessedObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKProcessorSpanProcessedObservable) Inst() metric.Int64ObservableCounter { + return m.Int64ObservableCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKProcessorSpanProcessedObservable) Name() string { + return "otel.sdk.processor.span.processed" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKProcessorSpanProcessedObservable) Unit() string { + return "{span}" +} + +// Description returns the semantic convention description of the instrument +func (SDKProcessorSpanProcessedObservable) Description() string { + return "The number of spans for which the processing has finished, either successful or failed." +} + +// AttrErrorType returns an optional attribute for the "error.type" semantic +// convention. It represents a low-cardinality description of the failure reason. +// SDK Batching Span Processors MUST use `queue_full` for spans dropped due to a +// full queue. +func (SDKProcessorSpanProcessedObservable) AttrErrorType(val ErrorTypeAttr) attribute.KeyValue { + return attribute.String("error.type", string(val)) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKProcessorSpanProcessedObservable) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKProcessorSpanProcessedObservable) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + // SDKProcessorSpanQueueCapacity is an instrument used to record metric values // conforming to the "otel.sdk.processor.span.queue.capacity" semantic // conventions. It represents the maximum number of spans the queue of a given @@ -2049,6 +2904,9 @@ func (m SDKSpanLive) Add( incr int64, attrs ...attribute.KeyValue, ) { + if !m.Int64UpDownCounter.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64UpDownCounter.Add(ctx, incr) return @@ -2056,6 +2914,7 @@ func (m SDKSpanLive) Add( o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -2072,6 +2931,9 @@ func (m SDKSpanLive) Add( // AddSet adds incr to the existing count for set. func (m SDKSpanLive) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64UpDownCounter.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64UpDownCounter.Add(ctx, incr) return @@ -2079,6 +2941,7 @@ func (m SDKSpanLive) AddSet(ctx context.Context, incr int64, set attribute.Set) o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -2094,6 +2957,72 @@ func (SDKSpanLive) AttrSpanSamplingResult(val SpanSamplingResultAttr) attribute. return attribute.String("otel.span.sampling_result", string(val)) } +// SDKSpanLiveObservable is an instrument used to record metric values conforming +// to the "otel.sdk.span.live" semantic conventions. It represents the number of +// created spans with `recording=true` for which the end operation has not been +// called yet. +type SDKSpanLiveObservable struct { + metric.Int64ObservableUpDownCounter +} + +var newSDKSpanLiveObservableOpts = []metric.Int64ObservableUpDownCounterOption{ + metric.WithDescription("The number of created spans with `recording=true` for which the end operation has not been called yet."), + metric.WithUnit("{span}"), +} + +// NewSDKSpanLiveObservable returns a new SDKSpanLiveObservable instrument. +func NewSDKSpanLiveObservable( + m metric.Meter, + opt ...metric.Int64ObservableUpDownCounterOption, +) (SDKSpanLiveObservable, error) { + // Check if the meter is nil. + if m == nil { + return SDKSpanLiveObservable{noop.Int64ObservableUpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKSpanLiveObservableOpts + } else { + opt = append(opt, newSDKSpanLiveObservableOpts...) + } + + i, err := m.Int64ObservableUpDownCounter( + "otel.sdk.span.live", + opt..., + ) + if err != nil { + return SDKSpanLiveObservable{noop.Int64ObservableUpDownCounter{}}, err + } + return SDKSpanLiveObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKSpanLiveObservable) Inst() metric.Int64ObservableUpDownCounter { + return m.Int64ObservableUpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKSpanLiveObservable) Name() string { + return "otel.sdk.span.live" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKSpanLiveObservable) Unit() string { + return "{span}" +} + +// Description returns the semantic convention description of the instrument +func (SDKSpanLiveObservable) Description() string { + return "The number of created spans with `recording=true` for which the end operation has not been called yet." +} + +// AttrSpanSamplingResult returns an optional attribute for the +// "otel.span.sampling_result" semantic convention. It represents the result +// value of the sampler for this span. +func (SDKSpanLiveObservable) AttrSpanSamplingResult(val SpanSamplingResultAttr) attribute.KeyValue { + return attribute.String("otel.span.sampling_result", string(val)) +} + // SDKSpanStarted is an instrument used to record metric values conforming to the // "otel.sdk.span.started" semantic conventions. It represents the number of // created spans. @@ -2163,6 +3092,9 @@ func (m SDKSpanStarted) Add( incr int64, attrs ...attribute.KeyValue, ) { + if !m.Int64Counter.Enabled(ctx) { + return + } if len(attrs) == 0 { m.Int64Counter.Add(ctx, incr) return @@ -2170,6 +3102,7 @@ func (m SDKSpanStarted) Add( o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -2189,6 +3122,9 @@ func (m SDKSpanStarted) Add( // Implementations MUST record this metric for all spans, even for non-recording // ones. func (m SDKSpanStarted) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if !m.Int64Counter.Enabled(ctx) { + return + } if set.Len() == 0 { m.Int64Counter.Add(ctx, incr) return @@ -2196,6 +3132,7 @@ func (m SDKSpanStarted) AddSet(ctx context.Context, incr int64, set attribute.Se o := addOptPool.Get().(*[]metric.AddOption) defer func() { + clear(*o) *o = (*o)[:0] addOptPool.Put(o) }() @@ -2220,3 +3157,78 @@ func (SDKSpanStarted) AttrSpanParentOrigin(val SpanParentOriginAttr) attribute.K func (SDKSpanStarted) AttrSpanSamplingResult(val SpanSamplingResultAttr) attribute.KeyValue { return attribute.String("otel.span.sampling_result", string(val)) } + +// SDKSpanStartedObservable is an instrument used to record metric values +// conforming to the "otel.sdk.span.started" semantic conventions. It represents +// the number of created spans. +type SDKSpanStartedObservable struct { + metric.Int64ObservableCounter +} + +var newSDKSpanStartedObservableOpts = []metric.Int64ObservableCounterOption{ + metric.WithDescription("The number of created spans."), + metric.WithUnit("{span}"), +} + +// NewSDKSpanStartedObservable returns a new SDKSpanStartedObservable instrument. +func NewSDKSpanStartedObservable( + m metric.Meter, + opt ...metric.Int64ObservableCounterOption, +) (SDKSpanStartedObservable, error) { + // Check if the meter is nil. + if m == nil { + return SDKSpanStartedObservable{noop.Int64ObservableCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKSpanStartedObservableOpts + } else { + opt = append(opt, newSDKSpanStartedObservableOpts...) + } + + i, err := m.Int64ObservableCounter( + "otel.sdk.span.started", + opt..., + ) + if err != nil { + return SDKSpanStartedObservable{noop.Int64ObservableCounter{}}, err + } + return SDKSpanStartedObservable{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKSpanStartedObservable) Inst() metric.Int64ObservableCounter { + return m.Int64ObservableCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKSpanStartedObservable) Name() string { + return "otel.sdk.span.started" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKSpanStartedObservable) Unit() string { + return "{span}" +} + +// Description returns the semantic convention description of the instrument +func (SDKSpanStartedObservable) Description() string { + return "The number of created spans." +} + +// AttrSpanParentOrigin returns an optional attribute for the +// "otel.span.parent.origin" semantic convention. It represents the determines +// whether the span has a parent span, and if so, [whether it is a remote parent] +// . +// +// [whether it is a remote parent]: https://opentelemetry.io/docs/specs/otel/trace/api/#isremote +func (SDKSpanStartedObservable) AttrSpanParentOrigin(val SpanParentOriginAttr) attribute.KeyValue { + return attribute.String("otel.span.parent.origin", string(val)) +} + +// AttrSpanSamplingResult returns an optional attribute for the +// "otel.span.sampling_result" semantic convention. It represents the result +// value of the sampler for this span. +func (SDKSpanStartedObservable) AttrSpanSamplingResult(val SpanSamplingResultAttr) attribute.KeyValue { + return attribute.String("otel.span.sampling_result", string(val)) +} diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/schema.go b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/schema.go similarity index 73% rename from vendor/go.opentelemetry.io/otel/semconv/v1.40.0/schema.go rename to vendor/go.opentelemetry.io/otel/semconv/v1.41.0/schema.go index a07ffa3361..24948a48f8 100644 --- a/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/schema.go +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.41.0/schema.go @@ -1,9 +1,11 @@ +// Code generated from semantic convention specification. DO NOT EDIT. + // Copyright The OpenTelemetry Authors // SPDX-License-Identifier: Apache-2.0 -package semconv // import "go.opentelemetry.io/otel/semconv/v1.40.0" +package semconv // import "go.opentelemetry.io/otel/semconv/v1.41.0" // SchemaURL is the schema URL that matches the version of the semantic conventions // that this package defines. Semconv packages starting from v1.4.0 must declare // non-empty schema URL in the form https://opentelemetry.io/schemas/ -const SchemaURL = "https://opentelemetry.io/schemas/1.40.0" +const SchemaURL = "https://opentelemetry.io/schemas/1.41.0" diff --git a/vendor/go.opentelemetry.io/otel/trace/auto.go b/vendor/go.opentelemetry.io/otel/trace/auto.go index 9316fd0ac4..a75cf047d5 100644 --- a/vendor/go.opentelemetry.io/otel/trace/auto.go +++ b/vendor/go.opentelemetry.io/otel/trace/auto.go @@ -20,7 +20,7 @@ import ( "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/codes" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" "go.opentelemetry.io/otel/trace/embedded" "go.opentelemetry.io/otel/trace/internal/telemetry" ) @@ -314,6 +314,14 @@ func convAttrValue(value attribute.Value) telemetry.Value { case attribute.STRING: v := truncate(maxSpan.AttrValueLen, value.AsString()) return telemetry.StringValue(v) + case attribute.BYTESLICE: + // len(v.AsString()) is identical to len(v.AsByteSlice()) but + // avoids allocating the full slice before truncation. + s := value.AsString() + if maxSpan.AttrValueLen >= 0 && len(s) > maxSpan.AttrValueLen { + return telemetry.BytesValue([]byte(s[:maxSpan.AttrValueLen])) + } + return telemetry.BytesValue([]byte(s)) case attribute.BOOLSLICE: slice := value.AsBoolSlice() out := make([]telemetry.Value, 0, len(slice)) @@ -343,6 +351,13 @@ func convAttrValue(value attribute.Value) telemetry.Value { out = append(out, telemetry.StringValue(v)) } return telemetry.SliceValue(out...) + case attribute.SLICE: + slice := value.AsSlice() + out := make([]telemetry.Value, 0, len(slice)) + for _, v := range slice { + out = append(out, convAttrValue(v)) + } + return telemetry.SliceValue(out...) } return telemetry.Value{} } @@ -463,7 +478,8 @@ func (s *autoSpan) RecordError(err error, opts ...EventOption) { cfg := NewEventConfig(opts...) attrs := cfg.Attributes() - attrs = append(attrs, + attrs = append( + attrs, semconv.ExceptionType(typeStr(err)), semconv.ExceptionMessage(err.Error()), ) diff --git a/vendor/go.opentelemetry.io/otel/trace/config.go b/vendor/go.opentelemetry.io/otel/trace/config.go index d9ecef1cad..4cedba5ac7 100644 --- a/vendor/go.opentelemetry.io/otel/trace/config.go +++ b/vendor/go.opentelemetry.io/otel/trace/config.go @@ -34,10 +34,17 @@ func (t *TracerConfig) SchemaURL() string { return t.schemaURL } +type experimentalOption interface { + Experimental() +} + // NewTracerConfig applies all the options to a returned TracerConfig. func NewTracerConfig(options ...TracerOption) TracerConfig { var config TracerConfig for _, option := range options { + if _, ok := option.(experimentalOption); ok { + continue + } config = option.apply(config) } return config @@ -103,6 +110,9 @@ func (cfg *SpanConfig) SpanKind() SpanKind { func NewSpanStartConfig(options ...SpanStartOption) SpanConfig { var c SpanConfig for _, option := range options { + if _, ok := option.(experimentalOption); ok { + continue + } c = option.applySpanStart(c) } return c @@ -115,6 +125,9 @@ func NewSpanStartConfig(options ...SpanStartOption) SpanConfig { func NewSpanEndConfig(options ...SpanEndOption) SpanConfig { var c SpanConfig for _, option := range options { + if _, ok := option.(experimentalOption); ok { + continue + } c = option.applySpanEnd(c) } return c @@ -167,6 +180,9 @@ func (cfg *EventConfig) StackTrace() bool { func NewEventConfig(options ...EventOption) EventConfig { var c EventConfig for _, option := range options { + if _, ok := option.(experimentalOption); ok { + continue + } c = option.applyEvent(c) } if c.timestamp.IsZero() { diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/span.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/span.go index e7ca62c660..61c7819a23 100644 --- a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/span.go +++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/span.go @@ -314,9 +314,9 @@ type SpanEvent struct { } // MarshalJSON encodes e into OTLP formatted JSON. -func (e SpanEvent) MarshalJSON() ([]byte, error) { - t := e.Time.UnixNano() - if e.Time.IsZero() || t < 0 { +func (se SpanEvent) MarshalJSON() ([]byte, error) { + t := se.Time.UnixNano() + if se.Time.IsZero() || t < 0 { t = 0 } @@ -325,7 +325,7 @@ func (e SpanEvent) MarshalJSON() ([]byte, error) { Alias Time uint64 `json:"timeUnixNano,omitempty"` }{ - Alias: Alias(e), + Alias: Alias(se), Time: uint64(t), // nolint: gosec // >0 checked above }) } diff --git a/vendor/go.opentelemetry.io/otel/version.go b/vendor/go.opentelemetry.io/otel/version.go index 1db4f47e43..72746acfdb 100644 --- a/vendor/go.opentelemetry.io/otel/version.go +++ b/vendor/go.opentelemetry.io/otel/version.go @@ -5,5 +5,5 @@ package otel // import "go.opentelemetry.io/otel" // Version is the current release version of OpenTelemetry in use. func Version() string { - return "1.43.0" + return "1.44.0" } diff --git a/vendor/go.opentelemetry.io/otel/versions.yaml b/vendor/go.opentelemetry.io/otel/versions.yaml index bcc6ee78a4..d6dbf803ef 100644 --- a/vendor/go.opentelemetry.io/otel/versions.yaml +++ b/vendor/go.opentelemetry.io/otel/versions.yaml @@ -3,7 +3,7 @@ module-sets: stable-v1: - version: v1.43.0 + version: v1.44.0 modules: - go.opentelemetry.io/otel - go.opentelemetry.io/otel/bridge/opencensus @@ -22,11 +22,12 @@ module-sets: - go.opentelemetry.io/otel/sdk/metric - go.opentelemetry.io/otel/trace experimental-metrics: - version: v0.65.0 + version: v0.66.0 modules: - go.opentelemetry.io/otel/exporters/prometheus + - go.opentelemetry.io/otel/metric/x experimental-logs: - version: v0.19.0 + version: v0.20.0 modules: - go.opentelemetry.io/otel/log - go.opentelemetry.io/otel/log/logtest @@ -36,7 +37,7 @@ module-sets: - go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp - go.opentelemetry.io/otel/exporters/stdout/stdoutlog experimental-schema: - version: v0.0.16 + version: v0.0.17 modules: - go.opentelemetry.io/otel/schema excluded-modules: @@ -55,6 +56,9 @@ modules: go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc: version-refs: - ./internal/version.go + go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp: + version-refs: + - ./internal/version.go go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: version-refs: - ./internal/version.go diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go index c3315d52fe..c66a41b27c 100644 --- a/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 +// protoc-gen-go v1.36.11 // protoc v4.24.4 // source: google/api/client.proto @@ -23,6 +23,7 @@ package annotations import ( reflect "reflect" sync "sync" + unsafe "unsafe" api "google.golang.org/genproto/googleapis/api" protoreflect "google.golang.org/protobuf/reflect/protoreflect" @@ -226,28 +227,27 @@ func (FlowControlLimitExceededBehaviorProto) EnumDescriptor() ([]byte, []int) { // Required information for every language. type CommonLanguageSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Link to automatically generated reference documentation. Example: // https://cloud.google.com/nodejs/docs/reference/asset/latest // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in google/api/client.proto. ReferenceDocsUri string `protobuf:"bytes,1,opt,name=reference_docs_uri,json=referenceDocsUri,proto3" json:"reference_docs_uri,omitempty"` // The destination where API teams want this client library to be published. Destinations []ClientLibraryDestination `protobuf:"varint,2,rep,packed,name=destinations,proto3,enum=google.api.ClientLibraryDestination" json:"destinations,omitempty"` // Configuration for which RPCs should be generated in the GAPIC client. + // + // Note: This field should not be used in most cases. SelectiveGapicGeneration *SelectiveGapicGeneration `protobuf:"bytes,3,opt,name=selective_gapic_generation,json=selectiveGapicGeneration,proto3" json:"selective_gapic_generation,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *CommonLanguageSettings) Reset() { *x = CommonLanguageSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *CommonLanguageSettings) String() string { @@ -258,7 +258,7 @@ func (*CommonLanguageSettings) ProtoMessage() {} func (x *CommonLanguageSettings) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -273,7 +273,7 @@ func (*CommonLanguageSettings) Descriptor() ([]byte, []int) { return file_google_api_client_proto_rawDescGZIP(), []int{0} } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in google/api/client.proto. func (x *CommonLanguageSettings) GetReferenceDocsUri() string { if x != nil { return x.ReferenceDocsUri @@ -297,10 +297,7 @@ func (x *CommonLanguageSettings) GetSelectiveGapicGeneration() *SelectiveGapicGe // Details about how and where to publish client libraries. type ClientLibrarySettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Version of the API to apply these settings to. This is the full protobuf // package for the API, ending in the version element. // Examples: "google.cloud.speech.v1" and "google.spanner.admin.database.v1". @@ -325,16 +322,16 @@ type ClientLibrarySettings struct { // Settings for Ruby client libraries. RubySettings *RubySettings `protobuf:"bytes,27,opt,name=ruby_settings,json=rubySettings,proto3" json:"ruby_settings,omitempty"` // Settings for Go client libraries. - GoSettings *GoSettings `protobuf:"bytes,28,opt,name=go_settings,json=goSettings,proto3" json:"go_settings,omitempty"` + GoSettings *GoSettings `protobuf:"bytes,28,opt,name=go_settings,json=goSettings,proto3" json:"go_settings,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *ClientLibrarySettings) Reset() { *x = ClientLibrarySettings{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ClientLibrarySettings) String() string { @@ -345,7 +342,7 @@ func (*ClientLibrarySettings) ProtoMessage() {} func (x *ClientLibrarySettings) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -371,7 +368,7 @@ func (x *ClientLibrarySettings) GetLaunchStage() api.LaunchStage { if x != nil { return x.LaunchStage } - return api.LaunchStage_LAUNCH_STAGE_UNSPECIFIED + return api.LaunchStage(0) } func (x *ClientLibrarySettings) GetRestNumericEnums() bool { @@ -441,10 +438,7 @@ func (x *ClientLibrarySettings) GetGoSettings() *GoSettings { // libraries](https://cloud.google.com/apis/docs/cloud-client-libraries) // generated from the service config. type Publishing struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // A list of API method settings, e.g. the behavior for methods that use the // long-running operation pattern. MethodSettings []*MethodSettings `protobuf:"bytes,2,rep,name=method_settings,json=methodSettings,proto3" json:"method_settings,omitempty"` @@ -478,15 +472,15 @@ type Publishing struct { // Optional link to REST reference documentation. Example: // https://cloud.google.com/pubsub/lite/docs/reference/rest RestReferenceDocumentationUri string `protobuf:"bytes,111,opt,name=rest_reference_documentation_uri,json=restReferenceDocumentationUri,proto3" json:"rest_reference_documentation_uri,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *Publishing) Reset() { *x = Publishing{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Publishing) String() string { @@ -497,7 +491,7 @@ func (*Publishing) ProtoMessage() {} func (x *Publishing) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -591,10 +585,7 @@ func (x *Publishing) GetRestReferenceDocumentationUri() string { // Settings for Java client libraries. type JavaSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The package name to use in Java. Clobbers the java_package option // set in the protobuf. This should be used **only** by APIs // who have already set the language_settings.java.package_name" field @@ -622,18 +613,18 @@ type JavaSettings struct { // service_class_names: // - google.pubsub.v1.Publisher: TopicAdmin // - google.pubsub.v1.Subscriber: SubscriptionAdmin - ServiceClassNames map[string]string `protobuf:"bytes,2,rep,name=service_class_names,json=serviceClassNames,proto3" json:"service_class_names,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + ServiceClassNames map[string]string `protobuf:"bytes,2,rep,name=service_class_names,json=serviceClassNames,proto3" json:"service_class_names,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` // Some settings. - Common *CommonLanguageSettings `protobuf:"bytes,3,opt,name=common,proto3" json:"common,omitempty"` + Common *CommonLanguageSettings `protobuf:"bytes,3,opt,name=common,proto3" json:"common,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *JavaSettings) Reset() { *x = JavaSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *JavaSettings) String() string { @@ -644,7 +635,7 @@ func (*JavaSettings) ProtoMessage() {} func (x *JavaSettings) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -682,21 +673,18 @@ func (x *JavaSettings) GetCommon() *CommonLanguageSettings { // Settings for C++ client libraries. type CppSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Some settings. - Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` + Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *CppSettings) Reset() { *x = CppSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *CppSettings) String() string { @@ -707,7 +695,7 @@ func (*CppSettings) ProtoMessage() {} func (x *CppSettings) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -731,10 +719,7 @@ func (x *CppSettings) GetCommon() *CommonLanguageSettings { // Settings for Php client libraries. type PhpSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Some settings. Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` // The package name to use in Php. Clobbers the php_namespace option @@ -750,15 +735,15 @@ type PhpSettings struct { // php_settings: // library_package: Google\Cloud\PubSub\V1 LibraryPackage string `protobuf:"bytes,2,opt,name=library_package,json=libraryPackage,proto3" json:"library_package,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *PhpSettings) Reset() { *x = PhpSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PhpSettings) String() string { @@ -769,7 +754,7 @@ func (*PhpSettings) ProtoMessage() {} func (x *PhpSettings) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -800,23 +785,20 @@ func (x *PhpSettings) GetLibraryPackage() string { // Settings for Python client libraries. type PythonSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Some settings. Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` // Experimental features to be included during client library generation. ExperimentalFeatures *PythonSettings_ExperimentalFeatures `protobuf:"bytes,2,opt,name=experimental_features,json=experimentalFeatures,proto3" json:"experimental_features,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *PythonSettings) Reset() { *x = PythonSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PythonSettings) String() string { @@ -827,7 +809,7 @@ func (*PythonSettings) ProtoMessage() {} func (x *PythonSettings) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -858,21 +840,18 @@ func (x *PythonSettings) GetExperimentalFeatures() *PythonSettings_ExperimentalF // Settings for Node client libraries. type NodeSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Some settings. - Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` + Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *NodeSettings) Reset() { *x = NodeSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *NodeSettings) String() string { @@ -883,7 +862,7 @@ func (*NodeSettings) ProtoMessage() {} func (x *NodeSettings) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -907,10 +886,7 @@ func (x *NodeSettings) GetCommon() *CommonLanguageSettings { // Settings for Dotnet client libraries. type DotnetSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Some settings. Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` // Map from original service names to renamed versions. @@ -918,13 +894,13 @@ type DotnetSettings struct { // would cause a naming conflict. (Neither name is // fully-qualified.) // Example: Subscriber to SubscriberServiceApi. - RenamedServices map[string]string `protobuf:"bytes,2,rep,name=renamed_services,json=renamedServices,proto3" json:"renamed_services,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + RenamedServices map[string]string `protobuf:"bytes,2,rep,name=renamed_services,json=renamedServices,proto3" json:"renamed_services,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` // Map from full resource types to the effective short name // for the resource. This is used when otherwise resource // named from different services would cause naming collisions. // Example entry: // "datalabeling.googleapis.com/Dataset": "DataLabelingDataset" - RenamedResources map[string]string `protobuf:"bytes,3,rep,name=renamed_resources,json=renamedResources,proto3" json:"renamed_resources,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + RenamedResources map[string]string `protobuf:"bytes,3,rep,name=renamed_resources,json=renamedResources,proto3" json:"renamed_resources,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` // List of full resource types to ignore during generation. // This is typically used for API-specific Location resources, // which should be handled by the generator as if they were actually @@ -938,15 +914,15 @@ type DotnetSettings struct { // which are provided separately, so shouldn't be generated. // Snippets *calling* these methods are still generated, however. HandwrittenSignatures []string `protobuf:"bytes,6,rep,name=handwritten_signatures,json=handwrittenSignatures,proto3" json:"handwritten_signatures,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *DotnetSettings) Reset() { *x = DotnetSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *DotnetSettings) String() string { @@ -957,7 +933,7 @@ func (*DotnetSettings) ProtoMessage() {} func (x *DotnetSettings) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1016,21 +992,18 @@ func (x *DotnetSettings) GetHandwrittenSignatures() []string { // Settings for Ruby client libraries. type RubySettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Some settings. - Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` + Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *RubySettings) Reset() { *x = RubySettings{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *RubySettings) String() string { @@ -1041,7 +1014,7 @@ func (*RubySettings) ProtoMessage() {} func (x *RubySettings) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1065,10 +1038,7 @@ func (x *RubySettings) GetCommon() *CommonLanguageSettings { // Settings for Go client libraries. type GoSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Some settings. Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` // Map of service names to renamed services. Keys are the package relative @@ -1081,16 +1051,16 @@ type GoSettings struct { // go_settings: // renamed_services: // Publisher: TopicAdmin - RenamedServices map[string]string `protobuf:"bytes,2,rep,name=renamed_services,json=renamedServices,proto3" json:"renamed_services,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + RenamedServices map[string]string `protobuf:"bytes,2,rep,name=renamed_services,json=renamedServices,proto3" json:"renamed_services,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GoSettings) Reset() { *x = GoSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GoSettings) String() string { @@ -1101,7 +1071,7 @@ func (*GoSettings) ProtoMessage() {} func (x *GoSettings) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1132,10 +1102,7 @@ func (x *GoSettings) GetRenamedServices() map[string]string { // Describes the generator configuration for a method. type MethodSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The fully qualified name of the method, for which the options below apply. // This is used to find the method to apply the options. // @@ -1184,16 +1151,16 @@ type MethodSettings struct { // element_count_threshold: 1000 // request_byte_threshold: 100000000 // delay_threshold_millis: 10 - Batching *BatchingConfigProto `protobuf:"bytes,4,opt,name=batching,proto3" json:"batching,omitempty"` + Batching *BatchingConfigProto `protobuf:"bytes,4,opt,name=batching,proto3" json:"batching,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *MethodSettings) Reset() { *x = MethodSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *MethodSettings) String() string { @@ -1204,7 +1171,7 @@ func (*MethodSettings) ProtoMessage() {} func (x *MethodSettings) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1249,11 +1216,10 @@ func (x *MethodSettings) GetBatching() *BatchingConfigProto { // This message is used to configure the generation of a subset of the RPCs in // a service for client libraries. +// +// Note: This feature should not be used in most cases. type SelectiveGapicGeneration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // An allowlist of the fully qualified names of RPCs that should be included // on public client surfaces. Methods []string `protobuf:"bytes,1,rep,name=methods,proto3" json:"methods,omitempty"` @@ -1264,15 +1230,15 @@ type SelectiveGapicGeneration struct { // implementations to decide. Some examples may be: added annotations, // obfuscated identifiers, or other language idiomatic patterns. GenerateOmittedAsInternal bool `protobuf:"varint,2,opt,name=generate_omitted_as_internal,json=generateOmittedAsInternal,proto3" json:"generate_omitted_as_internal,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *SelectiveGapicGeneration) Reset() { *x = SelectiveGapicGeneration{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SelectiveGapicGeneration) String() string { @@ -1283,7 +1249,7 @@ func (*SelectiveGapicGeneration) ProtoMessage() {} func (x *SelectiveGapicGeneration) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1314,23 +1280,20 @@ func (x *SelectiveGapicGeneration) GetGenerateOmittedAsInternal() bool { // `BatchingConfigProto` defines the batching configuration for an API method. type BatchingConfigProto struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The thresholds which trigger a batched request to be sent. Thresholds *BatchingSettingsProto `protobuf:"bytes,1,opt,name=thresholds,proto3" json:"thresholds,omitempty"` // The request and response fields used in batching. BatchDescriptor *BatchingDescriptorProto `protobuf:"bytes,2,opt,name=batch_descriptor,json=batchDescriptor,proto3" json:"batch_descriptor,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *BatchingConfigProto) Reset() { *x = BatchingConfigProto{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *BatchingConfigProto) String() string { @@ -1341,7 +1304,7 @@ func (*BatchingConfigProto) ProtoMessage() {} func (x *BatchingConfigProto) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1374,10 +1337,7 @@ func (x *BatchingConfigProto) GetBatchDescriptor() *BatchingDescriptorProto { // which acts as a trigger to send a batch of messages as a request. At least // one threshold must be positive nonzero. type BatchingSettingsProto struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The number of elements of a field collected into a batch which, if // exceeded, causes the batch to be sent. ElementCountThreshold int32 `protobuf:"varint,1,opt,name=element_count_threshold,json=elementCountThreshold,proto3" json:"element_count_threshold,omitempty"` @@ -1399,15 +1359,15 @@ type BatchingSettingsProto struct { FlowControlByteLimit int32 `protobuf:"varint,7,opt,name=flow_control_byte_limit,json=flowControlByteLimit,proto3" json:"flow_control_byte_limit,omitempty"` // The behavior to take when the flow control limit is exceeded. FlowControlLimitExceededBehavior FlowControlLimitExceededBehaviorProto `protobuf:"varint,8,opt,name=flow_control_limit_exceeded_behavior,json=flowControlLimitExceededBehavior,proto3,enum=google.api.FlowControlLimitExceededBehaviorProto" json:"flow_control_limit_exceeded_behavior,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *BatchingSettingsProto) Reset() { *x = BatchingSettingsProto{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[14] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *BatchingSettingsProto) String() string { @@ -1418,7 +1378,7 @@ func (*BatchingSettingsProto) ProtoMessage() {} func (x *BatchingSettingsProto) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1493,10 +1453,7 @@ func (x *BatchingSettingsProto) GetFlowControlLimitExceededBehavior() FlowContro // used for batching, and, optionally, the fields of the response message to be // used for demultiplexing. type BatchingDescriptorProto struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The repeated field in the request message to be aggregated by batching. BatchedField string `protobuf:"bytes,1,opt,name=batched_field,json=batchedField,proto3" json:"batched_field,omitempty"` // A list of the fields in the request message. Two requests will be batched @@ -1508,15 +1465,15 @@ type BatchingDescriptorProto struct { // correspondence with the multiple request messages originally batched // together. SubresponseField string `protobuf:"bytes,3,opt,name=subresponse_field,json=subresponseField,proto3" json:"subresponse_field,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *BatchingDescriptorProto) Reset() { *x = BatchingDescriptorProto{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *BatchingDescriptorProto) String() string { @@ -1527,7 +1484,7 @@ func (*BatchingDescriptorProto) ProtoMessage() {} func (x *BatchingDescriptorProto) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1567,10 +1524,7 @@ func (x *BatchingDescriptorProto) GetSubresponseField() string { // These fields will be deprecated once the feature graduates and is enabled // by default. type PythonSettings_ExperimentalFeatures struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Enables generation of asynchronous REST clients if `rest` transport is // enabled. By default, asynchronous REST clients will not be generated. // This feature will be enabled by default 1 month after launching the @@ -1586,15 +1540,15 @@ type PythonSettings_ExperimentalFeatures struct { // import statements. For example `import google.cloud.library_v2` instead // of `import google.cloud.library`. UnversionedPackageDisabled bool `protobuf:"varint,3,opt,name=unversioned_package_disabled,json=unversionedPackageDisabled,proto3" json:"unversioned_package_disabled,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *PythonSettings_ExperimentalFeatures) Reset() { *x = PythonSettings_ExperimentalFeatures{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[17] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[17] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PythonSettings_ExperimentalFeatures) String() string { @@ -1605,7 +1559,7 @@ func (*PythonSettings_ExperimentalFeatures) ProtoMessage() {} func (x *PythonSettings_ExperimentalFeatures) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[17] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1647,10 +1601,7 @@ func (x *PythonSettings_ExperimentalFeatures) GetUnversionedPackageDisabled() bo // generators (e.g. // [Java](https://github.com/googleapis/gapic-generator-java/blob/04c2faa191a9b5a10b92392fe8482279c4404803/src/main/java/com/google/api/generator/gapic/composer/common/RetrySettingsComposer.java)). type MethodSettings_LongRunning struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Initial delay after which the first poll request will be made. // Default value: 5 seconds. InitialPollDelay *durationpb.Duration `protobuf:"bytes,1,opt,name=initial_poll_delay,json=initialPollDelay,proto3" json:"initial_poll_delay,omitempty"` @@ -1664,15 +1615,15 @@ type MethodSettings_LongRunning struct { // Total polling timeout. // Default value: 5 minutes. TotalPollTimeout *durationpb.Duration `protobuf:"bytes,4,opt,name=total_poll_timeout,json=totalPollTimeout,proto3" json:"total_poll_timeout,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *MethodSettings_LongRunning) Reset() { *x = MethodSettings_LongRunning{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[21] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_google_api_client_proto_msgTypes[21] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *MethodSettings_LongRunning) String() string { @@ -1683,7 +1634,7 @@ func (*MethodSettings_LongRunning) ProtoMessage() {} func (x *MethodSettings_LongRunning) ProtoReflect() protoreflect.Message { mi := &file_google_api_client_proto_msgTypes[21] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1861,386 +1812,158 @@ var ( var File_google_api_client_proto protoreflect.FileDescriptor -var file_google_api_client_proto_rawDesc = []byte{ - 0x0a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x61, 0x70, 0x69, 0x1a, 0x1d, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, - 0x69, 0x2f, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x5f, 0x73, 0x74, 0x61, 0x67, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf8, 0x01, 0x0a, 0x16, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x12, 0x30, 0x0a, 0x12, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x64, - 0x6f, 0x63, 0x73, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, - 0x01, 0x52, 0x10, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x44, 0x6f, 0x63, 0x73, - 0x55, 0x72, 0x69, 0x12, 0x48, 0x0a, 0x0c, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, - 0x72, 0x61, 0x72, 0x79, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x0c, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x62, 0x0a, - 0x1a, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x67, 0x61, 0x70, 0x69, 0x63, - 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x53, - 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x76, 0x65, 0x47, 0x61, 0x70, 0x69, 0x63, 0x47, 0x65, 0x6e, - 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x18, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, - 0x76, 0x65, 0x47, 0x61, 0x70, 0x69, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x22, 0x93, 0x05, 0x0a, 0x15, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, - 0x61, 0x72, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x76, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, - 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x3a, 0x0a, 0x0c, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x5f, - 0x73, 0x74, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x17, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x53, - 0x74, 0x61, 0x67, 0x65, 0x52, 0x0b, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x53, 0x74, 0x61, 0x67, - 0x65, 0x12, 0x2c, 0x0a, 0x12, 0x72, 0x65, 0x73, 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x65, 0x72, 0x69, - 0x63, 0x5f, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x72, - 0x65, 0x73, 0x74, 0x4e, 0x75, 0x6d, 0x65, 0x72, 0x69, 0x63, 0x45, 0x6e, 0x75, 0x6d, 0x73, 0x12, - 0x3d, 0x0a, 0x0d, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x52, 0x0c, 0x6a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, - 0x0a, 0x0c, 0x63, 0x70, 0x70, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x16, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x43, 0x70, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0b, 0x63, - 0x70, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x0c, 0x70, 0x68, - 0x70, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x17, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x50, 0x68, - 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0b, 0x70, 0x68, 0x70, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x70, 0x79, 0x74, 0x68, 0x6f, 0x6e, - 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x18, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x50, 0x79, 0x74, - 0x68, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x70, 0x79, 0x74, - 0x68, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3d, 0x0a, 0x0d, 0x6e, - 0x6f, 0x64, 0x65, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x19, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0c, 0x6e, 0x6f, - 0x64, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x64, 0x6f, - 0x74, 0x6e, 0x65, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x1a, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, - 0x0e, 0x64, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, - 0x3d, 0x0a, 0x0d, 0x72, 0x75, 0x62, 0x79, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x18, 0x1b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x52, 0x75, 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x52, 0x0c, 0x72, 0x75, 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x37, - 0x0a, 0x0b, 0x67, 0x6f, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x1c, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x47, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0a, 0x67, 0x6f, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x22, 0xf4, 0x04, 0x0a, 0x0a, 0x50, 0x75, 0x62, 0x6c, - 0x69, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x12, 0x43, 0x0a, 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, - 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, - 0x68, 0x6f, 0x64, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x6d, 0x65, 0x74, - 0x68, 0x6f, 0x64, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x6e, - 0x65, 0x77, 0x5f, 0x69, 0x73, 0x73, 0x75, 0x65, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x65, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0b, 0x6e, 0x65, 0x77, 0x49, 0x73, 0x73, 0x75, 0x65, 0x55, 0x72, 0x69, 0x12, - 0x2b, 0x0a, 0x11, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x5f, 0x75, 0x72, 0x69, 0x18, 0x66, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x64, 0x6f, 0x63, 0x75, - 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x69, 0x12, 0x24, 0x0a, 0x0e, - 0x61, 0x70, 0x69, 0x5f, 0x73, 0x68, 0x6f, 0x72, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x67, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x70, 0x69, 0x53, 0x68, 0x6f, 0x72, 0x74, 0x4e, 0x61, - 0x6d, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x5f, 0x6c, 0x61, 0x62, - 0x65, 0x6c, 0x18, 0x68, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x34, 0x0a, 0x16, 0x63, 0x6f, 0x64, 0x65, 0x6f, 0x77, 0x6e, - 0x65, 0x72, 0x5f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x5f, 0x74, 0x65, 0x61, 0x6d, 0x73, 0x18, - 0x69, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x63, 0x6f, 0x64, 0x65, 0x6f, 0x77, 0x6e, 0x65, 0x72, - 0x47, 0x69, 0x74, 0x68, 0x75, 0x62, 0x54, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x24, 0x0a, 0x0e, 0x64, - 0x6f, 0x63, 0x5f, 0x74, 0x61, 0x67, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x6a, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x6f, 0x63, 0x54, 0x61, 0x67, 0x50, 0x72, 0x65, 0x66, 0x69, - 0x78, 0x12, 0x49, 0x0a, 0x0c, 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x6b, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, - 0x72, 0x79, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, - 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, 0x10, - 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x18, 0x6d, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, - 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0f, 0x6c, 0x69, 0x62, 0x72, 0x61, - 0x72, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x49, 0x0a, 0x21, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x5f, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x64, 0x6f, - 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x69, 0x18, - 0x6e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x65, 0x66, 0x65, - 0x72, 0x65, 0x6e, 0x63, 0x65, 0x44, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x55, 0x72, 0x69, 0x12, 0x47, 0x0a, 0x20, 0x72, 0x65, 0x73, 0x74, 0x5f, 0x72, 0x65, - 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x6f, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x1d, 0x72, 0x65, 0x73, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x44, 0x6f, - 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x69, 0x22, 0x9a, - 0x02, 0x0a, 0x0c, 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, - 0x27, 0x0a, 0x0f, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, - 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, - 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x5f, 0x0a, 0x13, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, - 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, - 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, - 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, - 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x1a, 0x44, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, - 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x49, 0x0a, 0x0b, 0x43, - 0x70, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, - 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, - 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, - 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x72, 0x0a, 0x0b, 0x50, 0x68, 0x70, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, - 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x12, 0x27, 0x0a, 0x0f, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x63, - 0x6b, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x69, 0x62, 0x72, - 0x61, 0x72, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x22, 0x87, 0x03, 0x0a, 0x0e, 0x50, - 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, - 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x12, 0x64, 0x0a, 0x15, 0x65, 0x78, 0x70, - 0x65, 0x72, 0x69, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x6c, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, - 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x50, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, - 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x45, 0x78, 0x70, 0x65, 0x72, 0x69, 0x6d, 0x65, 0x6e, 0x74, 0x61, - 0x6c, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x52, 0x14, 0x65, 0x78, 0x70, 0x65, 0x72, - 0x69, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x6c, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x1a, - 0xd2, 0x01, 0x0a, 0x14, 0x45, 0x78, 0x70, 0x65, 0x72, 0x69, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x6c, - 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x31, 0x0a, 0x15, 0x72, 0x65, 0x73, 0x74, - 0x5f, 0x61, 0x73, 0x79, 0x6e, 0x63, 0x5f, 0x69, 0x6f, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x72, 0x65, 0x73, 0x74, 0x41, 0x73, 0x79, - 0x6e, 0x63, 0x49, 0x6f, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x45, 0x0a, 0x1f, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x5f, 0x70, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x69, 0x63, - 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x1c, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x50, 0x79, - 0x74, 0x68, 0x6f, 0x6e, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, - 0x65, 0x64, 0x12, 0x40, 0x0a, 0x1c, 0x75, 0x6e, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x65, - 0x64, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x5f, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, - 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1a, 0x75, 0x6e, 0x76, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x65, 0x64, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x44, 0x69, 0x73, 0x61, - 0x62, 0x6c, 0x65, 0x64, 0x22, 0x4a, 0x0a, 0x0c, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x74, 0x74, - 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x22, 0xae, 0x04, 0x0a, 0x0e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x12, - 0x5a, 0x0a, 0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x72, 0x65, 0x6e, 0x61, - 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x5d, 0x0a, 0x11, 0x72, - 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, - 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, - 0x67, 0x73, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, - 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x69, 0x67, - 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, - 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x52, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x18, 0x66, 0x6f, 0x72, 0x63, 0x65, - 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x61, 0x6c, 0x69, 0x61, - 0x73, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x16, 0x66, 0x6f, 0x72, 0x63, 0x65, - 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x65, - 0x73, 0x12, 0x35, 0x0a, 0x16, 0x68, 0x61, 0x6e, 0x64, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, - 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x15, 0x68, 0x61, 0x6e, 0x64, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x53, 0x69, - 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x1a, 0x42, 0x0a, 0x14, 0x52, 0x65, 0x6e, 0x61, - 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, - 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x43, 0x0a, 0x15, - 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, - 0x01, 0x22, 0x4a, 0x0a, 0x0c, 0x52, 0x75, 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0xe4, 0x01, - 0x0a, 0x0a, 0x47, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, - 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x12, 0x56, 0x0a, 0x10, 0x72, 0x65, 0x6e, 0x61, - 0x6d, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x47, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, - 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x0f, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, - 0x1a, 0x42, 0x0a, 0x14, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x3a, 0x02, 0x38, 0x01, 0x22, 0xff, 0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, - 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, - 0x74, 0x6f, 0x72, 0x12, 0x49, 0x0a, 0x0c, 0x6c, 0x6f, 0x6e, 0x67, 0x5f, 0x72, 0x75, 0x6e, 0x6e, - 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, - 0x67, 0x52, 0x0b, 0x6c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x32, - 0x0a, 0x15, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x70, 0x6f, 0x70, 0x75, 0x6c, 0x61, 0x74, 0x65, 0x64, - 0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x13, 0x61, - 0x75, 0x74, 0x6f, 0x50, 0x6f, 0x70, 0x75, 0x6c, 0x61, 0x74, 0x65, 0x64, 0x46, 0x69, 0x65, 0x6c, - 0x64, 0x73, 0x12, 0x3b, 0x0a, 0x08, 0x62, 0x61, 0x74, 0x63, 0x68, 0x69, 0x6e, 0x67, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x08, 0x62, 0x61, 0x74, 0x63, 0x68, 0x69, 0x6e, 0x67, 0x1a, - 0x94, 0x02, 0x0a, 0x0b, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, - 0x47, 0x0a, 0x12, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, - 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x50, - 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x6f, 0x6c, 0x6c, - 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, - 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x02, 0x52, 0x13, 0x70, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, - 0x61, 0x79, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, 0x72, 0x12, 0x3f, 0x0a, 0x0e, - 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x0c, 0x6d, 0x61, 0x78, 0x50, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x47, 0x0a, - 0x12, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x69, 0x6d, 0x65, - 0x6f, 0x75, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x6f, 0x6c, 0x6c, 0x54, - 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x75, 0x0a, 0x18, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, - 0x69, 0x76, 0x65, 0x47, 0x61, 0x70, 0x69, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x12, 0x3f, 0x0a, 0x1c, - 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x6f, 0x6d, 0x69, 0x74, 0x74, 0x65, 0x64, - 0x5f, 0x61, 0x73, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x19, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x6d, 0x69, 0x74, - 0x74, 0x65, 0x64, 0x41, 0x73, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x22, 0xa8, 0x01, - 0x0a, 0x13, 0x42, 0x61, 0x74, 0x63, 0x68, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x41, 0x0a, 0x0a, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, - 0x6c, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x69, 0x6e, 0x67, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x0a, 0x74, 0x68, - 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x73, 0x12, 0x4e, 0x0a, 0x10, 0x62, 0x61, 0x74, 0x63, - 0x68, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x42, 0x61, 0x74, 0x63, 0x68, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, - 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x0f, 0x62, 0x61, 0x74, 0x63, 0x68, 0x44, 0x65, - 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x22, 0x9f, 0x04, 0x0a, 0x15, 0x42, 0x61, 0x74, - 0x63, 0x68, 0x69, 0x6e, 0x67, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x50, 0x72, 0x6f, - 0x74, 0x6f, 0x12, 0x36, 0x0a, 0x17, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x6f, - 0x75, 0x6e, 0x74, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x15, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x75, 0x6e, - 0x74, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x34, 0x0a, 0x16, 0x72, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, - 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x14, 0x72, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x42, 0x79, 0x74, 0x65, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, - 0x12, 0x42, 0x0a, 0x0f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, - 0x6f, 0x6c, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x54, 0x68, 0x72, 0x65, 0x73, - 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x2e, 0x0a, 0x13, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x5f, - 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x05, 0x52, 0x11, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4c, - 0x69, 0x6d, 0x69, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, - 0x62, 0x79, 0x74, 0x65, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x10, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x42, 0x79, 0x74, 0x65, 0x4c, 0x69, 0x6d, - 0x69, 0x74, 0x12, 0x3b, 0x0a, 0x1a, 0x66, 0x6c, 0x6f, 0x77, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x72, - 0x6f, 0x6c, 0x5f, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x17, 0x66, 0x6c, 0x6f, 0x77, 0x43, 0x6f, 0x6e, 0x74, - 0x72, 0x6f, 0x6c, 0x45, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, - 0x35, 0x0a, 0x17, 0x66, 0x6c, 0x6f, 0x77, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x5f, - 0x62, 0x79, 0x74, 0x65, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x14, 0x66, 0x6c, 0x6f, 0x77, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x42, 0x79, 0x74, - 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x81, 0x01, 0x0a, 0x24, 0x66, 0x6c, 0x6f, 0x77, 0x5f, - 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x65, 0x78, - 0x63, 0x65, 0x65, 0x64, 0x65, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x18, - 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x46, 0x6c, 0x6f, 0x77, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x4c, 0x69, - 0x6d, 0x69, 0x74, 0x45, 0x78, 0x63, 0x65, 0x65, 0x64, 0x65, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, - 0x69, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x20, 0x66, 0x6c, 0x6f, 0x77, 0x43, 0x6f, - 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x45, 0x78, 0x63, 0x65, 0x65, 0x64, - 0x65, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x22, 0x9e, 0x01, 0x0a, 0x17, 0x42, - 0x61, 0x74, 0x63, 0x68, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, - 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x23, 0x0a, 0x0d, 0x62, 0x61, 0x74, 0x63, 0x68, 0x65, - 0x64, 0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x62, - 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x31, 0x0a, 0x14, 0x64, - 0x69, 0x73, 0x63, 0x72, 0x69, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x6f, 0x72, 0x5f, 0x66, 0x69, 0x65, - 0x6c, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x13, 0x64, 0x69, 0x73, 0x63, 0x72, - 0x69, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x6f, 0x72, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x73, 0x12, 0x2b, - 0x0a, 0x11, 0x73, 0x75, 0x62, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x66, 0x69, - 0x65, 0x6c, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x73, 0x75, 0x62, 0x72, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x2a, 0xa3, 0x01, 0x0a, 0x19, - 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x4f, 0x72, 0x67, - 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x27, 0x43, 0x4c, 0x49, - 0x45, 0x4e, 0x54, 0x5f, 0x4c, 0x49, 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, 0x4f, 0x52, 0x47, 0x41, - 0x4e, 0x49, 0x5a, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, - 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x43, 0x4c, 0x4f, 0x55, 0x44, 0x10, - 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x44, 0x53, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x48, - 0x4f, 0x54, 0x4f, 0x53, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x53, 0x54, 0x52, 0x45, 0x45, 0x54, - 0x5f, 0x56, 0x49, 0x45, 0x57, 0x10, 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x4f, 0x50, 0x50, - 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, 0x07, 0x0a, 0x03, 0x47, 0x45, 0x4f, 0x10, 0x06, 0x12, 0x11, - 0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x45, 0x52, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x41, 0x49, 0x10, - 0x07, 0x2a, 0x67, 0x0a, 0x18, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, - 0x72, 0x79, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, - 0x26, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x4c, 0x49, 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, - 0x44, 0x45, 0x53, 0x54, 0x49, 0x4e, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, - 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x47, 0x49, 0x54, - 0x48, 0x55, 0x42, 0x10, 0x0a, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x41, 0x43, 0x4b, 0x41, 0x47, 0x45, - 0x5f, 0x4d, 0x41, 0x4e, 0x41, 0x47, 0x45, 0x52, 0x10, 0x14, 0x2a, 0x67, 0x0a, 0x25, 0x46, 0x6c, - 0x6f, 0x77, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x45, 0x78, - 0x63, 0x65, 0x65, 0x64, 0x65, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x50, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x0e, 0x55, 0x4e, 0x53, 0x45, 0x54, 0x5f, 0x42, 0x45, 0x48, - 0x41, 0x56, 0x49, 0x4f, 0x52, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x48, 0x52, 0x4f, 0x57, - 0x5f, 0x45, 0x58, 0x43, 0x45, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, - 0x42, 0x4c, 0x4f, 0x43, 0x4b, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x47, 0x4e, 0x4f, 0x52, - 0x45, 0x10, 0x03, 0x3a, 0x4a, 0x0a, 0x10, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x73, 0x69, - 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, - 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9b, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, - 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x3a, - 0x43, 0x0a, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x12, - 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x18, 0x99, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, - 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x43, 0x0a, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x63, - 0x6f, 0x70, 0x65, 0x73, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9a, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6f, 0x61, - 0x75, 0x74, 0x68, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x3a, 0x44, 0x0a, 0x0b, 0x61, 0x70, 0x69, - 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xc1, 0xba, 0xab, 0xfa, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x70, 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x42, - 0x69, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x42, 0x0b, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, - 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, - 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, -} +const file_google_api_client_proto_rawDesc = "" + + "\n" + + "\x17google/api/client.proto\x12\n" + + "google.api\x1a\x1dgoogle/api/launch_stage.proto\x1a google/protobuf/descriptor.proto\x1a\x1egoogle/protobuf/duration.proto\"\xf8\x01\n" + + "\x16CommonLanguageSettings\x120\n" + + "\x12reference_docs_uri\x18\x01 \x01(\tB\x02\x18\x01R\x10referenceDocsUri\x12H\n" + + "\fdestinations\x18\x02 \x03(\x0e2$.google.api.ClientLibraryDestinationR\fdestinations\x12b\n" + + "\x1aselective_gapic_generation\x18\x03 \x01(\v2$.google.api.SelectiveGapicGenerationR\x18selectiveGapicGeneration\"\x93\x05\n" + + "\x15ClientLibrarySettings\x12\x18\n" + + "\aversion\x18\x01 \x01(\tR\aversion\x12:\n" + + "\flaunch_stage\x18\x02 \x01(\x0e2\x17.google.api.LaunchStageR\vlaunchStage\x12,\n" + + "\x12rest_numeric_enums\x18\x03 \x01(\bR\x10restNumericEnums\x12=\n" + + "\rjava_settings\x18\x15 \x01(\v2\x18.google.api.JavaSettingsR\fjavaSettings\x12:\n" + + "\fcpp_settings\x18\x16 \x01(\v2\x17.google.api.CppSettingsR\vcppSettings\x12:\n" + + "\fphp_settings\x18\x17 \x01(\v2\x17.google.api.PhpSettingsR\vphpSettings\x12C\n" + + "\x0fpython_settings\x18\x18 \x01(\v2\x1a.google.api.PythonSettingsR\x0epythonSettings\x12=\n" + + "\rnode_settings\x18\x19 \x01(\v2\x18.google.api.NodeSettingsR\fnodeSettings\x12C\n" + + "\x0fdotnet_settings\x18\x1a \x01(\v2\x1a.google.api.DotnetSettingsR\x0edotnetSettings\x12=\n" + + "\rruby_settings\x18\x1b \x01(\v2\x18.google.api.RubySettingsR\frubySettings\x127\n" + + "\vgo_settings\x18\x1c \x01(\v2\x16.google.api.GoSettingsR\n" + + "goSettings\"\xf4\x04\n" + + "\n" + + "Publishing\x12C\n" + + "\x0fmethod_settings\x18\x02 \x03(\v2\x1a.google.api.MethodSettingsR\x0emethodSettings\x12\"\n" + + "\rnew_issue_uri\x18e \x01(\tR\vnewIssueUri\x12+\n" + + "\x11documentation_uri\x18f \x01(\tR\x10documentationUri\x12$\n" + + "\x0eapi_short_name\x18g \x01(\tR\fapiShortName\x12!\n" + + "\fgithub_label\x18h \x01(\tR\vgithubLabel\x124\n" + + "\x16codeowner_github_teams\x18i \x03(\tR\x14codeownerGithubTeams\x12$\n" + + "\x0edoc_tag_prefix\x18j \x01(\tR\fdocTagPrefix\x12I\n" + + "\forganization\x18k \x01(\x0e2%.google.api.ClientLibraryOrganizationR\forganization\x12L\n" + + "\x10library_settings\x18m \x03(\v2!.google.api.ClientLibrarySettingsR\x0flibrarySettings\x12I\n" + + "!proto_reference_documentation_uri\x18n \x01(\tR\x1eprotoReferenceDocumentationUri\x12G\n" + + " rest_reference_documentation_uri\x18o \x01(\tR\x1drestReferenceDocumentationUri\"\x9a\x02\n" + + "\fJavaSettings\x12'\n" + + "\x0flibrary_package\x18\x01 \x01(\tR\x0elibraryPackage\x12_\n" + + "\x13service_class_names\x18\x02 \x03(\v2/.google.api.JavaSettings.ServiceClassNamesEntryR\x11serviceClassNames\x12:\n" + + "\x06common\x18\x03 \x01(\v2\".google.api.CommonLanguageSettingsR\x06common\x1aD\n" + + "\x16ServiceClassNamesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\"I\n" + + "\vCppSettings\x12:\n" + + "\x06common\x18\x01 \x01(\v2\".google.api.CommonLanguageSettingsR\x06common\"r\n" + + "\vPhpSettings\x12:\n" + + "\x06common\x18\x01 \x01(\v2\".google.api.CommonLanguageSettingsR\x06common\x12'\n" + + "\x0flibrary_package\x18\x02 \x01(\tR\x0elibraryPackage\"\x87\x03\n" + + "\x0ePythonSettings\x12:\n" + + "\x06common\x18\x01 \x01(\v2\".google.api.CommonLanguageSettingsR\x06common\x12d\n" + + "\x15experimental_features\x18\x02 \x01(\v2/.google.api.PythonSettings.ExperimentalFeaturesR\x14experimentalFeatures\x1a\xd2\x01\n" + + "\x14ExperimentalFeatures\x121\n" + + "\x15rest_async_io_enabled\x18\x01 \x01(\bR\x12restAsyncIoEnabled\x12E\n" + + "\x1fprotobuf_pythonic_types_enabled\x18\x02 \x01(\bR\x1cprotobufPythonicTypesEnabled\x12@\n" + + "\x1cunversioned_package_disabled\x18\x03 \x01(\bR\x1aunversionedPackageDisabled\"J\n" + + "\fNodeSettings\x12:\n" + + "\x06common\x18\x01 \x01(\v2\".google.api.CommonLanguageSettingsR\x06common\"\xae\x04\n" + + "\x0eDotnetSettings\x12:\n" + + "\x06common\x18\x01 \x01(\v2\".google.api.CommonLanguageSettingsR\x06common\x12Z\n" + + "\x10renamed_services\x18\x02 \x03(\v2/.google.api.DotnetSettings.RenamedServicesEntryR\x0frenamedServices\x12]\n" + + "\x11renamed_resources\x18\x03 \x03(\v20.google.api.DotnetSettings.RenamedResourcesEntryR\x10renamedResources\x12+\n" + + "\x11ignored_resources\x18\x04 \x03(\tR\x10ignoredResources\x128\n" + + "\x18forced_namespace_aliases\x18\x05 \x03(\tR\x16forcedNamespaceAliases\x125\n" + + "\x16handwritten_signatures\x18\x06 \x03(\tR\x15handwrittenSignatures\x1aB\n" + + "\x14RenamedServicesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\x1aC\n" + + "\x15RenamedResourcesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\"J\n" + + "\fRubySettings\x12:\n" + + "\x06common\x18\x01 \x01(\v2\".google.api.CommonLanguageSettingsR\x06common\"\xe4\x01\n" + + "\n" + + "GoSettings\x12:\n" + + "\x06common\x18\x01 \x01(\v2\".google.api.CommonLanguageSettingsR\x06common\x12V\n" + + "\x10renamed_services\x18\x02 \x03(\v2+.google.api.GoSettings.RenamedServicesEntryR\x0frenamedServices\x1aB\n" + + "\x14RenamedServicesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\"\xff\x03\n" + + "\x0eMethodSettings\x12\x1a\n" + + "\bselector\x18\x01 \x01(\tR\bselector\x12I\n" + + "\flong_running\x18\x02 \x01(\v2&.google.api.MethodSettings.LongRunningR\vlongRunning\x122\n" + + "\x15auto_populated_fields\x18\x03 \x03(\tR\x13autoPopulatedFields\x12;\n" + + "\bbatching\x18\x04 \x01(\v2\x1f.google.api.BatchingConfigProtoR\bbatching\x1a\x94\x02\n" + + "\vLongRunning\x12G\n" + + "\x12initial_poll_delay\x18\x01 \x01(\v2\x19.google.protobuf.DurationR\x10initialPollDelay\x122\n" + + "\x15poll_delay_multiplier\x18\x02 \x01(\x02R\x13pollDelayMultiplier\x12?\n" + + "\x0emax_poll_delay\x18\x03 \x01(\v2\x19.google.protobuf.DurationR\fmaxPollDelay\x12G\n" + + "\x12total_poll_timeout\x18\x04 \x01(\v2\x19.google.protobuf.DurationR\x10totalPollTimeout\"u\n" + + "\x18SelectiveGapicGeneration\x12\x18\n" + + "\amethods\x18\x01 \x03(\tR\amethods\x12?\n" + + "\x1cgenerate_omitted_as_internal\x18\x02 \x01(\bR\x19generateOmittedAsInternal\"\xa8\x01\n" + + "\x13BatchingConfigProto\x12A\n" + + "\n" + + "thresholds\x18\x01 \x01(\v2!.google.api.BatchingSettingsProtoR\n" + + "thresholds\x12N\n" + + "\x10batch_descriptor\x18\x02 \x01(\v2#.google.api.BatchingDescriptorProtoR\x0fbatchDescriptor\"\x9f\x04\n" + + "\x15BatchingSettingsProto\x126\n" + + "\x17element_count_threshold\x18\x01 \x01(\x05R\x15elementCountThreshold\x124\n" + + "\x16request_byte_threshold\x18\x02 \x01(\x03R\x14requestByteThreshold\x12B\n" + + "\x0fdelay_threshold\x18\x03 \x01(\v2\x19.google.protobuf.DurationR\x0edelayThreshold\x12.\n" + + "\x13element_count_limit\x18\x04 \x01(\x05R\x11elementCountLimit\x12,\n" + + "\x12request_byte_limit\x18\x05 \x01(\x05R\x10requestByteLimit\x12;\n" + + "\x1aflow_control_element_limit\x18\x06 \x01(\x05R\x17flowControlElementLimit\x125\n" + + "\x17flow_control_byte_limit\x18\a \x01(\x05R\x14flowControlByteLimit\x12\x81\x01\n" + + "$flow_control_limit_exceeded_behavior\x18\b \x01(\x0e21.google.api.FlowControlLimitExceededBehaviorProtoR flowControlLimitExceededBehavior\"\x9e\x01\n" + + "\x17BatchingDescriptorProto\x12#\n" + + "\rbatched_field\x18\x01 \x01(\tR\fbatchedField\x121\n" + + "\x14discriminator_fields\x18\x02 \x03(\tR\x13discriminatorFields\x12+\n" + + "\x11subresponse_field\x18\x03 \x01(\tR\x10subresponseField*\xa3\x01\n" + + "\x19ClientLibraryOrganization\x12+\n" + + "'CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED\x10\x00\x12\t\n" + + "\x05CLOUD\x10\x01\x12\a\n" + + "\x03ADS\x10\x02\x12\n" + + "\n" + + "\x06PHOTOS\x10\x03\x12\x0f\n" + + "\vSTREET_VIEW\x10\x04\x12\f\n" + + "\bSHOPPING\x10\x05\x12\a\n" + + "\x03GEO\x10\x06\x12\x11\n" + + "\rGENERATIVE_AI\x10\a*g\n" + + "\x18ClientLibraryDestination\x12*\n" + + "&CLIENT_LIBRARY_DESTINATION_UNSPECIFIED\x10\x00\x12\n" + + "\n" + + "\x06GITHUB\x10\n" + + "\x12\x13\n" + + "\x0fPACKAGE_MANAGER\x10\x14*g\n" + + "%FlowControlLimitExceededBehaviorProto\x12\x12\n" + + "\x0eUNSET_BEHAVIOR\x10\x00\x12\x13\n" + + "\x0fTHROW_EXCEPTION\x10\x01\x12\t\n" + + "\x05BLOCK\x10\x02\x12\n" + + "\n" + + "\x06IGNORE\x10\x03:J\n" + + "\x10method_signature\x12\x1e.google.protobuf.MethodOptions\x18\x9b\b \x03(\tR\x0fmethodSignature:C\n" + + "\fdefault_host\x12\x1f.google.protobuf.ServiceOptions\x18\x99\b \x01(\tR\vdefaultHost:C\n" + + "\foauth_scopes\x12\x1f.google.protobuf.ServiceOptions\x18\x9a\b \x01(\tR\voauthScopes:D\n" + + "\vapi_version\x12\x1f.google.protobuf.ServiceOptions\x18\xc1\xba\xab\xfa\x01 \x01(\tR\n" + + "apiVersionBi\n" + + "\x0ecom.google.apiB\vClientProtoP\x01ZAgoogle.golang.org/genproto/googleapis/api/annotations;annotations\xa2\x02\x04GAPIb\x06proto3" var ( file_google_api_client_proto_rawDescOnce sync.Once - file_google_api_client_proto_rawDescData = file_google_api_client_proto_rawDesc + file_google_api_client_proto_rawDescData []byte ) func file_google_api_client_proto_rawDescGZIP() []byte { file_google_api_client_proto_rawDescOnce.Do(func() { - file_google_api_client_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_api_client_proto_rawDescData) + file_google_api_client_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_google_api_client_proto_rawDesc), len(file_google_api_client_proto_rawDesc))) }) return file_google_api_client_proto_rawDescData } var file_google_api_client_proto_enumTypes = make([]protoimpl.EnumInfo, 3) var file_google_api_client_proto_msgTypes = make([]protoimpl.MessageInfo, 22) -var file_google_api_client_proto_goTypes = []interface{}{ +var file_google_api_client_proto_goTypes = []any{ (ClientLibraryOrganization)(0), // 0: google.api.ClientLibraryOrganization (ClientLibraryDestination)(0), // 1: google.api.ClientLibraryDestination (FlowControlLimitExceededBehaviorProto)(0), // 2: google.api.FlowControlLimitExceededBehaviorProto @@ -2324,229 +2047,11 @@ func file_google_api_client_proto_init() { if File_google_api_client_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_google_api_client_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CommonLanguageSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ClientLibrarySettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Publishing); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JavaSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CppSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PhpSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PythonSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NodeSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DotnetSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RubySettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GoSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MethodSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SelectiveGapicGeneration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*BatchingConfigProto); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*BatchingSettingsProto); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*BatchingDescriptorProto); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PythonSettings_ExperimentalFeatures); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_client_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MethodSettings_LongRunning); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_google_api_client_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_google_api_client_proto_rawDesc), len(file_google_api_client_proto_rawDesc)), NumEnums: 3, NumMessages: 22, NumExtensions: 4, @@ -2559,7 +2064,6 @@ func file_google_api_client_proto_init() { ExtensionInfos: file_google_api_client_proto_extTypes, }.Build() File_google_api_client_proto = out.File - file_google_api_client_proto_rawDesc = nil file_google_api_client_proto_goTypes = nil file_google_api_client_proto_depIdxs = nil } diff --git a/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go index 0020521205..baf9bc692f 100644 --- a/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go +++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go @@ -23,6 +23,7 @@ import ( "fmt" "io" "net" + "net/netip" "sync" "time" @@ -82,7 +83,12 @@ func (lb *lbBalancer) processServerList(l *lbpb.ServerList) { } md := metadata.Pairs(lbTokenKey, s.LoadBalanceToken) - ipStr := net.IP(s.IpAddress).String() + var ipStr string + if ip, ok := netip.AddrFromSlice(s.IpAddress); ok { + ipStr = ip.String() + } else { + ipStr = fmt.Sprintf("? %x", s.IpAddress) + } addr := imetadata.Set(resolver.Address{Addr: net.JoinHostPort(ipStr, fmt.Sprintf("%d", s.Port))}, md) if lb.logger.V(2) { lb.logger.Infof("Server list entry:|%d|, ipStr:|%s|, port:|%d|, load balancer token:|%v|", i, ipStr, s.Port, s.LoadBalanceToken) diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go index 5dec2dacc0..c4bca5203e 100644 --- a/vendor/google.golang.org/grpc/clientconn.go +++ b/vendor/google.golang.org/grpc/clientconn.go @@ -24,10 +24,12 @@ import ( "fmt" "math" "net/url" + "os" "slices" "strings" "sync" "sync/atomic" + "syscall" "time" "google.golang.org/grpc/balancer" @@ -1268,8 +1270,9 @@ type addrConn struct { channelz *channelz.SubChannel - localityLabel string - backendServiceLabel string + localityLabel string + backendServiceLabel string + disconnectErrorLabel string } // Note: this requires a lock on ac.mu. @@ -1286,9 +1289,14 @@ func (ac *addrConn) updateConnectivityState(s connectivity.State, lastErr error) // TODO: https://github.com/grpc/grpc-go/issues/7862 - Remove the second // part of the if condition below once the issue is fixed. if ac.state == connectivity.Ready || (ac.state == connectivity.Connecting && s == connectivity.Idle) { - disconnectionsMetric.Record(ac.cc.metricsRecorderList, 1, ac.cc.target, ac.backendServiceLabel, ac.localityLabel, "unknown") + disconnectError := ac.disconnectErrorLabel + if disconnectError == "" { + disconnectError = "unknown" + } + disconnectionsMetric.Record(ac.cc.metricsRecorderList, 1, ac.cc.target, ac.backendServiceLabel, ac.localityLabel, disconnectError) openConnectionsMetric.Record(ac.cc.metricsRecorderList, -1, ac.cc.target, ac.backendServiceLabel, ac.securityLevelLocked(), ac.localityLabel) } + ac.disconnectErrorLabel = "" // Reset for next time ac.state = s ac.channelz.ChannelMetrics.State.Store(&s) if lastErr == nil { @@ -1483,11 +1491,11 @@ func (ac *addrConn) createTransport(ctx context.Context, addr resolver.Address, addr.ServerName = ac.cc.getServerName(addr) hctx, hcancel := context.WithCancel(ctx) - onClose := func(r transport.GoAwayReason) { + onClose := func(info transport.GoAwayInfo) { ac.mu.Lock() defer ac.mu.Unlock() // adjust params based on GoAwayReason - ac.adjustParams(r) + ac.adjustParams(info.Reason) if ctx.Err() != nil { // Already shut down or connection attempt canceled. tearDown() or // updateAddrs() already cleared the transport and canceled hctx @@ -1504,6 +1512,7 @@ func (ac *addrConn) createTransport(ctx context.Context, addr resolver.Address, return } ac.transport = nil + ac.disconnectErrorLabel = disconnectErrorString(info) // Refresh the name resolver on any connection loss. ac.cc.resolveNow(resolver.ResolveNowOptions{}) // Always go idle and wait for the LB policy to initiate a new @@ -1560,6 +1569,32 @@ func (ac *addrConn) createTransport(ctx context.Context, addr resolver.Address, return nil } +// disconnectErrorString returns the grpc.disconnect_error metric label corresponding +// to the provided transport.GoAwayInfo, as specified by gRFC A94: +// https://github.com/grpc/proposal/blob/master/A94-grpc-subchannel-disconnections-metrics.md +func disconnectErrorString(info transport.GoAwayInfo) string { + err := info.Err + var sysErr syscall.Errno + switch { + case info.Reason != transport.GoAwayInvalid: + return fmt.Sprintf("GOAWAY %s", info.GoAwayCode.String()) + case err == nil: + return "unknown" + case errors.Is(err, context.Canceled): + return "subchannel shutdown" + case errors.Is(err, syscall.ECONNRESET): + return "connection reset" + case errors.Is(err, syscall.ETIMEDOUT), errors.Is(err, context.DeadlineExceeded), errors.Is(err, os.ErrDeadlineExceeded): + return "connection timed out" + case errors.Is(err, syscall.ECONNABORTED): + return "connection aborted" + case errors.As(err, &sysErr): + return "socket error" + default: + return "unknown" + } +} + // startHealthCheck starts the health checking stream (RPC) to watch the health // stats of this connection if health checking is requested and configured. // @@ -1663,6 +1698,9 @@ func (ac *addrConn) tearDown(err error) { } curTr := ac.transport ac.transport = nil + if ac.disconnectErrorLabel == "" { + ac.disconnectErrorLabel = "subchannel shutdown" + } // We have to set the state to Shutdown before anything else to prevent races // between setting the state and logic that waits on context cancellation / etc. ac.updateConnectivityState(connectivity.Shutdown, nil) diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/conn/record.go b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/record.go index c7fcf5e293..89bf22691e 100644 --- a/vendor/google.golang.org/grpc/credentials/alts/internal/conn/record.go +++ b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/record.go @@ -27,7 +27,9 @@ import ( "net" core "google.golang.org/grpc/credentials/alts/internal" - "google.golang.org/grpc/internal/mem" + imem "google.golang.org/grpc/internal/mem" + "google.golang.org/grpc/internal/transport/readyreader" + "google.golang.org/grpc/mem" ) // ALTSRecordCrypto is the interface for gRPC ALTS record protocol. @@ -74,11 +76,19 @@ const ( var ( protocols = make(map[string]ALTSRecordFunc) - writeBufPool *mem.BinaryTieredBufferPool + writeBufPool *imem.BinaryTieredBufferPool + // readBufPool pools buffers of at least `altsReadBufferInitialSize` size. + // Since the read buffer size is slightly larger than 32KB, using a regular + // BinaryTieredBufferPool results in allocating buffers of almost double the + // required length. + readBufPool = imem.NewDirtySimplePool() + + // Compile-time check to ensure conn implements ReadyReader. + _ readyreader.Reader = &conn{} ) func init() { - pool, err := mem.NewDirtyBinaryTieredBufferPool( + pool, err := imem.NewDirtyBinaryTieredBufferPool( 8, 12, // Go page size, 4KB 14, // 16KB (max HTTP/2 frame size used by gRPC) @@ -105,18 +115,23 @@ func RegisterProtocol(protocol string, f ALTSRecordFunc) error { // conn represents a secured connection. It implements the net.Conn interface. type conn struct { net.Conn + reader readyreader.Reader crypto ALTSRecordCrypto // buf holds data that has been read from the connection and decrypted, // but has not yet been returned by Read. It is a sub-slice of protected. buf []byte payloadLengthLimit int - // protected holds data read from the network but have not yet been - // decrypted. This data might not compose a complete frame. - protected []byte + // protectedHandle buffer holds data read from the network but have not yet + // been decrypted. This data might not compose a complete frame. + // + // The buffer pointer to points to a buffer from the readBufPool. The handle + // should only be returned to the pool once nextFrame and buf are empty. + protectedHandle *[]byte // nextFrame stores the next frame (in protected buffer) info. nextFrame []byte // overhead is the calculated overhead of each frame. - overhead int + overhead int + constPool constBufferPool // stored as a field to avoid heap allocations. } // NewConn creates a new secure channel instance given the other party role and @@ -135,91 +150,131 @@ func NewConn(c net.Conn, side core.Side, recordProtocol string, key []byte, prot // We pre-allocate protected to be of size 32KB during initialization. // We increase the size of the buffer by the required amount if it can't // hold a complete encrypted record. - protectedBuf := make([]byte, max(altsReadBufferInitialSize, len(protected))) + protectedHandle := readBufPool.Get(max(altsReadBufferInitialSize, len(protected))) + protectedBuf := *protectedHandle // Copy additional data from hanshaker service. copy(protectedBuf, protected) protectedBuf = protectedBuf[:len(protected)] altsConn := &conn{ Conn: c, + reader: readyreader.New(c), crypto: crypto, payloadLengthLimit: payloadLengthLimit, - protected: protectedBuf, + protectedHandle: protectedHandle, nextFrame: protectedBuf, overhead: overhead, } return altsConn, nil } +type constBufferPool struct { + buffer []byte +} + +func (p *constBufferPool) Get(int) *[]byte { + return &p.buffer +} + +func (p *constBufferPool) Put(*[]byte) {} + // Read reads and decrypts a frame from the underlying connection, and copies the // decrypted payload into b. If the size of the payload is greater than len(b), // Read retains the remaining bytes in an internal buffer, and subsequent calls // to Read will read from this buffer until it is exhausted. func (p *conn) Read(b []byte) (n int, err error) { + p.constPool.buffer = b + _, n, err = p.ReadOnReady(len(b), &p.constPool) + return n, err +} + +func (p *conn) ReadOnReady(bufSize int, pool mem.BufferPool) (*[]byte, int, error) { if len(p.buf) == 0 { var framedMsg []byte + var protected []byte + if p.protectedHandle != nil { + protected = *p.protectedHandle + protected = protected[:cap(protected)] + } + var err error framedMsg, p.nextFrame, err = ParseFramedMsg(p.nextFrame, altsRecordLengthLimit) if err != nil { - return n, err + return nil, 0, err } // Check whether the next frame to be decrypted has been // completely received yet. if len(framedMsg) == 0 { - copy(p.protected, p.nextFrame) - p.protected = p.protected[:len(p.nextFrame)] + copy(protected, p.nextFrame) + protected = protected[:len(p.nextFrame)] // Always copy next incomplete frame to the beginning of // the protected buffer and reset nextFrame to it. - p.nextFrame = p.protected + p.nextFrame = protected } // Check whether a complete frame has been received yet. for len(framedMsg) == 0 { - if len(p.protected) == cap(p.protected) { + if p.protectedHandle != nil && len(protected) == cap(protected) { // We can parse the length header to know exactly how large // the buffer needs to be to hold the entire frame. - length, didParse := parseMessageLength(p.protected) + length, didParse := parseMessageLength(protected) if !didParse { // The protected buffer is initialized with a capacity of // larger than 4B. It should always hold the message length // header. - panic(fmt.Sprintf("protected buffer length shorter than expected: %d vs %d", len(p.protected), MsgLenFieldSize)) + panic(fmt.Sprintf("protected buffer length shorter than expected: %d vs %d", len(protected), MsgLenFieldSize)) } - oldProtectedBuf := p.protected + oldProtectedBuf := protected + oldBufHandle := p.protectedHandle // The new buffer must be able to hold the message length header // and the entire message. requiredCapacity := int(length) + MsgLenFieldSize - p.protected = make([]byte, requiredCapacity) + p.protectedHandle = readBufPool.Get(requiredCapacity) + protected = *p.protectedHandle // Copy the contents of the old buffer and set the length of the // new buffer to the number of bytes already read. - copy(p.protected, oldProtectedBuf) - p.protected = p.protected[:len(oldProtectedBuf)] + copy(protected, oldProtectedBuf) + protected = protected[:len(oldProtectedBuf)] + readBufPool.Put(oldBufHandle) } - n, err = p.Conn.Read(p.protected[len(p.protected):cap(p.protected)]) - if err != nil { - return 0, err + if p.protectedHandle == nil { + // Connection was idle, need to re-allocate the read buffer. + newBuf, nRead, err := p.reader.ReadOnReady(altsReadBufferInitialSize, readBufPool) + if err != nil { + return nil, 0, err + } + p.protectedHandle = newBuf + protected = (*newBuf)[:nRead] + } else { + nRead, err := p.Conn.Read(protected[len(protected):cap(protected)]) + if err != nil { + return nil, 0, err + } + protected = protected[:len(protected)+nRead] } - p.protected = p.protected[:len(p.protected)+n] - framedMsg, p.nextFrame, err = ParseFramedMsg(p.protected, altsRecordLengthLimit) + framedMsg, p.nextFrame, err = ParseFramedMsg(protected, altsRecordLengthLimit) if err != nil { - return 0, err + return nil, 0, err } } // Now we have a complete frame, decrypted it. msg := framedMsg[MsgLenFieldSize:] msgType := binary.LittleEndian.Uint32(msg[:msgTypeFieldSize]) if msgType&0xff != altsRecordMsgType { - return 0, fmt.Errorf("received frame with incorrect message type %v, expected lower byte %v", + return nil, 0, fmt.Errorf("received frame with incorrect message type %v, expected lower byte %v", msgType, altsRecordMsgType) } ciphertext := msg[msgTypeFieldSize:] // Decrypt directly into the buffer, avoiding a copy from p.buf if // possible. - if len(b) >= len(ciphertext) { - dec, err := p.crypto.Decrypt(b[:0], ciphertext) + if bufSize >= len(ciphertext) { + allocatedBuf := pool.Get(bufSize) + dec, err := p.crypto.Decrypt((*allocatedBuf)[:0], ciphertext) if err != nil { - return 0, err + pool.Put(allocatedBuf) + return nil, 0, err } - return len(dec), nil + p.dropProtectedIfEmtpy() + return allocatedBuf, len(dec), nil } // Decrypt requires that if the dst and ciphertext alias, they // must alias exactly. Code here used to use msg[:0], but msg @@ -230,13 +285,28 @@ func (p *conn) Read(b []byte) (n int, err error) { // check: https://golang.org/pkg/crypto/cipher/#AEAD. p.buf, err = p.crypto.Decrypt(ciphertext[:0], ciphertext) if err != nil { - return 0, err + return nil, 0, err } } - n = copy(b, p.buf) + allocatedBuf := pool.Get(bufSize) + n := copy(*allocatedBuf, p.buf) p.buf = p.buf[n:] - return n, nil + p.dropProtectedIfEmtpy() + return allocatedBuf, n, nil +} + +func (p *conn) dropProtectedIfEmtpy() { + if len(p.buf) > 0 || len(p.nextFrame) > 0 { + return + } + // Potentially idle connection, release the read buffer. + p.nextFrame = nil + p.buf = nil + if p.protectedHandle != nil { + readBufPool.Put(p.protectedHandle) + p.protectedHandle = nil + } } // Write encrypts, frames, and writes bytes from b to the underlying connection. @@ -257,17 +327,11 @@ func (p *conn) Write(b []byte) (n int, err error) { writeBuf := *bufHandle for partialBStart := 0; partialBStart < len(b); partialBStart += partialBSize { - partialBEnd := partialBStart + partialBSize - if partialBEnd > len(b) { - partialBEnd = len(b) - } + partialBEnd := min(partialBStart+partialBSize, len(b)) partialB := b[partialBStart:partialBEnd] writeBufIndex := 0 for len(partialB) > 0 { - payloadLen := len(partialB) - if payloadLen > p.payloadLengthLimit { - payloadLen = p.payloadLengthLimit - } + payloadLen := min(len(partialB), p.payloadLengthLimit) buf := partialB[:payloadLen] partialB = partialB[payloadLen:] diff --git a/vendor/google.golang.org/grpc/experimental/stats/metrics.go b/vendor/google.golang.org/grpc/experimental/stats/metrics.go index 88742724a4..8732e53bde 100644 --- a/vendor/google.golang.org/grpc/experimental/stats/metrics.go +++ b/vendor/google.golang.org/grpc/experimental/stats/metrics.go @@ -20,10 +20,27 @@ package stats import ( + "context" + "google.golang.org/grpc/internal" "google.golang.org/grpc/stats" ) +type customLabelKey struct{} + +// NewContextWithCustomLabel returns a new context with the provided custom label +// attached. The label will be propagated to all metric instruments specified in gRFC A108. +func NewContextWithCustomLabel(ctx context.Context, label string) context.Context { + return context.WithValue(ctx, customLabelKey{}, label) +} + +// CustomLabelFromContext returns the custom label from the context if it exists. +// If the custom label is not present, it returns an empty string. +func CustomLabelFromContext(ctx context.Context) string { + label, _ := ctx.Value(customLabelKey{}).(string) + return label +} + // MetricsRecorder records on metrics derived from metric registry. // Implementors must embed UnimplementedMetricsRecorder. type MetricsRecorder interface { diff --git a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go index 3ae45faa40..8ca87a57a2 100644 --- a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go +++ b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go @@ -126,6 +126,16 @@ var ( // enabled by setting the env variable // GRPC_EXPERIMENTAL_ENABLE_PRIORITY_LB_CHILD_POLICY_CACHE to true. EnablePriorityLBChildPolicyCache = boolFromEnv("GRPC_EXPERIMENTAL_ENABLE_PRIORITY_LB_CHILD_POLICY_CACHE", false) + + // EnableHTTPFramerReadBufferPooling enables the use of the + // readyreader.Reader interface to perform non-memory-pinning reads, + // provided the underlying net.Conn supports it. This reduces memory usage + // when subchannels are idle. + // + // This environment variable serves as an escape hatch to disable the + // feature if unforeseen issues arise, and it will be removed in a future + // release. + EnableHTTPFramerReadBufferPooling = boolFromEnv("GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING", true) ) func boolFromEnv(envVar string, def bool) bool { diff --git a/vendor/google.golang.org/grpc/internal/envconfig/xds.go b/vendor/google.golang.org/grpc/internal/envconfig/xds.go index 7685d08b54..333d8a0b06 100644 --- a/vendor/google.golang.org/grpc/internal/envconfig/xds.go +++ b/vendor/google.golang.org/grpc/internal/envconfig/xds.go @@ -79,4 +79,14 @@ var ( // xDS bootstrap configuration via the `call_creds` field. For more details, // see: https://github.com/grpc/proposal/blob/master/A97-xds-jwt-call-creds.md XDSBootstrapCallCredsEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_BOOTSTRAP_CALL_CREDS", false) + + // XDSSNIEnabled controls if gRPC should send SNI information in xDS + // configured TLS handshakes. For more details, see: + // https://github.com/grpc/proposal/blob/master/A101-SNI-setting-and-SNI-SAN-validation.md + XDSSNIEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_SNI", false) + + // XDSORCAToLRSPropEnabled controls whether ORCA metrics are explicitly + // filtered and prefix-propagated to the LRS server. For more details, see: + // https://github.com/grpc/proposal/blob/master/A85-lrs-custom-metrics-changes.md + XDSORCAToLRSPropEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION", false) ) diff --git a/vendor/google.golang.org/grpc/internal/mem/buffer_pool.go b/vendor/google.golang.org/grpc/internal/mem/buffer_pool.go index c2348a82ef..2d83b2eced 100644 --- a/vendor/google.golang.org/grpc/internal/mem/buffer_pool.go +++ b/vendor/google.golang.org/grpc/internal/mem/buffer_pool.go @@ -73,7 +73,7 @@ type BinaryTieredBufferPool struct { func NewBinaryTieredBufferPool(powerOfTwoExponents ...uint8) (*BinaryTieredBufferPool, error) { return newBinaryTiered(func(size int) bufferPool { return newSizedBufferPool(size, true) - }, &simpleBufferPool{shouldZero: true}, powerOfTwoExponents...) + }, &SimpleBufferPool{shouldZero: true}, powerOfTwoExponents...) } // NewDirtyBinaryTieredBufferPool returns a BufferPool backed by multiple @@ -82,7 +82,7 @@ func NewBinaryTieredBufferPool(powerOfTwoExponents ...uint8) (*BinaryTieredBuffe func NewDirtyBinaryTieredBufferPool(powerOfTwoExponents ...uint8) (*BinaryTieredBufferPool, error) { return newBinaryTiered(func(size int) bufferPool { return newSizedBufferPool(size, false) - }, &simpleBufferPool{shouldZero: false}, powerOfTwoExponents...) + }, NewDirtySimplePool(), powerOfTwoExponents...) } func newBinaryTiered(sizedPoolFactory func(int) bufferPool, fallbackPool bufferPool, powerOfTwoExponents ...uint8) (*BinaryTieredBufferPool, error) { @@ -258,7 +258,7 @@ func newSizedBufferPool(size int, zero bool) *sizedBufferPool { // buffer pools for different sizes of buffers. type TieredBufferPool struct { sizedPools []*sizedBufferPool - fallbackPool simpleBufferPool + fallbackPool SimpleBufferPool } // NewTieredBufferPool returns a BufferPool implementation that uses multiple @@ -271,7 +271,7 @@ func NewTieredBufferPool(poolSizes ...int) *TieredBufferPool { } return &TieredBufferPool{ sizedPools: pools, - fallbackPool: simpleBufferPool{shouldZero: true}, + fallbackPool: SimpleBufferPool{shouldZero: true}, } } @@ -297,16 +297,26 @@ func (p *TieredBufferPool) getPool(size int) bufferPool { return p.sizedPools[poolIdx] } -// simpleBufferPool is an implementation of the BufferPool interface that +// SimpleBufferPool is an implementation of the mem.BufferPool interface that // attempts to pool buffers with a sync.Pool. When Get is invoked, it tries to // acquire a buffer from the pool but if that buffer is too small, it returns it // to the pool and creates a new one. -type simpleBufferPool struct { +type SimpleBufferPool struct { pool sync.Pool shouldZero bool } -func (p *simpleBufferPool) Get(size int) *[]byte { +// NewDirtySimplePool constructs a [SimpleBufferPool]. It does not initialize +// the buffers before returning them. Callers must ensure they don't read the +// buffers before writing data to them. +func NewDirtySimplePool() *SimpleBufferPool { + return &SimpleBufferPool{ + shouldZero: false, + } +} + +// Get returns a buffer with specified length from the pool. +func (p *SimpleBufferPool) Get(size int) *[]byte { bs, ok := p.pool.Get().(*[]byte) if ok && cap(*bs) >= size { if p.shouldZero { @@ -333,6 +343,7 @@ func (p *simpleBufferPool) Get(size int) *[]byte { return &b } -func (p *simpleBufferPool) Put(buf *[]byte) { +// Put returns a buffer to the pool. +func (p *SimpleBufferPool) Put(buf *[]byte) { p.pool.Put(buf) } diff --git a/vendor/google.golang.org/grpc/internal/resolver/config_selector.go b/vendor/google.golang.org/grpc/internal/resolver/config_selector.go index f0603871c9..3db62ccad2 100644 --- a/vendor/google.golang.org/grpc/internal/resolver/config_selector.go +++ b/vendor/google.golang.org/grpc/internal/resolver/config_selector.go @@ -115,6 +115,9 @@ type ClientInterceptor interface { // ClientStream after done is called, since the interceptor is invoked by // application-layer operations. done must never be nil when called. NewStream(ctx context.Context, ri RPCInfo, done func(), newStream func(ctx context.Context, done func()) (ClientStream, error)) (ClientStream, error) + // Close closes the interceptor. Once called, no new calls to NewStream are + // accepted. Ongoing calls to NewStream are allowed to complete. + Close() } // ServerInterceptor is an interceptor for incoming RPC's on gRPC server side. @@ -123,6 +126,9 @@ type ServerInterceptor interface { // information about connection RPC was received on, and HTTP Headers. This // information will be piped into context. AllowRPC(ctx context.Context) error // TODO: Make this a real interceptor for filters such as rate limiting. + // Close closes the interceptor. Once called, no new calls to NewStream are + // accepted. Ongoing calls to NewStream are allowed to complete. + Close() } type csKeyType string diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go index c943503f35..d6bc6a6cc7 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go @@ -134,6 +134,8 @@ type http2Client struct { // goAwayDebugMessage contains a detailed human readable string about a // GoAway frame, useful for error messages. goAwayDebugMessage string + // goAwayCode records the http2.ErrCode received with the GoAway frame. + goAwayCode http2.ErrCode // A condition variable used to signal when the keepalive goroutine should // go dormant. The condition for dormancy is based on the number of active // streams and the `PermitWithoutStream` keepalive client parameter. And @@ -147,7 +149,7 @@ type http2Client struct { channelz *channelz.Socket - onClose func(GoAwayReason) + onClose OnCloseFunc bufferPool mem.BufferPool @@ -204,7 +206,7 @@ func isTemporary(err error) bool { // NewHTTP2Client constructs a connected ClientTransport to addr based on HTTP2 // and starts to receive messages on it. Non-nil error returns if construction // fails. -func NewHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts ConnectOptions, onClose func(GoAwayReason)) (_ ClientTransport, err error) { +func NewHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts ConnectOptions, onClose OnCloseFunc) (_ ClientTransport, err error) { scheme := "http" ctx, cancel := context.WithCancel(ctx) defer func() { @@ -1015,7 +1017,7 @@ func (t *http2Client) Close(err error) { // Call t.onClose ASAP to prevent the client from attempting to create new // streams. if t.state != draining { - t.onClose(GoAwayInvalid) + t.onClose(GoAwayInfo{Reason: GoAwayInvalid, GoAwayCode: http2.ErrCodeNo, Err: err}) } t.state = closing streams := t.activeStreams @@ -1086,7 +1088,7 @@ func (t *http2Client) GracefulClose() { if t.logger.V(logLevel) { t.logger.Infof("GracefulClose called") } - t.onClose(GoAwayInvalid) + t.onClose(GoAwayInfo{Reason: GoAwayInvalid, GoAwayCode: http2.ErrCodeNo}) t.state = draining active := len(t.activeStreams) t.mu.Unlock() @@ -1236,7 +1238,10 @@ func (t *http2Client) handleData(f *parsedDataFrame) { // The server has closed the stream without sending trailers. Record that // the read direction is closed, and set the status appropriately. if f.StreamEnded() { - t.closeStream(s, io.EOF, false, http2.ErrCodeNo, status.New(codes.Internal, "server closed the stream without sending trailers"), nil, true) + // If client received END_STREAM from server while stream was still + // active, send RST_STREAM. + rstStream := s.getState() == streamActive + t.closeStream(s, io.EOF, rstStream, http2.ErrCodeNo, status.New(codes.Internal, "server closed the stream without sending trailers"), nil, true) } } @@ -1372,7 +1377,7 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) error { // draining, to allow the client to stop attempting to create streams // before disallowing new streams on this connection. if t.state != draining { - t.onClose(t.goAwayReason) + t.onClose(GoAwayInfo{Reason: t.goAwayReason, GoAwayCode: t.goAwayCode}) t.state = draining } } @@ -1422,6 +1427,7 @@ func (t *http2Client) setGoAwayReason(f *http2.GoAwayFrame) { } else { t.goAwayDebugMessage = fmt.Sprintf("code: %s, debug data: %q", f.ErrCode, string(f.DebugData())) } + t.goAwayCode = f.ErrCode } func (t *http2Client) GetGoAwayReason() (GoAwayReason, string) { diff --git a/vendor/google.golang.org/grpc/internal/transport/http_util.go b/vendor/google.golang.org/grpc/internal/transport/http_util.go index 5bbb641ad9..c34975ffef 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http_util.go +++ b/vendor/google.golang.org/grpc/internal/transport/http_util.go @@ -36,6 +36,9 @@ import ( "golang.org/x/net/http2" "golang.org/x/net/http2/hpack" "google.golang.org/grpc/codes" + "google.golang.org/grpc/internal/envconfig" + imem "google.golang.org/grpc/internal/mem" + "google.golang.org/grpc/internal/transport/readyreader" "google.golang.org/grpc/mem" ) @@ -296,7 +299,7 @@ func decodeGrpcMessageUnchecked(msg string) string { } type bufWriter struct { - pool *sync.Pool + pool *imem.SimpleBufferPool buf []byte offset int batchSize int @@ -304,7 +307,7 @@ type bufWriter struct { err error } -func newBufWriter(conn io.Writer, batchSize int, pool *sync.Pool) *bufWriter { +func newBufWriter(conn io.Writer, batchSize int, pool *imem.SimpleBufferPool) *bufWriter { w := &bufWriter{ batchSize: batchSize, conn: conn, @@ -326,7 +329,7 @@ func (w *bufWriter) Write(b []byte) (int, error) { return n, toIOError(err) } if w.buf == nil { - b := w.pool.Get().(*[]byte) + b := w.pool.Get(w.batchSize) w.buf = *b } written := 0 @@ -407,22 +410,32 @@ type framer struct { errDetail error } -var writeBufferPoolMap = make(map[int]*sync.Pool) -var writeBufferMutex sync.Mutex +var ioBufferPoolMap = make(map[int]*imem.SimpleBufferPool) +var ioBufferMutex sync.Mutex + +func bufferedReader(r io.Reader, bufSize int) io.Reader { + if bufSize <= 0 { + return r + } + if envconfig.EnableHTTPFramerReadBufferPooling { + if rr := readyreader.NewNonBlocking(r); rr != nil { + readPool := ioBufferPool(bufSize) + return readyreader.NewBuffered(rr, bufSize, readPool) + } + } + return bufio.NewReaderSize(r, bufSize) +} func newFramer(conn io.ReadWriter, writeBufferSize, readBufferSize int, sharedWriteBuffer bool, maxHeaderListSize uint32, memPool mem.BufferPool) *framer { if writeBufferSize < 0 { writeBufferSize = 0 } - var r io.Reader = conn - if readBufferSize > 0 { - r = bufio.NewReaderSize(r, readBufferSize) - } - var pool *sync.Pool + r := bufferedReader(conn, readBufferSize) + var writePool *imem.SimpleBufferPool if sharedWriteBuffer { - pool = getWriteBufferPool(writeBufferSize) + writePool = ioBufferPool(writeBufferSize) } - w := newBufWriter(conn, writeBufferSize, pool) + w := newBufWriter(conn, writeBufferSize, writePool) f := &framer{ writer: w, fr: http2.NewFramer(w, r), @@ -578,20 +591,15 @@ func (df *parsedDataFrame) Header() http2.FrameHeader { return df.FrameHeader } -func getWriteBufferPool(size int) *sync.Pool { - writeBufferMutex.Lock() - defer writeBufferMutex.Unlock() - pool, ok := writeBufferPoolMap[size] +func ioBufferPool(size int) *imem.SimpleBufferPool { + ioBufferMutex.Lock() + defer ioBufferMutex.Unlock() + pool, ok := ioBufferPoolMap[size] if ok { return pool } - pool = &sync.Pool{ - New: func() any { - b := make([]byte, size) - return &b - }, - } - writeBufferPoolMap[size] = pool + pool = imem.NewDirtySimplePool() + ioBufferPoolMap[size] = pool return pool } diff --git a/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_linux.go b/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_linux.go new file mode 100644 index 0000000000..56906c35b3 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_linux.go @@ -0,0 +1,39 @@ +/* + * + * Copyright 2026 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package readyreader + +import "syscall" + +func isRawConnSupported() bool { + return true +} + +// sysRead uses the standard syscall package rather than the modern unix package +// to avoid triggering the race detector. Because both packages perform sync +// operations on a local variable to satisfy the race detector, mixing them +// for read and write syscalls causes data races. We use syscall here to remain +// consistent with net.Conn implementations in standard library. +func sysRead(fd uintptr, p []byte) (int, error) { + return syscall.Read(int(fd), p) +} + +// wouldBlock checks standard Unix non-blocking errors. +func wouldBlock(err error) bool { + return err == syscall.EAGAIN || err == syscall.EWOULDBLOCK +} diff --git a/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_nonlinux.go b/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_nonlinux.go new file mode 100644 index 0000000000..4d1f330060 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_nonlinux.go @@ -0,0 +1,35 @@ +//go:build !linux + +/* + * + * Copyright 2026 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package readyreader + +func isRawConnSupported() bool { + return false +} + +// sysRead is not implemented. Support can be added in the future if necessary. +func sysRead(uintptr, []byte) (int, error) { + panic("RawConn functionality is not implemented for non-unix platforms.") +} + +// wouldBlock is not implemented. Support can be added in the future if necessary. +func wouldBlock(error) bool { + panic("RawConn functionality is not implemented for non-unix platforms.") +} diff --git a/vendor/google.golang.org/grpc/internal/transport/readyreader/ready_reader.go b/vendor/google.golang.org/grpc/internal/transport/readyreader/ready_reader.go new file mode 100644 index 0000000000..250a300c73 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/transport/readyreader/ready_reader.go @@ -0,0 +1,253 @@ +/* + * + * Copyright 2026 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +// Package readyreader provides utilities to perform non-memory-pinning reads. +package readyreader + +import ( + "io" + "net" + "syscall" + + "google.golang.org/grpc/mem" +) + +// Reader is an optional interface that can be implemented by [net.Conn] +// implementations to enable gRPC to perform non-memory-pinning reads. +type Reader interface { + // ReadOnReady waits for data to arrive, fetches a buffer, and performs a + // read. When the underlying IO is readable, it allocates a buffer of size + // bufSize from the pool and reads up to bufSize bytes into the buffer. + // + // It returns a pointer to the buffer so it can be returned to the pool + // later, the number of bytes read, and an error. + // + // Callers should always process the n > 0 bytes returned before considering + // the error. Doing so correctly handles I/O errors that happen after + // reading some bytes, as well as both of the allowed EOF behaviors. + ReadOnReady(bufSize int, pool mem.BufferPool) (b *[]byte, n int, err error) +} + +// nonBlockingReader is optimized for non-memory-pinning reads using the RawConn +// interface. +type nonBlockingReader struct { + raw syscall.RawConn + // The following fields are stored as field to avoid heap allocations. + state readState + doRead func(fd uintptr) bool +} + +type readState struct { + // Request params. + bufSize int + pool mem.BufferPool + + // Response params. + readError error + bytesRead int + buf *[]byte +} + +// NewNonBlocking returns a ReadyReader if the passed reader supports +// non-memory-pinning reads, else nil. +func NewNonBlocking(r io.Reader) Reader { + if rr, ok := r.(Reader); ok { + return rr + } + if !isRawConnSupported() { + return nil + } + // We restrict the types before asserting syscall.Conn. The credentials + // package may return a wrapper that implements syscall.Conn by embedding + // both the raw connection and the encrypted connection. If the code + // attempts to read directly from the raw syscall.RawConn, it would read + // encrypted data. + switch r.(type) { + case *net.TCPConn, *net.UDPConn, *net.UnixConn, *net.IPConn: + default: + return nil + } + sysConn, ok := r.(syscall.Conn) + if !ok { + return nil + } + raw, err := sysConn.SyscallConn() + if err != nil { + return nil + } + rr := &nonBlockingReader{raw: raw} + rr.doRead = func(fd uintptr) bool { + s := &rr.state + + s.buf = s.pool.Get(s.bufSize) + s.bytesRead, s.readError = sysRead(fd, *s.buf) + + if s.readError != nil { + s.pool.Put(s.buf) + s.buf = nil + } + return !wouldBlock(s.readError) + } + return rr +} + +func (c *nonBlockingReader) ReadOnReady(bufSize int, pool mem.BufferPool) (*[]byte, int, error) { + c.state = readState{ + pool: pool, + bufSize: bufSize, + } + err := c.raw.Read(c.doRead) + + buf := c.state.buf + n := c.state.bytesRead + readErr := c.state.readError + c.state = readState{} + + if err != nil { + if buf != nil { + pool.Put(buf) + } + return nil, 0, err + } + if readErr != nil { + // buffer is already released in the callback. + return nil, 0, readErr + } + if n == 0 { + // syscall.Read doesn't consider a graceful socket closure to be an + // error condition, but Go's io.Reader expects an EOF error. + pool.Put(buf) + return nil, 0, io.EOF + } + return buf, n, nil +} + +type blockingReader struct { + reader io.Reader +} + +func (c *blockingReader) ReadOnReady(bufSize int, pool mem.BufferPool) (*[]byte, int, error) { + buf := pool.Get(bufSize) + n, err := c.reader.Read(*buf) + if err != nil { + pool.Put(buf) + return nil, 0, err + } + return buf, n, nil +} + +// New detects if [syscall.RawConn] is available for non-memory-pinning reads. +// If [syscall.RawConn] is unavailable, it falls back to using the simpler +// [io.Reader] interface for reads. +func New(r io.Reader) Reader { + if r := NewNonBlocking(r); r != nil { + return r + } + return &blockingReader{reader: r} +} + +// bufReadyReader implements buffering for a ReadyReader object. +// A new bufReadyReader is created by calling [NewBuffered]. +type bufReadyReader struct { + buf *[]byte + pool mem.BufferPool + bufSize int + rd Reader // reader provided by the caller + r, w int // buf read and write positions + err error + constPool constBufferPool // stored as a field to avoid heap allocations. +} + +// NewBuffered returns a new [io.Reader] with a buffer of the specified size +// which is allocated from the provided pool. +func NewBuffered(rd Reader, size int, pool mem.BufferPool) io.Reader { + return &bufReadyReader{ + rd: rd, + pool: pool, + bufSize: size, + } +} + +func (b *bufReadyReader) readErr() error { + err := b.err + b.err = nil + return err +} + +func (b *bufReadyReader) buffered() int { return b.w - b.r } + +// Read reads data into p. It returns the number of bytes read into p. The +// bytes are taken from at most one Read on the underlying [ReadyReader], +// hence n may be less than len(p). If the underlying [ReadyReader] can return +// a non-zero count with io.EOF, then this Read method can do so as well; see +// the [io.Reader] docs. +func (b *bufReadyReader) Read(p []byte) (n int, err error) { + n = len(p) + if n == 0 { + if b.buffered() > 0 { + return 0, nil + } + return 0, b.readErr() + } + if b.r == b.w { + if b.err != nil { + return 0, b.readErr() + } + if len(p) >= b.bufSize { + // Large read, empty buffer. + // Read directly into p to avoid copy. + b.constPool.buffer = p + _, n, b.err = b.rd.ReadOnReady(len(p), &b.constPool) + return n, b.readErr() + } + // One read. + b.r = 0 + b.w = 0 + b.buf, n, b.err = b.rd.ReadOnReady(b.bufSize, b.pool) + if n == 0 { + if b.buf != nil { + b.pool.Put(b.buf) + b.buf = nil + } + return 0, b.readErr() + } + b.w += n + } + + // copy as much as we can + // b.buf must be non-nil since b.r != b.w. + buf := *b.buf + n = copy(p, buf[b.r:b.w]) + b.r += n + if b.r == b.w { + // Consumed entire buffer, release it. + b.pool.Put(b.buf) + b.buf = nil + } + return n, nil +} + +type constBufferPool struct { + buffer []byte +} + +func (p *constBufferPool) Get(int) *[]byte { + return &p.buffer +} + +func (p *constBufferPool) Put(*[]byte) {} diff --git a/vendor/google.golang.org/grpc/internal/transport/transport.go b/vendor/google.golang.org/grpc/internal/transport/transport.go index b86094da94..1e224576e8 100644 --- a/vendor/google.golang.org/grpc/internal/transport/transport.go +++ b/vendor/google.golang.org/grpc/internal/transport/transport.go @@ -31,6 +31,7 @@ import ( "sync/atomic" "time" + "golang.org/x/net/http2" "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" "google.golang.org/grpc/internal/channelz" @@ -742,6 +743,22 @@ const ( GoAwayTooManyPings GoAwayReason = 2 ) +// GoAwayInfo contains metadata about why a connection was closed. +type GoAwayInfo struct { + // Reason is the parsed reason for an HTTP/2 GOAWAY frame. + Reason GoAwayReason + // GoAwayCode is the raw HTTP/2 error code received in a GOAWAY frame. + GoAwayCode http2.ErrCode + // Err is the underlying error that caused the