diff --git a/third_party/eventing-latest/eventing-core.yaml b/third_party/eventing-latest/eventing-core.yaml index 13cfd00259..27415f3e9b 100644 --- a/third_party/eventing-latest/eventing-core.yaml +++ b/third_party/eventing-latest/eventing-core.yaml @@ -16,7 +16,7 @@ kind: Namespace metadata: name: knative-eventing labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing --- @@ -40,7 +40,7 @@ metadata: name: eventing-controller namespace: knative-eventing labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -48,7 +48,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -64,7 +64,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-resolver labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -80,7 +80,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-source-observer labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -96,7 +96,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-sources-controller labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -112,7 +112,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-manipulator labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -144,7 +144,7 @@ metadata: name: pingsource-mt-adapter namespace: knative-eventing labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -152,7 +152,7 @@ kind: ClusterRoleBinding metadata: name: knative-eventing-pingsource-mt-adapter labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -184,7 +184,7 @@ metadata: name: eventing-webhook namespace: knative-eventing labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -192,7 +192,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -209,7 +209,7 @@ metadata: namespace: knative-eventing name: eventing-webhook labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -225,7 +225,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook-resolver labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -241,7 +241,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook-podspecable-binding labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -273,7 +273,7 @@ metadata: name: config-br-default-channel namespace: knative-eventing labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing data: channel-template-spec: | @@ -301,7 +301,7 @@ metadata: name: config-br-defaults namespace: knative-eventing labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing data: # Configures the default for any Broker that does not specify a spec.config or Broker class. @@ -338,7 +338,7 @@ metadata: name: default-ch-webhook namespace: knative-eventing labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing data: # Configuration for defaulting channels that do not specify CRD implementations. @@ -374,7 +374,7 @@ metadata: labels: annotations: knative.dev/example-checksum: "9185c153" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing data: _example: | @@ -420,7 +420,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing data: # ALPHA feature: The kreference-group allows you to use the Group field in KReferences. @@ -435,16 +435,19 @@ data: # ALPHA feature: The kreference-mapping allows you to map kreference onto templated URI # For more details: https://github.com/knative/eventing/issues/5593 kreference-mapping: "disabled" - # ALPHA feature: The new-trigger-filters flag allows you to use the new `filters` field + # BETA feature: The new-trigger-filters flag allows you to use the new `filters` field # in Trigger objects with its rich filtering capabilities. # For more details: https://github.com/knative/eventing/issues/5204 - new-trigger-filters: "disabled" + new-trigger-filters: "enabled" # ALPHA feature: The transport-encryption flag allows you to encrypt events in transit using the transport layer security (TLS) protocol. # For more details: https://github.com/knative/eventing/issues/5957 transport-encryption: "disabled" # ALPHA feature: The eventtype-auto-create flag allows automatic creation of Even Type instances based on Event's type being processed. # For more details: https://github.com/knative/eventing/issues/6909 eventtype-auto-create: "disabled" + # ALPHA feature: The authentication.oidc flag allows you to use OIDC authentication for Eventing. + # For more details: https://github.com/knative/eventing/issues/7174 + authentication.oidc: "disabled" --- # Copyright 2021 The Knative Authors @@ -515,7 +518,7 @@ metadata: name: config-leader-election namespace: knative-eventing labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "f7948630" @@ -578,7 +581,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing data: # Common configuration for all Knative codebase @@ -631,7 +634,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "f46cf09d" @@ -705,7 +708,7 @@ metadata: name: config-sugar namespace: knative-eventing labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "62dfac6f" @@ -764,7 +767,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "0492ceb0" @@ -821,7 +824,7 @@ metadata: labels: knative.dev/high-availability: "true" app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: selector: @@ -832,7 +835,7 @@ spec: labels: app: eventing-controller app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -850,7 +853,7 @@ spec: containers: - name: eventing-controller terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/controller@sha256:44276d6757d5b6d76bbdd7f7ffcd1055cc1b655ece06dd4aa5d6191afcaa8fa0 + image: gcr.io/knative-nightly/knative.dev/eventing/cmd/controller@sha256:18a01d7331c9a4e4bcebc5f14d0b803ffb0a45914a49ac8cd7f3bd0e7b9b41b9 resources: requests: cpu: 100m @@ -868,7 +871,7 @@ spec: value: knative.dev/eventing # APIServerSource - name: APISERVER_RA_IMAGE - value: gcr.io/knative-nightly/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:d54da640eebaceed330b96a7e200642a5049aa8e504636b8a8901ecd34938168 + value: gcr.io/knative-nightly/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:e21743ebcc9ec940097d6294f1b7bc847a0822536d03272412b6838986c19e1d - name: POD_NAME valueFrom: fieldRef: @@ -938,7 +941,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: # when set to 0 (and only 0) will be set to 1 when the first PingSource is created. @@ -952,7 +955,7 @@ spec: labels: !!merge <<: *labels app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: affinity: @@ -966,7 +969,7 @@ spec: enableServiceLinks: false containers: - name: dispatcher - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/mtping@sha256:5bca07216dcc8b1bd6e8ee2a6d52604ca5b0c084981266da36fc7b715203b631 + image: gcr.io/knative-nightly/knative.dev/eventing/cmd/mtping@sha256:03fa41a7d9a8037900ac4fa5f21e047d14379752d996f42b2124031b3f849386 env: - name: SYSTEM_NAMESPACE value: '' @@ -1040,7 +1043,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: @@ -1065,7 +1068,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: minAvailable: 80% @@ -1095,7 +1098,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: selector: @@ -1107,7 +1110,7 @@ spec: labels: !!merge <<: *labels app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -1127,7 +1130,7 @@ spec: terminationMessagePolicy: FallbackToLogsOnError # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/webhook@sha256:6e24232f04e4a43ceb94f5c9047e3056e4cc494ebe8126d99a37201793263666 + image: gcr.io/knative-nightly/knative.dev/eventing/cmd/webhook@sha256:b41b5eb0883d0da9250468282cfe83e06f10ffdf08c8b61ed84d03b5fb8303b2 resources: requests: # taken from serving. @@ -1200,7 +1203,7 @@ metadata: labels: role: eventing-webhook app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing name: eventing-webhook namespace: knative-eventing @@ -1235,18 +1238,36 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing annotations: - # TODO add schemas and descriptions + # TODO add schemas registry.knative.dev/eventTypes: | [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } + { + "type": "dev.knative.apiserver.resource.add", + "description": "CloudEvent type used for add operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.delete", + "description": "CloudEvent type used for delete operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.update", + "description": "CloudEvent type used for update operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.ref.add", + "description": "CloudEvent type used for add operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.delete", + "description": "CloudEvent type used for delete operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.update", + "description": "CloudEvent type used for update operations when in Reference mode" + } ] name: apiserversources.sources.knative.dev spec: @@ -1354,6 +1375,9 @@ spec: CACerts: description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string namespaceSelector: description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. type: object @@ -1386,6 +1410,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array @@ -1485,7 +1516,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -1556,6 +1587,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -1575,6 +1609,8 @@ spec: type: string CACerts: type: string + audience: + type: string addresses: description: Broker is Addressable. It exposes the endpoints as URIs to get events delivered into the Broker mesh. type: array @@ -1587,6 +1623,8 @@ spec: type: string CACerts: type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -1678,7 +1716,7 @@ metadata: knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -1760,6 +1798,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -1819,12 +1860,18 @@ spec: replyCACerts: description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string subscriberUri: description: SubscriberURI is the endpoint for the subscriber type: string subscriberCACerts: description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string uid: description: UID is used to understand the origin of the subscriber. type: string @@ -1842,6 +1889,8 @@ spec: type: string CACerts: type: string + audience: + type: string addresses: description: Channel is Addressable. It exposes the endpoints as URIs to get events delivered into the Channel mesh. type: array @@ -1854,6 +1903,8 @@ spec: type: string CACerts: type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -1946,6 +1997,13 @@ spec: uid: description: UID is used to understand the origin of the subscriber. type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string names: kind: Channel plural: channels @@ -1981,7 +2039,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing name: containersources.sources.knative.dev spec: @@ -2034,6 +2092,9 @@ spec: CACerts: description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. template: type: object @@ -2046,6 +2107,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array @@ -2138,7 +2206,7 @@ metadata: name: eventtypes.