Skip to content

Commit

Permalink
reflect changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@hhk7734
hhk7734 committed Apr 26, 2024
1 parent 16fd5cb commit 9d95dfb
Show file tree
Hide file tree
Showing 5 changed files with 81 additions and 35 deletions.
6 changes: 6 additions & 0 deletions ...ig/charts/knative-operator/templates/crd/bases/operator.knative.dev_knativeeventings.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2201,6 +2201,12 @@ spec:
- type: string
description: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%".
x-kubernetes-int-or-string: true
maxUnavailable:
anyOf:
- type: integer
- type: string
description: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
x-kubernetes-int-or-string: true
source:
description: The source configuration for Knative Eventing
properties:
Expand Down
28 changes: 28 additions & 0 deletions config/charts/knative-operator/templates/crd/bases/operator.knative.dev_knativeservings.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2212,6 +2212,12 @@ spec:
- type: string
description: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%".
x-kubernetes-int-or-string: true
maxUnavailable:
anyOf:
- type: integer
- type: string
description: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
x-kubernetes-int-or-string: true
ingress:
description: The ingress configuration for Knative Serving
properties:
Expand Down Expand Up @@ -2261,6 +2267,17 @@ spec:
format: string
type: string
type: object
tls:
properties:
mode:
description: TLS mode can be SIMPLE, MUTUAL, ISTIO_MUTUAL.
format: string
type: string
credentialName:
description: TLS certificate name.
format: string
type: string
type: object
type: object
type: array
type: object
Expand Down Expand Up @@ -2299,6 +2316,17 @@ spec:
format: string
type: string
type: object
tls:
properties:
mode:
description: TLS mode can be SIMPLE, MUTUAL, ISTIO_MUTUAL.
format: string
type: string
credentialName:
description: TLS certificate name.
format: string
type: string
type: object
type: object
type: array
type: object
Expand Down
12 changes: 12 additions & 0 deletions config/charts/knative-operator/templates/rbac/role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -623,6 +623,18 @@ rules:
resources:
- certificates
- issuers
- clusterissuers
verbs:
- create
- delete
- update
- list
- get
- watch
- apiGroups:
- "trust.cert-manager.io"
resources:
- bundles
verbs:
- create
- delete
Expand Down
44 changes: 22 additions & 22 deletions config/rbac/webhook_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,28 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: knative-operator
name: knative-operator-webhook
labels:
app.kubernetes.io/version: devel
app.kubernetes.io/name: knative-operator
rules:
# For manipulating certs into secrets.
- apiGroups:
- ""
resources:
- "secrets"
verbs:
- "get"
- "create"
- "update"
- "list"
- "watch"
- "patch"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
Expand Down Expand Up @@ -116,3 +94,25 @@ rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: knative-operator
name: knative-operator-webhook
labels:
app.kubernetes.io/version: devel
app.kubernetes.io/name: knative-operator
rules:
# For manipulating certs into secrets.
- apiGroups:
- ""
resources:
- "secrets"
verbs:
- "get"
- "create"
- "update"
- "list"
- "watch"
- "patch"
26 changes: 13 additions & 13 deletions config/rbac/webhook_role_binding.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,34 +14,34 @@
# limitations under the License.

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
kind: ClusterRoleBinding
metadata:
namespace: knative-operator
name: operator-webhook
labels:
app.kubernetes.io/version: devel
app.kubernetes.io/name: knative-operator
subjects:
- kind: ServiceAccount
name: operator-webhook
namespace: knative-operator
roleRef:
kind: Role
name: knative-operator-webhook
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: knative-operator-webhook
subjects:
- kind: ServiceAccount
name: operator-webhook
namespace: knative-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
kind: RoleBinding
metadata:
namespace: knative-operator
name: operator-webhook
labels:
app.kubernetes.io/version: devel
app.kubernetes.io/name: knative-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: knative-operator-webhook
subjects:
- kind: ServiceAccount
name: operator-webhook
namespace: knative-operator
roleRef:
kind: Role
name: knative-operator-webhook
apiGroup: rbac.authorization.k8s.io

0 comments on commit 9d95dfb

Please sign in to comment.