From f669837d9033c20d21749e728e3d4f3915d3b5b8 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 28 Jul 2023 16:23:43 +0200 Subject: [PATCH] Update nightly artifacts (#81) Co-authored-by: pierDipi --- .../eventing-kafka-broker.yaml | 38 +- .../eventing-kafka-channel.yaml | 38 +- .../eventing-kafka-controller.yaml | 454 ++++++++++++++++-- .../eventing-kafka-sink.yaml | 32 +- .../eventing-kafka-source.yaml | 14 +- .../eventing/eventing-core.yaml | 354 ++++++++++---- .../eventing/eventing-post-install.yaml | 12 +- .../eventing/mt-channel-broker.yaml | 185 ++++++- 8 files changed, 936 insertions(+), 191 deletions(-) diff --git a/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-broker.yaml b/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-broker.yaml index a03931ca..d8e1f682 100644 --- a/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-broker.yaml +++ b/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-broker.yaml @@ -17,7 +17,7 @@ metadata: name: config-kafka-broker-data-plane namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" annotations: knative.dev/example-checksum: "57a32008" data: @@ -198,7 +198,7 @@ kind: ClusterRole metadata: name: knative-kafka-broker-data-plane labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" rules: - apiGroups: - "" @@ -229,7 +229,7 @@ metadata: name: knative-kafka-broker-data-plane namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" --- # Copyright 2020 The Knative Authors @@ -250,7 +250,7 @@ kind: ClusterRoleBinding metadata: name: knative-kafka-broker-data-plane labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" subjects: - kind: ServiceAccount name: knative-kafka-broker-data-plane @@ -281,7 +281,7 @@ metadata: namespace: knative-eventing labels: app: kafka-broker-dispatcher - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-broker-dispatcher app.kubernetes.io/name: knative-eventing spec: @@ -293,7 +293,7 @@ spec: name: kafka-broker-dispatcher labels: app: kafka-broker-dispatcher - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-broker-dispatcher app.kubernetes.io/name: knative-eventing spec: @@ -319,7 +319,7 @@ spec: runAsNonRoot: true containers: - name: kafka-broker-dispatcher - image: gcr.io/knative-nightly/knative-kafka-broker-dispatcher:v20230404-b7bfbddc + image: gcr.io/knative-nightly/knative-kafka-broker-dispatcher:v20230727-8a22c92d imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /etc/config @@ -452,7 +452,7 @@ metadata: namespace: knative-eventing labels: app: kafka-broker-receiver - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-broker-receiver app.kubernetes.io/name: knative-eventing spec: @@ -464,7 +464,7 @@ spec: name: kafka-broker-receiver labels: app: kafka-broker-receiver - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-broker-receiver app.kubernetes.io/name: knative-eventing spec: @@ -490,7 +490,7 @@ spec: runAsNonRoot: true containers: - name: kafka-broker-receiver - image: gcr.io/knative-nightly/knative-kafka-broker-receiver:v20230404-b7bfbddc + image: gcr.io/knative-nightly/knative-kafka-broker-receiver:v20230727-8a22c92d imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /etc/config @@ -507,6 +507,9 @@ spec: - mountPath: /etc/tracing name: config-tracing readOnly: true + - mountPath: /etc/receiver-tls-secret + name: broker-receiver-tls-secret + readOnly: true ports: - containerPort: 9090 name: http-metrics @@ -514,6 +517,9 @@ spec: - containerPort: 8080 name: http protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP env: - name: SERVICE_NAME value: "kafka-broker-receiver" @@ -523,6 +529,8 @@ spec: fieldPath: metadata.namespace - name: INGRESS_PORT value: "8080" + - name: INGRESS_TLS_PORT + value: "8443" - name: PRODUCER_CONFIG_FILE_PATH value: /etc/config/config-kafka-broker-producer.properties - name: HTTPSERVER_CONFIG_FILE_PATH @@ -600,6 +608,10 @@ spec: - name: config-tracing configMap: name: config-tracing + - name: broker-receiver-tls-secret + secret: + secretName: kafka-broker-ingress-server-tls + optional: true restartPolicy: Always --- apiVersion: v1 @@ -609,7 +621,7 @@ metadata: namespace: knative-eventing labels: app: kafka-broker-receiver - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-broker-receiver app.kubernetes.io/name: knative-eventing spec: @@ -620,6 +632,10 @@ spec: port: 80 protocol: TCP targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 - name: http-container port: 8080 protocol: TCP diff --git a/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-channel.yaml b/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-channel.yaml index 1a881e95..f7dd6a56 100644 --- a/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-channel.yaml +++ b/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-channel.yaml @@ -17,7 +17,7 @@ metadata: name: config-kafka-channel-data-plane namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" annotations: knative.dev/example-checksum: "6ce544b6" data: @@ -197,7 +197,7 @@ kind: ClusterRole metadata: name: knative-kafka-channel-data-plane labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" rules: - apiGroups: - "" @@ -228,7 +228,7 @@ metadata: name: knative-kafka-channel-data-plane namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" --- # Copyright 2021 The Knative Authors @@ -249,7 +249,7 @@ kind: ClusterRoleBinding metadata: name: knative-kafka-channel-data-plane labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" subjects: - kind: ServiceAccount name: knative-kafka-channel-data-plane @@ -280,7 +280,7 @@ metadata: namespace: knative-eventing labels: app: kafka-channel-dispatcher - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-channel-dispatcher app.kubernetes.io/name: knative-eventing spec: @@ -292,7 +292,7 @@ spec: name: kafka-channel-dispatcher labels: app: kafka-channel-dispatcher - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-channel-dispatcher app.kubernetes.io/name: knative-eventing spec: @@ -318,7 +318,7 @@ spec: runAsNonRoot: true containers: - name: kafka-channel-dispatcher - image: gcr.io/knative-nightly/knative-kafka-broker-dispatcher:v20230404-b7bfbddc + image: gcr.io/knative-nightly/knative-kafka-broker-dispatcher:v20230727-8a22c92d imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /etc/config @@ -451,7 +451,7 @@ metadata: namespace: knative-eventing labels: app: kafka-channel-receiver - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-channel-receiver app.kubernetes.io/name: knative-eventing spec: @@ -463,7 +463,7 @@ spec: name: kafka-channel-receiver labels: app: kafka-channel-receiver - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-channel-receiver app.kubernetes.io/name: knative-eventing spec: @@ -489,7 +489,7 @@ spec: runAsNonRoot: true containers: - name: kafka-channel-receiver - image: gcr.io/knative-nightly/knative-kafka-broker-receiver:v20230404-b7bfbddc + image: gcr.io/knative-nightly/knative-kafka-broker-receiver:v20230727-8a22c92d imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /etc/config @@ -506,6 +506,9 @@ spec: - mountPath: /etc/tracing name: config-tracing readOnly: true + - mountPath: /etc/receiver-tls-secret + name: channel-receiver-tls-secret + readOnly: true ports: - containerPort: 9090 name: http-metrics @@ -513,6 +516,9 @@ spec: - containerPort: 8080 name: http protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP env: - name: SERVICE_NAME value: "kafka-channel-receiver" @@ -522,6 +528,8 @@ spec: fieldPath: metadata.namespace - name: INGRESS_PORT value: "8080" + - name: INGRESS_TLS_PORT + value: "8443" - name: PRODUCER_CONFIG_FILE_PATH value: /etc/config/config-kafka-channel-producer.properties - name: HTTPSERVER_CONFIG_FILE_PATH @@ -599,6 +607,10 @@ spec: - name: config-tracing configMap: name: config-tracing + - name: channel-receiver-tls-secret + secret: + secretName: kafka-channel-ingress-server-tls + optional: true restartPolicy: Always --- apiVersion: v1 @@ -608,7 +620,7 @@ metadata: namespace: knative-eventing labels: app: kafka-channel-receiver - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-channel-receiver app.kubernetes.io/name: knative-eventing spec: @@ -619,6 +631,10 @@ spec: port: 80 protocol: TCP targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 - name: http-container port: 8080 protocol: TCP diff --git a/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-controller.yaml b/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-controller.yaml index 0aeb1122..5f980ebc 100644 --- a/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-controller.yaml +++ b/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-controller.yaml @@ -17,7 +17,7 @@ metadata: name: kafka-broker-config namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" data: default.topic.partitions: "10" default.topic.replication.factor: "3" @@ -43,7 +43,7 @@ metadata: name: kafka-channel-config namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" data: bootstrap.servers: "my-cluster-kafka-bootstrap.kafka:9092" @@ -67,7 +67,7 @@ kind: CustomResourceDefinition metadata: name: kafkachannels.messaging.knative.dev labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" @@ -336,7 +336,7 @@ kind: CustomResourceDefinition metadata: creationTimestamp: null labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" knative.dev/crd-install: "true" name: consumers.internal.kafka.eventing.knative.dev spec: @@ -392,7 +392,7 @@ kind: CustomResourceDefinition metadata: creationTimestamp: null labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" knative.dev/crd-install: "true" name: consumergroups.internal.kafka.eventing.knative.dev spec: @@ -463,7 +463,7 @@ metadata: labels: duck.knative.dev/addressable: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" spec: group: eventing.knative.dev names: @@ -627,7 +627,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" @@ -645,12 +645,364 @@ spec: storage: true schema: openAPIV3Schema: + description: KafkaSource is the Schema for the kafkasources API. type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSourceSpec defines the desired state of the KafkaSource. + type: object + required: + - bootstrapServers + - topics + properties: + bootstrapServers: + description: Bootstrap servers are the Kafka servers the consumer will connect to. + type: array + items: + type: string + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + additionalProperties: + type: string + consumerGroup: + description: ConsumerGroupID is the consumer group ID. + type: string + consumers: + description: "Number of desired consumers running in the consumer group. Defaults to 1. \n This is a pointer to distinguish between explicit zero and not specified." + type: integer + format: int32 + delivery: + description: Delivery contains the delivery spec for this source + type: object + properties: + backoffDelay: + description: "BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 \n For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^." + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + CACerts: + description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any. + type: string + ref: + description: Ref points to an Addressable. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + retryAfterMax: + description: "RetryAfterMax provides an optional upper bound on the duration specified in a \"Retry-After\" header when calculating backoff times for retrying 429 and 503 response codes. Setting the value to zero (\"PT0S\") can be used to opt-out of respecting \"Retry-After\" header values altogether. This value only takes effect if \"Retry\" is configured, and also depends on specific implementations (Channels, Sources, etc.) choosing to provide this capability. \n Note: This API is EXPERIMENTAL and might be changed at anytime. While this experimental feature is in the Alpha/Beta stage, you must provide a valid value to opt-in for supporting \"Retry-After\" headers. When the feature becomes Stable/GA \"Retry-After\" headers will be respected by default, and you can choose to specify \"PT0S\" to opt-out of supporting \"Retry-After\" headers. For more details: https://github.com/knative/eventing/issues/5811 \n More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601" + type: string + timeout: + description: "Timeout is the timeout of each single request. The value must be greater than 0. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 \n Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5148" + type: string + initialOffset: + description: InitialOffset is the Initial Offset for the consumer group. should be earliest or latest + type: string + net: + type: object + properties: + sasl: + type: object + properties: + enable: + type: boolean + password: + description: Password is the Kubernetes secret containing the SASL password. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + type: + description: Type of saslType, defaults to plain (vs SCRAM-SHA-512 or SCRAM-SHA-256) + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + user: + description: User is the Kubernetes secret containing the SASL username. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + tls: + type: object + properties: + caCert: + description: CACert is the Kubernetes secret containing the server CA cert. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + cert: + description: Cert is the Kubernetes secret containing the client certificate. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + enable: + type: boolean + key: + description: Key is the Kubernetes secret containing the client key. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + ordering: + description: Ordering is the type of the consumer verticle. Should be ordered or unordered. By default, it is ordered. + type: string + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + CACerts: + description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any. + type: string + ref: + description: Ref points to an Addressable. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + topics: + description: Topic topics to consume messages from + type: array + items: + type: string + status: + description: KafkaSourceStatus defines the observed state of KafkaSource. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + description: CloudEventAttributes specifies the attributes that a Source uses as part of its CloudEvents. + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + claims: + description: Claims consumed by this KafkaSource instance + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + consumers: + description: Total number of consumers actually running in the consumer group. + type: integer + format: int32 + maxAllowedVReplicas: + type: integer + format: int32 + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + placements: + type: array + items: + type: object + properties: + podName: + description: PodName is the name of the pod where the resource is placed + type: string + vreplicas: + description: VReplicas is the number of virtual replicas assigned to in the pod + type: integer + format: int32 + selector: + description: Use for labelSelectorPath when scaling Kafka source + type: string + sinkCACerts: + description: SinkCACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string subresources: status: {} scale: @@ -693,8 +1045,6 @@ spec: service: name: kafka-source-webhook namespace: knative-eventing ---- - --- # Copyright 2019 The Knative Authors @@ -717,7 +1067,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: eventing-kafka-source-observer labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" duck.knative.dev/source: "true" rules: - apiGroups: @@ -750,7 +1100,7 @@ metadata: name: config-kafka-source-defaults namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" annotations: knative.dev/example-checksum: "b6ed351d" data: @@ -810,7 +1160,7 @@ metadata: name: config-kafka-autoscaler namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" data: class: "keda.autoscaling.knative.dev" min-scale: "0" @@ -841,7 +1191,7 @@ metadata: name: config-kafka-descheduler namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" data: predicates: | [] @@ -864,7 +1214,7 @@ metadata: name: config-kafka-features namespace: knative-eventing annotations: - knative.dev/example-checksum: "b72f1c08" + knative.dev/example-checksum: "1192895d" data: _example: |- ################################ @@ -893,16 +1243,28 @@ data: # 1. Enabled: KEDA autoscaling of consumers will be setup. # 2. Disabled: KEDA autoscaling of consumers will not be setup. controller.autoscaler: "disabled" + # The Go text/template used to generate consumergroup ID for triggers. + # The template can reference the trigger Kubernetes metadata only. + triggers.consumergroup.template: "knative-trigger-{{ .Namespace }}-{{ .Name }}" + # The Go text/template used to generate topics for Brokers. + # The template can reference the broker Kubernetes metadata only. + brokers.topic.template: "knative-broker-{{ .Namespace }}-{{ .Name }}" + # The Go text/template used to generate topics for Channels. + # The template can reference the channel Kubernetes metadata only. + channels.topic.template: "knative-channel-{{ .Namespace }}-{{ .Name }}" dispatcher.rate-limiter: "disabled" dispatcher.ordered-executor-metrics: "disabled" controller.autoscaler: "disabled" + triggers.consumergroup.template: "knative-trigger-{{ .Namespace }}-{{ .Name }}" + brokers.topic.template: "knative-broker-{{ .Namespace }}-{{ .Name }}" + channels.topic.template: "knative-messaging-kafka.{{ .Namespace }}.{{ .Name }}" --- apiVersion: v1 kind: ConfigMap metadata: labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" name: config-kafka-leader-election namespace: knative-eventing annotations: @@ -969,7 +1331,7 @@ metadata: name: config-kafka-scheduler namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" data: predicates: | [ @@ -1009,7 +1371,7 @@ metadata: name: kafka-config-logging namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" data: config.xml: | @@ -1066,7 +1428,7 @@ metadata: name: config-tracing namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" knative.dev/config-propagation: original knative.dev/config-category: eventing annotations: @@ -1126,7 +1488,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-kafka-addressable-resolver labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" duck.knative.dev/addressable: "true" # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -1169,7 +1531,7 @@ kind: ClusterRole metadata: name: knative-kafka-channelable-manipulator labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" duck.knative.dev/channelable: "true" # Do not use this role directly. These rules will be added to the "channelable-manipulator" role. rules: @@ -1206,7 +1568,7 @@ kind: ClusterRole metadata: name: kafka-controller labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" rules: - apiGroups: - "" @@ -1475,7 +1837,7 @@ metadata: name: kafka-controller namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" --- # Copyright 2020 The Knative Authors @@ -1496,7 +1858,7 @@ kind: ClusterRoleBinding metadata: name: kafka-controller labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" subjects: - kind: ServiceAccount name: kafka-controller @@ -1511,7 +1873,7 @@ kind: ClusterRoleBinding metadata: name: kafka-controller-addressable-resolver labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" subjects: - kind: ServiceAccount name: kafka-controller @@ -1542,7 +1904,7 @@ metadata: namespace: knative-eventing labels: app: kafka-controller - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-controller app.kubernetes.io/name: knative-eventing spec: @@ -1554,7 +1916,7 @@ spec: name: kafka-controller labels: app: kafka-controller - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-controller app.kubernetes.io/name: knative-eventing spec: @@ -1580,7 +1942,7 @@ spec: weight: 100 containers: - name: controller - image: gcr.io/knative-nightly/knative.dev/eventing-kafka-broker/control-plane/cmd/kafka-controller@sha256:20996c398a579f9a9fbb7ab2ad2948c4b8a67ed5bc98230f2d74b600f070600d + image: gcr.io/knative-nightly/knative.dev/eventing-kafka-broker/control-plane/cmd/kafka-controller@sha256:a83602b7d4177cb59a2e948665ca6a8c3ea87ca1bedb86d6249a2bca191f35b5 imagePullPolicy: IfNotPresent env: - name: BROKER_DATA_PLANE_CONFIG_MAP_NAMESPACE @@ -1627,6 +1989,12 @@ spec: value: "8080" - name: SINK_INGRESS_POD_PORT value: "8080" + - name: BROKER_INGRESS_POD_TLS_PORT + value: "8443" + - name: CHANNEL_INGRESS_POD_TLS_PORT + value: "8443" + - name: SINK_INGRESS_POD_TLS_PORT + value: "8443" - name: BROKER_SYSTEM_NAMESPACE valueFrom: fieldRef: @@ -1709,7 +2077,7 @@ kind: ClusterRole metadata: name: kafka-webhook-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" rules: # For watching logging configuration and getting certs. - apiGroups: @@ -1811,7 +2179,7 @@ metadata: name: kafka-webhook-eventing namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" --- # Copyright 2020 The Knative Authors @@ -1832,7 +2200,7 @@ kind: ClusterRoleBinding metadata: name: kafka-webhook-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" subjects: - kind: ServiceAccount name: kafka-webhook-eventing @@ -1862,7 +2230,7 @@ kind: MutatingWebhookConfiguration metadata: name: defaulting.webhook.kafka.eventing.knative.dev labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -1894,7 +2262,7 @@ kind: MutatingWebhookConfiguration metadata: name: pods.defaulting.webhook.kafka.eventing.knative.dev labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" webhooks: # Dispatcher pods webhook config. - admissionReviewVersions: ["v1", "v1beta1"] @@ -1936,7 +2304,7 @@ metadata: name: kafka-webhook-eventing-certs namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" # The data is populated at install time. --- @@ -1959,7 +2327,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.kafka.eventing.knative.dev labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -1993,7 +2361,7 @@ metadata: namespace: knative-eventing labels: app: kafka-webhook-eventing - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-webhook-eventing app.kubernetes.io/name: knative-eventing spec: @@ -2004,7 +2372,7 @@ spec: metadata: labels: app: kafka-webhook-eventing - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-webhook-eventing app.kubernetes.io/name: knative-eventing spec: @@ -2024,7 +2392,7 @@ spec: containers: - name: kafka-webhook-eventing terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-nightly/knative.dev/eventing-kafka-broker/control-plane/cmd/webhook-kafka@sha256:0ce2f4208ee91b8f91b9062f27509929928eab6a829034f8cd7f4903dbd273f3 + image: gcr.io/knative-nightly/knative.dev/eventing-kafka-broker/control-plane/cmd/webhook-kafka@sha256:76bb75f70cc505315bc43d3301f93d90c72475e5b9e1fcebee57cd5d609092cc resources: requests: cpu: 20m @@ -2088,7 +2456,7 @@ metadata: namespace: knative-eventing labels: app: kafka-webhook-eventing - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-webhook-eventing app.kubernetes.io/name: knative-eventing spec: diff --git a/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-sink.yaml b/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-sink.yaml index 2188eaab..9bb82ad0 100644 --- a/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-sink.yaml +++ b/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-sink.yaml @@ -17,7 +17,7 @@ metadata: name: config-kafka-sink-data-plane namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" annotations: knative.dev/example-checksum: "a8ce4acb" data: @@ -111,7 +111,7 @@ kind: ClusterRole metadata: name: knative-kafka-sink-data-plane labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" rules: - apiGroups: - "" @@ -142,7 +142,7 @@ metadata: name: knative-kafka-sink-data-plane namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" --- # Copyright 2020 The Knative Authors @@ -163,7 +163,7 @@ kind: ClusterRoleBinding metadata: name: knative-kafka-sink-data-plane labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" subjects: - kind: ServiceAccount name: knative-kafka-sink-data-plane @@ -194,7 +194,7 @@ metadata: namespace: knative-eventing labels: app: kafka-sink-receiver - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-sink-receiver app.kubernetes.io/name: knative-eventing spec: @@ -206,7 +206,7 @@ spec: name: kafka-sink-receiver labels: app: kafka-sink-receiver - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-sink-receiver app.kubernetes.io/name: knative-eventing spec: @@ -232,7 +232,7 @@ spec: runAsNonRoot: true containers: - name: kafka-sink-receiver - image: gcr.io/knative-nightly/knative-kafka-broker-receiver:v20230404-b7bfbddc + image: gcr.io/knative-nightly/knative-kafka-broker-receiver:v20230727-8a22c92d imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /etc/config @@ -249,6 +249,9 @@ spec: - mountPath: /etc/tracing name: config-tracing readOnly: true + - mountPath: /etc/receiver-tls-secret + name: sink-receiver-tls-secret + readOnly: true ports: - containerPort: 9090 name: http-metrics @@ -256,6 +259,9 @@ spec: - containerPort: 8080 name: http protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP env: - name: SERVICE_NAME value: "kafka-sink-receiver" @@ -265,6 +271,8 @@ spec: fieldPath: metadata.namespace - name: INGRESS_PORT value: "8080" + - name: INGRESS_TLS_PORT + value: "8443" - name: PRODUCER_CONFIG_FILE_PATH value: /etc/config/config-kafka-sink-producer.properties - name: HTTPSERVER_CONFIG_FILE_PATH @@ -342,6 +350,10 @@ spec: - name: config-tracing configMap: name: config-tracing + - name: sink-receiver-tls-secret + secret: + secretName: kafka-sink-ingress-server-tls + optional: true restartPolicy: Always --- apiVersion: v1 @@ -351,7 +363,7 @@ metadata: namespace: knative-eventing labels: app: kafka-sink-receiver - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-sink-receiver app.kubernetes.io/name: knative-eventing spec: @@ -366,6 +378,10 @@ spec: port: 8080 protocol: TCP targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 - name: http-metrics port: 9090 protocol: TCP diff --git a/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-source.yaml b/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-source.yaml index 254ca281..dbe8cee7 100644 --- a/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-source.yaml +++ b/installation/manifests/upstream-nightly/eventing-kafka-broker/eventing-kafka-source.yaml @@ -17,7 +17,7 @@ metadata: name: config-kafka-source-data-plane namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" annotations: knative.dev/example-checksum: "8157ecb1" data: @@ -178,7 +178,7 @@ kind: ClusterRole metadata: name: knative-kafka-source-data-plane labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" rules: - apiGroups: - "" @@ -209,7 +209,7 @@ metadata: name: knative-kafka-source-data-plane namespace: knative-eventing labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" --- # Copyright 2021 The Knative Authors @@ -230,7 +230,7 @@ kind: ClusterRoleBinding metadata: name: knative-kafka-source-data-plane labels: - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" subjects: - kind: ServiceAccount name: knative-kafka-source-data-plane @@ -261,7 +261,7 @@ metadata: namespace: knative-eventing labels: app: kafka-source-dispatcher - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-source-dispatcher app.kubernetes.io/name: knative-eventing spec: @@ -275,7 +275,7 @@ spec: name: kafka-source-dispatcher labels: app: kafka-source-dispatcher - app.kubernetes.io/version: "b7bfbddc1b7c4b4f3a25155a0a35dcfb1dc7b0e7" + app.kubernetes.io/version: "8a22c92df90fbe82c8714d00c5ee5842cd3a37b9" app.kubernetes.io/component: kafka-channel-dispatcher app.kubernetes.io/name: knative-eventing app.kubernetes.io/kind: kafka-dispatcher @@ -302,7 +302,7 @@ spec: runAsNonRoot: true containers: - name: kafka-source-dispatcher - image: gcr.io/knative-nightly/knative-kafka-broker-dispatcher:v20230404-b7bfbddc + image: gcr.io/knative-nightly/knative-kafka-broker-dispatcher:v20230727-8a22c92d imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /etc/config diff --git a/installation/manifests/upstream-nightly/eventing/eventing-core.yaml