Update Knative to v1.0.0

riser-platform · Nov 8, 2021 · 5606c61 · 5606c61
1 parent a3833e2
commit 5606c61
Show file tree

Hide file tree

Showing 19 changed files with 18,682 additions and 22,725 deletions.
diff --git a/config/infra/cert-manager/cert-manager.yaml b/config/infra/cert-manager/cert-manager.yaml
diff --git a/config/infra/flux/apply.yaml b/config/infra/flux/apply.yaml
@@ -7,7 +7,7 @@ metadata:
   namespace: flux
   labels:
     app: flux
-    chart: flux-1.4.0
+    chart: flux-1.11.2
     release: flux
     heritage: Helm
 ---
@@ -41,13 +41,13 @@ data:
     users: []
 ---
 # Source: flux/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: flux
   labels:
     app: flux
-    chart: flux-1.4.0
+    chart: flux-1.11.2
     release: flux
     heritage: Helm
 rules:
@@ -63,13 +63,13 @@ rules:
       - '*'
 ---
 # Source: flux/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: flux
   labels:
     app: flux
-    chart: flux-1.4.0
+    chart: flux-1.11.2
     release: flux
     heritage: Helm
 roleRef:
@@ -89,7 +89,7 @@ metadata:
   namespace: flux
   labels:
     app: flux
-    chart: flux-1.4.0
+    chart: flux-1.11.2
     release: flux
     heritage: Helm
 spec:
@@ -111,7 +111,7 @@ metadata:
   namespace: flux
   labels:
     app: flux
-    chart: flux-1.4.0
+    chart: flux-1.11.2
     release: flux
     heritage: Helm
 spec:
@@ -120,6 +120,8 @@ spec:
     matchLabels:
       app: flux
       release: flux
+  strategy:
+    type: Recreate
   template:
     metadata:
       annotations:
@@ -141,7 +143,7 @@ spec:
           medium: Memory
       containers:
         - name: flux
-          image: "docker.io/fluxcd/flux:1.20.1"
+          image: "docker.io/fluxcd/flux:1.24.2"
           imagePullPolicy: IfNotPresent
           ports:
           - name: http
@@ -175,7 +177,7 @@ spec:
               name: flux-git
           args:
           - --log-format=fmt
-
+          
           - --ssh-keygen-dir=/var/fluxd/keygen
           - --ssh-keygen-format=RFC4716
           - --k8s-secret-name=flux-git-deploy
@@ -205,4 +207,4 @@ spec:
               cpu: 50m
               memory: 64Mi
       nodeSelector:
-        beta.kubernetes.io/os: linux
+        kubernetes.io/os: linux
diff --git a/config/infra/flux/helm_values.yaml b/config/infra/flux/helm_values.yaml
@@ -1,12 +1,12 @@
 # https://github.com/fluxcd/flux/blob/master/chart/flux/values.yaml
 image:
-  tag: "1.20.1"
+  tag: "1.24.2"
 env:
   secretName: flux-git
 git:
   url: $(GIT_URL)
   path: $(GIT_PATH)
-  branch: main
+  branch: $(GIT_BRANCH)
   readonly: true
   pollInterval: 10s
 memcached:

diff --git a/config/infra/knative/README.md b/config/infra/knative/README.md
@@ -1,6 +1,5 @@
 A base [Kustomization](https://kustomize.io/) is provided for generation of Knative Serving manifests that work with Riser. The base manifests are:
-- [serving-core](https://github.com/knative/serving/releases)
-- [net-istio](https://github.com/knative/net-istio/releases)
+- [operator](https://github.com/knative/operator/releases)
 - [net-certmanager](https://github.com/knative/net-certmanager/releases)
 
 To build run `kustomize build base >/path/to/gitops/repo/kustomization.yaml`
@@ -11,16 +10,21 @@ To build run `kustomize build base >/path/to/gitops/repo/kustomization.yaml`
 Knative configuration is vast and is dependant largely on your needs. The following is meant to help get you started with a basic demo of Riser and is not intended as being exhaustive.
 
