blame | history | patch | commit | commitdiff | ignore whitespace
James Falkner
2020-03-12 92e5f31395261f0c0cd6dc7b1591b24b082b9095 
 ansible/roles/ocp4-workload-ccnrd/files/knative-serving-cm.yaml


@@ -4,7 +4,7 @@


  name: ko-data


  namespace: openshift-operators


data:


  knative-serving-v0.11.1.yaml: |


  knative-serving-v0.12.1.yaml: |


    ---


    apiVersion: v1


    kind: Namespace


@@ -389,7 +389,7 @@


        - knative-internal


        - networking


        shortNames:


        - ing


        - kingress


      scope: Namespaced


      subresources:


        status: {}


@@ -656,64 +656,26 @@


        type: string


        JSONPath: ".status.conditions[?(@.type=='Ready')].reason"


    ---


    apiVersion: v1


    kind: Service


    apiVersion: admissionregistration.k8s.io/v1beta1


    kind: ValidatingWebhookConfiguration


    metadata:


      name: activator-service


      namespace: knative-serving


      name: config.webhook.serving.knative.dev


      labels:


        app: activator


        serving.knative.dev/release: devel


    spec:


      selector:


        app: activator


      ports:


      - name: http


        protocol: TCP


        port: 80


        targetPort: 8012


      - name: http2


        protocol: TCP


        port: 81


        targetPort: 8013


      - name: http-metrics


        protocol: TCP


        port: 9090


        targetPort: 9090


      type: ClusterIP


    ---


    apiVersion: v1


    kind: Service


    metadata:


      labels:


        app: controller


        serving.knative.dev/release: devel


      name: controller


      namespace: knative-serving


    spec:


      ports:


      - name: http-metrics


        port: 9090


        protocol: TCP


        targetPort: 9090


      selector:


        app: controller


    ---


    apiVersion: v1


    kind: Service


    metadata:


      labels:


        role: webhook


        serving.knative.dev/release: devel


      name: webhook


      namespace: knative-serving


    spec:


      ports:


        - name: https-webhook


          port: 443


          targetPort: 8443


      selector:


        role: webhook


    webhooks:


    - admissionReviewVersions:


      - v1beta1


      clientConfig:


        service:


          name: webhook


          namespace: knative-serving


      failurePolicy: Fail


      sideEffects: None


      name: config.webhook.serving.knative.dev


      namespaceSelector:


        matchExpressions:


        - key: serving.knative.dev/release


          operator: Exists


    ---


    apiVersion: admissionregistration.k8s.io/v1beta1


    kind: MutatingWebhookConfiguration


@@ -729,6 +691,7 @@


          name: webhook


          namespace: knative-serving


      failurePolicy: Fail


      sideEffects: None


      name: webhook.serving.knative.dev


    ---


    apiVersion: admissionregistration.k8s.io/v1beta1


@@ -745,27 +708,8 @@


          name: webhook


          namespace: knative-serving


      failurePolicy: Fail


      sideEffects: None


      name: validation.webhook.serving.knative.dev


    ---


    apiVersion: admissionregistration.k8s.io/v1beta1


    kind: ValidatingWebhookConfiguration


    metadata:


      name: config.webhook.serving.knative.dev


      labels:


        serving.knative.dev/release: devel


    webhooks:


    - admissionReviewVersions:


      - v1beta1


      clientConfig:


        service:


          name: webhook


          namespace: knative-serving


      failurePolicy: Fail


      name: config.webhook.serving.knative.dev


      namespaceSelector:


        matchExpressions:


        - key: serving.knative.dev/release


          operator: Exists


    ---


    apiVersion: v1


    kind: Secret


@@ -783,89 +727,7 @@


      labels:


        serving.knative.dev/release: devel


    spec:


      image: quay.io/openshift-knative/knative-serving-queue:v0.11.1


    ---


    apiVersion: apps/v1


    kind: Deployment


    metadata:


      name: activator


      namespace: knative-serving


      labels:


        serving.knative.dev/release: devel


    spec:


      selector:


        matchLabels:


          app: activator


          role: activator


      template:


        metadata:


          annotations:


            cluster-autoscaler.kubernetes.io/safe-to-evict: "false"


            sidecar.istio.io/inject: "true"


          labels:


            app: activator


            role: activator


            serving.knative.dev/release: devel


        spec:


          serviceAccountName: controller


          terminationGracePeriodSeconds: 300


          containers:


          - name: activator


            image: quay.io/openshift-knative/knative-serving-activator:v0.11.1


            env:


              - name: GOGC


                value: 500


            ports:


            - name: http1


              containerPort: 8012


            - name: h2c


              containerPort: 8013


            - name: metrics


              containerPort: 9090


            - name: profiling


              containerPort: 8008


            readinessProbe:


              httpGet:


                path: /healthz


                port: 8012


                httpHeaders:


                - name: k-kubelet-probe


                  value: "activator"


            livenessProbe:


              httpGet:


                path: /healthz


                port: 8012


                httpHeaders:


                - name: k-kubelet-probe


                  value: "activator"


            resources:


              requests:


                cpu: 300m


                memory: 60Mi


              limits:


                cpu: 1000m


                memory: 600Mi


            env:


              - name: POD_NAME


                valueFrom:


                  fieldRef:


                    fieldPath: metadata.name


              - name: POD_IP


                valueFrom:


                  fieldRef:


                    fieldPath: status.podIP


              - name: SYSTEM_NAMESPACE


                valueFrom:


                  fieldRef:


                    fieldPath: metadata.namespace


              - name: CONFIG_LOGGING_NAME


                value: config-logging


              - name: CONFIG_OBSERVABILITY_NAME


                value: config-observability


              - name: METRICS_DOMAIN


                value: knative.dev/internal/serving


            securityContext:


              allowPrivilegeEscalation: false


      image: quay.io/openshift-knative/knative-serving-queue:v0.12.1


    ---


    apiVersion: autoscaling/v2beta1


    kind: HorizontalPodAutoscaler


@@ -890,20 +752,118 @@


    apiVersion: apps/v1


    kind: Deployment


    metadata:


      name: activator


      namespace: knative-serving


      labels:


        serving.knative.dev/release: devel


    spec:


      selector:


        matchLabels:


          app: activator


          role: activator


      template:


        metadata:


          annotations:


            cluster-autoscaler.kubernetes.io/safe-to-evict: "false"


          labels:


            app: activator


            role: activator


            serving.knative.dev/release: devel


        spec:


          serviceAccountName: controller


          containers:


          - name: activator


            image: quay.io/openshift-knative/knative-serving-activator:v0.12.1


            resources:


              requests:


                cpu: 300m


                memory: 60Mi


              limits:


                cpu: 1000m


                memory: 600Mi


            env:


            - name: GOGC


              value: "500"


            - name: POD_NAME


              valueFrom:


                fieldRef:


                  fieldPath: metadata.name


            - name: POD_IP


              valueFrom:


                fieldRef:


                  fieldPath: status.podIP


            - name: SYSTEM_NAMESPACE


              valueFrom:


                fieldRef:


                  fieldPath: metadata.namespace


            - name: CONFIG_LOGGING_NAME


              value: config-logging


            - name: CONFIG_OBSERVABILITY_NAME


              value: config-observability


            - name: METRICS_DOMAIN


              value: knative.dev/internal/serving


            securityContext:


              allowPrivilegeEscalation: false


            ports:


            - name: metrics


              containerPort: 9090


            - name: profiling


              containerPort: 8008


            - name: http1


              containerPort: 8012


            - name: h2c


              containerPort: 8013


            readinessProbe: &probe


              httpGet:


                port: 8012


                httpHeaders:


                - name: k-kubelet-probe


                  value: "activator"


            livenessProbe: *probe


          terminationGracePeriodSeconds: 300


    ---


    apiVersion: v1


    kind: Service


    metadata:


      name: activator-service


      namespace: knative-serving


      labels:


        app: activator


        serving.knative.dev/release: devel


    spec:


      selector:


        app: activator


      ports:


      - name: http-metrics


        port: 9090


        targetPort: 9090


      - name: http-profiling


        port: 8008


        targetPort: 8008


      - name: http


        port: 80


        targetPort: 8012


      - name: http2


        port: 81


        targetPort: 8013


      type: ClusterIP


    ---


    apiVersion: apps/v1


    kind: Deployment


    metadata:


      name: autoscaler-hpa


      namespace: knative-serving


      labels:


        serving.knative.dev/release: devel


        autoscaling.knative.dev/autoscaler-provider: hpa


    spec:


      replicas: 1


      selector:


        matchLabels:


          app: autoscaler-hpa


      template:


        metadata:


          annotations:


            sidecar.istio.io/inject: "false"


            cluster-autoscaler.kubernetes.io/safe-to-evict: "true"


          labels:


            app: autoscaler-hpa


            serving.knative.dev/release: devel


@@ -911,19 +871,14 @@


          serviceAccountName: controller


          containers:


          - name: autoscaler-hpa


            image: quay.io/openshift-knative/knative-serving-autoscaler-hpa:v0.11.1


            image: quay.io/openshift-knative/knative-serving-autoscaler-hpa:v0.12.1


            resources:


              requests:


                cpu: 100m


                memory: 100Mi


                cpu: 30m


                memory: 40Mi


              limits:


                cpu: 1000m


                memory: 1000Mi


            ports:


            - name: metrics


              containerPort: 9090


            - name: profiling


              containerPort: 8008


                cpu: 300m


                memory: 400Mi


            env:


            - name: SYSTEM_NAMESPACE


              valueFrom:


@@ -937,31 +892,31 @@


              value: knative.dev/serving


            securityContext:


              allowPrivilegeEscalation: false


            ports:


            - name: metrics


              containerPort: 9090


            - name: profiling


              containerPort: 8008


    ---


    apiVersion: v1


    kind: Service


    metadata:


      labels:


        app: autoscaler


        app: autoscaler-hpa


        serving.knative.dev/release: devel


      name: autoscaler


        autoscaling.knative.dev/autoscaler-provider: hpa


      name: autoscaler-hpa


      namespace: knative-serving


    spec:


      ports:


      - name: http


        port: 8080


        protocol: TCP


        targetPort: 8080


      - name: http-metrics


        port: 9090


        protocol: TCP


        targetPort: 9090


      - name: https-custom-metrics


        port: 443


        protocol: TCP


        targetPort: 8443


      - name: http-profiling


        port: 8008


        targetPort: 8008


      selector:


        app: autoscaler


        app: autoscaler-hpa


    ---


    apiVersion: apps/v1


    kind: Deployment


@@ -979,8 +934,6 @@


        metadata:


          annotations:


            cluster-autoscaler.kubernetes.io/safe-to-evict: "false"


            sidecar.istio.io/inject: "true"


            traffic.sidecar.istio.io/includeInboundPorts: "8080,9090"


          labels:


            app: autoscaler


            serving.knative.dev/release: devel


@@ -988,21 +941,7 @@


          serviceAccountName: controller


          containers:


          - name: autoscaler


            image: quay.io/openshift-knative/knative-serving-autoscaler:v0.11.1


            readinessProbe:


              httpGet:


                path: /healthz


                port: 8080


                httpHeaders:


                - name: k-kubelet-probe


                  value: "autoscaler"


            livenessProbe:


              httpGet:


                path: /healthz


                port: 8080


                httpHeaders:


                - name: k-kubelet-probe


                  value: "autoscaler"


            image: quay.io/openshift-knative/knative-serving-autoscaler:v0.12.1


            resources:


              requests:


                cpu: 30m


@@ -1010,18 +949,6 @@


              limits:


                cpu: 300m


                memory: 400Mi


            ports:


            - name: websocket


              containerPort: 8080


            - name: metrics


              containerPort: 9090


            - name: custom-metrics


              containerPort: 8443


            - name: profiling


              containerPort: 8008


            args:


            - "--secure-port=8443"


            - "--cert-dir=/tmp"


            env:


            - name: SYSTEM_NAMESPACE


              valueFrom:


@@ -1035,6 +962,50 @@


              value: knative.dev/serving


            securityContext:


              allowPrivilegeEscalation: false


            ports:


            - name: metrics


              containerPort: 9090


            - name: profiling


              containerPort: 8008


            - name: websocket


              containerPort: 8080


            - name: custom-metrics


              containerPort: 8443


            readinessProbe: &probe


              httpGet:


                port: 8080


                httpHeaders:


                - name: k-kubelet-probe


                  value: "autoscaler"


            livenessProbe: *probe


            args:


            - "--secure-port=8443"


            - "--cert-dir=/tmp"


    ---


    apiVersion: v1


    kind: Service


    metadata:


      labels:


        app: autoscaler


        serving.knative.dev/release: devel


      name: autoscaler


      namespace: knative-serving


    spec:


      ports:


      - name: http-metrics


        port: 9090


        targetPort: 9090


      - name: http-profiling


        port: 8008


        targetPort: 8008


      - name: http


        port: 8080


        targetPort: 8080


      - name: https-custom-metrics


        port: 443


        targetPort: 8443


      selector:


        app: autoscaler


    ---


    apiVersion: v1


    kind: ConfigMap


@@ -1057,6 +1028,7 @@


        enable-scale-to-zero: "true"


        tick-interval: "2s"


        scale-to-zero-grace-period: "30s"


        enable-graceful-scaledown: "false"


    ---


    apiVersion: v1


    kind: ConfigMap


@@ -1084,7 +1056,7 @@


      labels:


        serving.knative.dev/release: devel


    data:


      queueSidecarImage: quay.io/openshift-knative/knative-serving-queue:v0.11.1


      queueSidecarImage: quay.io/openshift-knative/knative-serving-queue:v0.12.1


      _example: |


        registriesSkippingTagResolving: "ko.local,dev.local"


    ---


@@ -1114,9 +1086,9 @@


        serving.knative.dev/release: devel


    data:


      _example: |


        stale-revision-create-delay: "24h"


        stale-revision-create-delay: "48h"


        stale-revision-timeout: "15h"


        stale-revision-minimum-generations: "1"


        stale-revision-minimum-generations: "20"


        stale-revision-lastpinned-debounce: "5h"


    ---


    apiVersion: v1


@@ -1132,7 +1104,6 @@


        gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local"


        local-gateway.knative-serving.cluster-local-gateway: "cluster-local-gateway.istio-system.svc.cluster.local"


        local-gateway.mesh: "mesh"


        reconcileExternalGateway: "false"


    ---


    apiVersion: v1


    kind: ConfigMap


@@ -1180,7 +1151,6 @@


    data:


      _example: |


        istio.sidecar.includeOutboundIPRanges: "*"


        clusteringress.class: "istio.ingress.networking.knative.dev"


        ingress.class: "istio.ingress.networking.knative.dev"


        certificate.class: "cert-manager.certificate.networking.internal.knative.dev"


        domainTemplate: "{{.Name}}.{{.Namespace}}.{{.Domain}}"


@@ -1231,14 +1201,13 @@


      labels:


        serving.knative.dev/release: devel


    spec:


      replicas: 1


      selector:


        matchLabels:


          app: controller


      template:


        metadata:


          annotations:


            sidecar.istio.io/inject: "false"


            cluster-autoscaler.kubernetes.io/safe-to-evict: "true"


          labels:


            app: controller


            serving.knative.dev/release: devel


@@ -1246,7 +1215,7 @@


          serviceAccountName: controller


          containers:


          - name: controller


            image: quay.io/openshift-knative/knative-serving-controller:v0.11.1


            image: quay.io/openshift-knative/knative-serving-controller:v0.12.1


            resources:


              requests:


                cpu: 100m


@@ -1254,11 +1223,6 @@


              limits:


                cpu: 1000m


                memory: 1000Mi


            ports:


            - name: metrics


              containerPort: 9090


            - name: profiling


              containerPort: 8008


            env:


            - name: SYSTEM_NAMESPACE


              valueFrom:


@@ -1272,6 +1236,30 @@


              value: knative.dev/internal/serving


            securityContext:


              allowPrivilegeEscalation: false


            ports:


            - name: metrics


              containerPort: 9090


            - name: profiling


              containerPort: 8008


    ---


    apiVersion: v1


    kind: Service


    metadata:


      labels:


        app: controller


        serving.knative.dev/release: devel


      name: controller


      namespace: knative-serving


    spec:


      ports:


      - name: http-metrics


        port: 9090


        targetPort: 9090


      - name: http-profiling


        port: 8008


        targetPort: 8008


      selector:


        app: controller


    ---


    apiVersion: apiregistration.k8s.io/v1beta1


    kind: APIService


@@ -1299,13 +1287,13 @@


        serving.knative.dev/release: devel


        networking.knative.dev/ingress-provider: istio


    spec:


      replicas: 1


      selector:


        matchLabels:


          app: networking-istio


      template:


        metadata:


          annotations:


            cluster-autoscaler.kubernetes.io/safe-to-evict: "true"


            sidecar.istio.io/inject: "false"


          labels:


            app: networking-istio


@@ -1314,19 +1302,14 @@


          serviceAccountName: controller


          containers:


          - name: networking-istio


            image: quay.io/openshift-knative/knative-serving-istio:v0.11.1


            image: quay.io/openshift-knative/knative-serving-istio:v0.12.1


            resources:


              requests:


                cpu: 100m


                memory: 100Mi


                cpu: 30m


                memory: 40Mi


              limits:


                cpu: 1000m


                memory: 1000Mi


            ports:


            - name: metrics


              containerPort: 9090


            - name: profiling


              containerPort: 8008


                cpu: 300m


                memory: 400Mi


            env:


            - name: SYSTEM_NAMESPACE


              valueFrom:


@@ -1340,6 +1323,11 @@


              value: knative.dev/serving


            securityContext:


              allowPrivilegeEscalation: false


            ports:


            - name: metrics


              containerPort: 9090


            - name: profiling


              containerPort: 8008


    ---


    apiVersion: apps/v1


    kind: Deployment


@@ -1349,7 +1337,6 @@


      labels:


        serving.knative.dev/release: devel


    spec:


      replicas: 1


      selector:


        matchLabels:


          app: webhook


@@ -1358,7 +1345,6 @@


        metadata:


          annotations:


            cluster-autoscaler.kubernetes.io/safe-to-evict: "false"


            sidecar.istio.io/inject: "false"


          labels:


            app: webhook


            role: webhook


@@ -1367,12 +1353,7 @@


          serviceAccountName: controller


          containers:


          - name: webhook


            image: quay.io/openshift-knative/knative-serving-webhook:v0.11.1


            ports:


            - name: metrics


              containerPort: 9090


            - name: profiling


              containerPort: 8008


            image: quay.io/openshift-knative/knative-serving-webhook:v0.12.1


            resources:


              requests:


                cpu: 20m


@@ -1393,3 +1374,30 @@


              value: knative.dev/serving


            securityContext:


              allowPrivilegeEscalation: false


            ports:


            - name: metrics


              containerPort: 9090


            - name: profiling


              containerPort: 8008


    ---


    apiVersion: v1


    kind: Service


    metadata:


      labels:


        role: webhook


        serving.knative.dev/release: devel


      name: webhook


      namespace: knative-serving


    spec:


      ports:


      - name: http-metrics


        port: 9090


        targetPort: 9090


      - name: http-profiling


        port: 8008


        targetPort: 8008


      - name: https-webhook


        port: 443


        targetPort: 8443


      selector:


        role: webhook