b/installation/manifests/upstream-nightly/eventing/eventing-core.yaml index 10bcb9ec..13cfd002 100644 --- a/installation/manifests/upstream-nightly/eventing/eventing-core.yaml +++ b/installation/manifests/upstream-nightly/eventing/eventing-core.yaml @@ -16,7 +16,7 @@ kind: Namespace metadata: name: knative-eventing labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing --- @@ -40,7 +40,7 @@ metadata: name: eventing-controller namespace: knative-eventing labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -48,7 +48,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -64,7 +64,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-resolver labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -80,7 +80,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-source-observer labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -96,7 +96,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-sources-controller labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -112,7 +112,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-manipulator labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -144,7 +144,7 @@ metadata: name: pingsource-mt-adapter namespace: knative-eventing labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -152,7 +152,7 @@ kind: ClusterRoleBinding metadata: name: knative-eventing-pingsource-mt-adapter labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -184,7 +184,7 @@ metadata: name: eventing-webhook namespace: knative-eventing labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -192,7 +192,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -209,7 +209,7 @@ metadata: namespace: knative-eventing name: eventing-webhook labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -225,7 +225,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook-resolver labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -241,7 +241,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook-podspecable-binding labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -273,7 +273,7 @@ metadata: name: config-br-default-channel namespace: knative-eventing labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing data: channel-template-spec: | @@ -301,7 +301,7 @@ metadata: name: config-br-defaults namespace: knative-eventing labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing data: # Configures the default for any Broker that does not specify a spec.config or Broker class. @@ -338,7 +338,7 @@ metadata: name: default-ch-webhook namespace: knative-eventing labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing data: # Configuration for defaulting channels that do not specify CRD implementations. @@ -374,7 +374,7 @@ metadata: labels: annotations: knative.dev/example-checksum: "9185c153" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing data: _example: | @@ -420,7 +420,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing data: # ALPHA feature: The kreference-group allows you to use the Group field in KReferences. @@ -439,6 +439,12 @@ data: # in Trigger objects with its rich filtering capabilities. # For more details: https://github.com/knative/eventing/issues/5204 new-trigger-filters: "disabled" + # ALPHA feature: The transport-encryption flag allows you to encrypt events in transit using the transport layer security (TLS) protocol. + # For more details: https://github.com/knative/eventing/issues/5957 + transport-encryption: "disabled" + # ALPHA feature: The eventtype-auto-create flag allows automatic creation of Even Type instances based on Event's type being processed. + # For more details: https://github.com/knative/eventing/issues/6909 + eventtype-auto-create: "disabled" --- # Copyright 2021 The Knative Authors @@ -509,7 +515,7 @@ metadata: name: config-leader-election namespace: knative-eventing labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "f7948630" @@ -572,7 +578,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing data: # Common configuration for all Knative codebase @@ -625,7 +631,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "f46cf09d" @@ -699,7 +705,7 @@ metadata: name: config-sugar namespace: knative-eventing labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "62dfac6f" @@ -758,7 +764,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "0492ceb0" @@ -815,7 +821,7 @@ metadata: labels: knative.dev/high-availability: "true" app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: selector: @@ -826,7 +832,7 @@ spec: labels: app: eventing-controller app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -844,7 +850,7 @@ spec: containers: - name: eventing-controller terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/controller@sha256:ce131f630a11471860d750e2e479706210d9f00f61d94e9c19171c031ca1a511 + image: gcr.io/knative-nightly/knative.dev/eventing/cmd/controller@sha256:44276d6757d5b6d76bbdd7f7ffcd1055cc1b655ece06dd4aa5d6191afcaa8fa0 resources: requests: cpu: 100m @@ -862,7 +868,7 @@ spec: value: knative.dev/eventing # APIServerSource - name: APISERVER_RA_IMAGE - value: gcr.io/knative-nightly/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:a35516920ec947bf5a42ffa471afe7ceef496e8e881475287574404dcb214189 + value: gcr.io/knative-nightly/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:d54da640eebaceed330b96a7e200642a5049aa8e504636b8a8901ecd34938168 - name: POD_NAME valueFrom: fieldRef: @@ -932,7 +938,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: # when set to 0 (and only 0) will be set to 1 when the first PingSource is created. @@ -946,7 +952,7 @@ spec: labels: !!merge <<: *labels app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: affinity: @@ -960,7 +966,7 @@ spec: enableServiceLinks: false containers: - name: dispatcher - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/mtping@sha256:6be0ca4180f9e83c05fae070086771677e368f1fd4e0406a6f17938fc7323174 + image: gcr.io/knative-nightly/knative.dev/eventing/cmd/mtping@sha256:5bca07216dcc8b1bd6e8ee2a6d52604ca5b0c084981266da36fc7b715203b631 env: - name: SYSTEM_NAMESPACE value: '' @@ -1034,7 +1040,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: @@ -1059,7 +1065,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: minAvailable: 80% @@ -1089,7 +1095,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: selector: @@ -1101,7 +1107,7 @@ spec: labels: !!merge <<: *labels app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -1121,7 +1127,7 @@ spec: terminationMessagePolicy: FallbackToLogsOnError # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/webhook@sha256:436bd9ea3fc4b7c6f07ea20fb6a67d819bec54b1caa22ee2c39716f04ce2dfbb + image: gcr.io/knative-nightly/knative.dev/eventing/cmd/webhook@sha256:6e24232f04e4a43ceb94f5c9047e3056e4cc494ebe8126d99a37201793263666 resources: requests: # taken from serving. @@ -1194,7 +1200,7 @@ metadata: labels: role: eventing-webhook app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing name: eventing-webhook namespace: knative-eventing @@ -1229,7 +1235,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing annotations: # TODO add schemas and descriptions @@ -1345,6 +1351,9 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string namespaceSelector: description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. type: object @@ -1423,6 +1432,9 @@ spec: sinkUri: description: SinkURI is the current active sink URI that has been configured for the Source. type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string namespaces: description: Namespaces show the namespaces currently watched by the ApiServerSource type: array @@ -1473,7 +1485,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -1541,6 +1553,9 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -1554,8 +1569,24 @@ spec: description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + addresses: + description: Broker is Addressable. It exposes the endpoints as URIs to get events delivered into the Broker mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -1590,6 +1621,9 @@ spec: deadLetterSinkUri: description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -1644,7 +1678,7 @@ metadata: knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -1723,6 +1757,9 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -1779,9 +1816,15 @@ spec: replyUri: description: ReplyURI is the endpoint for the reply type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string subscriberUri: description: SubscriberURI is the endpoint for the subscriber type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string uid: description: UID is used to understand the origin of the subscriber. type: string @@ -1790,10 +1833,27 @@ spec: type: object properties: address: + description: Channel is Addressable. It exposes the endpoint as an URI to get events delivered into the Channel mesh. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + addresses: + description: Channel is Addressable. It exposes the endpoints as URIs to get events delivered into the Channel mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -1860,6 +1920,9 @@ spec: deadLetterSinkUri: description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -1918,7 +1981,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing name: containersources.sources.knative.dev spec: @@ -1968,6 +2031,9 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. template: type: object @@ -2026,6 +2092,9 @@ spec: sinkUri: description: SinkURI is the current active sink URI that has been configured for the Source. type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string additionalPrinterColumns: - name: Sink type: string @@ -2069,12 +2138,13 @@ metadata: name: eventtypes.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev versions: - - name: v1beta1 + - &version + name: v1beta1 served: true storage: true subresources: @@ -2090,6 +2160,22 @@ spec: properties: broker: type: string + reference: + description: Reference Broker. For example + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is an optional field, it gets defaulted to the object holding it if left out.' + type: string description: description: 'Description is an optional field used to describe the EventType, in any meaningful way.' type: string @@ -2154,19 +2240,26 @@ spec: - name: Schema type: string jsonPath: ".spec.schema" - - name: Broker + - name: Reference Name type: string - jsonPath: ".spec.broker" + jsonPath: ".spec.reference.name" + - name: Reference Kind + type: string + jsonPath: ".spec.reference.kind" - name: Description type: string jsonPath: ".spec.description" - # TODO remove Status https://github.com/knative/eventing/issues/2750 - name: Ready type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - !!merge <<: *version + name: v1beta2 + served: true + storage: false + # v1beta1 schema is identical to the v1beta2 schema names: kind: EventType plural: eventtypes @@ -2176,6 +2269,14 @@ spec: - knative - eventing scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing --- # Copyright 2020 The Knative Authors @@ -2198,7 +2299,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -2257,6 +2358,9 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -2301,10 +2405,27 @@ spec: type: object properties: address: + description: Parallel is Addressable. It exposes the endpoint as an URI to get events delivered into the Parallel. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + addresses: + description: Parallel is Addressable. It exposes the endpoints as URIs to get events delivered into the Parallel. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -2453,7 +2574,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing annotations: # TODO add schemas and descriptions @@ -2525,6 +2646,9 @@ spec: uri: description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string timezone: description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' type: string @@ -2582,6 +2706,9 @@ spec: sinkUri: description: 'SinkURI is the current active sink URI that has been configured for the Source.' type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string additionalPrinterColumns: - name: Sink type: string @@ -2642,7 +2769,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -2737,6 +2864,9 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -2761,15 +2891,35 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string status: description: Status represents the current state of the Sequence. This data may be out of date. type: object properties: address: + description: Sequence is Addressable. It exposes the endpoint as an URI to get events delivered into the Sequence. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + addresses: + description: Sequence is Addressable. It exposes the endpoints as URIs to get events delivered into the Sequence. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -2963,7 +3113,7 @@ metadata: duck.knative.dev/source: "true" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing name: sinkbindings.sources.knative.dev spec: @@ -3013,6 +3163,9 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string subject: description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. type: object @@ -3107,6 +3260,9 @@ spec: sinkUri: description: SinkURI is the current active sink URI that has been configured for the Source. type: string + sinkCACerts: + description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string additionalPrinterColumns: - name: Sink type: string @@ -3151,7 +3307,7 @@ metadata: name: subscriptions.messaging.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -3216,6 +3372,9 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -3244,6 +3403,9 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string subscriber: description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. type: object @@ -3268,6 +3430,9 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the subscription trusts when sending events to the sink. + type: string status: type: object properties: @@ -3313,12 +3478,21 @@ spec: deadLetterSinkUri: description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string replyUri: description: ReplyURI is the fully resolved URI for the spec.reply. type: string + replyCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string subscriberUri: description: SubscriberURI is the fully resolved URI for spec.subscriber. type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string additionalPrinterColumns: - name: Age type: date @@ -3362,7 +3536,7 @@ metadata: name: triggers.