k8s/knative/deploy/knative/serving-core.yaml

# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Namespace
metadata:
  name: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving

---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Use this aggregated ClusterRole when you need readonly access to "Addressables"
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  # Named like this to avoid clashing with eventing's existing `addressable-resolver` role
  # (which should be identical, but isn't guaranteed to be installed alongside serving).
  name: knative-serving-aggregated-addressable-resolver
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
aggregationRule:
  clusterRoleSelectors:
    - matchLabels:
        duck.knative.dev/addressable: "true"
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: knative-serving-addressable-resolver
  labels:
    serving.knative.dev/release: "v0.26.0"
    # Labeled to facilitate aggregated cluster roles that act on Addressables.
    duck.knative.dev/addressable: "true"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
# Do not use this role directly. These rules will be added to the "addressable-resolver" role.
rules:
  - apiGroups:
      - serving.knative.dev
    resources:
      - routes
      - routes/status
      - services
      - services/status
    verbs:
      - get
      - list
      - watch

---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: knative-serving-namespaced-admin
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
rules:
  - apiGroups: ["serving.knative.dev"]
    resources: ["*"]
    verbs: ["*"]
  - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"]
    resources: ["*"]
    verbs: ["get", "list", "watch"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: knative-serving-namespaced-edit
  labels:
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
rules:
  - apiGroups: ["serving.knative.dev"]
    resources: ["*"]
    verbs: ["create", "update", "patch", "delete"]
  - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"]
    resources: ["*"]
    verbs: ["get", "list", "watch"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: knative-serving-namespaced-view
  labels:
    rbac.authorization.k8s.io/aggregate-to-view: "true"
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
rules:
  - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"]
    resources: ["*"]
    verbs: ["get", "list", "watch"]

---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: knative-serving-core
  labels:
    serving.knative.dev/release: "v0.26.0"
    serving.knative.dev/controller: "true"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
rules:
  - apiGroups: [""]
    resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"]
    verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
  - apiGroups: [""]
    resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission
    verbs: ["create"]
  - apiGroups: [""]
    resources: ["namespaces/finalizers"] # finalizers are needed for the owner reference of the webhook
    verbs: ["update"]
  - apiGroups: ["apps"]
    resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook
    verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
  - apiGroups: ["admissionregistration.k8s.io"]
    resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
    verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
  - apiGroups: ["apiextensions.k8s.io"]
    resources: ["customresourcedefinitions", "customresourcedefinitions/status"]
    verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
  - apiGroups: ["autoscaling"]
    resources: ["horizontalpodautoscalers"]
    verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
  - apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"]
    resources: ["*", "*/status", "*/finalizers"]
    verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"]
  - apiGroups: ["caching.internal.knative.dev"]
    resources: ["images"]
    verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]

---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: knative-serving-podspecable-binding
  labels:
    serving.knative.dev/release: "v0.26.0"
    # Labeled to facilitate aggregated cluster roles that act on PodSpecables.
    duck.knative.dev/podspecable: "true"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
# Do not use this role directly. These rules will be added to the "podspecable-binder" role.
rules:
  - apiGroups:
      - serving.knative.dev
    resources:
      - configurations
      - services
    verbs:
      - list
      - watch
      - patch

---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: controller
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: controller
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: knative-serving-admin
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
aggregationRule:
  clusterRoleSelectors:
    - matchLabels:
        serving.knative.dev/controller: "true"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: knative-serving-controller-admin
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: controller
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
subjects:
  - kind: ServiceAccount
    name: controller
    namespace: knative-serving
roleRef:
  kind: ClusterRole
  name: knative-serving-admin
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: knative-serving-controller-addressable-resolver
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: controller
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
subjects:
  - kind: ServiceAccount
    name: controller
    namespace: knative-serving
roleRef:
  kind: ClusterRole
  name: knative-serving-aggregated-addressable-resolver
  apiGroup: rbac.authorization.k8s.io

---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: images.caching.internal.knative.dev
  labels:
    knative.dev/crd-install: "true"
spec:
  group: caching.internal.knative.dev
  names:
    kind: Image
    plural: images
    singular: image
    categories:
      - knative-internal
      - caching
    shortNames:
      - img
  scope: Namespaced
  versions:
    - name: v1alpha1
      served: true
      storage: true
      subresources:
        status: {}
      schema:
        openAPIV3Schema:
          type: object
          # this is a work around so we don't need to flush out the
          # schema for each version at this time
          #
          # see issue: https://github.com/knative/serving/issues/912
          x-kubernetes-preserve-unknown-fields: true
      additionalPrinterColumns:
        - name: Image
          type: string
          jsonPath: .spec.image

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: certificates.networking.internal.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    knative.dev/crd-install: "true"
spec:
  group: networking.internal.knative.dev
  versions:
    - name: v1alpha1
      served: true
      storage: true
      subresources:
        status: {}
      schema:
        openAPIV3Schema:
          type: object
          # this is a work around so we don't need to flush out the
          # schema for each version at this time
          #
          # see issue: https://github.com/knative/serving/issues/912
          x-kubernetes-preserve-unknown-fields: true
      additionalPrinterColumns:
        - name: Ready
          type: string
          jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
        - name: Reason
          type: string
          jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
  names:
    kind: Certificate
    plural: certificates
    singular: certificate
    categories:
      - knative-internal
      - networking
    shortNames:
      - kcert
  scope: Namespaced

---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: configurations.serving.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    knative.dev/crd-install: "true"
    duck.knative.dev/podspecable: "true"
spec:
  group: serving.knative.dev
  names:
    kind: Configuration
    plural: configurations
    singular: configuration
    categories:
      - all
      - knative
      - serving
    shortNames:
      - config
      - cfg
  scope: Namespaced
  versions:
    - name: v1
      served: true
      storage: true
      subresources:
        status: {}
      additionalPrinterColumns:
        - name: LatestCreated
          type: string
          jsonPath: .status.latestCreatedRevisionName
        - name: LatestReady
          type: string
          jsonPath: .status.latestReadyRevisionName
        - name: Ready
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].status"
        - name: Reason
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
      schema:
        openAPIV3Schema:
          description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration'
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: ConfigurationSpec holds the desired state of the Configuration (from the client).
              type: object
              properties:
                template:
                  description: Template holds the latest specification for the Revision to be stamped out.
                  type: object
                  properties:
                    metadata:
                      type: object
                      properties:
                        annotations:
                          type: object
                          additionalProperties:
                            type: string
                        finalizers:
                          type: array
                          items:
                            type: string
                        labels:
                          type: object
                          additionalProperties:
                            type: string
                        name:
                          type: string
                        namespace:
                          type: string
                      x-kubernetes-preserve-unknown-fields: true
                    spec:
                      description: RevisionSpec holds the desired state of the Revision (from the client).
                      type: object
                      required:
                        - containers
                      properties:
                        automountServiceAccountToken:
                          description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
                          type: boolean
                        containerConcurrency:
                          description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision.  Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler.
                          type: integer
                          format: int64
                        containers:
                          description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
                          type: array
                          items:
                            description: A single application container that you want to run within a pod.
                            type: object
                            properties:
                              args:
                                description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                type: array
                                items:
                                  type: string
                              command:
                                description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                type: array
                                items:
                                  type: string
                              env:
                                description: List of environment variables to set in the container. Cannot be updated.
                                type: array
                                items:
                                  description: EnvVar represents an environment variable present in a Container.
                                  type: object
                                  required:
                                    - name
                                  properties:
                                    name:
                                      description: Name of the environment variable. Must be a C_IDENTIFIER.
                                      type: string
                                    value:
                                      description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".'
                                      type: string
                                    valueFrom:
                                      description: Source for the environment variable's value. Cannot be used if value is not empty.
                                      type: object
                                      properties:
                                        configMapKeyRef:
                                          description: Selects a key of a ConfigMap.
                                          type: object
                                          required:
                                            - key
                                          properties:
                                            key:
                                              description: The key to select.
                                              type: string
                                            name:
                                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                              type: string
                                            optional:
                                              description: Specify whether the ConfigMap or its key must be defined
                                              type: boolean
                                        secretKeyRef:
                                          description: Selects a key of a secret in the pod's namespace
                                          type: object
                                          required:
                                            - key
                                          properties:
                                            key:
                                              description: The key of the secret to select from.  Must be a valid secret key.
                                              type: string
                                            name:
                                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                              type: string
                                            optional:
                                              description: Specify whether the Secret or its key must be defined
                                              type: boolean
                                      x-kubernetes-preserve-unknown-fields: true
                              envFrom:
                                description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
                                type: array
                                items:
                                  description: EnvFromSource represents the source of a set of ConfigMaps
                                  type: object
                                  properties:
                                    configMapRef:
                                      description: The ConfigMap to select from
                                      type: object
                                      properties:
                                        name:
                                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                          type: string
                                        optional:
                                          description: Specify whether the ConfigMap must be defined
                                          type: boolean
                                    prefix:
                                      description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
                                      type: string
                                    secretRef:
                                      description: The Secret to select from
                                      type: object
                                      properties:
                                        name:
                                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                          type: string
                                        optional:
                                          description: Specify whether the Secret must be defined
                                          type: boolean
                              image:
                                description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.'
                                type: string
                              imagePullPolicy:
                                description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                type: string
                              livenessProbe:
                                description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                type: object
                                properties:
                                  exec:
                                    description: One and only one of the following should be specified. Exec specifies the action to take.
                                    type: object
                                    properties:
                                      command:
                                        description: Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
                                        type: array
                                        items:
                                          type: string
                                  failureThreshold:
                                    description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
                                    type: integer
                                    format: int32
                                  httpGet:
                                    description: HTTPGet specifies the http request to perform.
                                    type: object
                                    properties:
                                      host:
                                        description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
                                        type: string
                                      httpHeaders:
                                        description: Custom headers to set in the request. HTTP allows repeated headers.
                                        type: array
                                        items:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          type: object
                                          required:
                                            - name
                                            - value
                                          properties:
                                            name:
                                              description: The header field name
                                              type: string
                                            value:
                                              description: The header field value
                                              type: string
                                      path:
                                        description: Path to access on the HTTP server.
                                        type: string
                                      scheme:
                                        description: Scheme to use for connecting to the host. Defaults to HTTP.
                                        type: string
                                    x-kubernetes-preserve-unknown-fields: true
                                  initialDelaySeconds:
                                    description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                    type: integer
                                    format: int32
                                  periodSeconds:
                                    description: How often (in seconds) to perform the probe.
                                    type: integer
                                    format: int32
                                  successThreshold:
                                    description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
                                    type: integer
                                    format: int32
                                  tcpSocket:
                                    description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook'
                                    type: object
                                    properties:
                                      host:
                                        description: 'Optional: Host name to connect to, defaults to the pod IP.'
                                        type: string
                                    x-kubernetes-preserve-unknown-fields: true
                                  timeoutSeconds:
                                    description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                    type: integer
                                    format: int32
                              name:
                                description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
                                type: string
                              ports:
                                description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.
                                type: array
                                items:
                                  description: ContainerPort represents a network port in a single container.
                                  type: object
                                  required:
                                    - containerPort
                                  properties:
                                    containerPort:
                                      description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
                                      type: integer
                                      format: int32
                                    name:
                                      description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
                                      type: string
                                    protocol:
                                      description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
                                      type: string
                                      default: TCP
                                  x-kubernetes-preserve-unknown-fields: true
                                x-kubernetes-list-map-keys:
                                  - containerPort
                                  - protocol
                                x-kubernetes-list-type: map
                              readinessProbe:
                                description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                type: object
                                properties:
                                  exec:
                                    description: One and only one of the following should be specified. Exec specifies the action to take.
                                    type: object
                                    properties:
                                      command:
                                        description: Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
                                        type: array
                                        items:
                                          type: string
                                  failureThreshold:
                                    description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
                                    type: integer
                                    format: int32
                                  httpGet:
                                    description: HTTPGet specifies the http request to perform.
                                    type: object
                                    properties:
                                      host:
                                        description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
                                        type: string
                                      httpHeaders:
                                        description: Custom headers to set in the request. HTTP allows repeated headers.
                                        type: array
                                        items:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          type: object
                                          required:
                                            - name
                                            - value
                                          properties:
                                            name:
                                              description: The header field name
                                              type: string
                                            value:
                                              description: The header field value
                                              type: string
                                      path:
                                        description: Path to access on the HTTP server.
                                        type: string
                                      scheme:
                                        description: Scheme to use for connecting to the host. Defaults to HTTP.
                                        type: string
                                    x-kubernetes-preserve-unknown-fields: true
                                  initialDelaySeconds:
                                    description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                    type: integer
                                    format: int32
                                  periodSeconds:
                                    description: How often (in seconds) to perform the probe.
                                    type: integer
                                    format: int32
                                  successThreshold:
                                    description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
                                    type: integer
                                    format: int32
                                  tcpSocket:
                                    description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook'
                                    type: object
                                    properties:
                                      host:
                                        description: 'Optional: Host name to connect to, defaults to the pod IP.'
                                        type: string
                                    x-kubernetes-preserve-unknown-fields: true
                                  timeoutSeconds:
                                    description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                    type: integer
                                    format: int32
                              resources:
                                description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                type: object
                                properties:
                                  limits:
                                    description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                    type: object
                                    additionalProperties:
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      anyOf:
                                        - type: integer
                                        - type: string
                                      x-kubernetes-int-or-string: true
                                  requests:
                                    description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                    type: object
                                    additionalProperties:
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      anyOf:
                                        - type: integer
                                        - type: string
                                      x-kubernetes-int-or-string: true
                              securityContext:
                                description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                type: object
                                properties:
                                  capabilities:
                                    description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
                                    type: object
                                    properties:
                                      drop:
                                        description: Removed capabilities
                                        type: array
                                        items:
                                          description: Capability represent POSIX capabilities type
                                          type: string
                                    x-kubernetes-preserve-unknown-fields: true
                                  readOnlyRootFilesystem:
                                    description: Whether this container has a read-only root filesystem. Default is false.
                                    type: boolean
                                  runAsUser:
                                    description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
                                    type: integer
                                    format: int64
                                x-kubernetes-preserve-unknown-fields: true
                              terminationMessagePath:
                                description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
                                type: string
                              terminationMessagePolicy:
                                description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
                                type: string
                              volumeMounts:
                                description: Pod volumes to mount into the container's filesystem. Cannot be updated.
                                type: array
                                items:
                                  description: VolumeMount describes a mounting of a Volume within a container.
                                  type: object
                                  required:
                                    - mountPath
                                    - name
                                  properties:
                                    mountPath:
                                      description: Path within the container at which the volume should be mounted.  Must not contain ':'.
                                      type: string
                                    name:
                                      description: This must match the Name of a Volume.
                                      type: string
                                    readOnly:
                                      description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
                                      type: boolean
                                    subPath:
                                      description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
                                      type: string
                              workingDir:
                                description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
                                type: string
                            x-kubernetes-preserve-unknown-fields: true
                        enableServiceLinks:
                          description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.'
                          type: boolean
                        imagePullSecrets:
                          description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
                          type: array
                          items:
                            description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
                            type: object
                            properties:
                              name:
                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                type: string
                        serviceAccountName:
                          description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
                          type: string
                        timeoutSeconds:
                          description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided.
                          type: integer
                          format: int64
                        volumes:
                          description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
                          type: array
                          items:
                            description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
                            type: object
                            required:
                              - name
                            properties:
                              configMap:
                                description: ConfigMap represents a configMap that should populate this volume
                                type: object
                                properties:
                                  defaultMode:
                                    description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                    type: integer
                                    format: int32
                                  items:
                                    description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
                                    type: array
                                    items:
                                      description: Maps a string key to a path within a volume.
                                      type: object
                                      required:
                                        - key
                                        - path
                                      properties:
                                        key:
                                          description: The key to project.
                                          type: string
                                        mode:
                                          description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                          type: integer
                                          format: int32
                                        path:
                                          description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
                                          type: string
                                  name:
                                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                    type: string
                                  optional:
                                    description: Specify whether the ConfigMap or its keys must be defined
                                    type: boolean
                              name:
                                description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                type: string
                              projected:
                                description: Items for all in one resources secrets, configmaps, and downward API
                                type: object
                                properties:
                                  defaultMode:
                                    description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
                                    type: integer
                                    format: int32
                                  sources:
                                    description: list of volume projections
                                    type: array
                                    items:
                                      description: Projection that may be projected along with other supported volume types
                                      type: object
                                      properties:
                                        configMap:
                                          description: information about the configMap data to project
                                          type: object
                                          properties:
                                            items:
                                              description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
                                              type: array
                                              items:
                                                description: Maps a string key to a path within a volume.
                                                type: object
                                                required:
                                                  - key
                                                  - path
                                                properties:
                                                  key:
                                                    description: The key to project.
                                                    type: string
                                                  mode:
                                                    description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                                    type: integer
                                                    format: int32
                                                  path:
                                                    description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
                                                    type: string
                                            name:
                                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                              type: string
                                            optional:
                                              description: Specify whether the ConfigMap or its keys must be defined
                                              type: boolean
                                        secret:
                                          description: information about the secret data to project
                                          type: object
                                          properties:
                                            items:
                                              description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
                                              type: array
                                              items:
                                                description: Maps a string key to a path within a volume.
                                                type: object
                                                required:
                                                  - key
                                                  - path
                                                properties:
                                                  key:
                                                    description: The key to project.
                                                    type: string
                                                  mode:
                                                    description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                                    type: integer
                                                    format: int32
                                                  path:
                                                    description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
                                                    type: string
                                            name:
                                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                              type: string
                                            optional:
                                              description: Specify whether the Secret or its key must be defined
                                              type: boolean
                                        serviceAccountToken:
                                          description: information about the serviceAccountToken data to project
                                          type: object
                                          required:
                                            - path
                                          properties:
                                            audience:
                                              description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
                                              type: string
                                            expirationSeconds:
                                              description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
                                              type: integer
                                              format: int64
                                            path:
                                              description: Path is the path relative to the mount point of the file to project the token into.
                                              type: string
                              secret:
                                description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                type: object
                                properties:
                                  defaultMode:
                                    description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                    type: integer
                                    format: int32
                                  items:
                                    description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
                                    type: array
                                    items:
                                      description: Maps a string key to a path within a volume.
                                      type: object
                                      required:
                                        - key
                                        - path
                                      properties:
                                        key:
                                          description: The key to project.
                                          type: string
                                        mode:
                                          description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                          type: integer
                                          format: int32
                                        path:
                                          description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
                                          type: string
                                  optional:
                                    description: Specify whether the Secret or its keys must be defined
                                    type: boolean
                                  secretName:
                                    description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                    type: string
                            x-kubernetes-preserve-unknown-fields: true
                      x-kubernetes-preserve-unknown-fields: true
            status:
              description: ConfigurationStatus communicates the observed state of the Configuration (from the controller).
              type: object
              properties:
                annotations:
                  description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                  type: object
                  additionalProperties:
                    type: string
                conditions:
                  description: Conditions the latest available observations of a resource's current state.
                  type: array
                  items:
                    description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
                    type: object
                    required:
                      - status
                      - type
                    properties:
                      lastTransitionTime:
                        description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
                        type: string
                        format: date-time
                      message:
                        description: A human readable message indicating details about the transition.
                        type: string
                      reason:
                        description: The reason for the condition's last transition.
                        type: string
                      severity:
                        description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
                        type: string
                      status:
                        description: Status of the condition, one of True, False, Unknown.
                        type: string
                      type:
                        description: Type of condition.
                        type: string
                latestCreatedRevisionName:
                  description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName.
                  type: string
                latestReadyRevisionName:
                  description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True".
                  type: string
                observedGeneration:
                  description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
                  type: integer
                  format: int64