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -2299,7 +2367,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -2361,6 +2429,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -2414,6 +2485,8 @@ spec: type: string CACerts: type: string + audience: + type: string addresses: description: Parallel is Addressable. It exposes the endpoints as URIs to get events delivered into the Parallel. type: array @@ -2426,10 +2499,19 @@ spec: type: string CACerts: type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string branchStatuses: description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. type: array @@ -2574,13 +2656,16 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing annotations: - # TODO add schemas and descriptions + # TODO add schema registry.knative.dev/eventTypes: | [ - { "type": "dev.knative.sources.ping" } + { + "type": "dev.knative.sources.ping", + "description": "CloudEvent type for fixed payloads on a specified cron schedule" + } ] name: pingsources.sources.knative.dev spec: @@ -2649,6 +2734,9 @@ spec: CACerts: description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string timezone: description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' type: string @@ -2660,6 +2748,13 @@ spec: description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' type: array @@ -2769,7 +2864,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -2867,6 +2962,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -2894,6 +2992,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string status: description: Status represents the current state of the Sequence. This data may be out of date. type: object @@ -2908,6 +3009,8 @@ spec: type: string CACerts: type: string + audience: + type: string addresses: description: Sequence is Addressable. It exposes the endpoints as URIs to get events delivered into the Sequence. type: array @@ -2920,10 +3023,19 @@ spec: type: string CACerts: type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string channelStatuses: description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. type: array @@ -3113,7 +3225,7 @@ metadata: duck.knative.dev/source: "true" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing name: sinkbindings.sources.knative.dev spec: @@ -3166,6 +3278,9 @@ spec: CACerts: description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string subject: description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. type: object @@ -3214,6 +3329,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array @@ -3307,7 +3429,7 @@ metadata: name: subscriptions.messaging.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -3375,6 +3497,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -3406,6 +3531,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string subscriber: description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. type: object @@ -3433,6 +3561,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the subscription trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string status: type: object properties: @@ -3440,6 +3571,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string conditions: description: Conditions the latest available observations of a resource's current state. type: array @@ -3487,12 +3625,18 @@ spec: replyCACerts: description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string subscriberUri: description: SubscriberURI is the fully resolved URI for spec.subscriber. type: string subscriberCACerts: description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string additionalPrinterColumns: - name: Age type: date @@ -3536,7 +3680,7 @@ metadata: name: triggers.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -3612,6 +3756,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -3650,6 +3797,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string status: description: Status represents the current state of the Trigger. This data may be out of date. type: object @@ -3658,6 +3808,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string conditions: description: Conditions the latest available observations of a resource's current state. type: array @@ -3732,7 +3889,7 @@ kind: ClusterRole metadata: name: addressable-resolver labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -3746,7 +3903,7 @@ metadata: name: service-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3765,7 +3922,7 @@ metadata: name: serving-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3787,7 +3944,7 @@ metadata: name: channel-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3813,7 +3970,7 @@ metadata: name: broker-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3833,7 +3990,7 @@ metadata: name: flows-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3869,7 +4026,7 @@ kind: ClusterRole metadata: name: eventing-broker-filter labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -3895,7 +4052,7 @@ kind: ClusterRole metadata: name: eventing-broker-ingress labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -3912,7 +4069,7 @@ kind: ClusterRole metadata: name: eventing-config-reader labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -3945,7 +4102,7 @@ kind: ClusterRole metadata: name: channelable-manipulator labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -3959,7 +4116,7 @@ metadata: name: meta-channelable-manipulator labels: duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "channelable-manipulator" role. rules: @@ -3998,7 +4155,7 @@ metadata: name: knative-eventing-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev"] @@ -4011,7 +4168,7 @@ metadata: name: knative-messaging-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["messaging.knative.dev"] @@ -4024,7 +4181,7 @@ metadata: name: knative-flows-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["flows.knative.dev"] @@ -4037,7 +4194,7 @@ metadata: name: knative-sources-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["sources.knative.dev"] @@ -4050,7 +4207,7 @@ metadata: name: knative-bindings-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["bindings.knative.dev"] @@ -4062,8 +4219,8 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-eventing-namespaced-edit labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "20230727-ffa591593" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] @@ -4076,7 +4233,7 @@ metadata: name: knative-eventing-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] @@ -4103,7 +4260,7 @@ kind: ClusterRole metadata: name: knative-eventing-controller labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -4238,7 +4395,7 @@ kind: ClusterRole metadata: name: knative-eventing-pingsource-mt-adapter labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -4305,7 +4462,7 @@ kind: ClusterRole metadata: name: podspecable-binding labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -4319,7 +4476,7 @@ metadata: name: builtin-podspecable-binding labels: duck.knative.dev/podspecable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "podspecable-binding role. rules: @@ -4365,7 +4522,7 @@ kind: ClusterRole metadata: name: source-observer labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -4379,7 +4536,7 @@ metadata: name: eventing-sources-source-observer labels: duck.knative.dev/source: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "source-observer" role. rules: @@ -4415,7 +4572,7 @@ kind: ClusterRole metadata: name: knative-eventing-sources-controller labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -4501,7 +4658,7 @@ kind: ClusterRole metadata: name: knative-eventing-webhook labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: # For watching logging configuration and getting certs. @@ -4611,7 +4768,7 @@ metadata: namespace: knative-eventing name: knative-eventing-webhook labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing rules: # For manipulating certs into secrets. @@ -4647,7 +4804,7 @@ kind: ValidatingWebhookConfiguration metadata: name: config.webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -4682,7 +4839,7 @@ kind: MutatingWebhookConfiguration metadata: name: webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -4715,7 +4872,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -4749,7 +4906,7 @@ metadata: name: eventing-webhook-certs namespace: knative-eventing labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing # The data is populated at install time. @@ -4773,7 +4930,7 @@ kind: MutatingWebhookConfiguration metadata: name: sinkbindings.webhook.sources.knative.dev labels: - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] diff --git a/third_party/eventing-latest/eventing-crds.yaml b/third_party/eventing-latest/eventing-crds.yaml index 3a1eebc2dd..50030e254e 100644 --- a/third_party/eventing-latest/eventing-crds.yaml +++ b/third_party/eventing-latest/eventing-crds.yaml @@ -20,18 +20,36 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing annotations: - # TODO add schemas and descriptions + # TODO add schemas registry.knative.dev/eventTypes: | [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } + { + "type": "dev.knative.apiserver.resource.add", + "description": "CloudEvent type used for add operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.delete", + "description": "CloudEvent type used for delete operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.update", + "description": "CloudEvent type used for update operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.ref.add", + "description": "CloudEvent type used for add operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.delete", + "description": "CloudEvent type used for delete operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.update", + "description": "CloudEvent type used for update operations when in Reference mode" + } ] name: apiserversources.sources.knative.dev spec: @@ -139,6 +157,9 @@ spec: CACerts: description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string namespaceSelector: description: NamespaceSelector is a label selector to capture the namespaces that should be watched by the source. type: object @@ -171,6 +192,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array @@ -270,7 +298,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -341,6 +369,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -360,6 +391,8 @@ spec: type: string CACerts: type: string + audience: + type: string addresses: description: Broker is Addressable. It exposes the endpoints as URIs to get events delivered into the Broker mesh. type: array @@ -372,6 +405,8 @@ spec: type: string CACerts: type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -463,7 +498,7 @@ metadata: knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -545,6 +580,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -604,12 +642,18 @@ spec: replyCACerts: description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string subscriberUri: description: SubscriberURI is the endpoint for the subscriber type: string subscriberCACerts: description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string uid: description: UID is used to understand the origin of the subscriber. type: string @@ -627,6 +671,8 @@ spec: type: string CACerts: type: string + audience: + type: string addresses: description: Channel is Addressable. It exposes the endpoints as URIs to get events delivered into the Channel mesh. type: array @@ -639,6 +685,8 @@ spec: type: string CACerts: type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -731,6 +779,13 @@ spec: uid: description: UID is used to understand the origin of the subscriber. type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string names: kind: Channel plural: channels @@ -766,7 +821,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing name: containersources.sources.knative.dev spec: @@ -819,6 +874,9 @@ spec: CACerts: description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. template: type: object @@ -831,6 +889,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array @@ -923,7 +988,7 @@ metadata: name: eventtypes.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -1084,7 +1149,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -1146,6 +1211,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -1199,6 +1267,8 @@ spec: type: string CACerts: type: string + audience: + type: string addresses: description: Parallel is Addressable. It exposes the endpoints as URIs to get events delivered into the Parallel. type: array @@ -1211,10 +1281,19 @@ spec: type: string CACerts: type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string branchStatuses: description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. type: array @@ -1359,13 +1438,16 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing annotations: - # TODO add schemas and descriptions + # TODO add schema registry.knative.dev/eventTypes: | [ - { "type": "dev.knative.sources.ping" } + { + "type": "dev.knative.sources.ping", + "description": "CloudEvent type for fixed payloads on a specified cron schedule" + } ] name: pingsources.sources.knative.dev spec: @@ -1434,6 +1516,9 @@ spec: CACerts: description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string timezone: description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' type: string @@ -1445,6 +1530,13 @@ spec: description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' type: array @@ -1554,7 +1646,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -1652,6 +1744,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -1679,6 +1774,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string status: description: Status represents the current state of the Sequence. This data may be out of date. type: object @@ -1693,6 +1791,8 @@ spec: type: string CACerts: type: string + audience: + type: string addresses: description: Sequence is Addressable. It exposes the endpoints as URIs to get events delivered into the Sequence. type: array @@ -1705,10 +1805,19 @@ spec: type: string CACerts: type: string + audience: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string channelStatuses: description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. type: array @@ -1898,7 +2007,7 @@ metadata: duck.knative.dev/source: "true" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing name: sinkbindings.sources.knative.dev spec: @@ -1951,6 +2060,9 @@ spec: CACerts: description: CACerts is the Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string subject: description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. type: object @@ -1999,6 +2111,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string ceAttributes: description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array @@ -2092,7 +2211,7 @@ metadata: name: subscriptions.messaging.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -2160,6 +2279,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -2191,6 +2313,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string subscriber: description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. type: object @@ -2218,6 +2343,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the subscription trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string status: type: object properties: @@ -2225,6 +2353,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string conditions: description: Conditions the latest available observations of a resource's current state. type: array @@ -2272,12 +2407,18 @@ spec: replyCACerts: description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string subscriberUri: description: SubscriberURI is the fully resolved URI for spec.subscriber. type: string subscriberCACerts: description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string additionalPrinterColumns: - name: Age type: date @@ -2321,7 +2462,7 @@ metadata: name: triggers.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230727-ffa591593" + app.kubernetes.io/version: "20231001-6915382b1" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -2397,6 +2538,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string retry: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer @@ -2435,6 +2579,9 @@ spec: CACerts: description: Certification Authority (CA) certificates in PEM format that the source trusts when sending events to the sink. type: string + audience: + description: Audience is the OIDC audience. This only needs to be set if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. If the target is an Addressable and specifies an Audience, the target's Audience takes precedence. + type: string status: description: Status represents the current state of the Trigger. This data may be out of date. type: object @@ -2443,6 +2590,13 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string conditions: description: Conditions the latest available observations of a resource's current state. type: array diff --git a/third_party/eventing-latest/eventing-tls-networking.yaml b/third_party/eventing-latest/eventing-tls-networking.yaml index 5e4c7069f4..9489887301 100644 --- a/third_party/eventing-latest/eventing-tls-networking.yaml +++ b/third_party/eventing-latest/eventing-tls-networking.yaml @@ -104,6 +104,7 @@ spec: rotationPolicy: Always dnsNames: - imc-dispatcher.knative-eventing.svc.cluster.local + - imc-dispatcher.knative-eventing.svc issuerRef: name: selfsigned-ca-issuer kind: Issuer @@ -149,6 +150,7 @@ spec: rotationPolicy: Always dnsNames: - broker-filter.knative-eventing.svc.cluster.local + - broker-filter.knative-eventing.svc issuerRef: name: selfsigned-ca-issuer kind: Issuer @@ -194,6 +196,7 @@ spec: rotationPolicy: Always dnsNames: - broker-ingress.knative-eventing.svc.cluster.local + - broker-ingress.knative-eventing.svc issuerRef: name: selfsigned-ca-issuer kind: Issuer