From 9c918db8a73867e7886893dad15f272bdc201663 Mon Sep 17 00:00:00 2001 From: Rakesh Kelkar Date: Thu, 24 Oct 2019 14:50:01 -0700 Subject: [PATCH 1/5] add build and release hack --- hack/build.sh | 14 ++++++++++++++ hack/push-images.sh | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100755 hack/build.sh create mode 100755 hack/push-images.sh diff --git a/hack/build.sh b/hack/build.sh new file mode 100755 index 000000000000..548f1a285622 --- /dev/null +++ b/hack/build.sh @@ -0,0 +1,14 @@ +#! /usr/bin/env bash + +source vendor/knative.dev/test-infra/scripts/release.sh + +PUBLISH_YAML=serving.yaml + +function build_release() { + # config/ contains the manifests + ko resolve ${KO_FLAGS} -f config/ > ${PUBLISH_YAML} + ARTIFACTS_TO_PUBLISH=${PUBLISH_YAML} +} + +main $@ + diff --git a/hack/push-images.sh b/hack/push-images.sh new file mode 100755 index 000000000000..474210cab5aa --- /dev/null +++ b/hack/push-images.sh @@ -0,0 +1,39 @@ +#! /usr/bin/env bash + +KO_DOCKER_REPO="ko.local" + +release_images=() + +function tag_images_in_yamls() { + for file in $@; do + [[ "${file##*.}" != "yaml" ]] && continue + echo "Inspecting ${file}" + for image in $(grep -o "${KO_DOCKER_REPO}/[0-9a-z\./-]*:[0-9a-f]*" ${file}); do + local dest_image=${ACR_SERVER}/$(echo ${image} | cut -d"/" -f2-) + echo "Tagging ${dest_image}" + docker tag ${image} ${dest_image} + release_images+=(${dest_image}) + done + done +} + +function replace_cr_in_yamls() { + for file in $@; do + [[ "${file##*.}" != "yaml" ]] && continue + echo "Fixing ${file}" + sed -i "s/${KO_DOCKER_REPO}\/\([0-9a-z\./-]*\):\([0-9a-f]*\)/${ACR_SERVER}\/\1:\2/g" ${file} + done +} + +function do_push() { + for image in ${release_images[@]}; do + echo "Pushing ${image}" + docker push ${image} + done +} +ACR_SERVER=knative.azurecr.io +#docker login ${ACR_SERVER} -u ${ACR_USER} -p ${ACR_PWD} +tag_images_in_yamls $@ +replace_cr_in_yamls $@ +do_push + From 5ef24c2bfbb34548bb2fc1dbd4d8d639f448689c Mon Sep 17 00:00:00 2001 From: Rakesh Kelkar Date: Thu, 24 Oct 2019 17:40:54 -0700 Subject: [PATCH 2/5] hack to death --- README.md | 5 + hack/push-images.sh | 2 +- serving.yaml | 1890 +++++++++++++++++ .../knative.dev/test-infra/scripts/release.sh | 106 +- 4 files changed, 1988 insertions(+), 15 deletions(-) create mode 100644 serving.yaml diff --git a/README.md b/README.md index 5f21f2cc96c5..8a147c89b521 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,9 @@ # Knative Serving +HACK RELEASE THIS UGLY UGLY FORK: +1. get docker secretes to viennadroptest +1. ./hack/release.sh --skip-tests --release-acr viennadroptest --release-azblob https://knrelease.blob.core.windows.net/joon --publish +1. Then copy serving.yaml +1. Then replace the image names with the XTAG from release.sh in vendor (ugh) [![GoDoc](https://godoc.org/github.com/knative/serving?status.svg)](https://godoc.org/github.com/knative/serving) [![Go Report Card](https://goreportcard.com/badge/knative/serving)](https://goreportcard.com/report/knative/serving) diff --git a/hack/push-images.sh b/hack/push-images.sh index 474210cab5aa..af58433f71a5 100755 --- a/hack/push-images.sh +++ b/hack/push-images.sh @@ -31,7 +31,7 @@ function do_push() { docker push ${image} done } -ACR_SERVER=knative.azurecr.io +ACR_SERVER=viennadroptest.azurecr.io #docker login ${ACR_SERVER} -u ${ACR_USER} -p ${ACR_PWD} tag_images_in_yamls $@ replace_cr_in_yamls $@ diff --git a/serving.yaml b/serving.yaml new file mode 100644 index 000000000000..d16769f7f526 --- /dev/null +++ b/serving.yaml @@ -0,0 +1,1890 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + istio-injection: enabled + serving.knative.dev/release: devel + name: knative-serving + +--- + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + networking.knative.dev/ingress-provider: istio + serving.knative.dev/controller: "true" + serving.knative.dev/release: devel + name: knative-serving-istio +rules: +- apiGroups: + - networking.istio.io + resources: + - virtualservices + - gateways + verbs: + - get + - list + - create + - update + - delete + - patch + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + autoscaling.knative.dev/metric-provider: custom-metrics + serving.knative.dev/release: devel + name: custom-metrics-server-resources +rules: +- apiGroups: + - custom.metrics.k8s.io + resources: + - '*' + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + serving.knative.dev/release: devel + name: knative-serving-namespaced-admin +rules: +- apiGroups: + - serving.knative.dev + - networking.internal.knative.dev + - autoscaling.internal.knative.dev + resources: + - '*' + verbs: + - '*' + +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + serving.knative.dev/controller: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + serving.knative.dev/release: devel + name: knative-serving-admin +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + serving.knative.dev/controller: "true" + serving.knative.dev/release: devel + name: knative-serving-core +rules: +- apiGroups: + - "" + resources: + - pods + - namespaces + - secrets + - configmaps + - endpoints + - services + - events + - serviceaccounts + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - "" + resources: + - endpoints/restricted + verbs: + - create +- apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - serving.knative.dev + - autoscaling.internal.knative.dev + - networking.internal.knative.dev + resources: + - '*' + - '*/status' + - '*/finalizers' + verbs: + - get + - list + - create + - update + - delete + - deletecollection + - patch + - watch +- apiGroups: + - caching.internal.knative.dev + resources: + - images + verbs: + - get + - list + - create + - update + - delete + - patch + - watch + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + serving.knative.dev/release: devel + name: controller + namespace: knative-serving + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + autoscaling.knative.dev/metric-provider: custom-metrics + serving.knative.dev/release: devel + name: custom-metrics:system:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: controller + namespace: knative-serving + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + autoscaling.knative.dev/metric-provider: custom-metrics + serving.knative.dev/release: devel + name: hpa-controller-custom-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: custom-metrics-server-resources +subjects: +- kind: ServiceAccount + name: horizontal-pod-autoscaler + namespace: kube-system + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + serving.knative.dev/release: devel + name: knative-serving-controller-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: knative-serving-admin +subjects: +- kind: ServiceAccount + name: controller + namespace: knative-serving + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + autoscaling.knative.dev/metric-provider: custom-metrics + serving.knative.dev/release: devel + name: custom-metrics-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: controller + namespace: knative-serving + +--- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + labels: + networking.knative.dev/ingress-provider: istio + serving.knative.dev/release: devel + name: knative-ingress-gateway + namespace: knative-serving +spec: + selector: + istio: ingressgateway + servers: + - hosts: + - '*' + port: + name: http + number: 80 + protocol: HTTP + +--- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + labels: + networking.knative.dev/ingress-provider: istio + serving.knative.dev/release: devel + name: cluster-local-gateway + namespace: knative-serving +spec: + selector: + istio: cluster-local-gateway + servers: + - hosts: + - '*' + port: + name: http + number: 80 + protocol: HTTP + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + knative.dev/crd-install: "true" + serving.knative.dev/release: devel + name: certificates.networking.internal.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].reason + name: Reason + type: string + group: networking.internal.knative.dev + names: + categories: + - knative-internal + - networking + kind: Certificate + plural: certificates + shortNames: + - kcert + singular: certificate + scope: Namespaced + subresources: + status: {} + version: v1alpha1 + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + knative.dev/crd-install: "true" + serving.knative.dev/release: devel + name: clusteringresses.networking.internal.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + group: networking.internal.knative.dev + names: + categories: + - knative-internal + - networking + kind: ClusterIngress + plural: clusteringresses + singular: clusteringress + scope: Cluster + subresources: + status: {} + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + knative.dev/crd-install: "true" + name: images.caching.internal.knative.dev +spec: + group: caching.internal.knative.dev + names: + categories: + - knative-internal + - caching + kind: Image + plural: images + shortNames: + - img + singular: image + scope: Namespaced + subresources: + status: {} + version: v1alpha1 + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + knative.dev/crd-install: "true" + serving.knative.dev/release: devel + name: ingresses.networking.internal.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + group: networking.internal.knative.dev + names: + categories: + - knative-internal + - networking + kind: Ingress + plural: ingresses + shortNames: + - ing + singular: ingress + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + knative.dev/crd-install: "true" + serving.knative.dev/release: devel + name: metrics.autoscaling.internal.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + group: autoscaling.internal.knative.dev + names: + categories: + - knative-internal + - autoscaling + kind: Metric + plural: metrics + singular: metric + scope: Namespaced + subresources: + status: {} + version: v1alpha1 + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + knative.dev/crd-install: "true" + serving.knative.dev/release: devel + name: podautoscalers.autoscaling.internal.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.desiredScale + name: DesiredScale + type: integer + - JSONPath: .status.actualScale + name: ActualScale + type: integer + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + group: autoscaling.internal.knative.dev + names: + categories: + - knative-internal + - autoscaling + kind: PodAutoscaler + plural: podautoscalers + shortNames: + - kpa + - pa + singular: podautoscaler + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + knative.dev/crd-install: "true" + serving.knative.dev/release: devel + name: serverlessservices.networking.internal.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .spec.mode + name: Mode + type: string + - JSONPath: .status.serviceName + name: ServiceName + type: string + - JSONPath: .status.privateServiceName + name: PrivateServiceName + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + group: networking.internal.knative.dev + names: + categories: + - knative-internal + - networking + kind: ServerlessService + plural: serverlessservices + shortNames: + - sks + singular: serverlessservice + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: activator + serving.knative.dev/release: devel + name: activator-service + namespace: knative-serving +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8012 + - name: http2 + port: 81 + protocol: TCP + targetPort: 8013 + - name: metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app: activator + type: ClusterIP + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: controller + serving.knative.dev/release: devel + name: controller + namespace: knative-serving +spec: + ports: + - name: metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app: controller + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + role: webhook + serving.knative.dev/release: devel + name: webhook + namespace: knative-serving +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + role: webhook + +--- +apiVersion: caching.internal.knative.dev/v1alpha1 +kind: Image +metadata: + labels: + serving.knative.dev/release: devel + name: queue-proxy + namespace: knative-serving +spec: + image: viennadroptest.azurecr.io/queue-39be6f1d08a095bd076a71d288d295b6:4eae16e681237d15dbcb4a22442e559e05ec3c30 + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + serving.knative.dev/release: devel + name: activator + namespace: knative-serving +spec: + selector: + matchLabels: + app: activator + role: activator + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + sidecar.istio.io/inject: "true" + labels: + app: activator + role: activator + serving.knative.dev/release: devel + spec: + containers: + - args: + - -logtostderr=false + - -stderrthreshold=FATAL + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/serving + image: viennadroptest.azurecr.io/activator-ecd51ca5034883acbe737fde417a3d86:4eae16e681237d15dbcb4a22442e559e05ec3c30 + livenessProbe: + httpGet: + httpHeaders: + - name: k-kubelet-probe + value: activator + path: /healthz + port: 8012 + name: activator + ports: + - containerPort: 8012 + name: http1 + - containerPort: 8013 + name: h2c + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + readinessProbe: + httpGet: + httpHeaders: + - name: k-kubelet-probe + value: activator + path: /healthz + port: 8012 + resources: + limits: + cpu: 1000m + memory: 600Mi + requests: + cpu: 300m + memory: 60Mi + securityContext: + allowPrivilegeEscalation: false + serviceAccountName: controller + terminationGracePeriodSeconds: 300 +--- +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: activator + namespace: knative-serving +spec: + maxReplicas: 20 + metrics: + - resource: + name: cpu + targetAverageUtilization: 100 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: activator + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + autoscaling.knative.dev/autoscaler-provider: hpa + serving.knative.dev/release: devel + name: autoscaler-hpa + namespace: knative-serving +spec: + replicas: 1 + selector: + matchLabels: + app: autoscaler-hpa + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: autoscaler-hpa + serving.knative.dev/release: devel + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/serving + image: viennadroptest.azurecr.io/autoscaler-hpa-85c0b68178743d74ff7f663a72802ceb:4eae16e681237d15dbcb4a22442e559e05ec3c30 + name: autoscaler-hpa + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + resources: + limits: + cpu: 1000m + memory: 1000Mi + requests: + cpu: 100m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + serviceAccountName: controller + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: autoscaler + serving.knative.dev/release: devel + name: autoscaler + namespace: knative-serving +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 8080 + - name: metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: custom-metrics + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app: autoscaler + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + serving.knative.dev/release: devel + name: autoscaler + namespace: knative-serving +spec: + replicas: 1 + selector: + matchLabels: + app: autoscaler + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + sidecar.istio.io/inject: "true" + traffic.sidecar.istio.io/includeInboundPorts: 8080,9090 + labels: + app: autoscaler + serving.knative.dev/release: devel + spec: + containers: + - args: + - --secure-port=8443 + - --cert-dir=/tmp + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/serving + image: viennadroptest.azurecr.io/autoscaler-12c0fa24db31956a7cfa673210e4fa13:4eae16e681237d15dbcb4a22442e559e05ec3c30 + livenessProbe: + httpGet: + httpHeaders: + - name: k-kubelet-probe + value: autoscaler + path: /healthz + port: 8080 + name: autoscaler + ports: + - containerPort: 8080 + name: websocket + - containerPort: 9090 + name: metrics + - containerPort: 8443 + name: custom-metrics + - containerPort: 8008 + name: profiling + readinessProbe: + httpGet: + httpHeaders: + - name: k-kubelet-probe + value: autoscaler + path: /healthz + port: 8080 + resources: + limits: + cpu: 300m + memory: 400Mi + requests: + cpu: 30m + memory: 40Mi + securityContext: + allowPrivilegeEscalation: false + serviceAccountName: controller + +--- +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # The Revision ContainerConcurrency field specifies the maximum number + # of requests the Container can handle at once. Container concurrency + # target percentage is how much of that maximum to use in a stable + # state. E.g. if a Revision specifies ContainerConcurrency of 10, then + # the Autoscaler will try to maintain 7 concurrent connections per pod + # on average. + # Note: this limit will be applied to container concurrency set at every + # level (ConfigMap, Revision Spec or Annotation). + # For legacy and backwards compatibility reasons, this value also accepts + # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%). + # Thus minimal percentage value must be greater than 1.0, or it will be + # treated as a fraction. + container-concurrency-target-percentage: "70" + + # The container concurrency target default is what the Autoscaler will + # try to maintain when concurrency is used as the scaling metric for a + # Revision and the Revision specifies unlimited concurrency. + # Even when specifying unlimited concurrency, the autoscaler will + # horizontally scale the application based on this target concurrency. + # NOTE: Only one metric can be used for autoscaling a Revision. + container-concurrency-target-default: "100" + + # The requests per second (RPS) target default is what the Autoscaler will + # try to maintain when RPS is used as the scaling metric for a Revision and + # the Revision specifies unlimited RPS. Even when specifying unlimited RPS, + # the autoscaler will horizontally scale the application based on this + # target RPS. + # Must be greater than 1.0. + # NOTE: Only one metric can be used for autoscaling a Revision. + requests-per-second-target-default: "200" + + # The target burst capacity specifies the size of burst in concurrent + # requests that the system operator expects the system will receive. + # Autoscaler will try to protect the system from queueing by introducing + # Activator in the request path if the current spare capacity of the + # service is less than this setting. + # If this setting is 0, then Activator will be in the request path only + # when the revision is scaled to 0. + # If this setting is > 0 and container-concurrency-target-percentage is + # 100% or 1.0, then activator will always be in the request path. + # -1 denotes unlimited target-burst-capacity and activator will always + # be in the request path. + # Other negative values are invalid. + target-burst-capacity: "200" + + # When operating in a stable mode, the autoscaler operates on the + # average concurrency over the stable window. + stable-window: "60s" + + # When observed average concurrency during the panic window reaches + # panic-threshold-percentage the target concurrency, the autoscaler + # enters panic mode. When operating in panic mode, the autoscaler + # scales on the average concurrency over the panic window which is + # panic-window-percentage of the stable-window. + panic-window-percentage: "10.0" + + # Absolute panic window duration. + # Deprecated in favor of panic-window-percentage. + # Existing revisions will continue to scale based on panic-window + # but new revisions will default to panic-window-percentage. + panic-window: "6s" + + # The percentage of the container concurrency target at which to + # enter panic mode when reached within the panic window. + panic-threshold-percentage: "200.0" + + # Max scale up rate limits the rate at which the autoscaler will + # increase pod count. It is the maximum ratio of desired pods versus + # observed pods. + # Cannot less or equal to 1. + # I.e with value of 2.0 the number of pods can at most go N to 2N + # over single Autoscaler period (see tick-interval), but at least N to + # N+1, if Autoscaler needs to scale up. + max-scale-up-rate: "1000.0" + + # Max scale down rate limits the rate at which the autoscaler will + # decrease pod count. It is the maximum ratio of observed pods versus + # desired pods. + # Cannot less or equal to 1. + # I.e. with value of 2.0 the number of pods can at most go N to N/2 + # over single Autoscaler evaluation period (see tick-interval), but at + # least N to N-1, if Autoscaler needs to scale down. + # Not yet used // TODO(vagababov) remove once other parts are ready. + max-scale-down-rate: "2.0" + + # Scale to zero feature flag + enable-scale-to-zero: "true" + + # Tick interval is the time between autoscaling calculations. + tick-interval: "2s" + + # Dynamic parameters (take effect when config map is updated): + + # Scale to zero grace period is the time an inactive revision is left + # running before it is scaled to zero (min: 30s). + scale-to-zero-grace-period: "30s" +kind: ConfigMap +metadata: + labels: + serving.knative.dev/release: devel + name: config-autoscaler + namespace: knative-serving + +--- + +--- +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # revision-timeout-seconds contains the default number of + # seconds to use for the revision's per-request timeout, if + # none is specified. + revision-timeout-seconds: "300" # 5 minutes + + # max-revision-timeout-seconds contains the maximum number of + # seconds that can be used for revision-timeout-seconds. + # This value must be greater than or equal to revision-timeout-seconds. + # If omitted, the system default is used (600 seconds). + max-revision-timeout-seconds: "600" # 10 minutes + + # revision-cpu-request contains the cpu allocation to assign + # to revisions by default. If omitted, no value is specified + # and the system default is used. + revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) + + # revision-memory-request contains the memory allocation to assign + # to revisions by default. If omitted, no value is specified + # and the system default is used. + revision-memory-request: "100M" # 100 megabytes of memory + + # revision-cpu-limit contains the cpu allocation to limit + # revisions to by default. If omitted, no value is specified + # and the system default is used. + revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU) + + # revision-memory-limit contains the memory allocation to limit + # revisions to by default. If omitted, no value is specified + # and the system default is used. + revision-memory-limit: "200M" # 200 megabytes of memory + + # container-name-template contains a template for the default + # container name, if none is specified. This field supports + # Go templating and is supplied with the ObjectMeta of the + # enclosing Service or Configuration, so values such as + # {{.Name}} are also valid. + container-name-template: "user-container" + + # container-concurrency specifies the maximum number + # of requests the Container can handle at once, and requests + # above this threshold are queued. Setting a value of zero + # disables this throttling and lets through as many requests as + # the pod receives. + container-concurrency: "0" +kind: ConfigMap +metadata: + labels: + serving.knative.dev/release: devel + name: config-defaults + namespace: knative-serving + +--- +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # List of repositories for which tag to digest resolving should be skipped + registriesSkippingTagResolving: "ko.local,dev.local" + queueSidecarImage: viennadroptest.azurecr.io/queue-39be6f1d08a095bd076a71d288d295b6:4eae16e681237d15dbcb4a22442e559e05ec3c30 +kind: ConfigMap +metadata: + labels: + serving.knative.dev/release: devel + name: config-deployment + namespace: knative-serving + +--- +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Default value for domain. + # Although it will match all routes, it is the least-specific rule so it + # will only be used if no other domain matches. + example.com: | + + # These are example settings of domain. + # example.org will be used for routes having app=nonprofit. + example.org: | + selector: + app: nonprofit + + # Routes having domain suffix of 'svc.cluster.local' will not be exposed + # through Ingress. You can define your own label selector to assign that + # domain suffix to your Route here, or you can set the label + # "serving.knative.dev/visibility=cluster-local" + # to achieve the same effect. This shows how to make routes having + # the label app=secret only exposed to the local cluster. + svc.cluster.local: | + selector: + app: secret +kind: ConfigMap +metadata: + labels: + serving.knative.dev/release: devel + name: config-domain + namespace: knative-serving + +--- +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Delay after revision creation before considering it for GC + stale-revision-create-delay: "24h" + + # Duration since a route has been pointed at a revision before it should be GC'd + # This minus lastpinned-debounce be longer than the controller resync period (10 hours) + stale-revision-timeout: "15h" + + # Minimum number of generations of revisions to keep before considering for GC + stale-revision-minimum-generations: "1" + + # To avoid constant updates, we allow an existing annotation to be stale by this + # amount before we update the timestamp + stale-revision-lastpinned-debounce: "5h" +kind: ConfigMap +metadata: + labels: + serving.knative.dev/release: devel + name: config-gc + namespace: knative-serving + +--- +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Default Knative Gateway after v0.3. It points to the Istio + # standard istio-ingressgateway, instead of a custom one that we + # used pre-0.3. + gateway.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local" + + # A cluster local gateway to allow pods outside of the mesh to access + # Services and Routes not exposing through an ingress. If the users + # do have a service mesh setup, this isn't required and can be removed. + # + # An example use case is when users want to use Istio without any + # sidecar injection (like Knative's istio-lean.yaml). Since every pod + # is outside of the service mesh in that case, a cluster-local service + # will need to be exposed to a cluster-local gateway to be accessible. + local-gateway.cluster-local-gateway: "cluster-local-gateway.istio-system.svc.cluster.local" + + # To use only Istio service mesh and no cluster-local-gateway, replace + # all local-gateway.* entries the following entry. + local-gateway.mesh: "mesh" + + # Feature flag to enable reconciling external Istio Gateways. + # When auto TLS feature is turned on, reconcileExternalGateway will be automatically enforced. + # 1. true: enabling reconciling external gateways. + # 2. false: disabling reconciling external gateways. + reconcileExternalGateway: "false" +kind: ConfigMap +metadata: + labels: + networking.knative.dev/ingress-provider: istio + serving.knative.dev/release: devel + name: config-istio + namespace: knative-serving + +--- +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Common configuration for all Knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "ts", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + + # Log level overrides + # For all components except the autoscaler and queue proxy, + # changes are be picked up immediately. + # For autoscaler and queue proxy, changes require recreation of the pods. + loglevel.controller: "info" + loglevel.autoscaler: "info" + loglevel.queueproxy: "info" + loglevel.webhook: "info" + loglevel.activator: "info" +kind: ConfigMap +metadata: + labels: + serving.knative.dev/release: devel + name: config-logging + namespace: knative-serving + +--- +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # istio.sidecar.includeOutboundIPRanges specifies the IP ranges that Istio sidecar + # will intercept. + # + # Replace this with the IP ranges of your cluster (see below for some examples). + # Separate multiple entries with a comma. + # Example: "10.4.0.0/14,10.7.240.0/20" + # + # If set to "*" Istio will intercept all traffic within + # the cluster as well as traffic that is going outside the cluster. + # Traffic going outside the cluster will be blocked unless + # necessary egress rules are created. + # + # If omitted or set to "", value of global.proxy.includeIPRanges + # provided at Istio deployment time is used. In default Knative serving + # deployment, global.proxy.includeIPRanges value is set to "*". + # + # If an invalid value is passed, "" is used instead. + # + # If valid set of IP address ranges are put into this value, + # Istio will no longer intercept traffic going to IP addresses + # outside the provided ranges and there is no need to specify + # egress rules. + # + # To determine the IP ranges of your cluster: + # IBM Cloud Private: cat cluster/config.yaml | grep service_cluster_ip_range + # IBM Cloud Kubernetes Service: "172.30.0.0/16,172.20.0.0/16,10.10.10.0/24" + # Google Container Engine (GKE): gcloud container clusters describe XXXXXXX --zone=XXXXXX | grep -e clusterIpv4Cidr -e servicesIpv4Cidr + # Azure Kubernetes Service (AKS): "10.0.0.0/16" + # Azure Container Service (ACS; deprecated): "10.244.0.0/16,10.240.0.0/16" + # Azure Container Service Engine (ACS-Engine; OSS): Configurable, but defaults to "10.0.0.0/16" + # Minikube: "10.0.0.1/24" + # + # For more information, visit + # https://istio.io/docs/tasks/traffic-management/egress/ + # + istio.sidecar.includeOutboundIPRanges: "*" + + # clusteringress.class specifies the default cluster ingress class + # to use when not dictated by Route annotation. + # + # If not specified, will use the Istio ingress. + # + # Note that changing the ClusterIngress class of an existing Route + # will result in undefined behavior. Therefore it is best to only + # update this value during the setup of Knative, to avoid getting + # undefined behavior. + clusteringress.class: "istio.ingress.networking.knative.dev" + + # certificate.class specifies the default Certificate class + # to use when not dictated by Route annotation. + # + # If not specified, will use the Cert-Manager Certificate. + # + # Note that changing the Certificate class of an existing Route + # will result in undefined behavior. Therefore it is best to only + # update this value during the setup of Knative, to avoid getting + # undefined behavior. + certificate.class: "cert-manager.certificate.networking.internal.knative.dev" + + # domainTemplate specifies the golang text template string to use + # when constructing the Knative service's DNS name. The default + # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". And those three + # values (Name, Namespace, Domain) are the only variables defined. + # + # Changing this value might be necessary when the extra levels in + # the domain name generated is problematic for wildcard certificates + # that only support a single level of domain name added to the + # certificate's domain. In those cases you might consider using a value + # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace + # entirely from the template. When choosing a new value be thoughtful + # of the potential for conflicts - for example, when users choose to use + # characters such as `-` in their service, or namespace, names. + # {{.Annotations}} can be used for any customization in the go template if needed. + # We strongly recommend keeping namespace part of the template to avoid domain name clashes + # Example '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' + # and you have an annotation {"sub":"foo"}, then the generated template would be {Name}-{Namespace}.foo.{Domain} + domainTemplate: "{{.Name}}.{{.Namespace}}.{{.Domain}}" + + # tagTemplate specifies the golang text template string to use + # when constructing the DNS name for "tags" within the traffic blocks + # of Routes and Configuration. This is used in conjunction with the + # domainTemplate above to determine the full URL for the tag. + tagTemplate: "{{.Name}}-{{.Tag}}" + + # Controls whether TLS certificates are automatically provisioned and + # installed in the Knative ingress to terminate external TLS connection. + # 1. Enabled: enabling auto-TLS feature. + # 2. Disabled: disabling auto-TLS feature. + autoTLS: "Disabled" + + # Controls the behavior of the HTTP endpoint for the Knative ingress. + # It requires autoTLS to be enabled or reconcileExternalGateway in config-istio to be true. + # 1. Enabled: The Knative ingress will be able to serve HTTP connection. + # 2. Disabled: The Knative ingress will reject HTTP traffic. + # 3. Redirected: The Knative ingress will send a 302 redirect for all + # http connections, asking the clients to use HTTPS + httpProtocol: "Enabled" +kind: ConfigMap +metadata: + labels: + serving.knative.dev/release: devel + name: config-network + namespace: knative-serving + +--- +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # logging.enable-var-log-collection defaults to false. + # The fluentd daemon set will be set up to collect /var/log if + # this flag is true. + logging.enable-var-log-collection: false + + # logging.revision-url-template provides a template to use for producing the + # logging URL that is injected into the status of each Revision. + # This value is what you might use the the Knative monitoring bundle, and provides + # access to Kibana after setting up kubectl proxy. + logging.revision-url-template: | + http://localhost:8001/api/v1/namespaces/knative-monitoring/services/kibana-logging/proxy/app/kibana#/discover?