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -3435,6 +3609,9 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -3470,6 +3647,9 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. + type: string status: description: Status represents the current state of the Trigger. This data may be out of date. type: object @@ -3508,6 +3688,9 @@ spec: deadLetterSinkUri: description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. type: string + deadLetterSinkCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -3515,6 +3698,9 @@ spec: subscriberUri: description: SubscriberURI is the resolved URI of the receiver for this Trigger. type: string + subscriberCACerts: + description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string names: kind: Trigger plural: triggers @@ -3546,7 +3732,7 @@ kind: ClusterRole metadata: name: addressable-resolver labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -3560,7 +3746,7 @@ metadata: name: service-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3579,7 +3765,7 @@ metadata: name: serving-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3601,7 +3787,7 @@ metadata: name: channel-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3627,7 +3813,7 @@ metadata: name: broker-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3647,7 +3833,7 @@ metadata: name: flows-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3683,7 +3869,7 @@ kind: ClusterRole metadata: name: eventing-broker-filter labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -3709,7 +3895,7 @@ kind: ClusterRole metadata: name: eventing-broker-ingress labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -3726,7 +3912,7 @@ kind: ClusterRole metadata: name: eventing-config-reader labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -3759,7 +3945,7 @@ kind: ClusterRole metadata: name: channelable-manipulator labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -3773,7 +3959,7 @@ metadata: name: meta-channelable-manipulator labels: duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "channelable-manipulator" role. rules: @@ -3812,7 +3998,7 @@ metadata: name: knative-eventing-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev"] @@ -3825,7 +4011,7 @@ metadata: name: knative-messaging-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["messaging.knative.dev"] @@ -3838,7 +4024,7 @@ metadata: name: knative-flows-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["flows.knative.dev"] @@ -3851,7 +4037,7 @@ metadata: name: knative-sources-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["sources.knative.dev"] @@ -3864,7 +4050,7 @@ metadata: name: knative-bindings-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["bindings.knative.dev"] @@ -3877,7 +4063,7 @@ metadata: name: knative-eventing-namespaced-edit labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] @@ -3890,7 +4076,7 @@ metadata: name: knative-eventing-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] @@ -3917,7 +4103,7 @@ kind: ClusterRole metadata: name: knative-eventing-controller labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -4052,7 +4238,7 @@ kind: ClusterRole metadata: name: knative-eventing-pingsource-mt-adapter labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -4119,7 +4305,7 @@ kind: ClusterRole metadata: name: podspecable-binding labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -4133,7 +4319,7 @@ metadata: name: builtin-podspecable-binding labels: duck.knative.dev/podspecable: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "podspecable-binding role. rules: @@ -4179,7 +4365,7 @@ kind: ClusterRole metadata: name: source-observer labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -4193,7 +4379,7 @@ metadata: name: eventing-sources-source-observer labels: duck.knative.dev/source: "true" - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "source-observer" role. rules: @@ -4229,7 +4415,7 @@ kind: ClusterRole metadata: name: knative-eventing-sources-controller labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -4315,7 +4501,7 @@ kind: ClusterRole metadata: name: knative-eventing-webhook labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: # For watching logging configuration and getting certs. @@ -4425,7 +4611,7 @@ metadata: namespace: knative-eventing name: knative-eventing-webhook labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: # For manipulating certs into secrets. @@ -4461,7 +4647,7 @@ kind: ValidatingWebhookConfiguration metadata: name: config.webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -4496,7 +4682,7 @@ kind: MutatingWebhookConfiguration metadata: name: webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -4529,7 +4715,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -4563,7 +4749,7 @@ metadata: name: eventing-webhook-certs namespace: knative-eventing labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing # The data is populated at install time. @@ -4587,7 +4773,7 @@ kind: MutatingWebhookConfiguration metadata: name: sinkbindings.webhook.sources.knative.dev labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] diff --git a/installation/manifests/upstream-nightly/eventing/eventing-post-install.yaml b/installation/manifests/upstream-nightly/eventing/eventing-post-install.yaml index 505f1a9d..e865bdec 100644 --- a/installation/manifests/upstream-nightly/eventing/eventing-post-install.yaml +++ b/installation/manifests/upstream-nightly/eventing/eventing-post-install.yaml @@ -17,7 +17,7 @@ kind: ClusterRole metadata: name: knative-eventing-post-install-job-role labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: # Storage version upgrader needs to be able to patch CRDs. @@ -138,7 +138,7 @@ metadata: name: knative-eventing-post-install-job namespace: knative-eventing labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -146,7 +146,7 @@ kind: ClusterRoleBinding metadata: name: knative-eventing-post-install-job-role-binding labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -181,7 +181,7 @@ metadata: app: "storage-version-migration-eventing" app.kubernetes.io/name: knative-eventing app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 @@ -191,7 +191,7 @@ spec: app: "storage-version-migration-eventing" app.kubernetes.io/name: knative-eventing app.kubernetes.io/component: storage-version-migration-job - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" annotations: sidecar.istio.io/inject: "false" spec: @@ -199,7 +199,7 @@ spec: restartPolicy: OnFailure containers: - name: migrate - image: gcr.io/knative-nightly/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:7427c9daecea9b4def7553d01aac23b2a6f7d643d9d1d1dd1abd79d838eb632f + image: gcr.io/knative-nightly/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:b7ac36b4fbf75f053a60f8f7f3d2193616dc13876cbdf3d936c2195d4ffe4d43 args: - "apiserversources.sources.knative.dev" - "brokers.eventing.knative.dev" diff --git a/installation/manifests/upstream-nightly/eventing/mt-channel-broker.yaml b/installation/manifests/upstream-nightly/eventing/mt-channel-broker.yaml index d57dbcab..f0f6fd72 100644 --- a/installation/manifests/upstream-nightly/eventing/mt-channel-broker.yaml +++ b/installation/manifests/upstream-nightly/eventing/mt-channel-broker.yaml @@ -16,7 +16,7 @@ kind: ClusterRole metadata: name: knative-eventing-mt-channel-broker-controller labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: # Configs resources and status we care about. @@ -58,7 +58,7 @@ kind: ClusterRole metadata: name: knative-eventing-mt-broker-filter labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -79,6 +79,36 @@ rules: - list - watch +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: mt-broker-filter + namespace: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - get + - list + - watch + --- # Copyright 2020 The Knative Authors # @@ -99,7 +129,7 @@ metadata: name: mt-broker-filter namespace: knative-eventing labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing --- @@ -121,9 +151,18 @@ kind: ClusterRole metadata: name: knative-eventing-mt-broker-ingress labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing rules: + - apiGroups: + - eventing.knative.dev + resources: + - eventtypes + verbs: + - create + - get + - list + - watch - apiGroups: - eventing.knative.dev resources: @@ -141,6 +180,35 @@ rules: - list - watch +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: mt-broker-ingress + namespace: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - get + - list + - watch + --- # Copyright 2020 The Knative Authors # @@ -161,7 +229,7 @@ metadata: name: mt-broker-ingress namespace: knative-eventing labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing --- @@ -184,7 +252,7 @@ kind: ClusterRoleBinding metadata: name: eventing-mt-channel-broker-controller labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -215,7 +283,7 @@ kind: ClusterRoleBinding metadata: name: knative-eventing-mt-broker-filter labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -226,6 +294,35 @@ roleRef: name: knative-eventing-mt-broker-filter apiGroup: rbac.authorization.k8s.io +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: mt-broker-filter + namespace: knative-eventing +subjects: + - kind: ServiceAccount + name: mt-broker-filter + namespace: knative-eventing +roleRef: + kind: Role + name: mt-broker-filter + apiGroup: rbac.authorization.k8s.io + --- # Copyright 2020 The Knative Authors # @@ -246,7 +343,7 @@ kind: ClusterRoleBinding metadata: name: knative-eventing-mt-broker-ingress labels: - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -257,6 +354,34 @@ roleRef: name: knative-eventing-mt-broker-ingress apiGroup: rbac.authorization.k8s.io +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: mt-broker-ingress + namespace: knative-eventing +subjects: + - kind: ServiceAccount + name: mt-broker-ingress + namespace: knative-eventing +roleRef: + kind: Role + name: mt-broker-ingress + apiGroup: rbac.authorization.k8s.io + --- # Copyright 2020 The Knative Authors # @@ -279,7 +404,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: selector: @@ -290,7 +415,7 @@ spec: labels: eventing.knative.dev/brokerRole: filter app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: serviceAccountName: mt-broker-filter @@ -298,7 +423,7 @@ spec: containers: - name: filter terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/broker/filter@sha256:49d4d956489503f5fd7ae275519c7676abc1c41ec8a3f547c238c0d04902d53d + image: gcr.io/knative-nightly/knative.dev/eventing/cmd/broker/filter@sha256:d3d417cdbdd63ef7df81b6ad0ae221c2fce8c0c98e194007986c961d27ac847d readinessProbe: &probe failureThreshold: 3 httpGet: @@ -319,6 +444,9 @@ spec: - containerPort: 8080 name: http protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP - containerPort: 9092 name: metrics protocol: TCP @@ -348,6 +476,8 @@ spec: value: knative.dev/internal/eventing - name: FILTER_PORT value: "8080" + - name: FILTER_PORT_HTTPS + value: "8443" securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -364,7 +494,7 @@ metadata: labels: eventing.knative.dev/brokerRole: filter app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing name: broker-filter namespace: knative-eventing @@ -374,6 +504,10 @@ spec: port: 80 protocol: TCP targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 - name: http-metrics port: 9092 protocol: TCP @@ -403,7 +537,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: selector: @@ -414,7 +548,7 @@ spec: labels: eventing.knative.dev/brokerRole: ingress app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: serviceAccountName: mt-broker-ingress @@ -422,7 +556,7 @@ spec: containers: - name: ingress terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/broker/ingress@sha256:a3e82d143ba0c63c0f0c4a599f103efc56415256db97ef67b5c164ede142596c + image: gcr.io/knative-nightly/knative.dev/eventing/cmd/broker/ingress@sha256:eb88ba217b52db3eb2eda82bc840f2307b578877d393a0766a5b91686e257715 readinessProbe: &probe failureThreshold: 3 httpGet: @@ -443,6 +577,9 @@ spec: - containerPort: 8080 name: http protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP - containerPort: 9092 name: metrics protocol: TCP @@ -472,6 +609,8 @@ spec: value: knative.dev/internal/eventing - name: INGRESS_PORT value: "8080" + - name: INGRESS_PORT_HTTPS + value: "8443" securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -488,7 +627,7 @@ metadata: labels: eventing.knative.dev/brokerRole: ingress app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing name: broker-ingress namespace: knative-eventing @@ -498,6 +637,10 @@ spec: port: 80 protocol: TCP targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 - name: http-metrics port: 9092 protocol: TCP @@ -527,7 +670,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: mt-broker-controller - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: selector: @@ -538,7 +681,7 @@ spec: labels: app: mt-broker-controller app.kubernetes.io/component: broker-controller - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -556,7 +699,7 @@ spec: containers: - name: mt-broker-controller terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/mtchannel_broker@sha256:df29b560b4c5710a1d8a3e2b381bc3f098b933650ee925d67721f9c609a1200d + image: gcr.io/knative-nightly/knative.dev/eventing/cmd/mtchannel_broker@sha256:0ac6d0956cb573ebb6ed4f1c04549cd6bc29122046c7aac33270e8d93678a043 resources: requests: cpu: 100m @@ -613,7 +756,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: broker-ingress - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: @@ -637,7 +780,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: broker-filter - app.kubernetes.io/version: "20230405-500ae1d96" + app.kubernetes.io/version: "20230727-ffa591593" app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: