From 92e5f31395261f0c0cd6dc7b1591b24b082b9095 Mon Sep 17 00:00:00 2001 From: James Falkner <schtool@gmail.com> Date: Thu, 12 Mar 2020 23:16:39 +0100 Subject: [PATCH] Update knative-serving operator workaround (#1321) --- ansible/roles/ocp4-workload-ccnrd/files/knative-serving-cm.yaml | 498 ++++++++++++++++++++++++++++--------------------------- 1 files changed, 253 insertions(+), 245 deletions(-) diff --git a/ansible/roles/ocp4-workload-ccnrd/files/knative-serving-cm.yaml b/ansible/roles/ocp4-workload-ccnrd/files/knative-serving-cm.yaml index 28aab1c..5d65115 100644 --- a/ansible/roles/ocp4-workload-ccnrd/files/knative-serving-cm.yaml +++ b/ansible/roles/ocp4-workload-ccnrd/files/knative-serving-cm.yaml @@ -4,7 +4,7 @@ name: ko-data namespace: openshift-operators data: - knative-serving-v0.11.1.yaml: | + knative-serving-v0.12.1.yaml: | --- apiVersion: v1 kind: Namespace @@ -389,7 +389,7 @@ - knative-internal - networking shortNames: - - ing + - kingress scope: Namespaced subresources: status: {} @@ -656,64 +656,26 @@ type: string JSONPath: ".status.conditions[?(@.type=='Ready')].reason" --- - apiVersion: v1 - kind: Service + apiVersion: admissionregistration.k8s.io/v1beta1 + kind: ValidatingWebhookConfiguration metadata: - name: activator-service - namespace: knative-serving + name: config.webhook.serving.knative.dev labels: - app: activator serving.knative.dev/release: devel - spec: - selector: - app: activator - ports: - - name: http - protocol: TCP - port: 80 - targetPort: 8012 - - name: http2 - protocol: TCP - port: 81 - targetPort: 8013 - - name: http-metrics - protocol: TCP - port: 9090 - targetPort: 9090 - type: ClusterIP - --- - apiVersion: v1 - kind: Service - metadata: - labels: - app: controller - serving.knative.dev/release: devel - name: controller - namespace: knative-serving - spec: - ports: - - name: http-metrics - port: 9090 - protocol: TCP - targetPort: 9090 - selector: - app: controller - --- - apiVersion: v1 - kind: Service - metadata: - labels: - role: webhook - serving.knative.dev/release: devel - name: webhook - namespace: knative-serving - spec: - ports: - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - role: webhook + webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: config.webhook.serving.knative.dev + namespaceSelector: + matchExpressions: + - key: serving.knative.dev/release + operator: Exists --- apiVersion: admissionregistration.k8s.io/v1beta1 kind: MutatingWebhookConfiguration @@ -729,6 +691,7 @@ name: webhook namespace: knative-serving failurePolicy: Fail + sideEffects: None name: webhook.serving.knative.dev --- apiVersion: admissionregistration.k8s.io/v1beta1 @@ -745,27 +708,8 @@ name: webhook namespace: knative-serving failurePolicy: Fail + sideEffects: None name: validation.webhook.serving.knative.dev - --- - apiVersion: admissionregistration.k8s.io/v1beta1 - kind: ValidatingWebhookConfiguration - metadata: - name: config.webhook.serving.knative.dev - labels: - serving.knative.dev/release: devel - webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - name: config.webhook.serving.knative.dev - namespaceSelector: - matchExpressions: - - key: serving.knative.dev/release - operator: Exists --- apiVersion: v1 kind: Secret @@ -783,89 +727,7 @@ labels: serving.knative.dev/release: devel spec: - image: quay.io/openshift-knative/knative-serving-queue:v0.11.1 - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: activator - namespace: knative-serving - labels: - serving.knative.dev/release: devel - spec: - selector: - matchLabels: - app: activator - role: activator - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - sidecar.istio.io/inject: "true" - labels: - app: activator - role: activator - serving.knative.dev/release: devel - spec: - serviceAccountName: controller - terminationGracePeriodSeconds: 300 - containers: - - name: activator - image: quay.io/openshift-knative/knative-serving-activator:v0.11.1 - env: - - name: GOGC - value: 500 - ports: - - name: http1 - containerPort: 8012 - - name: h2c - containerPort: 8013 - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - readinessProbe: - httpGet: - path: /healthz - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - livenessProbe: - httpGet: - path: /healthz - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - resources: - requests: - cpu: 300m - memory: 60Mi - limits: - cpu: 1000m - memory: 600Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false + image: quay.io/openshift-knative/knative-serving-queue:v0.12.1 --- apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler @@ -890,20 +752,118 @@ apiVersion: apps/v1 kind: Deployment metadata: + name: activator + namespace: knative-serving + labels: + serving.knative.dev/release: devel + spec: + selector: + matchLabels: + app: activator + role: activator + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: activator + role: activator + serving.knative.dev/release: devel + spec: + serviceAccountName: controller + containers: + - name: activator + image: quay.io/openshift-knative/knative-serving-activator:v0.12.1 + resources: + requests: + cpu: 300m + memory: 60Mi + limits: + cpu: 1000m + memory: 600Mi + env: + - name: GOGC + value: "500" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/internal/serving + securityContext: + allowPrivilegeEscalation: false + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: http1 + containerPort: 8012 + - name: h2c + containerPort: 8013 + readinessProbe: &probe + httpGet: + port: 8012 + httpHeaders: + - name: k-kubelet-probe + value: "activator" + livenessProbe: *probe + terminationGracePeriodSeconds: 300 + --- + apiVersion: v1 + kind: Service + metadata: + name: activator-service + namespace: knative-serving + labels: + app: activator + serving.knative.dev/release: devel + spec: + selector: + app: activator + ports: + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: http + port: 80 + targetPort: 8012 + - name: http2 + port: 81 + targetPort: 8013 + type: ClusterIP + --- + apiVersion: apps/v1 + kind: Deployment + metadata: name: autoscaler-hpa namespace: knative-serving labels: serving.knative.dev/release: devel autoscaling.knative.dev/autoscaler-provider: hpa spec: - replicas: 1 selector: matchLabels: app: autoscaler-hpa template: metadata: annotations: - sidecar.istio.io/inject: "false" + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: app: autoscaler-hpa serving.knative.dev/release: devel @@ -911,19 +871,14 @@ serviceAccountName: controller containers: - name: autoscaler-hpa - image: quay.io/openshift-knative/knative-serving-autoscaler-hpa:v0.11.1 + image: quay.io/openshift-knative/knative-serving-autoscaler-hpa:v0.12.1 resources: requests: - cpu: 100m - memory: 100Mi + cpu: 30m + memory: 40Mi limits: - cpu: 1000m - memory: 1000Mi - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 + cpu: 300m + memory: 400Mi env: - name: SYSTEM_NAMESPACE valueFrom: @@ -937,31 +892,31 @@ value: knative.dev/serving securityContext: allowPrivilegeEscalation: false + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 --- apiVersion: v1 kind: Service metadata: labels: - app: autoscaler + app: autoscaler-hpa serving.knative.dev/release: devel - name: autoscaler + autoscaling.knative.dev/autoscaler-provider: hpa + name: autoscaler-hpa namespace: knative-serving spec: ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 8080 - name: http-metrics port: 9090 - protocol: TCP targetPort: 9090 - - name: https-custom-metrics - port: 443 - protocol: TCP - targetPort: 8443 + - name: http-profiling + port: 8008 + targetPort: 8008 selector: - app: autoscaler + app: autoscaler-hpa --- apiVersion: apps/v1 kind: Deployment @@ -979,8 +934,6 @@ metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - sidecar.istio.io/inject: "true" - traffic.sidecar.istio.io/includeInboundPorts: "8080,9090" labels: app: autoscaler serving.knative.dev/release: devel @@ -988,21 +941,7 @@ serviceAccountName: controller containers: - name: autoscaler - image: quay.io/openshift-knative/knative-serving-autoscaler:v0.11.1 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - livenessProbe: - httpGet: - path: /healthz - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" + image: quay.io/openshift-knative/knative-serving-autoscaler:v0.12.1 resources: requests: cpu: 30m @@ -1010,18 +949,6 @@ limits: cpu: 300m memory: 400Mi - ports: - - name: websocket - containerPort: 8080 - - name: metrics - containerPort: 9090 - - name: custom-metrics - containerPort: 8443 - - name: profiling - containerPort: 8008 - args: - - "--secure-port=8443" - - "--cert-dir=/tmp" env: - name: SYSTEM_NAMESPACE valueFrom: @@ -1035,6 +962,50 @@ value: knative.dev/serving securityContext: allowPrivilegeEscalation: false + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: websocket + containerPort: 8080 + - name: custom-metrics + containerPort: 8443 + readinessProbe: &probe + httpGet: + port: 8080 + httpHeaders: + - name: k-kubelet-probe + value: "autoscaler" + livenessProbe: *probe + args: + - "--secure-port=8443" + - "--cert-dir=/tmp" + --- + apiVersion: v1 + kind: Service + metadata: + labels: + app: autoscaler + serving.knative.dev/release: devel + name: autoscaler + namespace: knative-serving + spec: + ports: + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: http + port: 8080 + targetPort: 8080 + - name: https-custom-metrics + port: 443 + targetPort: 8443 + selector: + app: autoscaler --- apiVersion: v1 kind: ConfigMap @@ -1057,6 +1028,7 @@ enable-scale-to-zero: "true" tick-interval: "2s" scale-to-zero-grace-period: "30s" + enable-graceful-scaledown: "false" --- apiVersion: v1 kind: ConfigMap @@ -1084,7 +1056,7 @@ labels: serving.knative.dev/release: devel data: - queueSidecarImage: quay.io/openshift-knative/knative-serving-queue:v0.11.1 + queueSidecarImage: quay.io/openshift-knative/knative-serving-queue:v0.12.1 _example: | registriesSkippingTagResolving: "ko.local,dev.local" --- @@ -1114,9 +1086,9 @@ serving.knative.dev/release: devel data: _example: | - stale-revision-create-delay: "24h" + stale-revision-create-delay: "48h" stale-revision-timeout: "15h" - stale-revision-minimum-generations: "1" + stale-revision-minimum-generations: "20" stale-revision-lastpinned-debounce: "5h" --- apiVersion: v1 @@ -1132,7 +1104,6 @@ gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local" local-gateway.knative-serving.cluster-local-gateway: "cluster-local-gateway.istio-system.svc.cluster.local" local-gateway.mesh: "mesh" - reconcileExternalGateway: "false" --- apiVersion: v1 kind: ConfigMap @@ -1180,7 +1151,6 @@ data: _example: | istio.sidecar.includeOutboundIPRanges: "*" - clusteringress.class: "istio.ingress.networking.knative.dev" ingress.class: "istio.ingress.networking.knative.dev" certificate.class: "cert-manager.certificate.networking.internal.knative.dev" domainTemplate: "{{.Name}}.{{.Namespace}}.{{.Domain}}" @@ -1231,14 +1201,13 @@ labels: serving.knative.dev/release: devel spec: - replicas: 1 selector: matchLabels: app: controller template: metadata: annotations: - sidecar.istio.io/inject: "false" + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: app: controller serving.knative.dev/release: devel @@ -1246,7 +1215,7 @@ serviceAccountName: controller containers: - name: controller - image: quay.io/openshift-knative/knative-serving-controller:v0.11.1 + image: quay.io/openshift-knative/knative-serving-controller:v0.12.1 resources: requests: cpu: 100m @@ -1254,11 +1223,6 @@ limits: cpu: 1000m memory: 1000Mi - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 env: - name: SYSTEM_NAMESPACE valueFrom: @@ -1272,6 +1236,30 @@ value: knative.dev/internal/serving securityContext: allowPrivilegeEscalation: false + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + --- + apiVersion: v1 + kind: Service + metadata: + labels: + app: controller + serving.knative.dev/release: devel + name: controller + namespace: knative-serving + spec: + ports: + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + selector: + app: controller --- apiVersion: apiregistration.k8s.io/v1beta1 kind: APIService @@ -1299,13 +1287,13 @@ serving.knative.dev/release: devel networking.knative.dev/ingress-provider: istio spec: - replicas: 1 selector: matchLabels: app: networking-istio template: metadata: annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" sidecar.istio.io/inject: "false" labels: app: networking-istio @@ -1314,19 +1302,14 @@ serviceAccountName: controller containers: - name: networking-istio - image: quay.io/openshift-knative/knative-serving-istio:v0.11.1 + image: quay.io/openshift-knative/knative-serving-istio:v0.12.1 resources: requests: - cpu: 100m - memory: 100Mi + cpu: 30m + memory: 40Mi limits: - cpu: 1000m - memory: 1000Mi - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 + cpu: 300m + memory: 400Mi env: - name: SYSTEM_NAMESPACE valueFrom: @@ -1340,6 +1323,11 @@ value: knative.dev/serving securityContext: allowPrivilegeEscalation: false + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 --- apiVersion: apps/v1 kind: Deployment @@ -1349,7 +1337,6 @@ labels: serving.knative.dev/release: devel spec: - replicas: 1 selector: matchLabels: app: webhook @@ -1358,7 +1345,6 @@ metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - sidecar.istio.io/inject: "false" labels: app: webhook role: webhook @@ -1367,12 +1353,7 @@ serviceAccountName: controller containers: - name: webhook - image: quay.io/openshift-knative/knative-serving-webhook:v0.11.1 - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 + image: quay.io/openshift-knative/knative-serving-webhook:v0.12.1 resources: requests: cpu: 20m @@ -1393,3 +1374,30 @@ value: knative.dev/serving securityContext: allowPrivilegeEscalation: false + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + --- + apiVersion: v1 + kind: Service + metadata: + labels: + role: webhook + serving.knative.dev/release: devel + name: webhook + namespace: knative-serving + spec: + ports: + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + role: webhook \ No newline at end of file -- Gitblit v1.9.3