diff --git a/docker/devbox-bundled/kustomize/complete/kustomization.yaml b/docker/devbox-bundled/kustomize/complete/kustomization.yaml index b725ef9dbd..d62b151459 100644 --- a/docker/devbox-bundled/kustomize/complete/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/complete/kustomization.yaml @@ -91,6 +91,52 @@ patches: name: net-istio-controller namespace: knative-serving $patch: delete +- patch: |- + apiVersion: v1 + kind: ConfigMap + metadata: + name: config-istio + namespace: knative-serving + data: + local-gateway.knative-serving.knative-local-gateway: kourier-internal.kourier-system.svc.cluster.local +- patch: |- + apiVersion: v1 + kind: Service + metadata: + name: knative-local-gateway + namespace: istio-system + $patch: delete +- patch: |- + apiVersion: networking.istio.io/v1beta1 + kind: Gateway + metadata: + name: knative-local-gateway + namespace: knative-serving + $patch: delete +- patch: |- + apiVersion: networking.istio.io/v1beta1 + kind: Gateway + metadata: + name: knative-ingress-gateway + namespace: knative-serving + $patch: delete +# net-istio also renders two PeerAuthentication CRs (security.istio.io); the +# istio CRDs aren't installed in this kourier devbox, so without these deletes +# k3s fails the whole flyte.yaml addon and the cluster never goes ready. +- patch: |- + apiVersion: security.istio.io/v1beta1 + kind: PeerAuthentication + metadata: + name: net-istio-webhook + namespace: knative-serving + $patch: delete +- patch: |- + apiVersion: security.istio.io/v1beta1 + kind: PeerAuthentication + metadata: + name: webhook + namespace: knative-serving + $patch: delete - target: kind: Pod name: rustfs-test-connection @@ -127,4 +173,4 @@ patches: readOnlyRootFilesystem: true volumeMounts: - mountPath: /data - name: data \ No newline at end of file + name: data diff --git a/docker/devbox-bundled/kustomize/dev/kustomization.yaml b/docker/devbox-bundled/kustomize/dev/kustomization.yaml index e3421a3448..620fcb83d5 100644 --- a/docker/devbox-bundled/kustomize/dev/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/dev/kustomization.yaml @@ -81,6 +81,52 @@ patches: name: net-istio-controller namespace: knative-serving $patch: delete +- patch: |- + apiVersion: v1 + kind: ConfigMap + metadata: + name: config-istio + namespace: knative-serving + data: + local-gateway.knative-serving.knative-local-gateway: kourier-internal.kourier-system.svc.cluster.local +- patch: |- + apiVersion: v1 + kind: Service + metadata: + name: knative-local-gateway + namespace: istio-system + $patch: delete +- patch: |- + apiVersion: networking.istio.io/v1beta1 + kind: Gateway + metadata: + name: knative-local-gateway + namespace: knative-serving + $patch: delete +- patch: |- + apiVersion: networking.istio.io/v1beta1 + kind: Gateway + metadata: + name: knative-ingress-gateway + namespace: knative-serving + $patch: delete +# net-istio also renders two PeerAuthentication CRs (security.istio.io); the +# istio CRDs aren't installed in this kourier devbox, so without these deletes +# k3s fails the whole flyte.yaml addon and the cluster never goes ready. +- patch: |- + apiVersion: security.istio.io/v1beta1 + kind: PeerAuthentication + metadata: + name: net-istio-webhook + namespace: knative-serving + $patch: delete +- patch: |- + apiVersion: security.istio.io/v1beta1 + kind: PeerAuthentication + metadata: + name: webhook + namespace: knative-serving + $patch: delete - target: kind: Pod name: rustfs-test-connection @@ -117,4 +163,4 @@ patches: readOnlyRootFilesystem: true volumeMounts: - mountPath: /data - name: data \ No newline at end of file + name: data diff --git a/docker/devbox-bundled/manifests/complete.yaml b/docker/devbox-bundled/manifests/complete.yaml index 0613461da3..35d798c05b 100644 --- a/docker/devbox-bundled/manifests/complete.yaml +++ b/docker/devbox-bundled/manifests/complete.yaml @@ -7997,7 +7997,7 @@ metadata: --- apiVersion: v1 data: - local-gateway.knative-serving.knative-local-gateway: knative-local-gateway.istio-system.svc.cluster.local + local-gateway.knative-serving.knative-local-gateway: kourier-internal.kourier-system.svc.cluster.local kind: ConfigMap metadata: labels: @@ -8296,29 +8296,6 @@ spec: --- apiVersion: v1 kind: Service -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - experimental.istio.io/disable-gateway-port-translation: "true" - networking.knative.dev/ingress-provider: istio - name: knative-local-gateway - namespace: istio-system -spec: - ports: - - name: http2 - port: 80 - targetPort: 8081 - - name: https - port: 443 - targetPort: 8444 - selector: - istio: ingressgateway - type: ClusterIP ---- -apiVersion: v1 -kind: Service metadata: labels: app: activator @@ -9434,48 +9411,6 @@ spec: - data-plane.knative.dev secretName: routing-serving-certs --- -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - networking.knative.dev/ingress-provider: istio - name: knative-ingress-gateway - namespace: knative-serving -spec: - selector: - istio: ingressgateway - servers: - - hosts: - - '*' - port: - name: http - number: 80 - protocol: HTTP ---- -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - networking.knative.dev/ingress-provider: istio - name: knative-local-gateway - namespace: knative-serving -spec: - selector: - istio: ingressgateway - servers: - - hosts: - - '*' - port: - name: http - number: 8081 - protocol: HTTP ---- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -9582,42 +9517,6 @@ spec: path: / pathType: Prefix --- -apiVersion: security.istio.io/v1beta1 -kind: PeerAuthentication -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - networking.knative.dev/ingress-provider: istio - name: net-istio-webhook - namespace: knative-serving -spec: - portLevelMtls: - "8443": - mode: PERMISSIVE - selector: - matchLabels: - app: net-istio-webhook ---- -apiVersion: security.istio.io/v1beta1 -kind: PeerAuthentication -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - networking.knative.dev/ingress-provider: istio - name: webhook - namespace: knative-serving -spec: - portLevelMtls: - "8443": - mode: PERMISSIVE - selector: - matchLabels: - app: webhook ---- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: diff --git a/docker/devbox-bundled/manifests/dev.yaml b/docker/devbox-bundled/manifests/dev.yaml index e1d80ef0e9..ae2c83cf88 100644 --- a/docker/devbox-bundled/manifests/dev.yaml +++ b/docker/devbox-bundled/manifests/dev.yaml @@ -7678,7 +7678,7 @@ metadata: --- apiVersion: v1 data: - local-gateway.knative-serving.knative-local-gateway: knative-local-gateway.istio-system.svc.cluster.local + local-gateway.knative-serving.knative-local-gateway: kourier-internal.kourier-system.svc.cluster.local kind: ConfigMap metadata: labels: @@ -7930,29 +7930,6 @@ spec: --- apiVersion: v1 kind: Service -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - experimental.istio.io/disable-gateway-port-translation: "true" - networking.knative.dev/ingress-provider: istio - name: knative-local-gateway - namespace: istio-system -spec: - ports: - - name: http2 - port: 80 - targetPort: 8081 - - name: https - port: 443 - targetPort: 8444 - selector: - istio: ingressgateway - type: ClusterIP ---- -apiVersion: v1 -kind: Service metadata: labels: app: activator @@ -8924,48 +8901,6 @@ spec: - data-plane.knative.dev secretName: routing-serving-certs --- -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - networking.knative.dev/ingress-provider: istio - name: knative-ingress-gateway - namespace: knative-serving -spec: - selector: - istio: ingressgateway - servers: - - hosts: - - '*' - port: - name: http - number: 80 - protocol: HTTP ---- -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - networking.knative.dev/ingress-provider: istio - name: knative-local-gateway - namespace: knative-serving -spec: - selector: - istio: ingressgateway - servers: - - hosts: - - '*' - port: - name: http - number: 8081 - protocol: HTTP ---- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -9049,42 +8984,6 @@ spec: path: / pathType: Prefix --- -apiVersion: security.istio.io/v1beta1 -kind: PeerAuthentication -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - networking.knative.dev/ingress-provider: istio - name: net-istio-webhook - namespace: knative-serving -spec: - portLevelMtls: - "8443": - mode: PERMISSIVE - selector: - matchLabels: - app: net-istio-webhook ---- -apiVersion: security.istio.io/v1beta1 -kind: PeerAuthentication -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - networking.knative.dev/ingress-provider: istio - name: webhook - namespace: knative-serving -spec: - portLevelMtls: - "8443": - mode: PERMISSIVE - selector: - matchLabels: - app: webhook ---- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: