# Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: images.caching.internal.knative.dev labels: knative.dev/crd-install: "true" spec: group: caching.internal.knative.dev version: v1alpha1 names: kind: Image plural: images singular: image categories: - knative-internal - caching shortNames: - img scope: Namespaced subresources: status: {} --- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Namespace metadata: name: knative-serving labels: serving.knative.dev/release: "v0.17.0" --- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ServiceAccount metadata: name: controller namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-admin labels: serving.knative.dev/release: "v0.17.0" aggregationRule: clusterRoleSelectors: - matchLabels: serving.knative.dev/controller: "true" rules: [] # Rules are automatically filled in by the controller manager. --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: knative-serving-controller-admin labels: serving.knative.dev/release: "v0.17.0" subjects: - kind: ServiceAccount name: controller namespace: knative-serving roleRef: kind: ClusterRole name: knative-serving-admin apiGroup: rbac.authorization.k8s.io --- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: caching.internal.knative.dev/v1alpha1 kind: Image metadata: name: queue-proxy namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" spec: # This is the Go import path for the binary that is containerized # and substituted here. image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:bba041b926e31e9d5da2cb799001b31fce4c519037334db3751eb5f69d0f227f --- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ConfigMap metadata: name: config-autoscaler namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" annotations: knative.dev/example-checksum: "7b6520ae" data: _example: | ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that `kubectl edit` this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # The Revision ContainerConcurrency field specifies the maximum number # of requests the Container can handle at once. Container concurrency # target percentage is how much of that maximum to use in a stable # state. E.g. if a Revision specifies ContainerConcurrency of 10, then # the Autoscaler will try to maintain 7 concurrent connections per pod # on average. # Note: this limit will be applied to container concurrency set at every # level (ConfigMap, Revision Spec or Annotation). # For legacy and backwards compatibility reasons, this value also accepts # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%). # Thus minimal percentage value must be greater than 1.0, or it will be # treated as a fraction. # NOTE: that this value does not affect actual number of concurrent requests # the user container may receive, but only the average number of requests # that the revision pods will receive. container-concurrency-target-percentage: "70" # The container concurrency target default is what the Autoscaler will # try to maintain when concurrency is used as the scaling metric for the # Revision and the Revision specifies unlimited concurrency. # When revision explicitly specifies container concurrency, that value # will be used as a scaling target for autoscaler. # When specifying unlimited concurrency, the autoscaler will # horizontally scale the application based on this target concurrency. # This is what we call "soft limit" in the documentation, i.e. it only # affects number of pods and does not affect the number of requests # individual pod processes. # The value must be a positive number such that the value multiplied # by container-concurrency-target-percentage is greater than 0.01. # NOTE: that this value will be adjusted by application of # container-concurrency-target-percentage, i.e. by default # the system will target on average 70 concurrent requests # per revision pod. # NOTE: Only one metric can be used for autoscaling a Revision. container-concurrency-target-default: "100" # The requests per second (RPS) target default is what the Autoscaler will # try to maintain when RPS is used as the scaling metric for a Revision and # the Revision specifies unlimited RPS. Even when specifying unlimited RPS, # the autoscaler will horizontally scale the application based on this # target RPS. # Must be greater than 1.0. # NOTE: Only one metric can be used for autoscaling a Revision. requests-per-second-target-default: "200" # The target burst capacity specifies the size of burst in concurrent # requests that the system operator expects the system will receive. # Autoscaler will try to protect the system from queueing by introducing # Activator in the request path if the current spare capacity of the # service is less than this setting. # If this setting is 0, then Activator will be in the request path only # when the revision is scaled to 0. # If this setting is > 0 and container-concurrency-target-percentage is # 100% or 1.0, then activator will always be in the request path. # -1 denotes unlimited target-burst-capacity and activator will always # be in the request path. # Other negative values are invalid. target-burst-capacity: "200" # When operating in a stable mode, the autoscaler operates on the # average concurrency over the stable window. # Stable window must be in whole seconds. stable-window: "60s" # When observed average concurrency during the panic window reaches # panic-threshold-percentage the target concurrency, the autoscaler # enters panic mode. When operating in panic mode, the autoscaler # scales on the average concurrency over the panic window which is # panic-window-percentage of the stable-window. # Must be in the [1, 100] range. # When computing the panic window it will be rounded to the closest # whole second, at least 1s. panic-window-percentage: "10.0" # The percentage of the container concurrency target at which to # enter panic mode when reached within the panic window. panic-threshold-percentage: "200.0" # Max scale up rate limits the rate at which the autoscaler will # increase pod count. It is the maximum ratio of desired pods versus # observed pods. # Cannot be less or equal to 1. # I.e with value of 2.0 the number of pods can at most go N to 2N # over single Autoscaler period (2s), but at least N to # N+1, if Autoscaler needs to scale up. max-scale-up-rate: "1000.0" # Max scale down rate limits the rate at which the autoscaler will # decrease pod count. It is the maximum ratio of observed pods versus # desired pods. # Cannot be less or equal to 1. # I.e. with value of 2.0 the number of pods can at most go N to N/2 # over single Autoscaler evaluation period (2s), but at # least N to N-1, if Autoscaler needs to scale down. max-scale-down-rate: "2.0" # Scale to zero feature flag. enable-scale-to-zero: "true" # Scale to zero grace period is the time an inactive revision is left # running before it is scaled to zero (min: 6s). # This is the upper limit and is provided not to enforce timeout after # the revision stopped receiving requests for stable window, but to # ensure network reprogramming to put activator in the path has completed. # If the system determines that a shorter period is satisfactory, # then the system will only wait that amount of time before scaling to 0. # NOTE: this period might actually be 0, if activator has been # in the request path sufficiently long. # If there is necessity for the last pod to linger longer use # scale-to-zero-pod-retention-period flag. scale-to-zero-grace-period: "30s" # Scale to zero pod retention period defines the minimum amount # of time the last pod will remain after Autoscaler has decided to # scale to zero. # This flag is for the situations where the pod starup is very expensive # and the traffic is bursty (requiring smaller windows for fast action), # but patchy. # The larger of this flag and `scale-to-zero-grace-period` will effectively # detemine how the last pod will hang around. scale-to-zero-pod-retention-period: "0s" # pod-autoscaler-class specifies the default pod autoscaler class # that should be used if none is specified. If omitted, the Knative # Horizontal Pod Autoscaler (KPA) is used by default. pod-autoscaler-class: "kpa.autoscaling.knative.dev" # The capacity of a single activator task. # The `unit` is one concurrent request proxied by the activator. # activator-capacity must be at least 1. # This value is used for computation of the Activator subset size. # See the algorithm here: http://bit.ly/38XiCZ3. # TODO(vagababov): tune after actual benchmarking. activator-capacity: "100.0" # initial-scale is the cluster-wide default value for the initial target # scale of a revision after creation, unless overridden by the # "autoscaling.knative.dev/initialScale" annotation. # This value must be greater than 0 unless allow-zero-initial-scale is true. initial-scale: "1" # allow-zero-initial-scale controls whether either the cluster-wide initial-scale flag, # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0. allow-zero-initial-scale: "false" # max-scale is the cluster-wide default value for the max scale of a revision, # unless overridden by the "autoscaling.knative.dev/maxScale" annotation. # If set to 0, the revision has no maximum scale. max-scale: "0" --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ConfigMap metadata: name: config-defaults namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" annotations: knative.dev/example-checksum: "b44360b5" data: _example: | ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that `kubectl edit` this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # revision-timeout-seconds contains the default number of # seconds to use for the revision's per-request timeout, if # none is specified. revision-timeout-seconds: "300" # 5 minutes # max-revision-timeout-seconds contains the maximum number of # seconds that can be used for revision-timeout-seconds. # This value must be greater than or equal to revision-timeout-seconds. # If omitted, the system default is used (600 seconds). # # If this value is increased, the activator's terminationGraceTimeSeconds # should also be increased to prevent in-flight requests being disrupted. max-revision-timeout-seconds: "600" # 10 minutes # revision-cpu-request contains the cpu allocation to assign # to revisions by default. If omitted, no value is specified # and the system default is used. revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) # revision-memory-request contains the memory allocation to assign # to revisions by default. If omitted, no value is specified # and the system default is used. revision-memory-request: "100M" # 100 megabytes of memory # revision-ephemeral-storage-request contains the ephemeral storage # allocation to assign to revisions by default. If omitted, no value is # specified and the system default is used. revision-ephemeral-storage-request: "500M" # 500 megabytes of storage # revision-cpu-limit contains the cpu allocation to limit # revisions to by default. If omitted, no value is specified # and the system default is used. revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU) # revision-memory-limit contains the memory allocation to limit # revisions to by default. If omitted, no value is specified # and the system default is used. revision-memory-limit: "200M" # 200 megabytes of memory # revision-ephemeral-storage-limit contains the ephemeral storage # allocation to limit revisions to by default. If omitted, no value is # specified and the system default is used. revision-ephemeral-storage-limit: "750M" # 750 megabytes of storage # container-name-template contains a template for the default # container name, if none is specified. This field supports # Go templating and is supplied with the ObjectMeta of the # enclosing Service or Configuration, so values such as # {{.Name}} are also valid. container-name-template: "user-container" # container-concurrency specifies the maximum number # of requests the Container can handle at once, and requests # above this threshold are queued. Setting a value of zero # disables this throttling and lets through as many requests as # the pod receives. container-concurrency: "0" # The container concurrency max limit is an operator setting ensuring that # the individual revisions cannot have arbitrary large concurrency # values, or autoscaling targets. `container-concurrency` default setting # must be at or below this value. # # Must be greater than 1. # # Note: even with this set, a user can choose a containerConcurrency # of 0 (i.e. unbounded) unless allow-container-concurrency-zero is # set to "false". container-concurrency-max-limit: "1000" # allow-container-concurrency-zero controls whether users can # specify 0 (i.e. unbounded) for containerConcurrency. allow-container-concurrency-zero: "true" # enable-service-links specifies the default value used for the # enableServiceLinks field of the PodSpec, when it is omitted by the user. # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service # # In environments with large number of services it is suggested # to set this value to `false`. # See https://github.com/knative/serving/issues/8498. enable-service-links: "default" --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ConfigMap metadata: name: config-deployment namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" annotations: knative.dev/example-checksum: "a409bec7" data: # This is the Go import path for the binary that is containerized # and substituted here. queueSidecarImage: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:bba041b926e31e9d5da2cb799001b31fce4c519037334db3751eb5f69d0f227f _example: | ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that `kubectl edit` this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # List of repositories for which tag to digest resolving should be skipped registriesSkippingTagResolving: "ko.local,dev.local" # ProgressDeadline is the duration we wait for the deployment to # be ready before considering it failed. progressDeadline: "120s" # queueSidecarCPURequest is the requests.cpu to set for the queue proxy sidecar container. # If omitted, a default value (currently "25m"), is used. queueSidecarCPURequest: "25m" # queueSidecarCPULimit is the limits.cpu to set for the queue proxy sidecar container. # If omitted, no value is specified and the system default is used. queueSidecarCPULimit: "1000m" # queueSidecarMemoryRequest is the requests.memory to set for the queue proxy container. # If omitted, no value is specified and the system default is used. queueSidecarMemoryRequest: "400Mi" # queueSidecarMemoryLimit is the limits.memory to set for the queue proxy container. # If omitted, no value is specified and the system default is used. queueSidecarMemoryLimit: "800Mi" # queueSidecarEphemeralStorageRequest is the requests.ephemeral-storage to # set for the queue proxy sidecar container. # If omitted, no value is specified and the system default is used. queueSidecarEphemeralStorageRequest: "512Mi" # queueSidecarEphemeralStorageLimit is the limits.ephemeral-storage to set # for the queue proxy sidecar container. # If omitted, no value is specified and the system default is used. queueSidecarEphemeralStorageLimit: "1024Mi" --- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ConfigMap metadata: name: config-domain namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" annotations: knative.dev/example-checksum: "f8e5beb4" data: _example: | ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that `kubectl edit` this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # Default value for domain. # Although it will match all routes, it is the least-specific rule so it # will only be used if no other domain matches. example.com: | # These are example settings of domain. # example.org will be used for routes having app=nonprofit. example.org: | selector: app: nonprofit # Routes having domain suffix of 'svc.cluster.local' will not be exposed # through Ingress. You can define your own label selector to assign that # domain suffix to your Route here, or you can set the label # "serving.knative.dev/visibility=cluster-local" # to achieve the same effect. This shows how to make routes having # the label app=secret only exposed to the local cluster. svc.cluster.local: | selector: app: secret --- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ConfigMap metadata: name: config-features namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" annotations: knative.dev/example-checksum: "dd011edb" data: _example: | ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that `kubectl edit` this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # Indicates whether multi container support is enabled multi-container: "enabled" # Indicates whether Kubernetes affinity support is enabled kubernetes.podspec-affinity: "disabled" # Indicates whether Kubernetes nodeSelector support is enabled kubernetes.podspec-nodeselector: "disabled" # Indicates whether Kubernetes tolerations support is enabled kubernetes.podspec-tolerations: "disabled" # Indicates whether Kubernetes FieldRef support is enabled kubernetes.podspec-fieldref: "disabled" # This feature validates PodSpecs from the validating webhook # against the K8s API Server. # # When "enabled", the server will always run the extra validation. # When "allowed", the server will not run the dry-run validation by default. # However, clients may enable the behavior on an individual Service by # attaching the following metadata annotation: "features.knative.dev/podspec-dryrun":"enabled". kubernetes.podspec-dryrun: "allowed" # This feature allows end-users to set a subset of fields on the Pod's SecurityContext # in addition to expanding the allowable fields within a Container's SecurityContext. # # When set to "enabled" or "allowed" it allows the following # PodSecurityContext properties: # - FSGroup # - RunAsGroup # - RunAsNonRoot # - SupplementalGroups # - RunAsUser # # When set to "enabled" or "allowed" it allows the following # Container SecurityContext properties: # - RunAsNonRoot # - RunAsGroup # - RunAsUser (already allowed without this flag) # # This feature flag should be used with caution as the PodSecurityContext # properties may have a side-effect on non-user sidecar containers that come # from Knative or your service mesh # kubernetes.podspec-securitycontext: "disabled" # Indicates whether new responsive garbage collection is enabled. This # feature labels revisions in real-time as they become referenced and # dereferenced by Routes. This allows us to reap revisions shortly after # they are no longer active. # ALPHA WARNING: This feature is not yet stable or complete. Enabling it # should be used for testing purposes only. responsive-revision-gc: "disabled" --- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ConfigMap metadata: name: config-gc namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" annotations: knative.dev/example-checksum: "4b89cfa0" data: _example: | ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that `kubectl edit` this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # Delay after revision creation before considering it for GC stale-revision-create-delay: "48h" # Duration since a route has pointed at the revision before it # should be GC'd. # This minus lastpinned-debounce must be longer than the controller # resync period (10 hours). stale-revision-timeout: "15h" # Minimum number of generations of non-active revisions to keep before # considering them for GC. stale-revision-minimum-generations: "20" # To avoid constant updates, we allow an existing annotation to be stale by this # amount before we update the timestamp. stale-revision-lastpinned-debounce: "5h" # --------------------------------------- # V2 Garbage Collector Settings # --------------------------------------- # # These settings are enabled via the "responsive-revision-gc" feature flag. # ALPHA NOTE: This feature is still experimental and under active development. # # Active # * Revisions which are referenced by a Route are considered active. # * Individual revisions may be marked with the annotation # "knative.dev/no-gc":"true" to be permanently considered active. # * Active revisions are not considered for GC. # Retention # * Revisions are retained if they are any of the following: # 1. Active # 2. Were created within "retain-since-create-time" # 3. Were last referenced by a route within # "retain-since-last-active-time" # 4. There are fewer than "min-non-active-revisions" # If none of these conditions are met, or if the count of revisions exceed # "max-non-active-revisions", they will be deleted by GC. # The special value "disabled" may be used to turn off these limits. # # Example config to immediately collect any inactive revision: # min-non-active-revisions: "0" # retain-since-create-time: "disabled" # retain-since-last-active-time: "disabled" # # Example config to always keep around the last ten non-active revisions: # retain-since-create-time: "disabled" # retain-since-last-active-time: "disabled" # max-non-active-revisions: "10" # # Example config to disable all GC: # retain-since-create-time: "disabled" # retain-since-last-active-time: "disabled" # max-non-active-revisions: "disabled" # # Example config to keep recently deployed or active revisions, # always maintain the last two in case of rollback, and prevent # burst activity from exploding the count of old revisions: # retain-since-create-time: "48h" # retain-since-last-active-time: "15h" # min-non-active-revisions: "2" # max-non-active-revisions: "1000" # Duration since creation before considering a revision for GC or "disabled". retain-since-create-time: "48h" # Duration since active before considering a revision for GC or "disabled". retain-since-last-active-time: "15h" # Minimum number of non-active revisions to retain. min-non-active-revisions: "20" # Maximum number of non-active revisions to retain # or "disabled" to disable any maximum limit. max-non-active-revisions: "1000" --- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ConfigMap metadata: name: config-leader-election namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" annotations: knative.dev/example-checksum: "a255a6cc" data: _example: | ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that `kubectl edit` this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # leaseDuration is how long non-leaders will wait to try to acquire the # lock; 15 seconds is the value used by core kubernetes controllers. leaseDuration: "15s" # renewDeadline is how long a leader will try to renew the lease before # giving up; 10 seconds is the value used by core kubernetes controllers. renewDeadline: "10s" # retryPeriod is how long the leader election client waits between tries of # actions; 2 seconds is the value used by core kubernetes controllers. retryPeriod: "2s" --- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ConfigMap metadata: name: config-logging namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" annotations: knative.dev/example-checksum: "23eed3d8" data: _example: | ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that `kubectl edit` this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # Common configuration for all Knative codebase zap-logger-config: | { "level": "info", "development": false, "outputPaths": ["stdout"], "errorOutputPaths": ["stderr"], "encoding": "json", "encoderConfig": { "timeKey": "ts", "levelKey": "level", "nameKey": "logger", "callerKey": "caller", "messageKey": "msg", "stacktraceKey": "stacktrace", "lineEnding": "", "levelEncoder": "", "timeEncoder": "iso8601", "durationEncoder": "", "callerEncoder": "" } } # Log level overrides # For all components except the autoscaler and queue proxy, # changes are be picked up immediately. # For autoscaler and queue proxy, changes require recreation of the pods. loglevel.controller: "info" loglevel.autoscaler: "info" loglevel.queueproxy: "info" loglevel.webhook: "info" loglevel.activator: "info" loglevel.hpaautoscaler: "info" loglevel.certcontroller: "info" loglevel.istiocontroller: "info" loglevel.nscontroller: "info" --- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ConfigMap metadata: name: config-network namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" annotations: knative.dev/example-checksum: "b22469ec" data: _example: | ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that `kubectl edit` this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # DEPRECATED: # istio.sidecar.includeOutboundIPRanges is obsolete. # The current versions have outbound network access enabled by default. # If you need this option for some reason, please use global.proxy.includeIPRanges in Istio. # # istio.sidecar.includeOutboundIPRanges: "*" # ingress.class specifies the default ingress class # to use when not dictated by Route annotation. # # If not specified, will use the Istio ingress. # # Note that changing the Ingress class of an existing Route # will result in undefined behavior. Therefore it is best to only # update this value during the setup of Knative, to avoid getting # undefined behavior. ingress.class: "istio.ingress.networking.knative.dev" # certificate.class specifies the default Certificate class # to use when not dictated by Route annotation. # # If not specified, will use the Cert-Manager Certificate. # # Note that changing the Certificate class of an existing Route # will result in undefined behavior. Therefore it is best to only # update this value during the setup of Knative, to avoid getting # undefined behavior. certificate.class: "cert-manager.certificate.networking.knative.dev" # domainTemplate specifies the golang text template string to use # when constructing the Knative service's DNS name. The default # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". # # Valid variables defined in the template include Name, Namespace, Domain, # Labels, and Annotations. Name will be the result of the tagTemplate # below, if a tag is specified for the route. # # Changing this value might be necessary when the extra levels in # the domain name generated is problematic for wildcard certificates # that only support a single level of domain name added to the # certificate's domain. In those cases you might consider using a value # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace # entirely from the template. When choosing a new value be thoughtful # of the potential for conflicts - for example, when users choose to use # characters such as `-` in their service, or namespace, names. # {{.Annotations}} or {{.Labels}} can be used for any customization in the # go template if needed. # We strongly recommend keeping namespace part of the template to avoid # domain name clashes: # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' # and you have an annotation {"sub":"foo"}, then the generated template # would be {Name}-{Namespace}.foo.{Domain} domainTemplate: "{{.Name}}.{{.Namespace}}.