diff --git a/third_party/eventing-latest/eventing-core.yaml b/third_party/eventing-latest/eventing-core.yaml index ccdbe65d00..2d19c8972d 100644 --- a/third_party/eventing-latest/eventing-core.yaml +++ b/third_party/eventing-latest/eventing-core.yaml @@ -16,7 +16,7 @@ kind: Namespace metadata: name: knative-eventing labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing --- @@ -40,7 +40,7 @@ metadata: name: eventing-controller namespace: knative-eventing labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -48,7 +48,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -64,7 +64,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-resolver labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -80,7 +80,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-source-observer labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -96,7 +96,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-sources-controller labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -112,7 +112,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-manipulator labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -128,7 +128,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-crossnamespace-subscriber labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -160,7 +160,7 @@ metadata: name: job-sink namespace: knative-eventing labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -168,7 +168,7 @@ kind: ClusterRoleBinding metadata: name: knative-eventing-job-sink labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -200,7 +200,7 @@ metadata: name: pingsource-mt-adapter namespace: knative-eventing labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -208,7 +208,7 @@ kind: ClusterRoleBinding metadata: name: knative-eventing-pingsource-mt-adapter labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -240,7 +240,7 @@ metadata: name: eventing-webhook namespace: knative-eventing labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -248,7 +248,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -265,7 +265,7 @@ metadata: namespace: knative-eventing name: eventing-webhook labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -281,7 +281,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook-resolver labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -297,7 +297,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook-podspecable-binding labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -329,7 +329,7 @@ metadata: name: config-br-default-channel namespace: knative-eventing labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing data: channel-template-spec: | @@ -357,7 +357,7 @@ metadata: name: config-br-defaults namespace: knative-eventing labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing data: # Configures the default for any Broker that does not specify a spec.config or Broker class. @@ -394,7 +394,7 @@ metadata: name: default-ch-webhook namespace: knative-eventing labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing data: # Configuration for defaulting channels that do not specify CRD implementations. @@ -429,7 +429,7 @@ metadata: namespace: knative-eventing annotations: knative.dev/example-checksum: "9185c153" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing data: _example: | @@ -475,7 +475,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing data: # ALPHA feature: The kreference-group allows you to use the Group field in KReferences. @@ -584,7 +584,7 @@ metadata: name: config-leader-election namespace: knative-eventing labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "f7948630" @@ -647,7 +647,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing data: # Common configuration for all Knative codebase @@ -700,7 +700,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "f46cf09d" @@ -774,7 +774,7 @@ metadata: name: config-sugar namespace: knative-eventing labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "62dfac6f" @@ -833,7 +833,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "0492ceb0" @@ -890,7 +890,7 @@ metadata: labels: knative.dev/high-availability: "true" app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing bindings.knative.dev/exclude: "true" spec: @@ -902,7 +902,7 @@ spec: labels: app: eventing-controller app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -920,7 +920,7 @@ spec: containers: - name: eventing-controller terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/controller@sha256:e8cbc05414224872382bd763e60df9588591f305d3a88f1a4b3e23915ede2b74 + image: gcr.io/knative-nightly/knative.dev/eventing/cmd/controller@sha256:ee4c9c59855f48e1271104ffe7767c230afc218c5c4ab04aadaba9e85789ec34 resources: requests: cpu: 100m @@ -938,7 +938,7 @@ spec: value: knative.dev/eventing # APIServerSource - name: APISERVER_RA_IMAGE - value: gcr.io/knative-nightly/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:837e068ff67abb97bbe8ed72da4f259a4cfe91c8ee092ecb4be37f28353bbcea + value: gcr.io/knative-nightly/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:0b0af6c9817307db23408302ba671c2de3355940930cfcfdedaa7628bd10a609 - name: POD_NAME valueFrom: fieldRef: @@ -1008,7 +1008,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: job-sink - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: replicas: 1 @@ -1020,7 +1020,7 @@ spec: labels: sinks.knative.dev/sink: job-sink app.kubernetes.io/component: job-sink - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: affinity: @@ -1036,7 +1036,7 @@ spec: containers: - name: job-sink terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/jobsink@sha256:ab352af8930d32ef2a9b4d6e7465fd00377c3446c9a7bb30c11e56661b317a35 + image: gcr.io/knative-nightly/knative.dev/eventing/cmd/jobsink@sha256:7e8e98ec765e5163327618577adcbd2c9a4b6c8bd09f3b7ef898ef29f63f7490 env: - name: SYSTEM_NAMESPACE valueFrom: @@ -1118,7 +1118,7 @@ metadata: labels: sinks.knative.dev/sink: job-sink app.kubernetes.io/component: job-sink - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing name: job-sink namespace: knative-eventing @@ -1161,7 +1161,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing bindings.knative.dev/exclude: "true" spec: @@ -1177,7 +1177,7 @@ spec: eventing.knative.dev/source: ping-source-controller sources.knative.dev/role: adapter app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: affinity: @@ -1193,7 +1193,7 @@ spec: enableServiceLinks: false containers: - name: dispatcher - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/mtping@sha256:b45b99e01223b6770ad266903e16c28c23083bcf2b18ed59a35a925570695f1c + image: gcr.io/knative-nightly/knative.dev/eventing/cmd/mtping@sha256:2042d2d7962f2183067abe8bf234666942727caf7ed4bd80f78b7222f9edde04 env: - name: SYSTEM_NAMESPACE value: '' @@ -1267,7 +1267,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: @@ -1292,7 +1292,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: minAvailable: 80% @@ -1322,7 +1322,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing bindings.knative.dev/exclude: "true" spec: @@ -1336,7 +1336,7 @@ spec: app: eventing-webhook role: eventing-webhook app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -1356,7 +1356,7 @@ spec: terminationMessagePolicy: FallbackToLogsOnError # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/webhook@sha256:9e999d1095621e44890db48304be064bf44968da328dc78cd8f2e91bedfab46d + image: gcr.io/knative-nightly/knative.dev/eventing/cmd/webhook@sha256:bdb9af8f60ba94ba47f35c27bd55f6085065b99b554885da3ff1c94a472ab44c resources: requests: # taken from serving. @@ -1435,7 +1435,7 @@ metadata: labels: role: eventing-webhook app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing name: eventing-webhook namespace: knative-eventing @@ -1470,7 +1470,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing annotations: # TODO add schemas @@ -1757,7 +1757,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -1972,7 +1972,7 @@ metadata: knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -2330,7 +2330,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing name: containersources.sources.knative.dev spec: @@ -2505,7 +2505,7 @@ metadata: name: eventpolicies.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -2687,7 +2687,7 @@ metadata: name: eventtypes.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -3080,7 +3080,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: sinks.knative.dev @@ -3143,6 +3143,18 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string conditions: description: Conditions the latest available observations of a resource's current state. type: array @@ -3215,7 +3227,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -3743,7 +3755,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing annotations: # TODO add schema @@ -4115,7 +4127,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -4499,7 +4511,7 @@ metadata: duck.knative.dev/source: "true" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing name: sinkbindings.sources.knative.dev spec: @@ -4714,7 +4726,7 @@ metadata: name: subscriptions.messaging.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -4976,7 +4988,7 @@ metadata: name: triggers.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -5076,13 +5088,50 @@ spec: type: integer format: int32 filter: - description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. ' + description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events.' type: object properties: attributes: - description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. ' + description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported.' type: object x-kubernetes-preserve-unknown-fields: true + filters: + description: 'Filters is an array of SubscriptionsAPIFilter that evaluate to true or false. If any filter expression in the array evaluates to false, the event must not be sent to the Subscriber. If all the filter expressions in the array evaluate to true, the event must be attempted to be delivered. Absence of a filter or empty array implies a value of true. In the event of users specifying both Filter and Filters, then the latter will override the former. This will allow users to try out the effect of the new Filters field without compromising the existing attribute-based Filter and try it out on existing Trigger objects.' + type: array + items: + type: object + properties: + all: + description: 'All evaluates to true if all the nested expressions evaluate to true. It must contain at least one filter expression.' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + any: + description: 'Any evaluates to true if at least one of the nested expressions evaluates to true. It must contain at least one filter expression.' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + cesql: + description: 'CESQL is a CloudEvents SQL expression that will be evaluated to true or false against each CloudEvent.' + type: string + exact: + description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all exactly match with the associated value String specified (case-sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + not: + description: 'Not evaluates to true if the nested expression evaluates to false.' + type: object + x-kubernetes-preserve-unknown-fields: true + prefix: + description: 'Prefix evaluates to true if the values of the matching CloudEvents attributes all start with the associated value String specified (case sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + suffix: + description: 'Suffix evaluates to true if the values of the matching CloudEvents attributes all end with the associated value String specified (case sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true subscriber: description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. type: object @@ -5212,7 +5261,7 @@ kind: ClusterRole metadata: name: addressable-resolver labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -5226,7 +5275,7 @@ metadata: name: service-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -5245,7 +5294,7 @@ metadata: name: serving-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -5267,7 +5316,7 @@ metadata: name: channel-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -5293,7 +5342,7 @@ metadata: name: broker-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -5313,7 +5362,7 @@ metadata: name: flows-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -5349,7 +5398,7 @@ kind: ClusterRole metadata: name: eventing-broker-filter labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -5375,7 +5424,7 @@ kind: ClusterRole metadata: name: eventing-broker-ingress labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -5392,7 +5441,7 @@ kind: ClusterRole metadata: name: eventing-config-reader labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -5425,7 +5474,7 @@ kind: ClusterRole metadata: name: channelable-manipulator labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -5439,7 +5488,7 @@ metadata: name: meta-channelable-manipulator labels: duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "channelable-manipulator" role. rules: @@ -5478,7 +5527,7 @@ metadata: name: knative-eventing-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev"] @@ -5491,7 +5540,7 @@ metadata: name: knative-messaging-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["messaging.knative.dev"] @@ -5504,7 +5553,7 @@ metadata: name: knative-flows-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["flows.knative.dev"] @@ -5517,7 +5566,7 @@ metadata: name: knative-sources-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["sources.knative.dev"] @@ -5530,7 +5579,7 @@ metadata: name: knative-bindings-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["bindings.knative.dev"] @@ -5543,7 +5592,7 @@ metadata: name: knative-eventing-namespaced-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] @@ -5556,7 +5605,7 @@ metadata: name: knative-eventing-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] @@ -5583,7 +5632,7 @@ kind: ClusterRole metadata: name: knative-eventing-controller labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -5792,7 +5841,7 @@ kind: ClusterRole metadata: name: crossnamespace-subscriber labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -5806,7 +5855,7 @@ metadata: name: channel-subscriber labels: duck.knative.dev/crossnamespace-subscribable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -5822,7 +5871,7 @@ metadata: name: broker-subscriber labels: duck.knative.dev/crossnamespace-subscribable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -5852,7 +5901,7 @@ kind: ClusterRole metadata: name: knative-eventing-job-sink labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -5917,6 +5966,14 @@ rules: - create - update - patch + - apiGroups: + - eventing.knative.dev + resources: + - eventpolicies + verbs: + - get + - list + - watch --- # Copyright 2020 The Knative Authors @@ -5938,7 +5995,7 @@ kind: ClusterRole metadata: name: knative-eventing-pingsource-mt-adapter labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -6011,7 +6068,7 @@ kind: ClusterRole metadata: name: podspecable-binding labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -6025,7 +6082,7 @@ metadata: name: builtin-podspecable-binding labels: duck.knative.dev/podspecable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "podspecable-binding role. rules: @@ -6071,7 +6128,7 @@ kind: ClusterRole metadata: name: source-observer labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -6085,7 +6142,7 @@ metadata: name: eventing-sources-source-observer labels: duck.knative.dev/source: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "source-observer" role. rules: @@ -6121,7 +6178,7 @@ kind: ClusterRole metadata: name: knative-eventing-sources-controller labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -6242,7 +6299,7 @@ kind: ClusterRole metadata: name: knative-eventing-webhook labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: # For watching logging configuration and getting certs. @@ -6342,6 +6399,14 @@ rules: - "list" - "create" - "patch" + - apiGroups: + - eventing.knative.dev + resources: + - eventpolicies + verbs: + - get + - list + - watch # For the SinkBinding reconciler adding the OIDC identity service accounts - apiGroups: - "" @@ -6411,7 +6476,7 @@ metadata: namespace: knative-eventing name: knative-eventing-webhook labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing rules: # For manipulating certs into secrets. @@ -6447,7 +6512,7 @@ kind: ValidatingWebhookConfiguration metadata: name: config.webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -6485,7 +6550,7 @@ kind: MutatingWebhookConfiguration metadata: name: webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -6518,7 +6583,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -6552,7 +6617,7 @@ metadata: name: eventing-webhook-certs namespace: knative-eventing labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing # The data is populated at install time. @@ -6576,7 +6641,7 @@ kind: MutatingWebhookConfiguration metadata: name: sinkbindings.webhook.sources.knative.dev labels: - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] diff --git a/third_party/eventing-latest/eventing-crds.yaml b/third_party/eventing-latest/eventing-crds.yaml index 33084394e4..4f24eec391 100644 --- a/third_party/eventing-latest/eventing-crds.yaml +++ b/third_party/eventing-latest/eventing-crds.yaml @@ -20,7 +20,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing annotations: # TODO add schemas @@ -307,7 +307,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -522,7 +522,7 @@ metadata: knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -880,7 +880,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing name: containersources.sources.knative.dev spec: @@ -1055,7 +1055,7 @@ metadata: name: eventpolicies.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -1237,7 +1237,7 @@ metadata: name: eventtypes.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -1630,7 +1630,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: sinks.knative.dev @@ -1693,6 +1693,18 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string conditions: description: Conditions the latest available observations of a resource's current state. type: array @@ -1765,7 +1777,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -2293,7 +2305,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing annotations: # TODO add schema @@ -2665,7 +2677,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -3049,7 +3061,7 @@ metadata: duck.knative.dev/source: "true" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing name: sinkbindings.sources.knative.dev spec: @@ -3264,7 +3276,7 @@ metadata: name: subscriptions.messaging.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -3526,7 +3538,7 @@ metadata: name: triggers.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20240702-96c30bd21" + app.kubernetes.io/version: "20240706-fe6bd5682" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -3626,13 +3638,50 @@ spec: type: integer format: int32 filter: - description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. ' + description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events.' type: object properties: attributes: - description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. ' + description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported.' type: object x-kubernetes-preserve-unknown-fields: true + filters: + description: 'Filters is an array of SubscriptionsAPIFilter that evaluate to true or false. If any filter expression in the array evaluates to false, the event must not be sent to the Subscriber. If all the filter expressions in the array evaluate to true, the event must be attempted to be delivered. Absence of a filter or empty array implies a value of true. In the event of users specifying both Filter and Filters, then the latter will override the former. This will allow users to try out the effect of the new Filters field without compromising the existing attribute-based Filter and try it out on existing Trigger objects.' + type: array + items: + type: object + properties: + all: + description: 'All evaluates to true if all the nested expressions evaluate to true. It must contain at least one filter expression.' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + any: + description: 'Any evaluates to true if at least one of the nested expressions evaluates to true. It must contain at least one filter expression.' + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + cesql: + description: 'CESQL is a CloudEvents SQL expression that will be evaluated to true or false against each CloudEvent.' + type: string + exact: + description: 'Exact evaluates to true if the values of the matching CloudEvents attributes all exactly match with the associated value String specified (case-sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + not: + description: 'Not evaluates to true if the nested expression evaluates to false.' + type: object + x-kubernetes-preserve-unknown-fields: true + prefix: + description: 'Prefix evaluates to true if the values of the matching CloudEvents attributes all start with the associated value String specified (case sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true + suffix: + description: 'Suffix evaluates to true if the values of the matching CloudEvents attributes all end with the associated value String specified (case sensitive). The keys are the names of the CloudEvents attributes to be matched, and their values are the String values to use in the comparison. The attribute name and value specified in the filter express must not be empty strings.' + type: object + x-kubernetes-preserve-unknown-fields: true subscriber: description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. type: object