 ### Domain Name
-You should configure a wildcard domain for each environment and namespace using a pattern like `<environment>.riser.<your-domain>` (e.g. for the `dev` environment `dev.riser.your-domain.org`. To do this, create a ConfigMap like the following example:
+You should configure a wildcard domain for each environment and namespace using a pattern like `<environment>.riser.<your-domain>` (e.g. for the `dev` environment `dev.riser.your-domain.org`. To do this, add your domain to the configuration found in `knative.serving.yaml` file e.g.
 
 ```yaml
-apiVersion: v1
-kind: ConfigMap
+apiVersion: operator.knative.dev/v1alpha1
+kind: KnativeServing
 metadata:
-  name: config-domain
+  name: knative-serving
   namespace: knative-serving
-data:
-  dev.riser.your-domain.org: ""
+spec:
+  version: 1.0.0
+  config:
+    # ---v--- example domain configuration
+    domain:
+      dev.riser.your-domain.org: ""
+    # ---^--- example domain configuration
 ```
 
 

diff --git a/config/infra/knative/base/config-autoscaler.yaml b/config/infra/knative/base/config-autoscaler.yaml
diff --git a/config/infra/knative/base/config-certmanager.yaml b/config/infra/knative/base/config-certmanager.yaml
@@ -3,9 +3,8 @@ kind: ConfigMap
 metadata:
   name: config-certmanager
   namespace: knative-serving
-  labels:
-    networking.knative.dev/certificate-provider: cert-manager
 data:
+  enabled: "true"
   issuerRef: |
     kind: ClusterIssuer
-    name: selfsigning-issuer
+    name: selfsigning-issuer
diff --git a/config/infra/knative/base/config-defaults.yaml b/config/infra/knative/base/config-defaults.yaml
diff --git a/config/infra/knative/base/config-deployment.yaml b/config/infra/knative/base/config-deployment.yaml
diff --git a/config/infra/knative/base/config-istio.yaml b/config/infra/knative/base/config-istio.yaml
diff --git a/config/infra/knative/base/config-network.yaml b/config/infra/knative/base/config-network.yaml
diff --git a/config/infra/knative/base/knative-serving.yaml b/config/infra/knative/base/knative-serving.yaml
@@ -0,0 +1,21 @@
+apiVersion: operator.knative.dev/v1alpha1
+kind: KnativeServing
+metadata:
+  name: knative-serving
+  namespace: knative-serving
+spec:
+  version: 1.0.0
+  config:
+    autoscaler:
+      scale-to-zero-pod-retention-period: "10m"
+    defaults:
+      enable-service-links: "false"
+    deployment:
+      # This is so that we can use Kind image caching for e2e tests. See also https://github.com/knative/serving/issues/6114
+      registriesSkippingTagResolving: index.docker.io
+    istio:
+      enabled: "true"
+      local-gateway.mesh: "mesh"
+    network:
+      autoTLS: Enabled
+      httpProtocol: Redirected
diff --git a/config/infra/knative/base/kustomization.yaml b/config/infra/knative/base/kustomization.yaml
@@ -1,15 +1,8 @@
 resources:
+- namespace.yaml
+- knative-serving.yaml
+- operator.yaml
 - net-certmanager.yaml
-- net-istio.yaml
-- serving-core.yaml
 
 patches:
-- config-autoscaler.yaml
-- config-certmanager.yaml
-- config-defaults.yaml
-- config-deployment.yaml
-- config-istio.yaml
-- config-network.yaml
-- patch-ingress-gateway.yaml
-- patch-webhooks.yaml
-
+- config-certmanager.yaml
diff --git a/config/infra/knative/base/namespace.yaml b/config/infra/knative/base/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: knative-serving
+  labels:
+    istio-injection: "enabled"
diff --git a/config/infra/knative/base/net-certmanager.yaml b/config/infra/knative/base/net-certmanager.yaml
@@ -18,7 +18,7 @@ metadata:
   # These are the permissions needed by the `cert-manager` `Certificate` implementation.
   name: knative-serving-certmanager
   labels:
-    serving.knative.dev/release: "v0.24.0"
+    serving.knative.dev/release: "v1.0.0"
     serving.knative.dev/controller: "true"
     networking.knative.dev/certificate-provider: cert-manager
 rules:
@@ -49,7 +49,7 @@ kind: ValidatingWebhookConfiguration
 metadata:
   name: config.webhook.net-certmanager.networking.internal.knative.dev
   labels:
-    serving.knative.dev/release: "v0.24.0"
+    serving.knative.dev/release: "v1.0.0"
     networking.knative.dev/certificate-provider: cert-manager
 webhooks:
   - admissionReviewVersions:
@@ -88,7 +88,7 @@ metadata:
   name: net-certmanager-webhook-certs
   namespace: knative-serving
   labels:
-    serving.knative.dev/release: "v0.24.0"
+    serving.knative.dev/release: "v1.0.0"
     networking.knative.dev/certificate-provider: cert-manager
 