{{.Domain}}" # tagTemplate specifies the golang text template string to use # when constructing the DNS name for "tags" within the traffic blocks # of Routes and Configuration. This is used in conjunction with the # domainTemplate above to determine the full URL for the tag. tagTemplate: "{{.Tag}}-{{.Name}}" # Controls whether TLS certificates are automatically provisioned and # installed in the Knative ingress to terminate external TLS connection. # 1. Enabled: enabling auto-TLS feature. # 2. Disabled: disabling auto-TLS feature. autoTLS: "Disabled" # Controls the behavior of the HTTP endpoint for the Knative ingress. # It requires autoTLS to be enabled. # 1. Enabled: The Knative ingress will be able to serve HTTP connection. # 2. Disabled: The Knative ingress will reject HTTP traffic. # 3. Redirected: The Knative ingress will send a 302 redirect for all # http connections, asking the clients to use HTTPS httpProtocol: "Enabled" # Controls whether tag header based routing feature are enabled or not. # 1. Enabled: enabling tag header based routing # 2. Disabled: disabling tag header based routing tagHeaderBasedRouting: "Disabled" --- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ConfigMap metadata: name: config-observability namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" annotations: knative.dev/example-checksum: "11674c15" data: _example: | ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that `kubectl edit` this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # logging.enable-var-log-collection defaults to false. # The fluentd daemon set will be set up to collect /var/log if # this flag is true. logging.enable-var-log-collection: "false" # logging.revision-url-template provides a template to use for producing the # logging URL that is injected into the status of each Revision. # This value is what you might use the the Knative monitoring bundle, and provides # access to Kibana after setting up kubectl proxy. logging.revision-url-template: "http://localhost:8001/api/v1/namespaces/knative-monitoring/services/kibana-logging/proxy/app/kibana#/discover?_a=(query:(match:(kubernetes.labels.knative-dev%2FrevisionUID:(query:'${REVISION_UID}',type:phrase))))" # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe # requests. # NB: after 0.18 release logging.enable-request-log must be explicitly set to true # in order for request logging to be enabled. # # The value determines the shape of the request logs and it must be a valid go text/template. # It is important to keep this as a single line. Multiple lines are parsed as separate entities # by most collection agents and will split the request logs into multiple records. # # The following fields and functions are available to the template: # # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) # representing an HTTP request received by the server. # # Response: # struct { # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) # Size int // An int representing the size of the response. # Latency float64 // A float64 representing the latency of the response in seconds. # } # # Revision: # struct { # Name string // Knative revision name # Namespace string // Knative revision namespace # Service string // Knative service name # Configuration string // Knative configuration name # PodName string // Name of the pod hosting the revision # PodIP string // IP of the pod hosting the revision # } # logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}' # If true, the request logging will be enabled. # NB: up to and including Knative version 0.18 if logging.requst-log-template is non-empty, this value # will be ignored. logging.enable-request-log: "false" # If true, this enables queue proxy writing request logs for probe requests to stdout. # It uses the same template for user requests, i.e. logging.request-log-template. logging.enable-probe-request-log: "false" # metrics.backend-destination field specifies the system metrics destination. # It supports either prometheus (the default) or stackdriver. # Note: Using stackdriver will incur additional charges metrics.backend-destination: prometheus # metrics.request-metrics-backend-destination specifies the request metrics # destination. It enables queue proxy to send request metrics. # Currently supported values: prometheus (the default), stackdriver. metrics.request-metrics-backend-destination: prometheus # metrics.stackdriver-project-id field specifies the stackdriver project ID. This # field is optional. When running on GCE, application default credentials will be # used if this field is not provided. metrics.stackdriver-project-id: "" # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to # Stackdriver using "global" resource type and custom metric type if the # metrics are not supported by "knative_revision" resource type. Setting this # flag to "true" could cause extra Stackdriver charge. # If metrics.backend-destination is not Stackdriver, this is ignored. metrics.allow-stackdriver-custom-metrics: "false" # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from # the pods via an HTTP server in the format expected by the pprof visualization tool. When # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. # The HTTP context root for profiling is then /debug/pprof/. profiling.enable: "false" --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ConfigMap metadata: name: config-tracing namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" annotations: knative.dev/example-checksum: "4002b4c2" data: _example: | ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that `kubectl edit` this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # # This may be "zipkin" or "stackdriver", the default is "none" backend: "none" # URL to zipkin collector where traces are sent. # This must be specified when backend is "zipkin" zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" # The GCP project into which stackdriver metrics will be written # when backend is "stackdriver". If unspecified, the project-id # is read from GCP metadata when running on GCP. stackdriver-project-id: "my-project" # Enable zipkin debug mode. This allows all spans to be sent to the server # bypassing sampling. debug: "false" # Percentage (0-1) of requests to trace sample-rate: "0.1" --- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: name: activator namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" spec: minReplicas: 1 maxReplicas: 20 scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: activator metrics: - type: Resource resource: name: cpu # Percentage of the requested CPU targetAverageUtilization: 100 --- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apps/v1 kind: Deployment metadata: name: activator namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" spec: selector: matchLabels: app: activator role: activator template: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" labels: app: activator role: activator serving.knative.dev/release: "v0.17.0" spec: serviceAccountName: controller containers: - name: activator # This is the Go import path for the binary that is containerized # and substituted here. image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:18aadbb4796d7b6316ae971be5233dac28cd794c517e220d127aa9e21d91df42 # The numbers are based on performance test results from # https://github.com/knative/serving/issues/1625#issuecomment-511930023 resources: requests: cpu: 300m memory: 60Mi limits: cpu: 1000m memory: 600Mi env: - # Run Activator with GC collection when newly generated memory is 500%. name: GOGC value: "500" - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: SYSTEM_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CONFIG_LOGGING_NAME value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config name: METRICS_DOMAIN value: knative.dev/internal/serving securityContext: allowPrivilegeEscalation: false ports: - name: metrics containerPort: 9090 - name: profiling containerPort: 8008 - name: http1 containerPort: 8012 - name: h2c containerPort: 8013 readinessProbe: &probe httpGet: port: 8012 httpHeaders: - name: k-kubelet-probe value: "activator" failureThreshold: 12 livenessProbe: *probe # The activator (often) sits on the dataplane, and may proxy long (e.g. # streaming, websockets) requests. We give a long grace period for the # activator to "lame duck" and drain outstanding requests before we # forcibly terminate the pod (and outstanding connections). This value # should be at least as large as the upper bound on the Revision's # timeoutSeconds property to avoid servicing events disrupting # connections. terminationGracePeriodSeconds: 600 --- apiVersion: v1 kind: Service metadata: name: activator-service namespace: knative-serving labels: app: activator serving.knative.dev/release: "v0.17.0" spec: selector: app: activator ports: - # Define metrics and profiling for them to be accessible within service meshes. name: http-metrics port: 9090 targetPort: 9090 - name: http-profiling port: 8008 targetPort: 8008 - name: http port: 80 targetPort: 8012 - name: http2 port: 81 targetPort: 8013 type: ClusterIP --- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apps/v1 kind: Deployment metadata: name: autoscaler namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" spec: replicas: 1 selector: matchLabels: app: autoscaler template: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" labels: app: autoscaler serving.knative.dev/release: "v0.17.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app: autoscaler topologyKey: kubernetes.io/hostname weight: 100 serviceAccountName: controller containers: - name: autoscaler # This is the Go import path for the binary that is containerized # and substituted here. image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:0af019e5d0b936468f85f5ca3c658b4913e5ac08734cf377bbbd8ba93eaa9db0 resources: requests: cpu: 30m memory: 40Mi limits: cpu: 300m memory: 400Mi env: - name: SYSTEM_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CONFIG_LOGGING_NAME value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config name: METRICS_DOMAIN value: knative.dev/serving securityContext: allowPrivilegeEscalation: false ports: - name: metrics containerPort: 9090 - name: profiling containerPort: 8008 - name: websocket containerPort: 8080 readinessProbe: &probe httpGet: port: 8080 httpHeaders: - name: k-kubelet-probe value: "autoscaler" livenessProbe: *probe --- apiVersion: v1 kind: Service metadata: labels: app: autoscaler serving.knative.dev/release: "v0.17.0" name: autoscaler namespace: knative-serving spec: ports: - # Define metrics and profiling for them to be accessible within service meshes. name: http-metrics port: 9090 targetPort: 9090 - name: http-profiling port: 8008 targetPort: 8008 - name: http port: 8080 targetPort: 8080 selector: app: autoscaler --- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apps/v1 kind: Deployment metadata: name: controller namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" spec: selector: matchLabels: app: controller template: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: app: controller serving.knative.dev/release: "v0.17.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app: controller topologyKey: kubernetes.io/hostname weight: 100 serviceAccountName: controller containers: - name: controller # This is the Go import path for the binary that is containerized # and substituted here. image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:5f118d434661a895096c69c036de20c962aee445e339cc9e1b1bf806895d6fa2 resources: requests: cpu: 100m memory: 100Mi limits: cpu: 1000m memory: 1000Mi env: - name: SYSTEM_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CONFIG_LOGGING_NAME value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config name: METRICS_DOMAIN value: knative.dev/internal/serving securityContext: allowPrivilegeEscalation: false ports: - name: metrics containerPort: 9090 - name: profiling containerPort: 8008 --- apiVersion: v1 kind: Service metadata: labels: app: controller serving.knative.dev/release: "v0.17.0" name: controller namespace: knative-serving spec: ports: - # Define metrics and profiling for them to be accessible within service meshes. name: http-metrics port: 9090 targetPort: 9090 - name: http-profiling port: 8008 targetPort: 8008 selector: app: controller --- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apps/v1 kind: Deployment metadata: name: webhook namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" spec: selector: matchLabels: app: webhook role: webhook template: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" labels: app: webhook role: webhook serving.knative.dev/release: "v0.17.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app: webhook topologyKey: kubernetes.io/hostname weight: 100 serviceAccountName: controller containers: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:d36f460aea55b93cce222bcee129776dee356e6499db73f232bfdf482ce28f66 resources: requests: cpu: 100m memory: 100Mi limits: cpu: 500m memory: 500Mi env: - name: SYSTEM_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CONFIG_LOGGING_NAME value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability - name: WEBHOOK_PORT value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config name: METRICS_DOMAIN value: knative.dev/serving securityContext: allowPrivilegeEscalation: false ports: - name: metrics containerPort: 9090 - name: profiling containerPort: 8008 - name: https-webhook containerPort: 8443 readinessProbe: &probe periodSeconds: 1 httpGet: scheme: HTTPS port: 8443 httpHeaders: - name: k-kubelet-probe value: "webhook" livenessProbe: *probe # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently # high value that we respect whatever value it has configured for the lame duck grace period. terminationGracePeriodSeconds: 300 --- apiVersion: v1 kind: Service metadata: labels: role: webhook serving.knative.dev/release: "v0.17.0" name: webhook namespace: knative-serving spec: ports: - # Define metrics and profiling for them to be accessible within service meshes. name: http-metrics port: 9090 targetPort: 9090 - name: http-profiling port: 8008 targetPort: 8008 - name: https-webhook port: 443 targetPort: 8443 selector: role: webhook --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: certificates.networking.internal.knative.dev labels: serving.knative.dev/release: "v0.17.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev versions: - name: v1alpha1 served: true storage: true subresources: status: {} schema: openAPIV3Schema: type: object # this is a work around so we don't need to flush out the # schema for each version at this time # # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Ready type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" names: kind: Certificate plural: certificates singular: certificate categories: - knative-internal - networking shortNames: - kcert scope: Namespaced --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: configurations.serving.knative.dev labels: serving.knative.dev/release: "v0.17.0" knative.dev/crd-install: "true" duck.knative.dev/podspecable: "true" spec: group: serving.knative.dev versions: - &version name: v1alpha1 served: true storage: false subresources: status: {} schema: openAPIV3Schema: type: object # this is a work around so we don't need to flush out the # schema for each version at this time # # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: LatestCreated type: string jsonPath: .status.latestCreatedRevisionName - name: LatestReady type: string jsonPath: .status.latestReadyRevisionName - name: Ready type: string jsonPath: ".status.conditions[?(@.type=='Ready')].status" - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - !!merge <<: *version name: v1beta1 - !!merge <<: *version name: v1 storage: true names: kind: Configuration plural: configurations singular: configuration categories: - all - knative - serving shortNames: - config - cfg scope: Namespaced conversion: strategy: Webhook webhook: conversionReviewVersions: ["v1", "v1beta1"] clientConfig: service: name: webhook namespace: knative-serving --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ingresses.networking.internal.knative.dev labels: serving.knative.dev/release: "v0.17.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev versions: - name: v1alpha1 served: true storage: true subresources: status: {} schema: openAPIV3Schema: type: object # this is a work around so we don't need to flush out the # schema for each version at this time # # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Ready type: string jsonPath: ".status.conditions[?(@.type=='Ready')].status" - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" names: kind: Ingress plural: ingresses singular: ingress categories: - knative-internal - networking shortNames: - kingress - king scope: Namespaced --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: metrics.autoscaling.internal.knative.dev labels: serving.knative.dev/release: "v0.17.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev versions: - name: v1alpha1 served: true storage: true subresources: status: {} schema: openAPIV3Schema: type: object # this is a work around so we don't need to flush out the # schema for each version at this time # # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Ready type: string jsonPath: ".status.conditions[?(@.type=='Ready')].status" - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" names: kind: Metric plural: metrics singular: metric categories: - knative-internal - autoscaling scope: Namespaced --- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: podautoscalers.autoscaling.internal.knative.dev labels: serving.knative.dev/release: "v0.17.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev versions: - name: v1alpha1 served: true storage: true subresources: status: {} schema: openAPIV3Schema: type: object # this is a work around so we don't need to flush out the # schema for each version at this time # # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: DesiredScale type: integer jsonPath: ".status.desiredScale" - name: ActualScale type: integer jsonPath: ".status.actualScale" - name: Ready type: string jsonPath: ".status.conditions[?(@.type=='Ready')].status" - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" names: kind: PodAutoscaler plural: podautoscalers singular: podautoscaler categories: - knative-internal - autoscaling shortNames: - kpa - pa scope: Namespaced --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: revisions.serving.knative.dev labels: serving.knative.dev/release: "v0.17.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev versions: - &version name: v1alpha1 served: true storage: false subresources: status: {} schema: openAPIV3Schema: type: object # this is a work around so we don't need to flush out the # schema for each version at this time # # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Config Name type: string jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - name: K8s Service Name type: string jsonPath: ".status.serviceName" - name: Generation type: string # int in string form :( jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - name: Ready type: string jsonPath: ".status.conditions[?(@.type=='Ready')].status" - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - !!merge <<: *version name: v1beta1 - !!merge <<: *version name: v1 storage: true names: kind: Revision plural: revisions singular: revision categories: - all - knative - serving shortNames: - rev scope: Namespaced conversion: strategy: Webhook webhook: conversionReviewVersions: ["v1", "v1beta1"] clientConfig: service: name: webhook namespace: knative-serving --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: routes.serving.knative.dev labels: serving.knative.dev/release: "v0.17.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" spec: group: serving.knative.dev versions: - &version name: v1alpha1 served: true storage: false subresources: status: {} schema: openAPIV3Schema: type: object # this is a work around so we don't need to flush out the # schema for each version at this time # # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: URL type: string jsonPath: .status.url - name: Ready type: string jsonPath: ".status.conditions[?(@.type=='Ready')].status" - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - !!merge <<: *version name: v1beta1 - !!merge <<: *version name: v1 storage: true names: kind: Route plural: routes singular: route categories: - all - knative - serving shortNames: - rt scope: Namespaced conversion: strategy: Webhook webhook: conversionReviewVersions: ["v1", "v1beta1"] clientConfig: service: name: webhook namespace: knative-serving --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: serverlessservices.networking.internal.knative.dev labels: serving.knative.dev/release: "v0.17.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev versions: - name: v1alpha1 served: true storage: true subresources: status: {} schema: openAPIV3Schema: type: object # this is a work around so we don't need to flush out the # schema for each version at this time # # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Mode type: string jsonPath: ".spec.mode" - name: Activators type: integer jsonPath: ".spec.numActivators" - name: ServiceName type: string jsonPath: ".status.serviceName" - name: PrivateServiceName type: string jsonPath: ".status.privateServiceName" - name: Ready type: string jsonPath: ".status.conditions[?(@.type=='Ready')].status" - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" names: kind: ServerlessService plural: serverlessservices singular: serverlessservice categories: - knative-internal - networking shortNames: - sks scope: Namespaced --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: services.serving.knative.dev labels: serving.knative.dev/release: "v0.17.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" duck.knative.dev/podspecable: "true" spec: group: serving.knative.dev versions: - &version name: v1alpha1 served: true storage: false subresources: status: {} schema: openAPIV3Schema: type: object # this is a work around so we don't need to flush out the # schema for each version at this time # # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: URL type: string jsonPath: .status.url - name: LatestCreated type: string jsonPath: .status.latestCreatedRevisionName - name: LatestReady type: string jsonPath: .status.latestReadyRevisionName - name: Ready type: string jsonPath: ".status.conditions[?(@.type=='Ready')].status" - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - !!merge <<: *version name: v1beta1 - !!merge <<: *version name: v1 storage: true names: kind: Service plural: services singular: service categories: - all - knative - serving shortNames: - kservice - ksvc scope: Namespaced conversion: strategy: Webhook webhook: conversionReviewVersions: ["v1", "v1beta1"] clientConfig: service: name: webhook namespace: knative-serving --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-addressable-resolver labels: serving.knative.dev/release: "v0.17.0" # Labeled to facilitate aggregated cluster roles that act on Addressables. duck.knative.dev/addressable: "true" # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: - apiGroups: - serving.knative.dev resources: - routes - routes/status - services - services/status verbs: - get - list - watch --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" serving.knative.dev/release: "v0.17.0" rules: - apiGroups: ["serving.knative.dev"] resources: ["*"] verbs: ["*"] - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] resources: ["*"] verbs: ["get", "list", "watch"] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-namespaced-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" serving.knative.dev/release: "v0.17.0" rules: - apiGroups: ["serving.knative.dev"] resources: ["*"] verbs: ["create", "update", "patch", "delete"] - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] resources: ["*"] verbs: ["get", "list", "watch"] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" serving.knative.dev/release: "v0.17.0" rules: - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] resources: ["*"] verbs: ["get", "list", "watch"] --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-core labels: serving.knative.dev/release: "v0.17.0" serving.knative.dev/controller: "true" rules: - apiGroups: [""] resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: [""] resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission verbs: ["create"] - apiGroups: ["apps"] resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["admissionregistration.k8s.io"] resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions", "customresourcedefinitions/status"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["autoscaling"] resources: ["horizontalpodautoscalers"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"] resources: ["*", "*/status", "*/finalizers"] verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] - apiGroups: ["caching.internal.knative.dev"] resources: ["images"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] --- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-podspecable-binding labels: serving.knative.dev/release: "v0.17.0" # Labeled to facilitate aggregated cluster roles that act on PodSpecables. duck.knative.dev/podspecable: "true" # Do not use this role directly. These rules will be added to the "podspecable-binder" role. rules: - apiGroups: - serving.knative.dev resources: - configurations - services verbs: - list - watch - patch --- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: config.webhook.serving.knative.dev labels: serving.knative.dev/release: "v0.17.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: service: name: webhook namespace: knative-serving failurePolicy: Fail sideEffects: None name: config.webhook.serving.knative.dev namespaceSelector: matchExpressions: - key: serving.knative.dev/release operator: Exists timeoutSeconds: 10 --- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: webhook.serving.knative.dev labels: serving.knative.dev/release: "v0.17.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: service: name: webhook namespace: knative-serving failurePolicy: Fail sideEffects: None name: webhook.serving.knative.dev timeoutSeconds: 10 --- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.serving.knative.dev labels: serving.knative.dev/release: "v0.17.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: service: name: webhook namespace: knative-serving failurePolicy: Fail sideEffects: None name: validation.webhook.serving.knative.dev timeoutSeconds: 10 --- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Secret metadata: name: webhook-certs namespace: knative-serving labels: serving.knative.dev/release: "v0.17.0" # The data is populated at install time. ---