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: clusterdomainclaims.networking.internal.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    knative.dev/crd-install: "true"
spec:
  group: networking.internal.knative.dev
  versions:
    - name: v1alpha1
      served: true
      storage: true
      subresources:
        status: {}
      schema:
        openAPIV3Schema:
          type: object
          # this is a work around so we don't need to flush out the
          # schema for each version at this time
          #
          # see issue: https://github.com/knative/serving/issues/912
          x-kubernetes-preserve-unknown-fields: true
  names:
    kind: ClusterDomainClaim
    plural: clusterdomainclaims
    singular: clusterdomainclaim
    categories:
      - knative-internal
      - networking
    shortNames:
      - cdc
  scope: Cluster

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: domainmappings.serving.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    knative.dev/crd-install: "true"
spec:
  group: serving.knative.dev
  versions:
    - name: v1beta1
      served: true
      storage: false
      subresources:
        status: {}
      additionalPrinterColumns:
        - name: URL
          type: string
          jsonPath: .status.url
        - name: Ready
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].status"
        - name: Reason
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
      "schema":
        "openAPIV3Schema":
          description: DomainMapping is a mapping from a custom hostname to an Addressable.
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
              type: object
              required:
                - ref
              properties:
                ref:
                  description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services."
                  type: object
                  required:
                    - kind
                    - name
                  properties:
                    apiVersion:
                      description: API version of the referent.
                      type: string
                    group:
                      description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086'
                      type: string
                    kind:
                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
                      type: string
                    name:
                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                      type: string
                    namespace:
                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
                      type: string
                tls:
                  description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret.
                  type: object
                  required:
                    - secretName
                  properties:
                    secretName:
                      description: SecretName is the name of the existing secret used to terminate TLS traffic.
                      type: string
            status:
              description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
              type: object
              properties:
                address:
                  description: Address holds the information needed for a DomainMapping to be the target of an event.
                  type: object
                  properties:
                    url:
                      type: string
                annotations:
                  description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                  type: object
                  additionalProperties:
                    type: string
                conditions:
                  description: Conditions the latest available observations of a resource's current state.
                  type: array
                  items:
                    description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
                    type: object
                    required:
                      - status
                      - type
                    properties:
                      lastTransitionTime:
                        description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
                        type: string
                        format: date-time
                      message:
                        description: A human readable message indicating details about the transition.
                        type: string
                      reason:
                        description: The reason for the condition's last transition.
                        type: string
                      severity:
                        description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
                        type: string
                      status:
                        description: Status of the condition, one of True, False, Unknown.
                        type: string
                      type:
                        description: Type of condition.
                        type: string
                observedGeneration:
                  description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
                  type: integer
                  format: int64
                url:
                  description: URL is the URL of this DomainMapping.
                  type: string
    - name: v1alpha1
      served: true
      storage: true
      subresources:
        status: {}
      schema:
        openAPIV3Schema:
          description: DomainMapping is a mapping from a custom hostname to an Addressable.
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
              type: object
              required:
                - ref
              properties:
                ref:
                  description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services."
                  type: object
                  required:
                    - kind
                    - name
                  properties:
                    apiVersion:
                      description: API version of the referent.
                      type: string
                    group:
                      description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086'
                      type: string
                    kind:
                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
                      type: string
                    name:
                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                      type: string
                    namespace:
                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
                      type: string
                tls:
                  description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret.
                  type: object
                  required:
                    - secretName
                  properties:
                    secretName:
                      description: SecretName is the name of the existing secret used to terminate TLS traffic.
                      type: string
            status:
              description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
              type: object
              properties:
                address:
                  description: Address holds the information needed for a DomainMapping to be the target of an event.
                  type: object
                  properties:
                    url:
                      type: string
                annotations:
                  description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                  type: object
                  additionalProperties:
                    type: string
                conditions:
                  description: Conditions the latest available observations of a resource's current state.
                  type: array
                  items:
                    description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
                    type: object
                    required:
                      - status
                      - type
                    properties:
                      lastTransitionTime:
                        description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
                        type: string
                        format: date-time
                      message:
                        description: A human readable message indicating details about the transition.
                        type: string
                      reason:
                        description: The reason for the condition's last transition.
                        type: string
                      severity:
                        description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
                        type: string
                      status:
                        description: Status of the condition, one of True, False, Unknown.
                        type: string
                      type:
                        description: Type of condition.
                        type: string
                observedGeneration:
                  description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
                  type: integer
                  format: int64
                url:
                  description: URL is the URL of this DomainMapping.
                  type: string
      additionalPrinterColumns:
        - name: URL
          type: string
          jsonPath: .status.url
        - name: Ready
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].status"
        - name: Reason
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
  names:
    kind: DomainMapping
    plural: domainmappings
    singular: domainmapping
    categories:
      - all
      - knative
      - serving
    shortNames:
      - dm
  scope: Namespaced

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: ingresses.networking.internal.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    knative.dev/crd-install: "true"
spec:
  group: networking.internal.knative.dev
  versions:
    - name: v1alpha1
      served: true
      storage: true
      subresources:
        status: {}
      schema:
        openAPIV3Schema:
          type: object
          # this is a work around so we don't need to flush out the
          # schema for each version at this time
          #
          # see issue: https://github.com/knative/serving/issues/912
          x-kubernetes-preserve-unknown-fields: true
      additionalPrinterColumns:
        - name: Ready
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].status"
        - name: Reason
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
  names:
    kind: Ingress
    plural: ingresses
    singular: ingress
    categories:
      - knative-internal
      - networking
    shortNames:
      - kingress
      - king
  scope: Namespaced

---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: metrics.autoscaling.internal.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    knative.dev/crd-install: "true"
spec:
  group: autoscaling.internal.knative.dev
  names:
    kind: Metric
    plural: metrics
    singular: metric
    categories:
      - knative-internal
      - autoscaling
  scope: Namespaced
  versions:
    - name: v1alpha1
      served: true
      storage: true
      subresources:
        status: {}
      additionalPrinterColumns:
        - name: Ready
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].status"
        - name: Reason
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
      schema:
        openAPIV3Schema:
          description: Metric represents a resource to configure the metric collector with.
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: Spec holds the desired state of the Metric (from the client).
              type: object
              required:
                - panicWindow
                - scrapeTarget
                - stableWindow
              properties:
                panicWindow:
                  description: PanicWindow is the aggregation window for metrics where quick reactions are needed.
                  type: integer
                  format: int64
                scrapeTarget:
                  description: ScrapeTarget is the K8s service that publishes the metric endpoint.
                  type: string
                stableWindow:
                  description: StableWindow is the aggregation window for metrics in a stable state.
                  type: integer
                  format: int64
            status:
              description: Status communicates the observed state of the Metric (from the controller).
              type: object
              properties:
                annotations:
                  description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                  type: object
                  additionalProperties:
                    type: string
                conditions:
                  description: Conditions the latest available observations of a resource's current state.
                  type: array
                  items:
                    description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
                    type: object
                    required:
                      - status
                      - type
                    properties:
                      lastTransitionTime:
                        description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
                        type: string
                        format: date-time
                      message:
                        description: A human readable message indicating details about the transition.
                        type: string
                      reason:
                        description: The reason for the condition's last transition.
                        type: string
                      severity:
                        description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
                        type: string
                      status:
                        description: Status of the condition, one of True, False, Unknown.
                        type: string
                      type:
                        description: Type of condition.
                        type: string
                observedGeneration:
                  description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
                  type: integer
                  format: int64

---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: podautoscalers.autoscaling.internal.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    knative.dev/crd-install: "true"
spec:
  group: autoscaling.internal.knative.dev
  names:
    kind: PodAutoscaler
    plural: podautoscalers
    singular: podautoscaler
    categories:
      - knative-internal
      - autoscaling
    shortNames:
      - kpa
      - pa
  scope: Namespaced
  versions:
    - name: v1alpha1
      served: true
      storage: true
      subresources:
        status: {}
      additionalPrinterColumns:
        - name: DesiredScale
          type: integer
          jsonPath: ".status.desiredScale"
        - name: ActualScale
          type: integer
          jsonPath: ".status.actualScale"
        - name: Ready
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].status"
        - name: Reason
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
      schema:
        openAPIV3Schema:
          description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers.  This definition is an abstraction that may be backed by multiple definitions.  For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/10KWynvAJYuOEWy69VBa6bHJVCqIsz1TNdEKosNvcpPY/edit'
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: Spec holds the desired state of the PodAutoscaler (from the client).
              type: object
              required:
                - protocolType
                - scaleTargetRef
              properties:
                containerConcurrency:
                  description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency.
                  type: integer
                  format: int64
                protocolType:
                  description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec.
                  type: string
                reachability:
                  description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown`
                  type: string
                scaleTargetRef:
                  description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing.
                  type: object
                  properties:
                    apiVersion:
                      description: API version of the referent.
                      type: string
                    kind:
                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
                      type: string
                    name:
                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                      type: string
            status:
              description: Status communicates the observed state of the PodAutoscaler (from the controller).
              type: object
              required:
                - metricsServiceName
                - serviceName
              properties:
                actualScale:
                  description: ActualScale shows the actual number of replicas for the revision.
                  type: integer
                  format: int32
                annotations:
                  description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                  type: object
                  additionalProperties:
                    type: string
                conditions:
                  description: Conditions the latest available observations of a resource's current state.
                  type: array
                  items:
                    description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
                    type: object
                    required:
                      - status
                      - type
                    properties:
                      lastTransitionTime:
                        description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
                        type: string
                        format: date-time
                      message:
                        description: A human readable message indicating details about the transition.
                        type: string
                      reason:
                        description: The reason for the condition's last transition.
                        type: string
                      severity:
                        description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
                        type: string
                      status:
                        description: Status of the condition, one of True, False, Unknown.
                        type: string
                      type:
                        description: Type of condition.
                        type: string
                desiredScale:
                  description: DesiredScale shows the current desired number of replicas for the revision.
                  type: integer
                  format: int32
                metricsServiceName:
                  description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object.
                  type: string
                observedGeneration:
                  description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
                  type: integer
                  format: int64
                serviceName:
                  description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA.
                  type: string

---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: revisions.serving.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    knative.dev/crd-install: "true"
spec:
  group: serving.knative.dev
  names:
    kind: Revision
    plural: revisions
    singular: revision
    categories:
      - all
      - knative
      - serving
    shortNames:
      - rev
  scope: Namespaced
  versions:
    - name: v1
      served: true
      storage: true
      subresources:
        status: {}
      additionalPrinterColumns:
        - name: Config Name
          type: string
          jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']"
        - name: K8s Service Name
          type: string
          jsonPath: ".status.serviceName"
        - name: Generation
          type: string # int in string form :(
          jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']"
        - name: Ready
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].status"
        - name: Reason
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
        - name: Actual Replicas
          type: integer
          jsonPath: ".status.actualReplicas"
        - name: Desired Replicas
          type: integer
          jsonPath: ".status.desiredReplicas"
      schema:
        openAPIV3Schema:
          description: "Revision is an immutable snapshot of code and configuration.  A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision"
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: RevisionSpec holds the desired state of the Revision (from the client).
              type: object
              required:
                - containers
              properties:
                automountServiceAccountToken:
                  description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
                  type: boolean
                containerConcurrency:
                  description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision.  Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler.
                  type: integer
                  format: int64
                containers:
                  description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
                  type: array
                  items:
                    description: A single application container that you want to run within a pod.
                    type: object
                    properties:
                      args:
                        description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                        type: array
                        items:
                          type: string
                      command:
                        description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                        type: array
                        items:
                          type: string
                      env:
                        description: List of environment variables to set in the container. Cannot be updated.
                        type: array
                        items:
                          description: EnvVar represents an environment variable present in a Container.
                          type: object
                          required:
                            - name
                          properties:
                            name:
                              description: Name of the environment variable. Must be a C_IDENTIFIER.
                              type: string
                            value:
                              description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".'
                              type: string
                            valueFrom:
                              description: Source for the environment variable's value. Cannot be used if value is not empty.
                              type: object
                              properties:
                                configMapKeyRef:
                                  description: Selects a key of a ConfigMap.
                                  type: object
                                  required:
                                    - key
                                  properties:
                                    key:
                                      description: The key to select.
                                      type: string
                                    name:
                                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                      type: string
                                    optional:
                                      description: Specify whether the ConfigMap or its key must be defined
                                      type: boolean
                                secretKeyRef:
                                  description: Selects a key of a secret in the pod's namespace
                                  type: object
                                  required:
                                    - key
                                  properties:
                                    key:
                                      description: The key of the secret to select from.  Must be a valid secret key.
                                      type: string
                                    name:
                                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                      type: string
                                    optional:
                                      description: Specify whether the Secret or its key must be defined
                                      type: boolean
                              x-kubernetes-preserve-unknown-fields: true
                      envFrom:
                        description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
                        type: array
                        items:
                          description: EnvFromSource represents the source of a set of ConfigMaps
                          type: object
                          properties:
                            configMapRef:
                              description: The ConfigMap to select from
                              type: object
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap must be defined
                                  type: boolean
                            prefix:
                              description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
                              type: string
                            secretRef:
                              description: The Secret to select from
                              type: object
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret must be defined
                                  type: boolean
                      image:
                        description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.'
                        type: string
                      imagePullPolicy:
                        description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                        type: string
                      livenessProbe:
                        description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                        type: object
                        properties:
                          exec:
                            description: One and only one of the following should be specified. Exec specifies the action to take.
                            type: object
                            properties:
                              command:
                                description: Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
                                type: array
                                items:
                                  type: string
                          failureThreshold:
                            description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
                            type: integer
                            format: int32
                          httpGet:
                            description: HTTPGet specifies the http request to perform.
                            type: object
                            properties:
                              host:
                                description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
                                type: string
                              httpHeaders:
                                description: Custom headers to set in the request. HTTP allows repeated headers.
                                type: array
                                items:
                                  description: HTTPHeader describes a custom header to be used in HTTP probes
                                  type: object
                                  required:
                                    - name
                                    - value
                                  properties:
                                    name:
                                      description: The header field name
                                      type: string
                                    value:
                                      description: The header field value
                                      type: string
                              path:
                                description: Path to access on the HTTP server.
                                type: string
                              scheme:
                                description: Scheme to use for connecting to the host. Defaults to HTTP.
                                type: string
                            x-kubernetes-preserve-unknown-fields: true
                          initialDelaySeconds:
                            description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                            type: integer
                            format: int32
                          periodSeconds:
                            description: How often (in seconds) to perform the probe.
                            type: integer
                            format: int32
                          successThreshold:
                            description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
                            type: integer
                            format: int32
                          tcpSocket:
                            description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook'
                            type: object
                            properties:
                              host:
                                description: 'Optional: Host name to connect to, defaults to the pod IP.'
                                type: string
                            x-kubernetes-preserve-unknown-fields: true
                          timeoutSeconds:
                            description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                            type: integer
                            format: int32
                      name:
                        description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
                        type: string
                      ports:
                        description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.
                        type: array
                        items:
                          description: ContainerPort represents a network port in a single container.
                          type: object
                          required:
                            - containerPort
                          properties:
                            containerPort:
                              description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
                              type: integer
                              format: int32
                            name:
                              description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
                              type: string
                            protocol:
                              description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
                              type: string
                              default: TCP
                          x-kubernetes-preserve-unknown-fields: true
                        x-kubernetes-list-map-keys:
                          - containerPort
                          - protocol
                        x-kubernetes-list-type: map
                      readinessProbe:
                        description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                        type: object
                        properties:
                          exec:
                            description: One and only one of the following should be specified. Exec specifies the action to take.
                            type: object
                            properties:
                              command:
                                description: Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
                                type: array
                                items:
                                  type: string
                          failureThreshold:
                            description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
                            type: integer
                            format: int32
                          httpGet:
                            description: HTTPGet specifies the http request to perform.
                            type: object
                            properties:
                              host:
                                description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
                                type: string
                              httpHeaders:
                                description: Custom headers to set in the request. HTTP allows repeated headers.
                                type: array
                                items:
                                  description: HTTPHeader describes a custom header to be used in HTTP probes
                                  type: object
                                  required:
                                    - name
                                    - value
                                  properties:
                                    name:
                                      description: The header field name
                                      type: string
                                    value:
                                      description: The header field value
                                      type: string
                              path:
                                description: Path to access on the HTTP server.
                                type: string
                              scheme:
                                description: Scheme to use for connecting to the host. Defaults to HTTP.
                                type: string
                            x-kubernetes-preserve-unknown-fields: true
                          initialDelaySeconds:
                            description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                            type: integer
                            format: int32
                          periodSeconds:
                            description: How often (in seconds) to perform the probe.
                            type: integer
                            format: int32
                          successThreshold:
                            description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
                            type: integer
                            format: int32
                          tcpSocket:
                            description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook'
                            type: object
                            properties:
                              host:
                                description: 'Optional: Host name to connect to, defaults to the pod IP.'
                                type: string
                            x-kubernetes-preserve-unknown-fields: true
                          timeoutSeconds:
                            description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                            type: integer
                            format: int32
                      resources:
                        description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                        type: object
                        properties:
                          limits:
                            description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                            additionalProperties:
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              anyOf:
                                - type: integer
                                - type: string
                              x-kubernetes-int-or-string: true
                          requests:
                            description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                            additionalProperties:
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              anyOf:
                                - type: integer
                                - type: string
                              x-kubernetes-int-or-string: true
                      securityContext:
                        description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                        type: object
                        properties:
                          capabilities:
                            description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
                            type: object
                            properties:
                              drop:
                                description: Removed capabilities
                                type: array
                                items:
                                  description: Capability represent POSIX capabilities type
                                  type: string
                            x-kubernetes-preserve-unknown-fields: true
                          readOnlyRootFilesystem:
                            description: Whether this container has a read-only root filesystem. Default is false.
                            type: boolean
                          runAsUser:
                            description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
                            type: integer
                            format: int64
                        x-kubernetes-preserve-unknown-fields: true
                      terminationMessagePath:
                        description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
                        type: string
                      terminationMessagePolicy:
                        description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
                        type: string
                      volumeMounts:
                        description: Pod volumes to mount into the container's filesystem. Cannot be updated.
                        type: array
                        items:
                          description: VolumeMount describes a mounting of a Volume within a container.
                          type: object
                          required:
                            - mountPath
                            - name
                          properties:
                            mountPath:
                              description: Path within the container at which the volume should be mounted.  Must not contain ':'.
                              type: string
                            name:
                              description: This must match the Name of a Volume.
                              type: string
                            readOnly:
                              description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
                              type: boolean
                            subPath:
                              description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
                              type: string
                      workingDir:
                        description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
                        type: string
                    x-kubernetes-preserve-unknown-fields: true
                enableServiceLinks:
                  description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.'
                  type: boolean
                imagePullSecrets:
                  description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
                  type: array
                  items:
                    description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
                    type: object
                    properties:
                      name:
                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                        type: string
                serviceAccountName:
                  description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
                  type: string
                timeoutSeconds:
                  description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided.
                  type: integer
                  format: int64
                volumes:
                  description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
                  type: array
                  items:
                    description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
                    type: object
                    required:
                      - name
                    properties:
                      configMap:
                        description: ConfigMap represents a configMap that should populate this volume
                        type: object
                        properties:
                          defaultMode:
                            description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                            type: integer
                            format: int32
                          items:
                            description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
                            type: array
                            items:
                              description: Maps a string key to a path within a volume.
                              type: object
                              required:
                                - key
                                - path
                              properties:
                                key:
                                  description: The key to project.
                                  type: string
                                mode:
                                  description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                  type: integer
                                  format: int32
                                path:
                                  description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
                                  type: string
                          name:
                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                            type: string
                          optional:
                            description: Specify whether the ConfigMap or its keys must be defined
                            type: boolean
                      name:
                        description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                        type: string
                      projected:
                        description: Items for all in one resources secrets, configmaps, and downward API
                        type: object
                        properties:
                          defaultMode:
                            description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
                            type: integer
                            format: int32
                          sources:
                            description: list of volume projections
                            type: array
                            items:
                              description: Projection that may be projected along with other supported volume types
                              type: object
                              properties:
                                configMap:
                                  description: information about the configMap data to project
                                  type: object
                                  properties:
                                    items:
                                      description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
                                      type: array
                                      items:
                                        description: Maps a string key to a path within a volume.
                                        type: object
                                        required:
                                          - key
                                          - path
                                        properties:
                                          key:
                                            description: The key to project.
                                            type: string
                                          mode:
                                            description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                            type: integer
                                            format: int32
                                          path:
                                            description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
                                            type: string
                                    name:
                                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                      type: string
                                    optional:
                                      description: Specify whether the ConfigMap or its keys must be defined
                                      type: boolean
                                secret:
                                  description: information about the secret data to project
                                  type: object
                                  properties:
                                    items:
                                      description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
                                      type: array
                                      items:
                                        description: Maps a string key to a path within a volume.
                                        type: object
                                        required:
                                          - key
                                          - path
                                        properties:
                                          key:
                                            description: The key to project.
                                            type: string
                                          mode:
                                            description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                            type: integer
                                            format: int32
                                          path:
                                            description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
                                            type: string
                                    name:
                                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                      type: string
                                    optional:
                                      description: Specify whether the Secret or its key must be defined
                                      type: boolean
                                serviceAccountToken:
                                  description: information about the serviceAccountToken data to project
                                  type: object
                                  required:
                                    - path
                                  properties:
                                    audience:
                                      description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
                                      type: string
                                    expirationSeconds:
                                      description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
                                      type: integer
                                      format: int64
                                    path:
                                      description: Path is the path relative to the mount point of the file to project the token into.
                                      type: string
                      secret:
                        description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                        type: object
                        properties:
                          defaultMode:
                            description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                            type: integer
                            format: int32
                          items:
                            description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
                            type: array
                            items:
                              description: Maps a string key to a path within a volume.
                              type: object
                              required:
                                - key
                                - path
                              properties:
                                key:
                                  description: The key to project.
                                  type: string
                                mode:
                                  description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                  type: integer
                                  format: int32
                                path:
                                  description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
                                  type: string
                          optional:
                            description: Specify whether the Secret or its keys must be defined
                            type: boolean
                          secretName:
                            description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                            type: string
                    x-kubernetes-preserve-unknown-fields: true
              x-kubernetes-preserve-unknown-fields: true
            status:
              description: RevisionStatus communicates the observed state of the Revision (from the controller).
              type: object
              properties:
                actualReplicas:
                  description: ActualReplicas reflects the amount of ready pods running this revision.
                  type: integer
                  format: int32
                annotations:
                  description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                  type: object
                  additionalProperties:
                    type: string
                conditions:
                  description: Conditions the latest available observations of a resource's current state.
                  type: array
                  items:
                    description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
                    type: object
                    required:
                      - status
                      - type
                    properties:
                      lastTransitionTime:
                        description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
                        type: string
                        format: date-time
                      message:
                        description: A human readable message indicating details about the transition.
                        type: string
                      reason:
                        description: The reason for the condition's last transition.
                        type: string
                      severity:
                        description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
                        type: string
                      status:
                        description: Status of the condition, one of True, False, Unknown.
                        type: string
                      type:
                        description: Type of condition.
                        type: string
                containerStatuses:
                  description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests'
                  type: array
                  items:
                    description: ContainerStatus holds the information of container name and image digest value
                    type: object
                    properties:
                      imageDigest:
                        type: string
                      name:
                        type: string
                desiredReplicas:
                  description: DesiredReplicas reflects the desired amount of pods running this revision.
                  type: integer
                  format: int32
                logUrl:
                  description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config.
                  type: string
                observedGeneration:
                  description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
                  type: integer
                  format: int64

---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: routes.serving.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    knative.dev/crd-install: "true"
    duck.knative.dev/addressable: "true"
spec:
  group: serving.knative.dev
  names:
    kind: Route
    plural: routes
    singular: route
    categories:
      - all
      - knative
      - serving
    shortNames:
      - rt
  scope: Namespaced
  versions:
    - name: v1
      served: true
      storage: true
      subresources:
        status: {}
      additionalPrinterColumns:
        - name: URL
          type: string
          jsonPath: .status.url
        - name: Ready
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].status"
        - name: Reason
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
      schema:
        openAPIV3Schema:
          description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route'
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: Spec holds the desired state of the Route (from the client).
              type: object
              properties:
                traffic:
                  description: Traffic specifies how to distribute traffic over a collection of revisions and configurations.
                  type: array
                  items:
                    description: TrafficTarget holds a single entry of the routing table for a Route.
                    type: object
                    properties:
                      configurationName:
                        description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one.  This field is never set in Route's status, only its spec.  This is mutually exclusive with RevisionName.
                        type: string
                      latestRevision:
                        description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target.  When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty.
                        type: boolean
                      percent:
                        description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for   that particular Revision or Configuration'
                        type: integer
                        format: int64
                      revisionName:
                        description: RevisionName of a specific revision to which to send this portion of traffic.  This is mutually exclusive with ConfigurationName.
                        type: string
                      tag:
                        description: Tag is optionally used to expose a dedicated url for referencing this target exclusively.
                        type: string
                      url:
                        description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
                        type: string
            status:
              description: Status communicates the observed state of the Route (from the controller).
              type: object
              properties:
                address:
                  description: Address holds the information needed for a Route to be the target of an event.
                  type: object
                  properties:
                    url:
                      type: string
                annotations:
                  description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                  type: object
                  additionalProperties:
                    type: string
                conditions:
                  description: Conditions the latest available observations of a resource's current state.
                  type: array
                  items:
                    description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
                    type: object
                    required:
                      - status
                      - type
                    properties:
                      lastTransitionTime:
                        description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
                        type: string
                        format: date-time
                      message:
                        description: A human readable message indicating details about the transition.
                        type: string
                      reason:
                        description: The reason for the condition's last transition.
                        type: string
                      severity:
                        description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
                        type: string
                      status:
                        description: Status of the condition, one of True, False, Unknown.
                        type: string
                      type:
                        description: Type of condition.
                        type: string
                observedGeneration:
                  description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
                  type: integer
                  format: int64
                traffic:
                  description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed.
                  type: array
                  items:
                    description: TrafficTarget holds a single entry of the routing table for a Route.
                    type: object
                    properties:
                      configurationName:
                        description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one.  This field is never set in Route's status, only its spec.  This is mutually exclusive with RevisionName.
                        type: string
                      latestRevision:
                        description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target.  When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty.
                        type: boolean
                      percent:
                        description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for   that particular Revision or Configuration'
                        type: integer
                        format: int64
                      revisionName:
                        description: RevisionName of a specific revision to which to send this portion of traffic.  This is mutually exclusive with ConfigurationName.
                        type: string
                      tag:
                        description: Tag is optionally used to expose a dedicated url for referencing this target exclusively.
                        type: string
                      url:
                        description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
                        type: string
                url:
                  description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix}
                  type: string

---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: serverlessservices.networking.internal.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    knative.dev/crd-install: "true"
spec:
  group: networking.internal.knative.dev
  versions:
    - name: v1alpha1
      served: true
      storage: true
      subresources:
        status: {}
      schema:
        openAPIV3Schema:
          type: object
          # this is a work around so we don't need to flush out the
          # schema for each version at this time
          #
          # see issue: https://github.com/knative/serving/issues/912
          x-kubernetes-preserve-unknown-fields: true
      additionalPrinterColumns:
        - name: Mode
          type: string
          jsonPath: ".spec.mode"
        - name: Activators
          type: integer
          jsonPath: ".spec.numActivators"
        - name: ServiceName
          type: string
          jsonPath: ".status.serviceName"
        - name: PrivateServiceName
          type: string
          jsonPath: ".status.privateServiceName"
        - name: Ready
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].status"
        - name: Reason
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
  names:
    kind: ServerlessService
    plural: serverlessservices
    singular: serverlessservice
    categories:
      - knative-internal
      - networking
    shortNames:
      - sks
  scope: Namespaced

---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: services.serving.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    knative.dev/crd-install: "true"
    duck.knative.dev/addressable: "true"
    duck.knative.dev/podspecable: "true"
spec:
  group: serving.knative.dev
  names:
    kind: Service
    plural: services
    singular: service
    categories:
      - all
      - knative
      - serving
    shortNames:
      - kservice
      - ksvc
  scope: Namespaced
  versions:
    - name: v1
      served: true
      storage: true
      subresources:
        status: {}
      additionalPrinterColumns:
        - name: URL
          type: string
          jsonPath: .status.url
        - name: LatestCreated
          type: string
          jsonPath: .status.latestCreatedRevisionName
        - name: LatestReady
          type: string
          jsonPath: .status.latestReadyRevisionName
        - name: Ready
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].status"
        - name: Reason
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
      schema:
        openAPIV3Schema:
          description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service"
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration.  The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec.
              type: object
              properties:
                template:
                  description: Template holds the latest specification for the Revision to be stamped out.
                  type: object
                  properties:
                    metadata:
                      type: object
                      properties:
                        annotations:
                          type: object
                          additionalProperties:
                            type: string
                        finalizers:
                          type: array
                          items:
                            type: string
                        labels:
                          type: object
                          additionalProperties:
                            type: string
                        name:
                          type: string
                        namespace:
                          type: string
                      x-kubernetes-preserve-unknown-fields: true
                    spec:
                      description: RevisionSpec holds the desired state of the Revision (from the client).
                      type: object
                      required:
                        - containers
                      properties:
                        automountServiceAccountToken:
                          description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
                          type: boolean
                        containerConcurrency:
                          description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision.  Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler.
                          type: integer
                          format: int64
                        containers:
                          description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
                          type: array
                          items:
                            description: A single application container that you want to run within a pod.
                            type: object
                            properties:
                              args:
                                description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                type: array
                                items:
                                  type: string
                              command:
                                description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                type: array
                                items:
                                  type: string
                              env:
                                description: List of environment variables to set in the container. Cannot be updated.
                                type: array
                                items:
                                  description: EnvVar represents an environment variable present in a Container.
                                  type: object
                                  required:
                                    - name
                                  properties:
                                    name:
                                      description: Name of the environment variable. Must be a C_IDENTIFIER.
                                      type: string
                                    value:
                                      description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".'
                                      type: string
                                    valueFrom:
                                      description: Source for the environment variable's value. Cannot be used if value is not empty.
                                      type: object
                                      properties:
                                        configMapKeyRef:
                                          description: Selects a key of a ConfigMap.
                                          type: object
                                          required:
                                            - key
                                          properties:
                                            key:
                                              description: The key to select.
                                              type: string
                                            name:
                                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                              type: string
                                            optional:
                                              description: Specify whether the ConfigMap or its key must be defined
                                              type: boolean
                                        secretKeyRef:
                                          description: Selects a key of a secret in the pod's namespace
                                          type: object
                                          required:
                                            - key
                                          properties:
                                            key:
                                              description: The key of the secret to select from.  Must be a valid secret key.
                                              type: string
                                            name:
                                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                              type: string
                                            optional:
                                              description: Specify whether the Secret or its key must be defined
                                              type: boolean
                                      x-kubernetes-preserve-unknown-fields: true
                              envFrom:
                                description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
                                type: array
                                items:
                                  description: EnvFromSource represents the source of a set of ConfigMaps
                                  type: object
                                  properties:
                                    configMapRef:
                                      description: The ConfigMap to select from
                                      type: object
                                      properties:
                                        name:
                                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                          type: string
                                        optional:
                                          description: Specify whether the ConfigMap must be defined
                                          type: boolean
                                    prefix:
                                      description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
                                      type: string
                                    secretRef:
                                      description: The Secret to select from
                                      type: object
                                      properties:
                                        name:
                                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                          type: string
                                        optional:
                                          description: Specify whether the Secret must be defined
                                          type: boolean
                              image:
                                description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.'
                                type: string
                              imagePullPolicy:
                                description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                type: string
                              livenessProbe:
                                description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                type: object
                                properties:
                                  exec:
                                    description: One and only one of the following should be specified. Exec specifies the action to take.
                                    type: object
                                    properties:
                                      command:
                                        description: Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
                                        type: array
                                        items:
                                          type: string
                                  failureThreshold:
                                    description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
                                    type: integer
                                    format: int32
                                  httpGet:
                                    description: HTTPGet specifies the http request to perform.
                                    type: object
                                    properties:
                                      host:
                                        description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
                                        type: string
                                      httpHeaders:
                                        description: Custom headers to set in the request. HTTP allows repeated headers.
                                        type: array
                                        items:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          type: object
                                          required:
                                            - name
                                            - value
                                          properties:
                                            name:
                                              description: The header field name
                                              type: string
                                            value:
                                              description: The header field value
                                              type: string
                                      path:
                                        description: Path to access on the HTTP server.
                                        type: string
                                      scheme:
                                        description: Scheme to use for connecting to the host. Defaults to HTTP.
                                        type: string
                                    x-kubernetes-preserve-unknown-fields: true
                                  initialDelaySeconds:
                                    description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                    type: integer
                                    format: int32
                                  periodSeconds:
                                    description: How often (in seconds) to perform the probe.
                                    type: integer
                                    format: int32
                                  successThreshold:
                                    description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
                                    type: integer
                                    format: int32
                                  tcpSocket:
                                    description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook'
                                    type: object
                                    properties:
                                      host:
                                        description: 'Optional: Host name to connect to, defaults to the pod IP.'
                                        type: string
                                    x-kubernetes-preserve-unknown-fields: true
                                  timeoutSeconds:
                                    description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                    type: integer
                                    format: int32
                              name:
                                description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
                                type: string
                              ports:
                                description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.
                                type: array
                                items:
                                  description: ContainerPort represents a network port in a single container.
                                  type: object
                                  required:
                                    - containerPort
                                  properties:
                                    containerPort:
                                      description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
                                      type: integer
                                      format: int32
                                    name:
                                      description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
                                      type: string
                                    protocol:
                                      description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
                                      type: string
                                      default: TCP
                                  x-kubernetes-preserve-unknown-fields: true
                                x-kubernetes-list-map-keys:
                                  - containerPort
                                  - protocol
                                x-kubernetes-list-type: map
                              readinessProbe:
                                description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                type: object
                                properties:
                                  exec:
                                    description: One and only one of the following should be specified. Exec specifies the action to take.
                                    type: object
                                    properties:
                                      command:
                                        description: Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
                                        type: array
                                        items:
                                          type: string
                                  failureThreshold:
                                    description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
                                    type: integer
                                    format: int32
                                  httpGet:
                                    description: HTTPGet specifies the http request to perform.
                                    type: object
                                    properties:
                                      host:
                                        description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
                                        type: string
                                      httpHeaders:
                                        description: Custom headers to set in the request. HTTP allows repeated headers.
                                        type: array
                                        items:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          type: object
                                          required:
                                            - name
                                            - value
                                          properties:
                                            name:
                                              description: The header field name
                                              type: string
                                            value:
                                              description: The header field value
                                              type: string
                                      path:
                                        description: Path to access on the HTTP server.
                                        type: string
                                      scheme:
                                        description: Scheme to use for connecting to the host. Defaults to HTTP.
                                        type: string
                                    x-kubernetes-preserve-unknown-fields: true
                                  initialDelaySeconds:
                                    description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                    type: integer
                                    format: int32
                                  periodSeconds:
                                    description: How often (in seconds) to perform the probe.
                                    type: integer
                                    format: int32
                                  successThreshold:
                                    description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
                                    type: integer
                                    format: int32
                                  tcpSocket:
                                    description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook'
                                    type: object
                                    properties:
                                      host:
                                        description: 'Optional: Host name to connect to, defaults to the pod IP.'
                                        type: string
                                    x-kubernetes-preserve-unknown-fields: true
                                  timeoutSeconds:
                                    description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                    type: integer
                                    format: int32
                              resources:
                                description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                type: object
                                properties:
                                  limits:
                                    description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                    type: object
                                    additionalProperties:
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      anyOf:
                                        - type: integer
                                        - type: string
                                      x-kubernetes-int-or-string: true
                                  requests:
                                    description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                    type: object
                                    additionalProperties:
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      anyOf:
                                        - type: integer
                                        - type: string
                                      x-kubernetes-int-or-string: true
                              securityContext:
                                description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                type: object
                                properties:
                                  capabilities:
                                    description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
                                    type: object
                                    properties:
                                      drop:
                                        description: Removed capabilities
                                        type: array
                                        items:
                                          description: Capability represent POSIX capabilities type
                                          type: string
                                    x-kubernetes-preserve-unknown-fields: true
                                  readOnlyRootFilesystem:
                                    description: Whether this container has a read-only root filesystem. Default is false.
                                    type: boolean
                                  runAsUser:
                                    description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
                                    type: integer
                                    format: int64
                                x-kubernetes-preserve-unknown-fields: true
                              terminationMessagePath:
                                description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
                                type: string
                              terminationMessagePolicy:
                                description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
                                type: string
                              volumeMounts:
                                description: Pod volumes to mount into the container's filesystem. Cannot be updated.
                                type: array
                                items:
                                  description: VolumeMount describes a mounting of a Volume within a container.
                                  type: object
                                  required:
                                    - mountPath
                                    - name
                                  properties:
                                    mountPath:
                                      description: Path within the container at which the volume should be mounted.  Must not contain ':'.
                                      type: string
                                    name:
                                      description: This must match the Name of a Volume.
                                      type: string
                                    readOnly:
                                      description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
                                      type: boolean
                                    subPath:
                                      description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
                                      type: string
                              workingDir:
                                description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
                                type: string
                            x-kubernetes-preserve-unknown-fields: true
                        enableServiceLinks:
                          description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.'
                          type: boolean
                        imagePullSecrets:
                          description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
                          type: array
                          items:
                            description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
                            type: object
                            properties:
                              name:
                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                type: string
                        serviceAccountName:
                          description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
                          type: string
                        timeoutSeconds:
                          description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided.
                          type: integer
                          format: int64
                        volumes:
                          description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
                          type: array
                          items:
                            description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
                            type: object
                            required:
                              - name
                            properties:
                              configMap:
                                description: ConfigMap represents a configMap that should populate this volume
                                type: object
                                properties:
                                  defaultMode:
                                    description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                    type: integer
                                    format: int32
                                  items:
                                    description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
                                    type: array
                                    items:
                                      description: Maps a string key to a path within a volume.
                                      type: object
                                      required:
                                        - key
                                        - path
                                      properties:
                                        key:
                                          description: The key to project.
                                          type: string
                                        mode:
                                          description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                          type: integer
                                          format: int32
                                        path:
                                          description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
                                          type: string
                                  name:
                                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                    type: string
                                  optional:
                                    description: Specify whether the ConfigMap or its keys must be defined
                                    type: boolean
                              name:
                                description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                type: string
                              projected:
                                description: Items for all in one resources secrets, configmaps, and downward API
                                type: object
                                properties:
                                  defaultMode:
                                    description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
                                    type: integer
                                    format: int32
                                  sources:
                                    description: list of volume projections
                                    type: array
                                    items:
                                      description: Projection that may be projected along with other supported volume types
                                      type: object
                                      properties:
                                        configMap:
                                          description: information about the configMap data to project
                                          type: object
                                          properties:
                                            items:
                                              description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
                                              type: array
                                              items:
                                                description: Maps a string key to a path within a volume.
                                                type: object
                                                required:
                                                  - key
                                                  - path
                                                properties:
                                                  key:
                                                    description: The key to project.
                                                    type: string
                                                  mode:
                                                    description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                                    type: integer
                                                    format: int32
                                                  path:
                                                    description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
                                                    type: string
                                            name:
                                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                              type: string
                                            optional:
                                              description: Specify whether the ConfigMap or its keys must be defined
                                              type: boolean
                                        secret:
                                          description: information about the secret data to project
                                          type: object
                                          properties:
                                            items:
                                              description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
                                              type: array
                                              items:
                                                description: Maps a string key to a path within a volume.
                                                type: object
                                                required:
                                                  - key
                                                  - path
                                                properties:
                                                  key:
                                                    description: The key to project.
                                                    type: string
                                                  mode:
                                                    description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                                    type: integer
                                                    format: int32
                                                  path:
                                                    description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
                                                    type: string
                                            name:
                                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                              type: string
                                            optional:
                                              description: Specify whether the Secret or its key must be defined
                                              type: boolean
                                        serviceAccountToken:
                                          description: information about the serviceAccountToken data to project
                                          type: object
                                          required:
                                            - path
                                          properties:
                                            audience:
                                              description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
                                              type: string
                                            expirationSeconds:
                                              description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
                                              type: integer
                                              format: int64
                                            path:
                                              description: Path is the path relative to the mount point of the file to project the token into.
                                              type: string
                              secret:
                                description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                type: object
                                properties:
                                  defaultMode:
                                    description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                    type: integer
                                    format: int32
                                  items:
                                    description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
                                    type: array
                                    items:
                                      description: Maps a string key to a path within a volume.
                                      type: object
                                      required:
                                        - key
                                        - path
                                      properties:
                                        key:
                                          description: The key to project.
                                          type: string
                                        mode:
                                          description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                          type: integer
                                          format: int32
                                        path:
                                          description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
                                          type: string
                                  optional:
                                    description: Specify whether the Secret or its keys must be defined
                                    type: boolean
                                  secretName:
                                    description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                    type: string
                            x-kubernetes-preserve-unknown-fields: true
                      x-kubernetes-preserve-unknown-fields: true
                traffic:
                  description: Traffic specifies how to distribute traffic over a collection of revisions and configurations.
                  type: array
                  items:
                    description: TrafficTarget holds a single entry of the routing table for a Route.
                    type: object
                    properties:
                      configurationName:
                        description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one.  This field is never set in Route's status, only its spec.  This is mutually exclusive with RevisionName.
                        type: string
                      latestRevision:
                        description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target.  When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty.
                        type: boolean
                      percent:
                        description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for   that particular Revision or Configuration'
                        type: integer
                        format: int64
                      revisionName:
                        description: RevisionName of a specific revision to which to send this portion of traffic.  This is mutually exclusive with ConfigurationName.
                        type: string
                      tag:
                        description: Tag is optionally used to expose a dedicated url for referencing this target exclusively.
                        type: string
                      url:
                        description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
                        type: string
            status:
              description: ServiceStatus represents the Status stanza of the Service resource.
              type: object
              properties:
                address:
                  description: Address holds the information needed for a Route to be the target of an event.
                  type: object
                  properties:
                    url:
                      type: string
                annotations:
                  description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                  type: object
                  additionalProperties:
                    type: string
                conditions:
                  description: Conditions the latest available observations of a resource's current state.
                  type: array
                  items:
                    description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
                    type: object
                    required:
                      - status
                      - type
                    properties:
                      lastTransitionTime:
                        description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
                        type: string
                        format: date-time
                      message:
                        description: A human readable message indicating details about the transition.
                        type: string
                      reason:
                        description: The reason for the condition's last transition.
                        type: string
                      severity:
                        description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
                        type: string
                      status:
                        description: Status of the condition, one of True, False, Unknown.
                        type: string
                      type:
                        description: Type of condition.
                        type: string
                latestCreatedRevisionName:
                  description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName.
                  type: string
                latestReadyRevisionName:
                  description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True".
                  type: string
                observedGeneration:
                  description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
                  type: integer
                  format: int64
                traffic:
                  description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed.
                  type: array
                  items:
                    description: TrafficTarget holds a single entry of the routing table for a Route.
                    type: object
                    properties:
                      configurationName:
                        description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one.  This field is never set in Route's status, only its spec.  This is mutually exclusive with RevisionName.
                        type: string
                      latestRevision:
                        description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target.  When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty.
                        type: boolean
                      percent:
                        description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for   that particular Revision or Configuration'
                        type: integer
                        format: int64
                      revisionName:
                        description: RevisionName of a specific revision to which to send this portion of traffic.  This is mutually exclusive with ConfigurationName.
                        type: string
                      tag:
                        description: Tag is optionally used to expose a dedicated url for referencing this target exclusively.
                        type: string
                      url:
                        description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
                        type: string
                url:
                  description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix}
                  type: string

---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: caching.internal.knative.dev/v1alpha1
kind: Image
metadata:
  name: queue-proxy
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: queue-proxy
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
spec:
  # This is the Go import path for the binary that is containerized
  # and substituted here.
  image: registry.cn-beijing.aliyuncs.com/dotbalo/queue:v0.26

---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config-autoscaler
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: autoscaler
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
  annotations:
    knative.dev/example-checksum: "604cb513"
data:
  _example: |
    ################################
    #                              #
    #    EXAMPLE CONFIGURATION     #
    #                              #
    ################################

    # This block is not actually functional configuration,
    # but serves to illustrate the available configuration
    # options and document them in a way that is accessible
    # to users that `kubectl edit` this config map.
    #
    # These sample configuration options may be copied out of
    # this example block and unindented to be in the data block
    # to actually change the configuration.

    # The Revision ContainerConcurrency field specifies the maximum number
    # of requests the Container can handle at once. Container concurrency
    # target percentage is how much of that maximum to use in a stable
    # state. E.g. if a Revision specifies ContainerConcurrency of 10, then
    # the Autoscaler will try to maintain 7 concurrent connections per pod
    # on average.
    # Note: this limit will be applied to container concurrency set at every
    # level (ConfigMap, Revision Spec or Annotation).
    # For legacy and backwards compatibility reasons, this value also accepts
    # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%).
    # Thus minimal percentage value must be greater than 1.0, or it will be
    # treated as a fraction.
    # NOTE: that this value does not affect actual number of concurrent requests
    #       the user container may receive, but only the average number of requests
    #       that the revision pods will receive.
    container-concurrency-target-percentage: "70"

    # The container concurrency target default is what the Autoscaler will
    # try to maintain when concurrency is used as the scaling metric for the
    # Revision and the Revision specifies unlimited concurrency.
    # When revision explicitly specifies container concurrency, that value
    # will be used as a scaling target for autoscaler.
    # When specifying unlimited concurrency, the autoscaler will
    # horizontally scale the application based on this target concurrency.
    # This is what we call "soft limit" in the documentation, i.e. it only
    # affects number of pods and does not affect the number of requests
    # individual pod processes.
    # The value must be a positive number such that the value multiplied
    # by container-concurrency-target-percentage is greater than 0.01.
    # NOTE: that this value will be adjusted by application of
    #       container-concurrency-target-percentage, i.e. by default
    #       the system will target on average 70 concurrent requests
    #       per revision pod.
    # NOTE: Only one metric can be used for autoscaling a Revision.
    container-concurrency-target-default: "100"

    # The requests per second (RPS) target default is what the Autoscaler will
    # try to maintain when RPS is used as the scaling metric for a Revision and
    # the Revision specifies unlimited RPS. Even when specifying unlimited RPS,
    # the autoscaler will horizontally scale the application based on this
    # target RPS.
    # Must be greater than 1.0.
    # NOTE: Only one metric can be used for autoscaling a Revision.
    requests-per-second-target-default: "200"

    # The target burst capacity specifies the size of burst in concurrent
    # requests that the system operator expects the system will receive.
    # Autoscaler will try to protect the system from queueing by introducing
    # Activator in the request path if the current spare capacity of the
    # service is less than this setting.
    # If this setting is 0, then Activator will be in the request path only
    # when the revision is scaled to 0.
    # If this setting is > 0 and container-concurrency-target-percentage is
    # 100% or 1.0, then activator will always be in the request path.
    # -1 denotes unlimited target-burst-capacity and activator will always
    # be in the request path.
    # Other negative values are invalid.
    target-burst-capacity: "200"

    # When operating in a stable mode, the autoscaler operates on the
    # average concurrency over the stable window.
    # Stable window must be in whole seconds.
    stable-window: "60s"

    # When observed average concurrency during the panic window reaches
    # panic-threshold-percentage the target concurrency, the autoscaler
    # enters panic mode. When operating in panic mode, the autoscaler
    # scales on the average concurrency over the panic window which is
    # panic-window-percentage of the stable-window.
    # Must be in the [1, 100] range.
    # When computing the panic window it will be rounded to the closest
    # whole second, at least 1s.
    panic-window-percentage: "10.0"

    # The percentage of the container concurrency target at which to
    # enter panic mode when reached within the panic window.
    panic-threshold-percentage: "200.0"

    # Max scale up rate limits the rate at which the autoscaler will
    # increase pod count. It is the maximum ratio of desired pods versus
    # observed pods.
    # Cannot be less or equal to 1.
    # I.e with value of 2.0 the number of pods can at most go N to 2N
    # over single Autoscaler period (2s), but at least N to
    # N+1, if Autoscaler needs to scale up.
    max-scale-up-rate: "1000.0"

    # Max scale down rate limits the rate at which the autoscaler will
    # decrease pod count. It is the maximum ratio of observed pods versus
    # desired pods.
    # Cannot be less or equal to 1.
    # I.e. with value of 2.0 the number of pods can at most go N to N/2
    # over single Autoscaler evaluation period (2s), but at
    # least N to N-1, if Autoscaler needs to scale down.
    max-scale-down-rate: "2.0"

    # Scale to zero feature flag.
    enable-scale-to-zero: "true"

    # Scale to zero grace period is the time an inactive revision is left
    # running before it is scaled to zero (must be positive, but recommended
    # at least a few seconds if running with mesh networking).
    # This is the upper limit and is provided not to enforce timeout after
    # the revision stopped receiving requests for stable window, but to
    # ensure network reprogramming to put activator in the path has completed.
    # If the system determines that a shorter period is satisfactory,
    # then the system will only wait that amount of time before scaling to 0.
    # NOTE: this period might actually be 0, if activator has been
    # in the request path sufficiently long.
    # If there is necessity for the last pod to linger longer use
    # scale-to-zero-pod-retention-period flag.
    scale-to-zero-grace-period: "30s"

    # Scale to zero pod retention period defines the minimum amount
    # of time the last pod will remain after Autoscaler has decided to
    # scale to zero.
    # This flag is for the situations where the pod startup is very expensive
    # and the traffic is bursty (requiring smaller windows for fast action),
    # but patchy.
    # The larger of this flag and `scale-to-zero-grace-period` will effectively
    # determine how the last pod will hang around.
    scale-to-zero-pod-retention-period: "0s"

    # pod-autoscaler-class specifies the default pod autoscaler class
    # that should be used if none is specified. If omitted, the Knative
    # Horizontal Pod Autoscaler (KPA) is used by default.
    pod-autoscaler-class: "kpa.autoscaling.knative.dev"

    # The capacity of a single activator task.
    # The `unit` is one concurrent request proxied by the activator.
    # activator-capacity must be at least 1.
    # This value is used for computation of the Activator subset size.
    # See the algorithm here: http://bit.ly/38XiCZ3.
    # TODO(vagababov): tune after actual benchmarking.
    activator-capacity: "100.0"

    # initial-scale is the cluster-wide default value for the initial target
    # scale of a revision after creation, unless overridden by the
    # "autoscaling.knative.dev/initialScale" annotation.
    # This value must be greater than 0 unless allow-zero-initial-scale is true.
    initial-scale: "1"

    # allow-zero-initial-scale controls whether either the cluster-wide initial-scale flag,
    # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0.
    allow-zero-initial-scale: "false"

    # max-scale is the cluster-wide default value for the max scale of a revision,
    # unless overridden by the "autoscaling.knative.dev/maxScale" annotation.
    # If set to 0, the revision has no maximum scale.
    max-scale: "0"

    # scale-down-delay is the amount of time that must pass at reduced
    # concurrency before a scale down decision is applied. This can be useful,
    # for example, to maintain replica count and avoid a cold start penalty if
    # more requests come in within the scale down delay period.
    # The default, 0s, imposes no delay at all.
    scale-down-delay: "0s"

    # max-scale-limit sets the maximum permitted value for the max scale of a revision.
    # When this is set to a positive value, a revision with a maxScale above that value
    # (including a maxScale of "0" = unlimited) is disallowed.
    # A value of zero (the default) allows any limit, including unlimited.
    max-scale-limit: "0"

---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config-defaults
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
  annotations:
    knative.dev/example-checksum: "cdabec96"
data:
  _example: |
    ################################
    #                              #
    #    EXAMPLE CONFIGURATION     #
    #                              #
    ################################

    # This block is not actually functional configuration,
    # but serves to illustrate the available configuration
    # options and document them in a way that is accessible
    # to users that `kubectl edit` this config map.
    #
    # These sample configuration options may be copied out of
    # this example block and unindented to be in the data block
    # to actually change the configuration.

    # revision-timeout-seconds contains the default number of
    # seconds to use for the revision's per-request timeout, if
    # none is specified.
    revision-timeout-seconds: "300"  # 5 minutes

    # max-revision-timeout-seconds contains the maximum number of
    # seconds that can be used for revision-timeout-seconds.
    # This value must be greater than or equal to revision-timeout-seconds.
    # If omitted, the system default is used (600 seconds).
    #
    # If this value is increased, the activator's terminationGraceTimeSeconds
    # should also be increased to prevent in-flight requests being disrupted.
    max-revision-timeout-seconds: "600"  # 10 minutes

    # revision-cpu-request contains the cpu allocation to assign
    # to revisions by default.  If omitted, no value is specified
    # and the system default is used.
    # Below is an example of setting revision-cpu-request.
    # By default, it is not set by Knative.
    revision-cpu-request: "400m"  # 0.4 of a CPU (aka 400 milli-CPU)

    # revision-memory-request contains the memory allocation to assign
    # to revisions by default.  If omitted, no value is specified
    # and the system default is used.
    # Below is an example of setting revision-memory-request.
    # By default, it is not set by Knative.
    revision-memory-request: "100M"  # 100 megabytes of memory

    # revision-ephemeral-storage-request contains the ephemeral storage
    # allocation to assign to revisions by default.  If omitted, no value is
    # specified and the system default is used.
    revision-ephemeral-storage-request: "500M"  # 500 megabytes of storage

    # revision-cpu-limit contains the cpu allocation to limit
    # revisions to by default.  If omitted, no value is specified
    # and the system default is used.
    # Below is an example of setting revision-cpu-limit.
    # By default, it is not set by Knative.
    revision-cpu-limit: "1000m"  # 1 CPU (aka 1000 milli-CPU)

    # revision-memory-limit contains the memory allocation to limit
    # revisions to by default.  If omitted, no value is specified
    # and the system default is used.
    # Below is an example of setting revision-memory-limit.
    # By default, it is not set by Knative.
    revision-memory-limit: "200M"  # 200 megabytes of memory

    # revision-ephemeral-storage-limit contains the ephemeral storage
    # allocation to limit revisions to by default.  If omitted, no value is
    # specified and the system default is used.
    revision-ephemeral-storage-limit: "750M"  # 750 megabytes of storage

    # container-name-template contains a template for the default
    # container name, if none is specified.  This field supports
    # Go templating and is supplied with the ObjectMeta of the
    # enclosing Service or Configuration, so values such as
    # {{.Name}} are also valid.
    container-name-template: "user-container"

    # container-concurrency specifies the maximum number
    # of requests the Container can handle at once, and requests
    # above this threshold are queued.  Setting a value of zero
    # disables this throttling and lets through as many requests as
    # the pod receives.
    container-concurrency: "0"

    # The container concurrency max limit is an operator setting ensuring that
    # the individual revisions cannot have arbitrary large concurrency
    # values, or autoscaling targets. `container-concurrency` default setting
    # must be at or below this value.
    #
    # Must be greater than 1.
    #
    # Note: even with this set, a user can choose a containerConcurrency
    # of 0 (i.e. unbounded) unless allow-container-concurrency-zero is
    # set to "false".
    container-concurrency-max-limit: "1000"

    # allow-container-concurrency-zero controls whether users can
    # specify 0 (i.e. unbounded) for containerConcurrency.
    allow-container-concurrency-zero: "true"

    # enable-service-links specifies the default value used for the
    # enableServiceLinks field of the PodSpec, when it is omitted by the user.
    # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service
    #
    # This is a tri-state flag with possible values of (true|false|default).
    #
    # In environments with large number of services it is suggested
    # to set this value to `false`.
    # See https://github.com/knative/serving/issues/8498.
    enable-service-links: "false"

---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config-deployment
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
  annotations:
    knative.dev/example-checksum: "9448bd0c"
data:
  # This is the Go import path for the binary that is containerized
  # and substituted here.
  queueSidecarImage: registry.cn-beijing.aliyuncs.com/dotbalo/queue:v0.26
  _example: |-
    ################################
    #                              #
    #    EXAMPLE CONFIGURATION     #
    #                              #
    ################################

    # This block is not actually functional configuration,
    # but serves to illustrate the available configuration
    # options and document them in a way that is accessible
    # to users that `kubectl edit` this config map.
    #
    # These sample configuration options may be copied out of
    # this example block and unindented to be in the data block
    # to actually change the configuration.

    # List of repositories for which tag to digest resolving should be skipped
    registriesSkippingTagResolving: "kind.local,ko.local,dev.local"

    # digestResolutionTimeout is the maximum time allowed for an image's
    # digests to be resolved.
    digestResolutionTimeout: "10s"

    # ProgressDeadline is the duration we wait for the deployment to
    # be ready before considering it failed.
    progressDeadline: "600s"

    # queueSidecarCPURequest is the requests.cpu to set for the queue proxy sidecar container.
    # If omitted, a default value (currently "25m"), is used.
    queueSidecarCPURequest: "25m"

    # queueSidecarCPULimit is the limits.cpu to set for the queue proxy sidecar container.
    # If omitted, no value is specified and the system default is used.
    queueSidecarCPULimit: "1000m"

    # queueSidecarMemoryRequest is the requests.memory to set for the queue proxy container.
    # If omitted, no value is specified and the system default is used.
    queueSidecarMemoryRequest: "400Mi"

    # queueSidecarMemoryLimit is the limits.memory to set for the queue proxy container.
    # If omitted, no value is specified and the system default is used.
    queueSidecarMemoryLimit: "800Mi"

    # queueSidecarEphemeralStorageRequest is the requests.ephemeral-storage to
    # set for the queue proxy sidecar container.
    # If omitted, no value is specified and the system default is used.
    queueSidecarEphemeralStorageRequest: "512Mi"

    # queueSidecarEphemeralStorageLimit is the limits.ephemeral-storage to set
    # for the queue proxy sidecar container.
    # If omitted, no value is specified and the system default is used.
    queueSidecarEphemeralStorageLimit: "1024Mi"

    # concurrencyStateEndpoint is the endpoint that queue-proxy calls when its traffic
    # drops to zero or scales up from zero.
    # If omitted, queue proxy takes no action (this is the default behavior).
    # When enabled, a serviceAccountToken will be mounted to queue-proxy using a
    # projected volume. This requires the Service Account Token Volume Projection feature
    # to be enabled. For details, see this link:
    # https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
    #
    # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE
    concurrencyStateEndpoint: ""

---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config-domain
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
  annotations:
    knative.dev/example-checksum: "81552d0b"
data:
  _example: |
    ################################
    #                              #
    #    EXAMPLE CONFIGURATION     #
    #                              #
    ################################

    # This block is not actually functional configuration,
    # but serves to illustrate the available configuration
    # options and document them in a way that is accessible
    # to users that `kubectl edit` this config map.
    #
    # These sample configuration options may be copied out of
    # this example block and unindented to be in the data block
    # to actually change the configuration.

    # Default value for domain.
    # Although it will match all routes, it is the least-specific rule so it
    # will only be used if no other domain matches.
    example.com: |

    # These are example settings of domain.
    # example.org will be used for routes having app=nonprofit.
    example.org: |
      selector:
        app: nonprofit

    # Routes having the cluster domain suffix (by default 'svc.cluster.local')
    # will not be exposed through Ingress. You can define your own label
    # selector to assign that domain suffix to your Route here, or you can set
    # the label
    #    "networking.knative.dev/visibility=cluster-local"
    # to achieve the same effect.  This shows how to make routes having
    # the label app=secret only exposed to the local cluster.
    svc.cluster.local: |
      selector:
        app: secret

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config-features
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
  annotations:
    knative.dev/example-checksum: "5b8c26fe"
data:
  _example: |-
    ################################
    #                              #
    #    EXAMPLE CONFIGURATION     #
    #                              #
    ################################

    # This block is not actually functional configuration,
    # but serves to illustrate the available configuration
    # options and document them in a way that is accessible
    # to users that `kubectl edit` this config map.
    #
    # These sample configuration options may be copied out of
    # this example block and unindented to be in the data block
    # to actually change the configuration.

    # Indicates whether multi container support is enabled
    #
    # WARNING: Cannot safely be disabled once enabled.
    # See: https://knative.dev/docs/serving/feature-flags/#multi-containers
    multi-container: "enabled"

    # Indicates whether Kubernetes affinity support is enabled
    #
    # WARNING: Cannot safely be disabled once enabled.
    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity
    kubernetes.podspec-affinity: "disabled"

    # Indicates whether Kubernetes hostAliases support is enabled
    #
    # WARNING: Cannot safely be disabled once enabled.
    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-host-aliases
    kubernetes.podspec-hostaliases: "disabled"

    # Indicates whether Kubernetes nodeSelector support is enabled
    #
    # WARNING: Cannot safely be disabled once enabled.
    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector
    kubernetes.podspec-nodeselector: "disabled"

    # Indicates whether Kubernetes tolerations support is enabled
    #
    # WARNING: Cannot safely be disabled once enabled
    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration
    kubernetes.podspec-tolerations: "disabled"

    # Indicates whether Kubernetes FieldRef support is enabled
    #
    # WARNING: Cannot safely be disabled once enabled.
    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref
    kubernetes.podspec-fieldref: "disabled"

    # Indicates whether Kubernetes RuntimeClassName support is enabled
    #
    # WARNING: Cannot safely be disabled once enabled.
    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class
    kubernetes.podspec-runtimeclassname: "disabled"

    # This feature allows end-users to set a subset of fields on the Pod's SecurityContext
    #
    # When set to "enabled" or "allowed" it allows the following
    # PodSecurityContext properties:
    # - FSGroup
    # - RunAsGroup
    # - RunAsNonRoot
    # - SupplementalGroups
    # - RunAsUser
    #
    # This feature flag should be used with caution as the PodSecurityContext
    # properties may have a side-effect on non-user sidecar containers that come
    # from Knative or your service mesh
    #
    # WARNING: Cannot safely be disabled once enabled.
    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context
    kubernetes.podspec-securitycontext: "disabled"

    # Indicates whether Kubernetes PriorityClassName support is enabled
    #
    # WARNING: Cannot safely be disabled once enabled.
    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-priority-class-name
    kubernetes.podspec-priorityclassname: "disabled"

    # This feature flag allows end-users to add a subset of capabilities on the Pod's SecurityContext.
    #
    # When set to "enabled" or "allowed" it allows capabilities to be added to the container.
    # For a list of possible capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html
    kubernetes.containerspec-addcapabilities: "disabled"

    # This feature validates PodSpecs from the validating webhook
    # against the K8s API Server.
    #
    # When "enabled", the server will always run the extra validation.
    # When "allowed", the server will not run the dry-run validation by default.
    #   However, clients may enable the behavior on an individual Service by
    #   attaching the following metadata annotation: "features.knative.dev/podspec-dryrun":"enabled".
    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run
    kubernetes.podspec-dryrun: "allowed"

    # Controls whether tag header based routing feature are enabled or not.
    # 1. Enabled: enabling tag header based routing
    # 2. Disabled: disabling tag header based routing
    # See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing
    tag-header-based-routing: "disabled"

    # Controls whether http2 auto-detection should be enabled or not.
    # 1. Enabled: http2 connection will be attempted via upgrade.
    # 2. Disabled: http2 connection will only be attempted when port name is set to "h2c".
    autodetect-http2: "disabled"

    # Controls whether volume support for EmptyDir is enabled or not.
    # 1. Enabled: enabling EmptyDir volume support
    # 2. Disabled: disabling EmptyDir volume support
    kubernetes.podspec-volumes-emptydir: "disabled"

---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config-gc
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
  annotations:
    knative.dev/example-checksum: "51b4d68a"
data:
  _example: |
    ################################
    #                              #
    #    EXAMPLE CONFIGURATION     #
    #                              #
    ################################

    # This block is not actually functional configuration,
    # but serves to illustrate the available configuration
    # options and document them in a way that is accessible
    # to users that `kubectl edit` this config map.
    #
    # These sample configuration options may be copied out of
    # this example block and unindented to be in the data block
    # to actually change the configuration.


    # ---------------------------------------
    # Garbage Collector Settings
    # ---------------------------------------
    #
    # Active
    #   * Revisions which are referenced by a Route are considered active.
    #   * Individual revisions may be marked with the annotation
    #      "serving.knative.dev/no-gc":"true" to be permanently considered active.
    #   * Active revisions are not considered for GC.
    # Retention
    #   * Revisions are retained if they are any of the following:
    #       1. Active
    #       2. Were created within "retain-since-create-time"
    #       3. Were last referenced by a route within
    #           "retain-since-last-active-time"
    #       4. There are fewer than "min-non-active-revisions"
    #     If none of these conditions are met, or if the count of revisions exceed
    #      "max-non-active-revisions", they will be deleted by GC.
    #     The special value "disabled" may be used to turn off these limits.
    #
    # Example config to immediately collect any inactive revision:
    #    min-non-active-revisions: "0"
    #    retain-since-create-time: "disabled"
    #    retain-since-last-active-time: "disabled"
    #
    # Example config to always keep around the last ten non-active revisions:
    #     retain-since-create-time: "disabled"
    #     retain-since-last-active-time: "disabled"
    #     max-non-active-revisions: "10"
    #
    # Example config to disable all GC:
    #     retain-since-create-time: "disabled"
    #     retain-since-last-active-time: "disabled"
    #     max-non-active-revisions: "disabled"
    #
    # Example config to keep recently deployed or active revisions,
    # always maintain the last two in case of rollback, and prevent
    # burst activity from exploding the count of old revisions:
    #      retain-since-create-time: "48h"
    #      retain-since-last-active-time: "15h"
    #      min-non-active-revisions: "2"
    #      max-non-active-revisions: "1000"

    # Duration since creation before considering a revision for GC or "disabled".
    retain-since-create-time: "48h"

    # Duration since active before considering a revision for GC or "disabled".
    retain-since-last-active-time: "15h"

    # Minimum number of non-active revisions to retain.
    min-non-active-revisions: "20"

    # Maximum number of non-active revisions to retain
    # or "disabled" to disable any maximum limit.
    max-non-active-revisions: "1000"

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config-leader-election
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
  annotations:
    knative.dev/example-checksum: "96896b00"
data:
  _example: |
    ################################
    #                              #
    #    EXAMPLE CONFIGURATION     #
    #                              #
    ################################

    # This block is not actually functional configuration,
    # but serves to illustrate the available configuration
    # options and document them in a way that is accessible
    # to users that `kubectl edit` this config map.
    #
    # These sample configuration options may be copied out of
    # this example block and unindented to be in the data block
    # to actually change the configuration.

    # leaseDuration is how long non-leaders will wait to try to acquire the
    # lock; 15 seconds is the value used by core kubernetes controllers.
    leaseDuration: "15s"

    # renewDeadline is how long a leader will try to renew the lease before
    # giving up; 10 seconds is the value used by core kubernetes controllers.
    renewDeadline: "10s"

    # retryPeriod is how long the leader election client waits between tries of
    # actions; 2 seconds is the value used by core kubernetes controllers.
    retryPeriod: "2s"

    # buckets is the number of buckets used to partition key space of each
    # Reconciler. If this number is M and the replica number of the controller
    # is N, the N replicas will compete for the M buckets. The owner of a
    # bucket will take care of the reconciling for the keys partitioned into
    # that bucket.
    buckets: "1"

---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config-logging
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
  annotations:
    knative.dev/example-checksum: "c68feb1b"
data:
  _example: |
    ################################
    #                              #
    #    EXAMPLE CONFIGURATION     #
    #                              #
    ################################

    # This block is not actually functional configuration,
    # but serves to illustrate the available configuration
    # options and document them in a way that is accessible
    # to users that `kubectl edit` this config map.
    #
    # These sample configuration options may be copied out of
    # this example block and unindented to be in the data block
    # to actually change the configuration.

    # Common configuration for all Knative codebase
    zap-logger-config: |
      {
        "level": "info",
        "development": false,
        "outputPaths": ["stdout"],
        "errorOutputPaths": ["stderr"],
        "encoding": "json",
        "encoderConfig": {
          "timeKey": "timestamp",
          "levelKey": "severity",
          "nameKey": "logger",
          "callerKey": "caller",
          "messageKey": "message",
          "stacktraceKey": "stacktrace",
          "lineEnding": "",
          "levelEncoder": "",
          "timeEncoder": "iso8601",
          "durationEncoder": "",
          "callerEncoder": ""
        }
      }

    # Log level overrides
    # For all components except the queue proxy,
    # changes are picked up immediately.
    # For queue proxy, changes require recreation of the pods.
    loglevel.controller: "info"
    loglevel.autoscaler: "info"
    loglevel.queueproxy: "info"
    loglevel.webhook: "info"
    loglevel.activator: "info"
    loglevel.hpaautoscaler: "info"
    loglevel.net-certmanager-controller: "info"
    loglevel.net-istio-controller: "info"
    loglevel.net-nscert-controller: "info"

---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config-network
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
  annotations:
    knative.dev/example-checksum: "325e5f98"
data:
  _example: |
    ################################
    #                              #
    #    EXAMPLE CONFIGURATION     #
    #                              #
    ################################

    # This block is not actually functional configuration,
    # but serves to illustrate the available configuration
    # options and document them in a way that is accessible
    # to users that `kubectl edit` this config map.
    #
    # These sample configuration options may be copied out of
    # this example block and unindented to be in the data block
    # to actually change the configuration.

    # ingress.class specifies the default ingress class
    # to use when not dictated by Route annotation.
    #
    # If not specified, will use the Istio ingress.
    #
    # Note that changing the Ingress class of an existing Route
    # will result in undefined behavior.  Therefore it is best to only
    # update this value during the setup of Knative, to avoid getting
    # undefined behavior.
    ingress.class: "istio.ingress.networking.knative.dev"

    # certificate.class specifies the default Certificate class
    # to use when not dictated by Route annotation.
    #
    # If not specified, will use the Cert-Manager Certificate.
    #
    # Note that changing the Certificate class of an existing Route
    # will result in undefined behavior.  Therefore it is best to only
    # update this value during the setup of Knative, to avoid getting
    # undefined behavior.
    certificate.class: "cert-manager.certificate.networking.knative.dev"

    # domainTemplate specifies the golang text template string to use
    # when constructing the Knative service's DNS name. The default
    # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}".
    #
    # Valid variables defined in the template include Name, Namespace, Domain,
    # Labels, and Annotations. Name will be the result of the tagTemplate
    # below, if a tag is specified for the route.
    #
    # Changing this value might be necessary when the extra levels in
    # the domain name generated is problematic for wildcard certificates
    # that only support a single level of domain name added to the
    # certificate's domain. In those cases you might consider using a value
    # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace
    # entirely from the template. When choosing a new value be thoughtful
    # of the potential for conflicts - for example, when users choose to use
    # characters such as `-` in their service, or namespace, names.
    # {{.Annotations}} or {{.Labels}} can be used for any customization in the
    # go template if needed.
    # We strongly recommend keeping namespace part of the template to avoid
    # domain name clashes:
    # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}'
    # and you have an annotation {"sub":"foo"}, then the generated template
    # would be {Name}-{Namespace}.foo.{Domain}
    domainTemplate: "{{.Name}}.{{.Namespace}}.{{.Domain}}"

    # tagTemplate specifies the golang text template string to use
    # when constructing the DNS name for "tags" within the traffic blocks
    # of Routes and Configuration.  This is used in conjunction with the
    # domainTemplate above to determine the full URL for the tag.
    tagTemplate: "{{.Tag}}-{{.Name}}"

    # Controls whether TLS certificates are automatically provisioned and
    # installed in the Knative ingress to terminate external TLS connection.
    # 1. Enabled: enabling auto-TLS feature.
    # 2. Disabled: disabling auto-TLS feature.
    autoTLS: "Disabled"

    # Controls the behavior of the HTTP endpoint for the Knative ingress.
    # It requires autoTLS to be enabled.
    # 1. Enabled: The Knative ingress will be able to serve HTTP connection.
    # 2. Disabled: The Knative ingress will reject HTTP traffic.
    # 3. Redirected: The Knative ingress will send a 301 redirect for all
    # http connections, asking the clients to use HTTPS.
    httpProtocol: "Enabled"

    # rolloutDuration contains the minimal duration in seconds over which the
    # Configuration traffic targets are rolled out to the newest revision.
    rolloutDuration: "0"

    # autocreateClusterDomainClaims controls whether ClusterDomainClaims should
    # be automatically created (and deleted) as needed when DomainMappings are
    # reconciled.
    #
    # If this is "false" (the default), the cluster administrator is
    # responsible for creating ClusterDomainClaims and delegating them to
    # namespaces via their spec.Namespace field. This setting should be used in
    # multitenant environments which need to control which namespace can use a
    # particular domain name in a domain mapping.
    #
    # If this is "true", users are able to associate arbitrary names with their
    # services via the DomainMapping feature.
    autocreateClusterDomainClaims: "false"

    # If true, networking plugins can add additional information to deployed
    # applications to make their pods directly accessible via their IPs even if mesh is
    # enabled and thus direct-addressability is usually not possible.
    # Consumers like Knative Serving can use this setting to adjust their behavior
    # accordingly, i.e. to drop fallback solutions for non-pod-addressable systems.
    #
    # NOTE: This flag is in an alpha state and is mostly here to enable internal testing
    #       for now. Use with caution.
    enable-mesh-pod-addressability: "false"

    # mesh-compatibility-mode indicates whether consumers of network plugins
    # should directly contact Pod IPs (most efficient), or should use the
    # Cluster IP (less efficient, needed when mesh is enabled unless
    # `enable-mesh-pod-addressability`, above, is set).
    # Permitted values are:
    #  - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed.
    #  - "enabled": always use Cluster IP and do not attempt to use Pod IPs.
    #  - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure.
    mesh-compatibility-mode: "auto"

    # Defines the scheme used for external URLs if autoTLS is not enabled.
    # This can be used for making Knative report all URLs as "HTTPS" for example, if you're
    # fronting Knative with an external loadbalancer that deals with TLS termination and
    # Knative doesn't know about that otherwise.
    defaultExternalScheme: "http"

---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config-observability
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
  annotations:
    knative.dev/example-checksum: "fed4756e"
data:
  _example: |
    ################################
    #                              #
    #    EXAMPLE CONFIGURATION     #
    #                              #
    ################################

    # This block is not actually functional configuration,
    # but serves to illustrate the available configuration
    # options and document them in a way that is accessible
    # to users that `kubectl edit` this config map.
    #
    # These sample configuration options may be copied out of
    # this example block and unindented to be in the data block
    # to actually change the configuration.

    # logging.enable-var-log-collection defaults to false.
    # The fluentd daemon set will be set up to collect /var/log if
    # this flag is true.
    logging.enable-var-log-collection: "false"

    # logging.revision-url-template provides a template to use for producing the
    # logging URL that is injected into the status of each Revision.
    logging.revision-url-template: "http://logging.example.com/?revisionUID=${REVISION_UID}"

    # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe
    # requests.
    # NB: after 0.18 release logging.enable-request-log must be explicitly set to true
    # in order for request logging to be enabled.
    #
    # The value determines the shape of the request logs and it must be a valid go text/template.
    # It is important to keep this as a single line. Multiple lines are parsed as separate entities
    # by most collection agents and will split the request logs into multiple records.
    #
    # The following fields and functions are available to the template:
    #
    # Request: An http.Request (see https://golang.org/pkg/net/http/#Request)
    # representing an HTTP request received by the server.
    #
    # Response:
    # struct {
    #   Code    int       // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml)
    #   Size    int       // An int representing the size of the response.
    #   Latency float64   // A float64 representing the latency of the response in seconds.
    # }
    #
    # Revision:
    # struct {
    #   Name          string  // Knative revision name
    #   Namespace     string  // Knative revision namespace
    #   Service       string  // Knative service name
    #   Configuration string  // Knative configuration name
    #   PodName       string  // Name of the pod hosting the revision
    #   PodIP         string  // IP of the pod hosting the revision
    # }
    #
    logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}'

    # If true, the request logging will be enabled.
    # NB: up to and including Knative version 0.18 if logging.request-log-template is non-empty, this value
    # will be ignored.
    logging.enable-request-log: "false"

    # If true, this enables queue proxy writing request logs for probe requests to stdout.
    # It uses the same template for user requests, i.e. logging.request-log-template.
    logging.enable-probe-request-log: "false"

    # metrics.backend-destination field specifies the system metrics destination.
    # It supports either prometheus (the default) or opencensus.
    metrics.backend-destination: prometheus

    # metrics.request-metrics-backend-destination specifies the request metrics
    # destination. It enables queue proxy to send request metrics.
    # Currently supported values: prometheus (the default), opencensus.
    metrics.request-metrics-backend-destination: prometheus

    # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from
    # the pods via an HTTP server in the format expected by the pprof visualization tool. When
    # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008.
    # The HTTP context root for profiling is then /debug/pprof/.
    profiling.enable: "false"

---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config-tracing
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
  annotations:
    knative.dev/example-checksum: "26614636"
data:
  _example: |
    ################################
    #                              #
    #    EXAMPLE CONFIGURATION     #
    #                              #
    ################################

    # This block is not actually functional configuration,
    # but serves to illustrate the available configuration
    # options and document them in a way that is accessible
    # to users that `kubectl edit` this config map.
    #
    # These sample configuration options may be copied out of
    # this example block and unindented to be in the data block
    # to actually change the configuration.
    #
    # This may be "zipkin" or "none" (default)
    backend: "none"

    # URL to zipkin collector where traces are sent.
    # This must be specified when backend is "zipkin"
    zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans"

    # Enable zipkin debug mode. This allows all spans to be sent to the server
    # bypassing sampling.
    debug: "false"

    # Percentage (0-1) of requests to trace
    sample-rate: "0.1"

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
  name: activator
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: activator
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
spec:
  minReplicas: 1
  maxReplicas: 20
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: activator
  metrics:
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          # Percentage of the requested CPU
          averageUtilization: 100
---
# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time.
# Given the subsetting and that the activators are partially stateful systems, we want
# a slow rollout of the new versions and slow migration during node upgrades.
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
  name: activator-pdb
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: activator
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
spec:
  minAvailable: 80%
  selector:
    matchLabels:
      app: activator

---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: activator
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: activator
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
spec:
  selector:
    matchLabels:
      app: activator
      role: activator
  template:
    metadata:
      annotations:
        cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
      labels:
        app: activator
        role: activator
        serving.knative.dev/release: "v0.26.0"
        app.kubernetes.io/name: activator
        app.kubernetes.io/part-of: knative-serving
        app.kubernetes.io/version: "0.26.0"
    spec:
      serviceAccountName: controller
      containers:
        - name: activator
          # This is the Go import path for the binary that is containerized
          # and substituted here.
          image: registry.cn-beijing.aliyuncs.com/dotbalo/activator:v0.26
          # The numbers are based on performance test results from
          # https://github.com/knative/serving/issues/1625#issuecomment-511930023
          resources:
            requests:
              cpu: 300m
              memory: 60Mi
            limits:
              cpu: 1000m
              memory: 600Mi
          env:
            # Run Activator with GC collection when newly generated memory is 500%.
            - name: GOGC
              value: "500"
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: SYSTEM_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: CONFIG_LOGGING_NAME
              value: config-logging
            - name: CONFIG_OBSERVABILITY_NAME
              value: config-observability
            # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
            - name: METRICS_DOMAIN
              value: knative.dev/internal/serving
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            capabilities:
              drop:
                - all
          ports:
            - name: metrics
              containerPort: 9090
            - name: profiling
              containerPort: 8008
            - name: http1
              containerPort: 8012
            - name: h2c
              containerPort: 8013
          readinessProbe:
            httpGet:
              port: 8012
              httpHeaders:
                - name: k-kubelet-probe
                  value: "activator"
            failureThreshold: 12
          livenessProbe:
            httpGet:
              port: 8012
              httpHeaders:
                - name: k-kubelet-probe
                  value: "activator"
            failureThreshold: 12
            initialDelaySeconds: 15
      # The activator (often) sits on the dataplane, and may proxy long (e.g.
      # streaming, websockets) requests.  We give a long grace period for the
      # activator to "lame duck" and drain outstanding requests before we
      # forcibly terminate the pod (and outstanding connections).  This value
      # should be at least as large as the upper bound on the Revision's
      # timeoutSeconds property to avoid servicing events disrupting
      # connections.
      terminationGracePeriodSeconds: 600
---
apiVersion: v1
kind: Service
metadata:
  name: activator-service
  namespace: knative-serving
  labels:
    app: activator
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: activator
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
spec:
  selector:
    app: activator
  ports:
    # Define metrics and profiling for them to be accessible within service meshes.
    - name: http-metrics
      port: 9090
      targetPort: 9090
    - name: http-profiling
      port: 8008
      targetPort: 8008
    - name: http
      port: 80
      targetPort: 8012
    - name: http2
      port: 81
      targetPort: 8013
  type: ClusterIP

---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: autoscaler
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: autoscaler
    app.kubernetes.io/part-of: knative-serving
    app.kubernetes.io/version: "0.26.0"
spec:
  replicas: 1
  selector:
    matchLabels:
      app: autoscaler
  template:
    metadata:
      annotations:
        cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
      labels:
        app: autoscaler
        serving.knative.dev/release: "v0.26.0"
        app.kubernetes.io/name: autoscaler
        app.kubernetes.io/part-of: knative-serving
        app.kubernetes.io/version: "0.26.0"
    spec:
      # To avoid node becoming SPOF, spread our replicas to different nodes.
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app: autoscaler
                topologyKey: kubernetes.io/hostname
              weight: 100
      serviceAccountName: controller
      containers:
        - name: autoscaler
          # This is the Go import path for the binary that is containerized
          # and substituted here.
          image: registry.cn-beijing.aliyuncs.com/dotbalo/autoscaler:v0.26
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
            limits:
              cpu: 1000m
              memory: 1000Mi
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: SYSTEM_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: CONFIG_LOGGING_NAME
              value: config-logging
            - name: CONFIG_OBSERVABILITY_NAME
              value: config-observability
            # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
            - name: METRICS_DOMAIN
              value: knative.dev/serving
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            capabilities:
              drop:
                - all
          ports:
            - name: metrics
              containerPort: 9090
            - name: profiling
              containerPort: 8008
            - name: websocket
              containerPort: 8080
          readinessProbe:
            httpGet:
              port: 8080
              httpHeaders:
                - name: k-kubelet-probe
                  value: "autoscaler"
          livenessProbe:
            httpGet:
              port: 8080
              httpHeaders:
                - name: k-kubelet-probe
                  value: "autoscaler"
            failureThreshold: 6
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: autoscaler
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: autoscaler
    app.kubernetes.io/part-of: knative-serving
    app.kubernetes.io/version: "0.26.0"
  name: autoscaler
  namespace: knative-serving
spec:
  ports:
    # Define metrics and profiling for them to be accessible within service meshes.
    - name: http-metrics
      port: 9090
      targetPort: 9090
    - name: http-profiling
      port: 8008
      targetPort: 8008
    - name: http
      port: 8080
      targetPort: 8080
  selector:
    app: autoscaler

---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: controller
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: controller
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
spec:
  selector:
    matchLabels:
      app: controller
  template:
    metadata:
      annotations:
        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
      labels:
        app: controller
        serving.knative.dev/release: "v0.26.0"
        app.kubernetes.io/name: controller
        app.kubernetes.io/version: "0.26.0"
        app.kubernetes.io/part-of: knative-serving
    spec:
      # To avoid node becoming SPOF, spread our replicas to different nodes.
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app: controller
                topologyKey: kubernetes.io/hostname
              weight: 100
      serviceAccountName: controller
      containers:
        - name: controller
          # This is the Go import path for the binary that is containerized
          # and substituted here.
          image: registry.cn-beijing.aliyuncs.com/dotbalo/controller:v0.26
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
            limits:
              cpu: 1000m
              memory: 1000Mi
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: SYSTEM_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: CONFIG_LOGGING_NAME
              value: config-logging
            - name: CONFIG_OBSERVABILITY_NAME
              value: config-observability
            # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
            - name: METRICS_DOMAIN
              value: knative.dev/internal/serving
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            capabilities:
              drop:
                - all
          ports:
            - name: metrics
              containerPort: 9090
            - name: profiling
              containerPort: 8008
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: controller
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: controller
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
  name: controller
  namespace: knative-serving
spec:
  ports:
    # Define metrics and profiling for them to be accessible within service meshes.
    - name: http-metrics
      port: 9090
      targetPort: 9090
    - name: http-profiling
      port: 8008
      targetPort: 8008
  selector:
    app: controller

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: domain-mapping
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: domain-mapping
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
spec:
  selector:
    matchLabels:
      app: domain-mapping
  template:
    metadata:
      annotations:
        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
      labels:
        app: domain-mapping
        serving.knative.dev/release: "v0.26.0"
        app.kubernetes.io/name: domain-mapping
        app.kubernetes.io/part-of: knative-serving
        app.kubernetes.io/version: "0.26.0"
    spec:
      # To avoid node becoming SPOF, spread our replicas to different nodes.
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app: domain-mapping
                topologyKey: kubernetes.io/hostname
              weight: 100
      serviceAccountName: controller
      containers:
        - name: domain-mapping
          # This is the Go import path for the binary that is containerized
          # and substituted here.
          image: registry.cn-beijing.aliyuncs.com/dotbalo/domain-mapping:v0.26
          resources:
            requests:
              cpu: 30m
              memory: 40Mi
            limits:
              cpu: 300m
              memory: 400Mi
          env:
            - name: SYSTEM_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: CONFIG_LOGGING_NAME
              value: config-logging
            - name: CONFIG_OBSERVABILITY_NAME
              value: config-observability
            # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
            - name: METRICS_DOMAIN
              value: knative.dev/serving
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            capabilities:
              drop:
                - all
          ports:
            - name: metrics
              containerPort: 9090
            - name: profiling
              containerPort: 8008

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: domainmapping-webhook
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: domainmapping-webhook
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
spec:
  selector:
    matchLabels:
      app: domainmapping-webhook
      role: domainmapping-webhook
  template:
    metadata:
      annotations:
        cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
      labels:
        app: domainmapping-webhook
        app.kubernetes.io/name: domainmapping-webhook
        app.kubernetes.io/part-of: knative-serving
        app.kubernetes.io/version: "0.26.0"
        role: domainmapping-webhook
        serving.knative.dev/release: "v0.26.0"
    spec:
      # To avoid node becoming SPOF, spread our replicas to different nodes.
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app: domainmapping-webhook
                topologyKey: kubernetes.io/hostname
              weight: 100
      serviceAccountName: controller
      containers:
        - name: domainmapping-webhook
          # This is the Go import path for the binary that is containerized
          # and substituted here.
          image: registry.cn-beijing.aliyuncs.com/dotbalo/domain-mapping-webhook:v0.26
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
            limits:
              cpu: 500m
              memory: 500Mi
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: SYSTEM_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: CONFIG_LOGGING_NAME
              value: config-logging
            - name: CONFIG_OBSERVABILITY_NAME
              value: config-observability
            - name: WEBHOOK_PORT
              value: "8443"
            # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
            - name: METRICS_DOMAIN
              value: knative.dev/serving
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            capabilities:
              drop:
                - all
          ports:
            - name: metrics
              containerPort: 9090
            - name: profiling
              containerPort: 8008
            - name: https-webhook
              containerPort: 8443
          readinessProbe:
            periodSeconds: 1
            httpGet:
              scheme: HTTPS
              port: 8443
              httpHeaders:
                - name: k-kubelet-probe
                  value: "webhook"
          livenessProbe:
            periodSeconds: 1
            httpGet:
              scheme: HTTPS
              port: 8443
              httpHeaders:
                - name: k-kubelet-probe
                  value: "webhook"
            failureThreshold: 6
            initialDelaySeconds: 20
      # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently
      # high value that we respect whatever value it has configured for the lame duck grace period.
      terminationGracePeriodSeconds: 300
---
apiVersion: v1
kind: Service
metadata:
  labels:
    role: domainmapping-webhook
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: domainmapping-webhook
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
  name: domainmapping-webhook
  namespace: knative-serving
spec:
  ports:
    # Define metrics and profiling for them to be accessible within service meshes.
    - name: http-metrics
      port: 9090
      targetPort: 9090
    - name: http-profiling
      port: 8008
      targetPort: 8008
    - name: https-webhook
      port: 443
      targetPort: 8443
  selector:
    role: domainmapping-webhook

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
  name: webhook
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: webhook
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
spec:
  minReplicas: 1
  maxReplicas: 5
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: webhook
  metrics:
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          # Percentage of the requested CPU
          averageUtilization: 100
---
# Webhook PDB.
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
  name: webhook-pdb
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: webhook
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
spec:
  minAvailable: 80%
  selector:
    matchLabels:
      app: webhook

---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: webhook
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: webhook
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
spec:
  selector:
    matchLabels:
      app: webhook
      role: webhook
  template:
    metadata:
      annotations:
        cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
      labels:
        app: webhook
        role: webhook
        serving.knative.dev/release: "v0.26.0"
        app.kubernetes.io/name: webhook
        app.kubernetes.io/version: "0.26.0"
        app.kubernetes.io/part-of: knative-serving
    spec:
      # To avoid node becoming SPOF, spread our replicas to different nodes.
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app: webhook
                topologyKey: kubernetes.io/hostname
              weight: 100
      serviceAccountName: controller
      containers:
        - name: webhook
          # This is the Go import path for the binary that is containerized
          # and substituted here.
          image: registry.cn-beijing.aliyuncs.com/dotbalo/webhook:v0.26
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
            limits:
              cpu: 500m
              memory: 500Mi
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: SYSTEM_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: CONFIG_LOGGING_NAME
              value: config-logging
            - name: CONFIG_OBSERVABILITY_NAME
              value: config-observability
            - name: WEBHOOK_NAME
              value: webhook
            - name: WEBHOOK_PORT
              value: "8443"
            # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
            - name: METRICS_DOMAIN
              value: knative.dev/internal/serving
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            capabilities:
              drop:
                - all
          ports:
            - name: metrics
              containerPort: 9090
            - name: profiling
              containerPort: 8008
            - name: https-webhook
              containerPort: 8443
          readinessProbe:
            periodSeconds: 1
            httpGet:
              scheme: HTTPS
              port: 8443
              httpHeaders:
                - name: k-kubelet-probe
                  value: "webhook"
          livenessProbe:
            periodSeconds: 1
            httpGet:
              scheme: HTTPS
              port: 8443
              httpHeaders:
                - name: k-kubelet-probe
                  value: "webhook"
            failureThreshold: 6
            initialDelaySeconds: 20
      # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently
      # high value that we respect whatever value it has configured for the lame duck grace period.
      terminationGracePeriodSeconds: 300
---
apiVersion: v1
kind: Service
metadata:
  labels:
    role: webhook
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: webhook
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
  name: webhook
  namespace: knative-serving
spec:
  ports:
    # Define metrics and profiling for them to be accessible within service meshes.
    - name: http-metrics
      port: 9090
      targetPort: 9090
    - name: http-profiling
      port: 8008
      targetPort: 8008
    - name: https-webhook
      port: 443
      targetPort: 8443
  selector:
    role: webhook

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: config.webhook.serving.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: configmap-validation-webhook
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
webhooks:
  - admissionReviewVersions: ["v1", "v1beta1"]
    clientConfig:
      service:
        name: webhook
        namespace: knative-serving
    failurePolicy: Fail
    sideEffects: None
    name: config.webhook.serving.knative.dev
    namespaceSelector:
      matchExpressions:
        - key: serving.knative.dev/release
          operator: Exists
    timeoutSeconds: 10

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  name: webhook.serving.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: defaulting-webhook
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
webhooks:
  - admissionReviewVersions: ["v1", "v1beta1"]
    clientConfig:
      service:
        name: webhook
        namespace: knative-serving
    failurePolicy: Fail
    sideEffects: None
    name: webhook.serving.knative.dev
    timeoutSeconds: 10
    rules:
      - apiGroups:
          - autoscaling.internal.knative.dev
          - networking.internal.knative.dev
          - serving.knative.dev
        apiVersions:
          - "*"
        operations:
          - CREATE
          - UPDATE
        scope: "*"
        resources:
          - metrics
          - podautoscalers
          - certificates
          - ingresses
          - serverlessservices
          - configurations
          - revisions
          - routes
          - services

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  name: webhook.domainmapping.serving.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
webhooks:
  - admissionReviewVersions: ["v1", "v1beta1"]
    clientConfig:
      service:
        name: domainmapping-webhook
        namespace: knative-serving
    failurePolicy: Fail
    sideEffects: None
    name: webhook.domainmapping.serving.knative.dev
    timeoutSeconds: 10
    rules:
      - apiGroups:
          - serving.knative.dev
        apiVersions:
          - v1alpha1
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        scope: "*"
        resources:
          - domainmappings

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Secret
metadata:
  name: domainmapping-webhook-certs
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
# The data is populated at install time.

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: validation.webhook.domainmapping.serving.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: domainmapping-webhook
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
webhooks:
  - admissionReviewVersions: ["v1", "v1beta1"]
    clientConfig:
      service:
        name: domainmapping-webhook
        namespace: knative-serving
    failurePolicy: Fail
    sideEffects: None
    name: validation.webhook.domainmapping.serving.knative.dev
    timeoutSeconds: 10
    rules:
      - apiGroups:
          - serving.knative.dev
        apiVersions:
          - v1alpha1
          - v1beta1
        operations:
          - CREATE
          - UPDATE
          - DELETE
        scope: "*"
        resources:
          - domainmappings

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: validation.webhook.serving.knative.dev
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: validating-webhook
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
webhooks:
  - admissionReviewVersions: ["v1", "v1beta1"]
    clientConfig:
      service:
        name: webhook
        namespace: knative-serving
    failurePolicy: Fail
    sideEffects: None
    name: validation.webhook.serving.knative.dev
    timeoutSeconds: 10
    rules:
      - apiGroups:
          - autoscaling.internal.knative.dev
          - networking.internal.knative.dev
          - serving.knative.dev
        apiVersions:
          - "*"
        operations:
          - CREATE
          - UPDATE
          - DELETE
        scope: "*"
        resources:
          - metrics
          - podautoscalers
          - certificates
          - ingresses
          - serverlessservices
          - configurations
          - revisions
          - routes
          - services

---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Secret
metadata:
  name: webhook-certs
  namespace: knative-serving
  labels:
    serving.knative.dev/release: "v0.26.0"
    app.kubernetes.io/name: webhook
    app.kubernetes.io/version: "0.26.0"
    app.kubernetes.io/part-of: knative-serving
# The data is populated at install time.

---