 ---
@@ -112,7 +112,7 @@ metadata:
   name: config-certmanager
   namespace: knative-serving
   labels:
-    serving.knative.dev/release: "v0.24.0"
+    serving.knative.dev/release: "v1.0.0"
     networking.knative.dev/certificate-provider: cert-manager
 data:
   _example: |
@@ -159,7 +159,7 @@ metadata:
   name: net-certmanager-controller
   namespace: knative-serving
   labels:
-    serving.knative.dev/release: "v0.24.0"
+    serving.knative.dev/release: "v1.0.0"
     networking.knative.dev/certificate-provider: cert-manager
 spec:
   selector:
@@ -171,14 +171,14 @@ spec:
         cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
       labels:
         app: net-certmanager-controller
-        serving.knative.dev/release: "v0.24.0"
+        serving.knative.dev/release: "v1.0.0"
     spec:
       serviceAccountName: controller
       containers:
         - name: controller
           # This is the Go import path for the binary that is containerized
           # and substituted here.
-          image: gcr.io/knative-releases/knative.dev/net-certmanager/cmd/controller@sha256:45bb63cc9bfe2183aafcd8815c1e5688e35a4e9967aaac625f44d12dc1c87bba
+          image: gcr.io/knative-releases/knative.dev/net-certmanager/cmd/controller@sha256:37d0467229be1bd74eb3e826e62ec60adfb52e8529f1177a08c6d276b8bd78ee
           resources:
             requests:
               cpu: 30m
@@ -216,7 +216,7 @@ kind: Service
 metadata:
   labels:
     app: net-certmanager-controller
-    serving.knative.dev/release: "v0.24.0"
+    serving.knative.dev/release: "v1.0.0"
     networking.knative.dev/certificate-provider: cert-manager
   name: net-certmanager-controller
   namespace: knative-serving
@@ -253,7 +253,7 @@ metadata:
   name: net-certmanager-webhook
   namespace: knative-serving
   labels:
-    serving.knative.dev/release: "v0.24.0"
+    serving.knative.dev/release: "v1.0.0"
     networking.knative.dev/certificate-provider: cert-manager
 spec:
   selector:
@@ -267,14 +267,14 @@ spec:
       labels:
         app: net-certmanager-webhook
         role: net-certmanager-webhook
-        serving.knative.dev/release: "v0.24.0"
+        serving.knative.dev/release: "v1.0.0"
     spec:
       serviceAccountName: controller
       containers:
         - name: webhook
           # This is the Go import path for the binary that is containerized
           # and substituted here.
-          image: gcr.io/knative-releases/knative.dev/net-certmanager/cmd/webhook@sha256:1402c0ff90bfa64ea72f44bc6aaed96206854dfa95bcfa014b776cc88df89ad2
+          image: gcr.io/knative-releases/knative.dev/net-certmanager/cmd/webhook@sha256:192fceb31b89fa2fb602bcb44a512c6faec2574ce4c4cb3aae2171eed32ee6dc
           resources:
             requests:
               cpu: 20m
@@ -333,7 +333,7 @@ metadata:
   namespace: knative-serving
   labels:
     role: net-certmanager-webhook
-    serving.knative.dev/release: "v0.24.0"
+    serving.knative.dev/release: "v1.0.0"
     networking.knative.dev/certificate-provider: cert-manager
 spec:
   ports: