From 92e5f31395261f0c0cd6dc7b1591b24b082b9095 Mon Sep 17 00:00:00 2001
From: James Falkner <schtool@gmail.com>
Date: Thu, 12 Mar 2020 23:16:39 +0100
Subject: [PATCH] Update knative-serving operator workaround (#1321)
---
ansible/roles/ocp4-workload-ccnrd/files/knative-serving-cm.yaml | 498 ++++++++++++++++++++++++++++---------------------------
1 files changed, 253 insertions(+), 245 deletions(-)
diff --git a/ansible/roles/ocp4-workload-ccnrd/files/knative-serving-cm.yaml b/ansible/roles/ocp4-workload-ccnrd/files/knative-serving-cm.yaml
index 28aab1c..5d65115 100644
--- a/ansible/roles/ocp4-workload-ccnrd/files/knative-serving-cm.yaml
+++ b/ansible/roles/ocp4-workload-ccnrd/files/knative-serving-cm.yaml
@@ -4,7 +4,7 @@
name: ko-data
namespace: openshift-operators
data:
- knative-serving-v0.11.1.yaml: |
+ knative-serving-v0.12.1.yaml: |
---
apiVersion: v1
kind: Namespace
@@ -389,7 +389,7 @@
- knative-internal
- networking
shortNames:
- - ing
+ - kingress
scope: Namespaced
subresources:
status: {}
@@ -656,64 +656,26 @@
type: string
JSONPath: ".status.conditions[?(@.type=='Ready')].reason"
---
- apiVersion: v1
- kind: Service
+ apiVersion: admissionregistration.k8s.io/v1beta1
+ kind: ValidatingWebhookConfiguration
metadata:
- name: activator-service
- namespace: knative-serving
+ name: config.webhook.serving.knative.dev
labels:
- app: activator
serving.knative.dev/release: devel
- spec:
- selector:
- app: activator
- ports:
- - name: http
- protocol: TCP
- port: 80
- targetPort: 8012
- - name: http2
- protocol: TCP
- port: 81
- targetPort: 8013
- - name: http-metrics
- protocol: TCP
- port: 9090
- targetPort: 9090
- type: ClusterIP
- ---
- apiVersion: v1
- kind: Service
- metadata:
- labels:
- app: controller
- serving.knative.dev/release: devel
- name: controller
- namespace: knative-serving
- spec:
- ports:
- - name: http-metrics
- port: 9090
- protocol: TCP
- targetPort: 9090
- selector:
- app: controller
- ---
- apiVersion: v1
- kind: Service
- metadata:
- labels:
- role: webhook
- serving.knative.dev/release: devel
- name: webhook
- namespace: knative-serving
- spec:
- ports:
- - name: https-webhook
- port: 443
- targetPort: 8443
- selector:
- role: webhook
+ webhooks:
+ - admissionReviewVersions:
+ - v1beta1
+ clientConfig:
+ service:
+ name: webhook
+ namespace: knative-serving
+ failurePolicy: Fail
+ sideEffects: None
+ name: config.webhook.serving.knative.dev
+ namespaceSelector:
+ matchExpressions:
+ - key: serving.knative.dev/release
+ operator: Exists
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
@@ -729,6 +691,7 @@
name: webhook
namespace: knative-serving
failurePolicy: Fail
+ sideEffects: None
name: webhook.serving.knative.dev
---
apiVersion: admissionregistration.k8s.io/v1beta1
@@ -745,27 +708,8 @@
name: webhook
namespace: knative-serving
failurePolicy: Fail
+ sideEffects: None
name: validation.webhook.serving.knative.dev
- ---
- apiVersion: admissionregistration.k8s.io/v1beta1
- kind: ValidatingWebhookConfiguration
- metadata:
- name: config.webhook.serving.knative.dev
- labels:
- serving.knative.dev/release: devel
- webhooks:
- - admissionReviewVersions:
- - v1beta1
- clientConfig:
- service:
- name: webhook
- namespace: knative-serving
- failurePolicy: Fail
- name: config.webhook.serving.knative.dev
- namespaceSelector:
- matchExpressions:
- - key: serving.knative.dev/release
- operator: Exists
---
apiVersion: v1
kind: Secret
@@ -783,89 +727,7 @@
labels:
serving.knative.dev/release: devel
spec:
- image: quay.io/openshift-knative/knative-serving-queue:v0.11.1
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: activator
- namespace: knative-serving
- labels:
- serving.knative.dev/release: devel
- spec:
- selector:
- matchLabels:
- app: activator
- role: activator
- template:
- metadata:
- annotations:
- cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
- sidecar.istio.io/inject: "true"
- labels:
- app: activator
- role: activator
- serving.knative.dev/release: devel
- spec:
- serviceAccountName: controller
- terminationGracePeriodSeconds: 300
- containers:
- - name: activator
- image: quay.io/openshift-knative/knative-serving-activator:v0.11.1
- env:
- - name: GOGC
- value: 500
- ports:
- - name: http1
- containerPort: 8012
- - name: h2c
- containerPort: 8013
- - name: metrics
- containerPort: 9090
- - name: profiling
- containerPort: 8008
- readinessProbe:
- httpGet:
- path: /healthz
- port: 8012
- httpHeaders:
- - name: k-kubelet-probe
- value: "activator"
- livenessProbe:
- httpGet:
- path: /healthz
- port: 8012
- httpHeaders:
- - name: k-kubelet-probe
- value: "activator"
- resources:
- requests:
- cpu: 300m
- memory: 60Mi
- limits:
- cpu: 1000m
- memory: 600Mi
- env:
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: POD_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: SYSTEM_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: CONFIG_LOGGING_NAME
- value: config-logging
- - name: CONFIG_OBSERVABILITY_NAME
- value: config-observability
- - name: METRICS_DOMAIN
- value: knative.dev/internal/serving
- securityContext:
- allowPrivilegeEscalation: false
+ image: quay.io/openshift-knative/knative-serving-queue:v0.12.1
---
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
@@ -890,20 +752,118 @@
apiVersion: apps/v1
kind: Deployment
metadata:
+ name: activator
+ namespace: knative-serving
+ labels:
+ serving.knative.dev/release: devel
+ spec:
+ selector:
+ matchLabels:
+ app: activator
+ role: activator
+ template:
+ metadata:
+ annotations:
+ cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+ labels:
+ app: activator
+ role: activator
+ serving.knative.dev/release: devel
+ spec:
+ serviceAccountName: controller
+ containers:
+ - name: activator
+ image: quay.io/openshift-knative/knative-serving-activator:v0.12.1
+ resources:
+ requests:
+ cpu: 300m
+ memory: 60Mi
+ limits:
+ cpu: 1000m
+ memory: 600Mi
+ env:
+ - name: GOGC
+ value: "500"
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: SYSTEM_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: CONFIG_LOGGING_NAME
+ value: config-logging
+ - name: CONFIG_OBSERVABILITY_NAME
+ value: config-observability
+ - name: METRICS_DOMAIN
+ value: knative.dev/internal/serving
+ securityContext:
+ allowPrivilegeEscalation: false
+ ports:
+ - name: metrics
+ containerPort: 9090
+ - name: profiling
+ containerPort: 8008
+ - name: http1
+ containerPort: 8012
+ - name: h2c
+ containerPort: 8013
+ readinessProbe: &probe
+ httpGet:
+ port: 8012
+ httpHeaders:
+ - name: k-kubelet-probe
+ value: "activator"
+ livenessProbe: *probe
+ terminationGracePeriodSeconds: 300
+ ---
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: activator-service
+ namespace: knative-serving
+ labels:
+ app: activator
+ serving.knative.dev/release: devel
+ spec:
+ selector:
+ app: activator
+ ports:
+ - name: http-metrics
+ port: 9090
+ targetPort: 9090
+ - name: http-profiling
+ port: 8008
+ targetPort: 8008
+ - name: http
+ port: 80
+ targetPort: 8012
+ - name: http2
+ port: 81
+ targetPort: 8013
+ type: ClusterIP
+ ---
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
name: autoscaler-hpa
namespace: knative-serving
labels:
serving.knative.dev/release: devel
autoscaling.knative.dev/autoscaler-provider: hpa
spec:
- replicas: 1
selector:
matchLabels:
app: autoscaler-hpa
template:
metadata:
annotations:
- sidecar.istio.io/inject: "false"
+ cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
labels:
app: autoscaler-hpa
serving.knative.dev/release: devel
@@ -911,19 +871,14 @@
serviceAccountName: controller
containers:
- name: autoscaler-hpa
- image: quay.io/openshift-knative/knative-serving-autoscaler-hpa:v0.11.1
+ image: quay.io/openshift-knative/knative-serving-autoscaler-hpa:v0.12.1
resources:
requests:
- cpu: 100m
- memory: 100Mi
+ cpu: 30m
+ memory: 40Mi
limits:
- cpu: 1000m
- memory: 1000Mi
- ports:
- - name: metrics
- containerPort: 9090
- - name: profiling
- containerPort: 8008
+ cpu: 300m
+ memory: 400Mi
env:
- name: SYSTEM_NAMESPACE
valueFrom:
@@ -937,31 +892,31 @@
value: knative.dev/serving
securityContext:
allowPrivilegeEscalation: false
+ ports:
+ - name: metrics
+ containerPort: 9090
+ - name: profiling
+ containerPort: 8008
---
apiVersion: v1
kind: Service
metadata:
labels:
- app: autoscaler
+ app: autoscaler-hpa
serving.knative.dev/release: devel
- name: autoscaler
+ autoscaling.knative.dev/autoscaler-provider: hpa
+ name: autoscaler-hpa
namespace: knative-serving
spec:
ports:
- - name: http
- port: 8080
- protocol: TCP
- targetPort: 8080
- name: http-metrics
port: 9090
- protocol: TCP
targetPort: 9090
- - name: https-custom-metrics
- port: 443
- protocol: TCP
- targetPort: 8443
+ - name: http-profiling
+ port: 8008
+ targetPort: 8008
selector:
- app: autoscaler
+ app: autoscaler-hpa
---
apiVersion: apps/v1
kind: Deployment
@@ -979,8 +934,6 @@
metadata:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
- sidecar.istio.io/inject: "true"
- traffic.sidecar.istio.io/includeInboundPorts: "8080,9090"
labels:
app: autoscaler
serving.knative.dev/release: devel
@@ -988,21 +941,7 @@
serviceAccountName: controller
containers:
- name: autoscaler
- image: quay.io/openshift-knative/knative-serving-autoscaler:v0.11.1
- readinessProbe:
- httpGet:
- path: /healthz
- port: 8080
- httpHeaders:
- - name: k-kubelet-probe
- value: "autoscaler"
- livenessProbe:
- httpGet:
- path: /healthz
- port: 8080
- httpHeaders:
- - name: k-kubelet-probe
- value: "autoscaler"
+ image: quay.io/openshift-knative/knative-serving-autoscaler:v0.12.1
resources:
requests:
cpu: 30m
@@ -1010,18 +949,6 @@
limits:
cpu: 300m
memory: 400Mi
- ports:
- - name: websocket
- containerPort: 8080
- - name: metrics
- containerPort: 9090
- - name: custom-metrics
- containerPort: 8443
- - name: profiling
- containerPort: 8008
- args:
- - "--secure-port=8443"
- - "--cert-dir=/tmp"
env:
- name: SYSTEM_NAMESPACE
valueFrom:
@@ -1035,6 +962,50 @@
value: knative.dev/serving
securityContext:
allowPrivilegeEscalation: false
+ ports:
+ - name: metrics
+ containerPort: 9090
+ - name: profiling
+ containerPort: 8008
+ - name: websocket
+ containerPort: 8080
+ - name: custom-metrics
+ containerPort: 8443
+ readinessProbe: &probe
+ httpGet:
+ port: 8080
+ httpHeaders:
+ - name: k-kubelet-probe
+ value: "autoscaler"
+ livenessProbe: *probe
+ args:
+ - "--secure-port=8443"
+ - "--cert-dir=/tmp"
+ ---
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ app: autoscaler
+ serving.knative.dev/release: devel
+ name: autoscaler
+ namespace: knative-serving
+ spec:
+ ports:
+ - name: http-metrics
+ port: 9090
+ targetPort: 9090
+ - name: http-profiling
+ port: 8008
+ targetPort: 8008
+ - name: http
+ port: 8080
+ targetPort: 8080
+ - name: https-custom-metrics
+ port: 443
+ targetPort: 8443
+ selector:
+ app: autoscaler
---
apiVersion: v1
kind: ConfigMap
@@ -1057,6 +1028,7 @@
enable-scale-to-zero: "true"
tick-interval: "2s"
scale-to-zero-grace-period: "30s"
+ enable-graceful-scaledown: "false"
---
apiVersion: v1
kind: ConfigMap
@@ -1084,7 +1056,7 @@
labels:
serving.knative.dev/release: devel
data:
- queueSidecarImage: quay.io/openshift-knative/knative-serving-queue:v0.11.1
+ queueSidecarImage: quay.io/openshift-knative/knative-serving-queue:v0.12.1
_example: |
registriesSkippingTagResolving: "ko.local,dev.local"
---
@@ -1114,9 +1086,9 @@
serving.knative.dev/release: devel
data:
_example: |
- stale-revision-create-delay: "24h"
+ stale-revision-create-delay: "48h"
stale-revision-timeout: "15h"
- stale-revision-minimum-generations: "1"
+ stale-revision-minimum-generations: "20"
stale-revision-lastpinned-debounce: "5h"
---
apiVersion: v1
@@ -1132,7 +1104,6 @@
gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local"
local-gateway.knative-serving.cluster-local-gateway: "cluster-local-gateway.istio-system.svc.cluster.local"
local-gateway.mesh: "mesh"
- reconcileExternalGateway: "false"
---
apiVersion: v1
kind: ConfigMap
@@ -1180,7 +1151,6 @@
data:
_example: |
istio.sidecar.includeOutboundIPRanges: "*"
- clusteringress.class: "istio.ingress.networking.knative.dev"
ingress.class: "istio.ingress.networking.knative.dev"
certificate.class: "cert-manager.certificate.networking.internal.knative.dev"
domainTemplate: "{{.Name}}.{{.Namespace}}.{{.Domain}}"
@@ -1231,14 +1201,13 @@
labels:
serving.knative.dev/release: devel
spec:
- replicas: 1
selector:
matchLabels:
app: controller
template:
metadata:
annotations:
- sidecar.istio.io/inject: "false"
+ cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
labels:
app: controller
serving.knative.dev/release: devel
@@ -1246,7 +1215,7 @@
serviceAccountName: controller
containers:
- name: controller
- image: quay.io/openshift-knative/knative-serving-controller:v0.11.1
+ image: quay.io/openshift-knative/knative-serving-controller:v0.12.1
resources:
requests:
cpu: 100m
@@ -1254,11 +1223,6 @@
limits:
cpu: 1000m
memory: 1000Mi
- ports:
- - name: metrics
- containerPort: 9090
- - name: profiling
- containerPort: 8008
env:
- name: SYSTEM_NAMESPACE
valueFrom:
@@ -1272,6 +1236,30 @@
value: knative.dev/internal/serving
securityContext:
allowPrivilegeEscalation: false
+ ports:
+ - name: metrics
+ containerPort: 9090
+ - name: profiling
+ containerPort: 8008
+ ---
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ app: controller
+ serving.knative.dev/release: devel
+ name: controller
+ namespace: knative-serving
+ spec:
+ ports:
+ - name: http-metrics
+ port: 9090
+ targetPort: 9090
+ - name: http-profiling
+ port: 8008
+ targetPort: 8008
+ selector:
+ app: controller
---
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
@@ -1299,13 +1287,13 @@
serving.knative.dev/release: devel
networking.knative.dev/ingress-provider: istio
spec:
- replicas: 1
selector:
matchLabels:
app: networking-istio
template:
metadata:
annotations:
+ cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
sidecar.istio.io/inject: "false"
labels:
app: networking-istio
@@ -1314,19 +1302,14 @@
serviceAccountName: controller
containers:
- name: networking-istio
- image: quay.io/openshift-knative/knative-serving-istio:v0.11.1
+ image: quay.io/openshift-knative/knative-serving-istio:v0.12.1
resources:
requests:
- cpu: 100m
- memory: 100Mi
+ cpu: 30m
+ memory: 40Mi
limits:
- cpu: 1000m
- memory: 1000Mi
- ports:
- - name: metrics
- containerPort: 9090
- - name: profiling
- containerPort: 8008
+ cpu: 300m
+ memory: 400Mi
env:
- name: SYSTEM_NAMESPACE
valueFrom:
@@ -1340,6 +1323,11 @@
value: knative.dev/serving
securityContext:
allowPrivilegeEscalation: false
+ ports:
+ - name: metrics
+ containerPort: 9090
+ - name: profiling
+ containerPort: 8008
---
apiVersion: apps/v1
kind: Deployment
@@ -1349,7 +1337,6 @@
labels:
serving.knative.dev/release: devel
spec:
- replicas: 1
selector:
matchLabels:
app: webhook
@@ -1358,7 +1345,6 @@
metadata:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
- sidecar.istio.io/inject: "false"
labels:
app: webhook
role: webhook
@@ -1367,12 +1353,7 @@
serviceAccountName: controller
containers:
- name: webhook
- image: quay.io/openshift-knative/knative-serving-webhook:v0.11.1
- ports:
- - name: metrics
- containerPort: 9090
- - name: profiling
- containerPort: 8008
+ image: quay.io/openshift-knative/knative-serving-webhook:v0.12.1
resources:
requests:
cpu: 20m
@@ -1393,3 +1374,30 @@
value: knative.dev/serving
securityContext:
allowPrivilegeEscalation: false
+ ports:
+ - name: metrics
+ containerPort: 9090
+ - name: profiling
+ containerPort: 8008
+ ---
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ role: webhook
+ serving.knative.dev/release: devel
+ name: webhook
+ namespace: knative-serving
+ spec:
+ ports:
+ - name: http-metrics
+ port: 9090
+ targetPort: 9090
+ - name: http-profiling
+ port: 8008
+ targetPort: 8008
+ - name: https-webhook
+ port: 443
+ targetPort: 8443
+ selector:
+ role: webhook
\ No newline at end of file
--
Gitblit v1.9.3