connection to close. It is + // populated if the connection was closed due to a socket error or context + // cancellation without receiving a GOAWAY frame. If the connection was + // closed due to a GOAWAY frame, this field will be nil. + Err error +} + +// OnCloseFunc is a callback invoked when a ClientTransport closes. +type OnCloseFunc func(GoAwayInfo) + // ContextErr converts the error from context package into a status error. func ContextErr(err error) error { switch err { diff --git a/vendor/google.golang.org/grpc/internal/xds/clients/config.go b/vendor/google.golang.org/grpc/internal/xds/clients/config.go index f106465f64..aa89d2b1ce 100644 --- a/vendor/google.golang.org/grpc/internal/xds/clients/config.go +++ b/vendor/google.golang.org/grpc/internal/xds/clients/config.go @@ -109,4 +109,32 @@ type MetricsReporter interface { // Each client will produce different metrics. Please see the client's // documentation for a list of possible metrics events. ReportMetric(metric any) + + // RegisterAsyncReporter registers a reporter to produce metric values for + // the set of metrics supported by the client. See the metrics sub-package + // for the specific client (e.g. internal/xds/clients/xdsclient/metrics/metrics.go) + // for the list of supported metrics. The returned function must be called + // when the metrics are no longer needed, which will remove the reporter. + // The function is expected to be idempotent. + // + // Once the returned cancel function is called, the Report method on the + // registered reporter is guaranteed not to be called again. + RegisterAsyncReporter(reporter AsyncReporter) func() +} + +// AsyncReporter records metrics asynchronously. +// Implementations must be concurrent-safe. +// The metric will be recorded once per collection cycle, rather than every time +// its value changes. +type AsyncReporter interface { + // Report records metric values using the provided recorder. + Report(AsyncMetricsRecorder) error +} + +// AsyncMetricsRecorder is a recorder for async metrics (i.e the metric will be +// recorded once per collection cycle, rather than every time its value changes). +type AsyncMetricsRecorder interface { + // ReportMetric reports a metric. The metric will be one of the predefined + // set of types in the internal/xds/clients/xdsclient/metrics/metrics.go file. + ReportMetric(metric any) } diff --git a/vendor/google.golang.org/grpc/mem/buffer_slice.go b/vendor/google.golang.org/grpc/mem/buffer_slice.go index 084fb19c6d..086e9f95de 100644 --- a/vendor/google.golang.org/grpc/mem/buffer_slice.go +++ b/vendor/google.golang.org/grpc/mem/buffer_slice.go @@ -165,7 +165,7 @@ func (r *Reader) Close() error { } func (r *Reader) freeFirstBufferIfEmpty() bool { - if len(r.data) == 0 || r.bufferIdx != len(r.data[0].ReadOnlyData()) { + if len(r.data) == 0 || r.bufferIdx != r.data[0].Len() { return false } diff --git a/vendor/google.golang.org/grpc/mem/buffers.go b/vendor/google.golang.org/grpc/mem/buffers.go index db1620e6ac..2b410b16eb 100644 --- a/vendor/google.golang.org/grpc/mem/buffers.go +++ b/vendor/google.golang.org/grpc/mem/buffers.go @@ -53,6 +53,10 @@ type Buffer interface { Free() // Len returns the Buffer's size. Len() int + // Slice returns a new Buffer that is a view into this buffer's data + // from [start:end). The buffer is not modified. Panics if the buffer + // has been freed or if start/end are out of bounds. + Slice(start, end int) Buffer split(n int) (left, right Buffer) read(buf []byte) (int, Buffer) @@ -180,6 +184,32 @@ func (b *buffer) Len() int { return len(b.ReadOnlyData()) } +func (b *buffer) Slice(start, end int) Buffer { + if b.rootBuf == nil { + panic("Cannot slice freed buffer") + } + + data := b.data[start:end] // access the data to check slice bounds + + if len(data) == 0 { + return emptyBuffer{} + } + if len(data) == len(b.data) { + b.Ref() + return b + } + // We are creating a new reference (view) to a portion of the root buffer's + // data. Therefore, we must increment the reference count of the root buffer + // to ensure the underlying data is not freed while this view is still in + // use. + b.rootBuf.Ref() + s := newBuffer() + s.data = data + s.rootBuf = b.rootBuf + s.refs.Store(1) + return s +} + func (b *buffer) split(n int) (Buffer, Buffer) { if b.rootBuf == nil || b.rootBuf.refs.Add(1) <= 1 { panic("Cannot split freed buffer") @@ -240,6 +270,13 @@ func (e emptyBuffer) Len() int { return 0 } +func (e emptyBuffer) Slice(start, end int) Buffer { + if start != 0 || end != 0 { + panic(fmt.Sprintf("slice bounds out of range [%d:%d] with length 0", start, end)) + } + return e +} + func (e emptyBuffer) split(int) (left, right Buffer) { return e, e } @@ -264,6 +301,9 @@ func (s SliceBuffer) Free() {} // Len is a noop implementation of Len. func (s SliceBuffer) Len() int { return len(s) } +// Slice returns a new SliceBuffer that is a view into the receiver from [start:end). +func (s SliceBuffer) Slice(start, end int) Buffer { return s[start:end] } + func (s SliceBuffer) split(n int) (left, right Buffer) { return s[:n], s[n:] } diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go index eedb5f9b99..4aac644a83 100644 --- a/vendor/google.golang.org/grpc/stream.go +++ b/vendor/google.golang.org/grpc/stream.go @@ -21,6 +21,7 @@ package grpc import ( "context" "errors" + "fmt" "io" "math" rand "math/rand/v2" @@ -749,7 +750,7 @@ func (a *csAttempt) shouldRetry(err error) (bool, error) { return false, err } if cs.numRetries+1 >= rp.MaxAttempts { - return false, err + return false, fmt.Errorf("max retries exhausted: failed after %d attempts: %w", cs.numRetries+1, err) } var dur time.Duration diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go index 12f649dcb7..3ccfe515f7 100644 --- a/vendor/google.golang.org/grpc/version.go +++ b/vendor/google.golang.org/grpc/version.go @@ -19,4 +19,4 @@ package grpc // Version is the current grpc version. -const Version = "1.80.0" +const Version = "1.81.1" diff --git a/vendor/knative.dev/pkg/observability/semconv/httpconv/httpconv.go b/vendor/knative.dev/pkg/observability/semconv/httpconv/httpconv.go index 0781adea84..a6f5f9c9ac 100644 --- a/vendor/knative.dev/pkg/observability/semconv/httpconv/httpconv.go +++ b/vendor/knative.dev/pkg/observability/semconv/httpconv/httpconv.go @@ -18,7 +18,7 @@ package httpconv import ( "go.opentelemetry.io/otel/metric" - "go.opentelemetry.io/otel/semconv/v1.40.0/httpconv" + "go.opentelemetry.io/otel/semconv/v1.41.0/httpconv" ) type ( diff --git a/vendor/knative.dev/pkg/observability/semconv/semconv.go b/vendor/knative.dev/pkg/observability/semconv/semconv.go index ec7af05227..bf5490ad45 100644 --- a/vendor/knative.dev/pkg/observability/semconv/semconv.go +++ b/vendor/knative.dev/pkg/observability/semconv/semconv.go @@ -18,7 +18,7 @@ package semconv import ( "go.opentelemetry.io/otel/attribute" - semconv "go.opentelemetry.io/otel/semconv/v1.40.0" + semconv "go.opentelemetry.io/otel/semconv/v1.41.0" ) const ( diff --git a/vendor/modules.txt b/vendor/modules.txt index e70213746b..b9e55b0557 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -390,8 +390,8 @@ github.com/googleapis/gax-go/v2/internal # github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 ## explicit; go 1.20 github.com/gorilla/websocket -# github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 -## explicit; go 1.24.0 +# github.com/grpc-ecosystem/grpc-gateway/v2 v2.29.0 +## explicit; go 1.25.0 github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule github.com/grpc-ecosystem/grpc-gateway/v2/runtime github.com/grpc-ecosystem/grpc-gateway/v2/utilities @@ -602,17 +602,17 @@ go.opentelemetry.io/auto/sdk/internal/telemetry ## explicit; go 1.22.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/internal -# go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 +# go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.69.0 ## explicit; go 1.25.0 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/request go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv -# go.opentelemetry.io/contrib/instrumentation/runtime v0.68.0 +# go.opentelemetry.io/contrib/instrumentation/runtime v0.69.0 ## explicit; go 1.25.0 go.opentelemetry.io/contrib/instrumentation/runtime go.opentelemetry.io/contrib/instrumentation/runtime/internal/deprecatedruntime go.opentelemetry.io/contrib/instrumentation/runtime/internal/x -# go.opentelemetry.io/otel v1.43.0 +# go.opentelemetry.io/otel v1.44.0 ## explicit; go 1.25.0 go.opentelemetry.io/otel go.opentelemetry.io/otel/attribute @@ -629,31 +629,37 @@ go.opentelemetry.io/otel/semconv/v1.17.0 go.opentelemetry.io/otel/semconv/v1.20.0 go.opentelemetry.io/otel/semconv/v1.37.0 go.opentelemetry.io/otel/semconv/v1.4.0 -go.opentelemetry.io/otel/semconv/v1.40.0 -go.opentelemetry.io/otel/semconv/v1.40.0/goconv -go.opentelemetry.io/otel/semconv/v1.40.0/httpconv -go.opentelemetry.io/otel/semconv/v1.40.0/otelconv -# go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0 +go.opentelemetry.io/otel/semconv/v1.41.0 +go.opentelemetry.io/otel/semconv/v1.41.0/goconv +go.opentelemetry.io/otel/semconv/v1.41.0/httpconv +go.opentelemetry.io/otel/semconv/v1.41.0/otelconv +# go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.44.0 ## explicit; go 1.25.0 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/counter go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/envconfig +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/observ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/oconf go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/retry go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/transform -# go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.43.0 +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x +# go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.44.0 ## explicit; go 1.25.0 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/counter go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/envconfig +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/observ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/oconf go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/retry go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/transform -# go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x +# go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.44.0 ## explicit; go 1.25.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform -# go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 +# go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.44.0 ## explicit; go 1.25.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal @@ -663,7 +669,7 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/observ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/x -# go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0 +# go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.44.0 ## explicit; go 1.25.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal @@ -673,26 +679,26 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/observ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/otlpconfig go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/retry go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/x -# go.opentelemetry.io/otel/exporters/prometheus v0.65.0 +# go.opentelemetry.io/otel/exporters/prometheus v0.66.0 ## explicit; go 1.25.0 go.opentelemetry.io/otel/exporters/prometheus go.opentelemetry.io/otel/exporters/prometheus/internal go.opentelemetry.io/otel/exporters/prometheus/internal/counter go.opentelemetry.io/otel/exporters/prometheus/internal/observ go.opentelemetry.io/otel/exporters/prometheus/internal/x -# go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0 +# go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.44.0 ## explicit; go 1.25.0 go.opentelemetry.io/otel/exporters/stdout/stdouttrace go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal/counter go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal/observ go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal/x -# go.opentelemetry.io/otel/metric v1.43.0 +# go.opentelemetry.io/otel/metric v1.44.0 ## explicit; go 1.25.0 go.opentelemetry.io/otel/metric go.opentelemetry.io/otel/metric/embedded go.opentelemetry.io/otel/metric/noop -# go.opentelemetry.io/otel/sdk v1.43.0 +# go.opentelemetry.io/otel/sdk v1.44.0 ## explicit; go 1.25.0 go.opentelemetry.io/otel/sdk go.opentelemetry.io/otel/sdk/instrumentation @@ -702,7 +708,7 @@ go.opentelemetry.io/otel/sdk/trace go.opentelemetry.io/otel/sdk/trace/internal/env go.opentelemetry.io/otel/sdk/trace/internal/observ go.opentelemetry.io/otel/sdk/trace/tracetest -# go.opentelemetry.io/otel/sdk/metric v1.43.0 +# go.opentelemetry.io/otel/sdk/metric v1.44.0 ## explicit; go 1.25.0 go.opentelemetry.io/otel/sdk/metric go.opentelemetry.io/otel/sdk/metric/exemplar @@ -710,8 +716,9 @@ go.opentelemetry.io/otel/sdk/metric/internal go.opentelemetry.io/otel/sdk/metric/internal/aggregate go.opentelemetry.io/otel/sdk/metric/internal/observ go.opentelemetry.io/otel/sdk/metric/internal/reservoir +go.opentelemetry.io/otel/sdk/metric/internal/x go.opentelemetry.io/otel/sdk/metric/metricdata -# go.opentelemetry.io/otel/trace v1.43.0 +# go.opentelemetry.io/otel/trace v1.44.0 ## explicit; go 1.25.0 go.opentelemetry.io/otel/trace go.opentelemetry.io/otel/trace/embedded @@ -927,18 +934,18 @@ google.golang.org/api/transport/http/internal/propagation google.golang.org/genproto/googleapis/iam/credentials/v1 google.golang.org/genproto/googleapis/type/date google.golang.org/genproto/googleapis/type/expr -# google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 +# google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa ## explicit; go 1.25.0 google.golang.org/genproto/googleapis/api google.golang.org/genproto/googleapis/api/annotations google.golang.org/genproto/googleapis/api/httpbody -# google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 +# google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa ## explicit; go 1.25.0 google.golang.org/genproto/googleapis/rpc/code google.golang.org/genproto/googleapis/rpc/errdetails google.golang.org/genproto/googleapis/rpc/status -# google.golang.org/grpc v1.80.0 -## explicit; go 1.24.0 +# google.golang.org/grpc v1.81.1 +## explicit; go 1.25.0 google.golang.org/grpc google.golang.org/grpc/attributes google.golang.org/grpc/backoff @@ -1005,6 +1012,7 @@ google.golang.org/grpc/internal/status google.golang.org/grpc/internal/syscall google.golang.org/grpc/internal/transport google.golang.org/grpc/internal/transport/networktype +google.golang.org/grpc/internal/transport/readyreader google.golang.org/grpc/internal/xds google.golang.org/grpc/internal/xds/clients google.golang.org/grpc/keepalive @@ -1668,7 +1676,7 @@ k8s.io/utils/trace ## explicit; go 1.25.0 knative.dev/caching/pkg/apis/caching knative.dev/caching/pkg/apis/caching/v1alpha1 -# knative.dev/eventing v0.49.1-0.20260529032731-e2d6b95a971e +# knative.dev/eventing v0.49.1-0.20260601121530-94496617307a ## explicit; go 1.25.0 knative.dev/eventing/cmd/heartbeats knative.dev/eventing/pkg/apis @@ -1775,7 +1783,7 @@ knative.dev/networking/pkg/client/clientset/versioned/typed/networking/v1alpha1 knative.dev/networking/pkg/config knative.dev/networking/pkg/http/header knative.dev/networking/pkg/ingress -# knative.dev/pkg v0.0.0-20260529191007-91499a17111f +# knative.dev/pkg v0.0.0-20260602142205-ac97e43f6622 ## explicit; go 1.25.0 knative.dev/pkg/apiextensions/storageversion knative.dev/pkg/apiextensions/storageversion/cmd/migrate @@ -1896,7 +1904,7 @@ knative.dev/reconciler-test/pkg/resources/service knative.dev/reconciler-test/pkg/resources/serviceaccount knative.dev/reconciler-test/pkg/state knative.dev/reconciler-test/resources/certificate -# knative.dev/serving v0.49.1-0.20260531185038-1d4c5d97c707 +# knative.dev/serving v0.49.1-0.20260602134409-d8c7a7e1bb88 ## explicit; go 1.25.0 knative.dev/serving/pkg/apis/autoscaling knative.dev/serving/pkg/apis/autoscaling/v1alpha1