_a=(query:(match:(kubernetes.labels.serving-knative-dev%2FrevisionUID:(query:'${REVISION_UID}',type:phrase)))) + + # If non-empty, this enables queue proxy writing request logs to stdout. + # The value determines the shape of the request logs and it must be a valid go text/template. + # It is important to keep this as a single line. Multiple lines are parsed as separate entities + # by most collection agents and will split the request logs into multiple records. + # + # The following fields and functions are available to the template: + # + # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) + # representing an HTTP request received by the server. + # + # Response: + # struct { + # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) + # Size int // An int representing the size of the response. + # Latency float64 // A float64 representing the latency of the response in seconds. + # } + # + # Revision: + # struct { + # Name string // Knative revision name + # Namespace string // Knative revision namespace + # Service string // Knative service name + # Configuration string // Knative configuration name + # PodName string // Name of the pod hosting the revision + # PodIP string // IP of the pod hosting the revision + # } + # + logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}' + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using stackdriver will incur additional charges + metrics.backend-destination: prometheus + + # metrics.request-metrics-backend-destination specifies the request metrics + # destination. If non-empty, it enables queue proxy to send request metrics. + # Currently supported values: prometheus, stackdriver. + metrics.request-metrics-backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used if this field is not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to + # Stackdriver using "global" resource type and custom metric type if the + # metrics are not supported by "knative_revision" resource type. Setting this + # flag to "true" could cause extra Stackdriver charge. + # If metrics.backend-destination is not Stackdriver, this is ignored. + metrics.allow-stackdriver-custom-metrics: "false" + + # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from + # the pods via an HTTP server in the format expected by the pprof visualization tool. When + # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. + # The HTTP context root for profiling is then /debug/pprof/. + profiling.enable: "false" +kind: ConfigMap +metadata: + labels: + serving.knative.dev/release: devel + name: config-observability + namespace: knative-serving + +--- +apiVersion: v1 +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # This may be "zipkin" or "stackdriver", the default is "none" + backend: "none" + + # URL to zipkin collector where traces are sent. + # This must be specified when backend is "zipkin" + zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" + + # The GCP project into which stackdriver metrics will be written + # when backend is "stackdriver". If unspecified, the project-id + # is read from GCP metadata when running on GCP. + stackdriver-project-id: "my-project" + + # Enable zipkin debug mode. This allows all spans to be sent to the server + # bypassing sampling. + debug: "false" + + # Percentage (0-1) of requests to trace + sample-rate: "0.1" +kind: ConfigMap +metadata: + labels: + serving.knative.dev/release: devel + name: config-tracing + namespace: knative-serving + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + serving.knative.dev/release: devel + name: controller + namespace: knative-serving +spec: + replicas: 1 + selector: + matchLabels: + app: controller + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: controller + serving.knative.dev/release: devel + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/serving + image: viennadroptest.azurecr.io/controller-f6fdb41c6acbc726e29a3104ff2ef720:4eae16e681237d15dbcb4a22442e559e05ec3c30 + name: controller + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + resources: + limits: + cpu: 1000m + memory: 1000Mi + requests: + cpu: 100m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + serviceAccountName: controller + +--- +apiVersion: apiregistration.k8s.io/v1beta1 +kind: APIService +metadata: + labels: + autoscaling.knative.dev/metric-provider: custom-metrics + serving.knative.dev/release: devel + name: v1beta1.custom.metrics.k8s.io +spec: + group: custom.metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: autoscaler + namespace: knative-serving + version: v1beta1 + versionPriority: 100 + +--- + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + networking.knative.dev/ingress-provider: istio + serving.knative.dev/release: devel + name: networking-istio + namespace: knative-serving +spec: + replicas: 1 + selector: + matchLabels: + app: networking-istio + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: networking-istio + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/serving + image: viennadroptest.azurecr.io/istio-c58c0c8bb8ecc80f800bb788a425ae1d:4eae16e681237d15dbcb4a22442e559e05ec3c30 + name: networking-istio + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + resources: + limits: + cpu: 1000m + memory: 1000Mi + requests: + cpu: 100m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + serviceAccountName: controller + +--- + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + serving.knative.dev/release: devel + name: webhook + namespace: knative-serving +spec: + replicas: 1 + selector: + matchLabels: + app: webhook + role: webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + sidecar.istio.io/inject: "false" + labels: + app: webhook + role: webhook + serving.knative.dev/release: devel + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/serving + image: viennadroptest.azurecr.io/webhook-261c6506fca17bc41be50b3461f98f1c:4eae16e681237d15dbcb4a22442e559e05ec3c30 + name: webhook + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 20m + memory: 20Mi + securityContext: + allowPrivilegeEscalation: false + serviceAccountName: controller + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + knative.dev/crd-install: "true" + serving.knative.dev/release: devel + name: configurations.serving.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.latestCreatedRevisionName + name: LatestCreated + type: string + - JSONPath: .status.latestReadyRevisionName + name: LatestReady + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + group: serving.knative.dev + names: + categories: + - all + - knative + - serving + kind: Configuration + plural: configurations + shortNames: + - config + - cfg + singular: configuration + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + knative.dev/crd-install: "true" + serving.knative.dev/release: devel + name: revisions.serving.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .metadata.labels['serving\.knative\.dev/configuration'] + name: Config Name + type: string + - JSONPath: .status.serviceName + name: K8s Service Name + type: string + - JSONPath: .metadata.labels['serving\.knative\.dev/configurationGeneration'] + name: Generation + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + group: serving.knative.dev + names: + categories: + - all + - knative + - serving + kind: Revision + plural: revisions + shortNames: + - rev + singular: revision + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + knative.dev/crd-install: "true" + serving.knative.dev/release: devel + name: routes.serving.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.url + name: URL + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + group: serving.knative.dev + names: + categories: + - all + - knative + - serving + kind: Route + plural: routes + shortNames: + - rt + singular: route + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + knative.dev/crd-install: "true" + serving.knative.dev/release: devel + name: services.serving.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.url + name: URL + type: string + - JSONPath: .status.latestCreatedRevisionName + name: LatestCreated + type: string + - JSONPath: .status.latestReadyRevisionName + name: LatestReady + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + group: serving.knative.dev + names: + categories: + - all + - knative + - serving + kind: Service + plural: services + shortNames: + - kservice + - ksvc + singular: service + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha1 + served: true + storage: true + +--- diff --git a/vendor/knative.dev/test-infra/scripts/release.sh b/vendor/knative.dev/test-infra/scripts/release.sh index 39d680c04024..d5100d1fe12f 100755 --- a/vendor/knative.dev/test-infra/scripts/release.sh +++ b/vendor/knative.dev/test-infra/scripts/release.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Copyright 2018 The Knative Authors # @@ -42,6 +42,16 @@ function banner() { # $KO_DOCKER_REPO is the registry containing the images to tag with $TAG. # Parameters: $1..$n - files to parse for images (non .yaml files are ignored). function tag_images_in_yamls() { + echo "yeah" + if [[ -n ${AZ_ACR_NAME} ]]; then + echo "haha" + tag_images_in_yamls_acr $@ + else + tag_images_in_yamls_gcr $@ + fi +} + +function tag_images_in_yamls_gcr() { [[ -z ${TAG} ]] && return 0 local SRC_DIR="${GOPATH}/src/" local DOCKER_BASE="${KO_DOCKER_REPO}/${REPO_ROOT_DIR/$SRC_DIR}" @@ -58,9 +68,36 @@ function tag_images_in_yamls() { done } +function tag_images_in_yamls_acr() { + #[[ -z ${TAG} ]] && return 0 + local XTAG="4eae16e681237d15dbcb4a22442e559e05ec3c30" + local SRC_DIR="${GOPATH}/src/" + echo "Tagging any images under '${KO_DOCKER_REPO}' with ${XTAG}" + for file in $@; do + [[ "${file##*.}" != "yaml" ]] && continue + echo "Inspecting ${file}" + for image in $(grep -o "${KO_DOCKER_REPO}/[0-9a-z\./-]*@sha256:[0-9a-f]*" ${file}); do + local dest_image=$(echo ${image} | cut -d"/" -f2 | cut -d"@" -f1) + echo "Tagging ${dest_image}:${XTAG}" + echo "az acr import -n ${AZ_ACR_NAME} --source ${image} -t ${dest_image}:${XTAG}" + az acr import -n ${AZ_ACR_NAME} --source ${image} -t ${dest_image}:${XTAG} + done + done +} + # Copy the given files to the $RELEASE_GCS_BUCKET bucket's "latest" directory. # If $TAG is not empty, also copy them to $RELEASE_GCS_BUCKET bucket's "previous" directory. # Parameters: $1..$n - files to copy. +function publish_to_storage() { + if [[ -n ${RELEASE_AZ_BLOB_URL} ]]; then + echo "- Using AZURE BLOB '${RELEASE_AZ_BLOB_URL}' as publish target" + publish_to_azblob $@ + else + echo "- Using GCS bucket '${RELEASE_GCS_BUCKET}' as publish target" + publish_to_gcs $@ + fi +} + function publish_to_gcs() { function verbose_gsutil_cp { local DEST="gs://${RELEASE_GCS_BUCKET}/$1/" @@ -78,7 +115,29 @@ function publish_to_gcs() { [[ -n ${TAG} ]] && verbose_gsutil_cp previous/${TAG} $@ } +function publish_to_azblob() { + function verbose_az_cp { + local DEST="${RELEASE_AZ_BLOB_URL}/$1/" + shift + for f in $@ + do + echo "Publishing [$f] to ${DEST}" + azcopy copy $f ${DEST} + done + } + # Before publishing the files, cleanup the `latest` dir if it exists. + local latest_dir="${RELEASE_AZ_BLOB_URL}/latest/" + if [[ -n "$(azcopy list ${RELEASE_AZ_BLOB_URL} | grep '^INFO: latest/' 2> /dev/null)" ]]; then + echo "Cleaning up '${latest_dir}' first (assumes flat structure)" + azcopy rm ${latest_dir} --recursive=false + fi + verbose_az_cp latest $@ + [[ -n ${TAG} ]] && verbose_az_cp previous/${TAG} $@ +} + # These are global environment variables. +RELEASE_AZ_BLOB_URL="" +AZ_ACR_NAME="" SKIP_TESTS=0 PRESUBMIT_TEST_FAIL_FAST=1 TAG_RELEASE=0 @@ -95,6 +154,7 @@ RELEASE_BRANCH="" RELEASE_GCS_BUCKET="knative-nightly/${REPO_NAME}" KO_FLAGS="-P" VALIDATION_TESTS="./test/presubmit-tests.sh" +VALIDATION_TEST_ARGS="" YAMLS_TO_PUBLISH="" ARTIFACTS_TO_PUBLISH="" FROM_NIGHTLY_RELEASE="" @@ -165,8 +225,8 @@ function prepare_auto_release() { PUBLISH_RELEASE=1 git fetch --all || abort "error fetching branches/tags from remote" - local tags="$(git tag | cut -d 'v' -f2 | cut -d '.' -f1-2 | sort | uniq)" - local branches="$( { (git branch -r | grep upstream/release-) ; (git branch | grep release-); } | cut -d '-' -f2 | sort | uniq)" + local tags="$(git tag | cut -d 'v' -f2 | cut -d '.' -f1-2 | sort -V | uniq)" + local branches="$( { (git branch -r | grep upstream/release-) ; (git branch | grep release-); } | cut -d '-' -f2 | sort -V | uniq)" echo "Versions released (from tags): [" ${tags} "]" echo "Versions released (from branches): [" ${branches} "]" @@ -286,7 +346,7 @@ function build_from_nightly_release() { # Build a release from source. function build_from_source() { - run_validation_tests ${VALIDATION_TESTS} + run_validation_tests ${VALIDATION_TESTS} ${VALIDATION_TEST_ARGS} banner "Building the release" build_release # Do not use `||` above or any error will be swallowed. @@ -332,8 +392,8 @@ function find_latest_nightly() { # Parses flags and sets environment variables accordingly. function parse_flags() { - local has_gcr_flag=0 - local has_gcs_flag=0 + local has_registry_flag=0 + local has_storage_flag=0 local is_dot_release=0 local is_auto_release=0 @@ -361,11 +421,26 @@ function parse_flags() { ;; --release-gcr) KO_DOCKER_REPO=$1 - has_gcr_flag=1 + has_registry_flag=1 + ;; + --release-acr) + AZ_ACR_NAME=$1 + KO_DOCKER_REPO="${AZ_ACR_NAME}.azurecr.io" + has_registry_flag=1 + ;; + --release-azblob) + RELEASE_AZ_BLOB_URL=$1 + has_storage_flag=1 ;; --release-gcs) RELEASE_GCS_BUCKET=$1 - has_gcs_flag=1 + has_storage_flag=1 + ;; + --validation-tests) + VALIDATION_TEST=$1 + ;; + --test-args) + VALIDATION_TEST_ARGS="$1" ;; --version) [[ $1 =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] || abort "version format must be '[0-9].[0-9].[0-9]'" @@ -419,11 +494,12 @@ function parse_flags() { # Update KO_DOCKER_REPO and KO_FLAGS if we're not publishing. if (( ! PUBLISH_RELEASE )); then - (( has_gcr_flag )) && echo "Not publishing the release, GCR flag is ignored" - (( has_gcs_flag )) && echo "Not publishing the release, GCS flag is ignored" + (( has_registry_flag )) && echo "Not publishing the release, GCR/ACR flags ignored" + (( has_storage_flag )) && echo "Not publishing the release, GCS/BLOB flags ignored" KO_DOCKER_REPO="ko.local" KO_FLAGS="-L ${KO_FLAGS}" RELEASE_GCS_BUCKET="" + RELEASE_AZ_BLOB_URL="" fi # Get the commit, excluding any tags but keeping the "dirty" flag @@ -456,12 +532,14 @@ function parse_flags() { } # Run tests (unless --skip-tests was passed). Conveniently displays a banner indicating so. -# Parameters: $1 - executable that runs the tests. +# Parameters: $1... - executable (and arguments) that runs the tests. function run_validation_tests() { if (( ! SKIP_TESTS )); then banner "Running release validation tests" + banner "Running release validation tests" + echo "Running '$@'" # Run tests. - if ! $1; then + if ! $@; then banner "Release validation tests failed, aborting" exit 1 fi @@ -473,7 +551,7 @@ function run_validation_tests() { function publish_artifacts() { (( ! PUBLISH_RELEASE )) && return tag_images_in_yamls ${ARTIFACTS_TO_PUBLISH} - publish_to_gcs ${ARTIFACTS_TO_PUBLISH} + publish_to_storage ${ARTIFACTS_TO_PUBLISH} publish_to_github ${ARTIFACTS_TO_PUBLISH} banner "New release published successfully" } @@ -490,7 +568,7 @@ function main() { fi echo "- Go path: ${GOPATH}" echo "- Repository root: ${REPO_ROOT_DIR}" - echo "- Destination GCR: ${KO_DOCKER_REPO}" + echo "- Destination registry: ${KO_DOCKER_REPO}" (( SKIP_TESTS )) && echo "- Tests will NOT be run" || echo "- Tests will be run" if (( TAG_RELEASE )); then echo "- Artifacts will be tagged '${TAG}'" From fe65b7a7f4290fe69b638996381c88ee8a4f4229 Mon Sep 17 00:00:00 2001 From: Rakesh Kelkar Date: Fri, 13 Dec 2019 13:22:28 -0800 Subject: [PATCH 3/5] Hack resource availability bug: This causes revisions that take long to provision to get terminated --- pkg/reconciler/revision/reconcile_resources.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/reconciler/revision/reconcile_resources.go b/pkg/reconciler/revision/reconcile_resources.go index 8dadd79986fe..eea97ee8d892 100644 --- a/pkg/reconciler/revision/reconcile_resources.go +++ b/pkg/reconciler/revision/reconcile_resources.go @@ -88,7 +88,7 @@ func (c *Reconciler) reconcileDeployment(ctx context.Context, rev *v1alpha1.Revi // If pod cannot be scheduled then we expect the container status to be empty. for _, cond := range pod.Status.Conditions { if cond.Type == corev1.PodScheduled && cond.Status == corev1.ConditionFalse { - rev.Status.MarkResourcesUnavailable(cond.Reason, cond.Message) + // rev.Status.MarkResourcesUnavailable(cond.Reason, cond.Message) break } } From 76f5ffbeeed054a92ee039eb5f89af84d187e359 Mon Sep 17 00:00:00 2001 From: Rakesh Kelkar Date: Fri, 13 Dec 2019 20:49:37 -0800 Subject: [PATCH 4/5] comment the entire block --- pkg/reconciler/revision/reconcile_resources.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/reconciler/revision/reconcile_resources.go b/pkg/reconciler/revision/reconcile_resources.go index eea97ee8d892..dfd326cca2f0 100644 --- a/pkg/reconciler/revision/reconcile_resources.go +++ b/pkg/reconciler/revision/reconcile_resources.go @@ -86,12 +86,12 @@ func (c *Reconciler) reconcileDeployment(ctx context.Context, rev *v1alpha1.Revi // Update the revision status if pod cannot be scheduled(possibly resource constraints) // If pod cannot be scheduled then we expect the container status to be empty. - for _, cond := range pod.Status.Conditions { - if cond.Type == corev1.PodScheduled && cond.Status == corev1.ConditionFalse { - // rev.Status.MarkResourcesUnavailable(cond.Reason, cond.Message) - break - } - } + // for _, cond := range pod.Status.Conditions { + // if cond.Type == corev1.PodScheduled && cond.Status == corev1.ConditionFalse { + // rev.Status.MarkResourcesUnavailable(cond.Reason, cond.Message) + // break + // } + // } for _, status := range pod.Status.ContainerStatuses { if status.Name == rev.Spec.GetContainer().Name { From 619037b1cf53a94d71d4b3b3bb450fe7a1050e45 Mon Sep 17 00:00:00 2001 From: Rakesh Kelkar Date: Fri, 13 Dec 2019 20:49:49 -0800 Subject: [PATCH 5/5] bump progress deadline --- pkg/reconciler/revision/resources/constants.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/reconciler/revision/resources/constants.go b/pkg/reconciler/revision/resources/constants.go index 396a0826593b..d10df103b569 100644 --- a/pkg/reconciler/revision/resources/constants.go +++ b/pkg/reconciler/revision/resources/constants.go @@ -34,7 +34,7 @@ const ( // ProgressDeadlineSeconds is the time in seconds we wait for the deployment to // be ready before considering it failed. - ProgressDeadlineSeconds = int32(120) + ProgressDeadlineSeconds = int32(600) ) var (