Skip to content

Commit

Permalink
Run make generated-files
Browse files Browse the repository at this point in the history
Signed-off-by: Pierangelo Di Pilato <[email protected]>
  • Loading branch information
pierDipi committed Jan 22, 2025
1 parent 7ec647a commit 3a9bbb1
Show file tree
Hide file tree
Showing 11 changed files with 720 additions and 8 deletions.
1 change: 1 addition & 0 deletions .github/workflows/validate.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ jobs:
run: make generate-catalog

- name: Regenerate override-snapshot
if: github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' || ( github.event_name == 'push' && !contains(github.ref_name, 'dependabot/') )
working-directory: ./src/github.com/${{ github.repository }}
run: make generate-override-snapshot

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -529,6 +529,85 @@ spec:
values:
- "eventing-e2e0"
---
# Source: redhat-knative-istio-authz/templates/eventing-allow-to-knative-eventing-receiver.yaml
---
# Allow job-sink to receive requests from workloads and resources in eventing-e2e0.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-eventing-e2e0-to-job-sink
namespace: knative-eventing
spec:
action: ALLOW
selector:
matchLabels:
app.kubernetes.io/component: "job-sink"
rules:
# Allow to receive requests from event sources in eventing-e2e0
- from:
- source:
namespaces:
- "eventing-e2e0"
to:
- operation:
paths:
- "/eventing-e2e0/*"
- operation:
hosts:
- "*.eventing-e2e0"
- "*.eventing-e2e0.svc"
- "*.eventing-e2e0.svc.cluster.local"
- from:
- source:
namespaces: [ "knative-eventing" ]
principals:
- "cluster.local/ns/knative-eventing/sa/pingsource-mt-adapter"

- "cluster.local/ns/knative-eventing/sa/imc-dispatcher"

- "cluster.local/ns/knative-eventing/sa/mt-broker-filter"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-source-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-broker-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-channel-data-plane"

to:
- operation:
hosts:
- "*.eventing-e2e0"
- "*.eventing-e2e0.svc"
- "*.eventing-e2e0.svc.cluster.local"
when:
- key: request.headers[Kn-Namespace]
values:
- "eventing-e2e0"
- from:
- source:
namespaces: [ "knative-eventing" ]
principals:
- "cluster.local/ns/knative-eventing/sa/pingsource-mt-adapter"

- "cluster.local/ns/knative-eventing/sa/imc-dispatcher"

- "cluster.local/ns/knative-eventing/sa/mt-broker-filter"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-source-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-broker-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-channel-data-plane"

to:
- operation:
paths:
- "/eventing-e2e0/*"
when:
- key: request.headers[Kn-Namespace]
values:
- "eventing-e2e0"
---
# Source: redhat-knative-istio-authz/templates/serving-allow-wait-for-drain.yaml
# Allow kubernetes to call the PreStopHook to wait for draining on port 8022 in eventing-e2e0
apiVersion: security.istio.io/v1beta1
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -529,6 +529,85 @@ spec:
values:
- "eventing-e2e1"
---
# Source: redhat-knative-istio-authz/templates/eventing-allow-to-knative-eventing-receiver.yaml
---
# Allow job-sink to receive requests from workloads and resources in eventing-e2e1.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-eventing-e2e1-to-job-sink
namespace: knative-eventing
spec:
action: ALLOW
selector:
matchLabels:
app.kubernetes.io/component: "job-sink"
rules:
# Allow to receive requests from event sources in eventing-e2e1
- from:
- source:
namespaces:
- "eventing-e2e1"
to:
- operation:
paths:
- "/eventing-e2e1/*"
- operation:
hosts:
- "*.eventing-e2e1"
- "*.eventing-e2e1.svc"
- "*.eventing-e2e1.svc.cluster.local"
- from:
- source:
namespaces: [ "knative-eventing" ]
principals:
- "cluster.local/ns/knative-eventing/sa/pingsource-mt-adapter"

- "cluster.local/ns/knative-eventing/sa/imc-dispatcher"

- "cluster.local/ns/knative-eventing/sa/mt-broker-filter"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-source-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-broker-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-channel-data-plane"

to:
- operation:
hosts:
- "*.eventing-e2e1"
- "*.eventing-e2e1.svc"
- "*.eventing-e2e1.svc.cluster.local"
when:
- key: request.headers[Kn-Namespace]
values:
- "eventing-e2e1"
- from:
- source:
namespaces: [ "knative-eventing" ]
principals:
- "cluster.local/ns/knative-eventing/sa/pingsource-mt-adapter"

- "cluster.local/ns/knative-eventing/sa/imc-dispatcher"

- "cluster.local/ns/knative-eventing/sa/mt-broker-filter"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-source-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-broker-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-channel-data-plane"

to:
- operation:
paths:
- "/eventing-e2e1/*"
when:
- key: request.headers[Kn-Namespace]
values:
- "eventing-e2e1"
---
# Source: redhat-knative-istio-authz/templates/serving-allow-wait-for-drain.yaml
# Allow kubernetes to call the PreStopHook to wait for draining on port 8022 in eventing-e2e1
apiVersion: security.istio.io/v1beta1
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -529,6 +529,85 @@ spec:
values:
- "eventing-e2e2"
---
# Source: redhat-knative-istio-authz/templates/eventing-allow-to-knative-eventing-receiver.yaml
---
# Allow job-sink to receive requests from workloads and resources in eventing-e2e2.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-eventing-e2e2-to-job-sink
namespace: knative-eventing
spec:
action: ALLOW
selector:
matchLabels:
app.kubernetes.io/component: "job-sink"
rules:
# Allow to receive requests from event sources in eventing-e2e2
- from:
- source:
namespaces:
- "eventing-e2e2"
to:
- operation:
paths:
- "/eventing-e2e2/*"
- operation:
hosts:
- "*.eventing-e2e2"
- "*.eventing-e2e2.svc"
- "*.eventing-e2e2.svc.cluster.local"
- from:
- source:
namespaces: [ "knative-eventing" ]
principals:
- "cluster.local/ns/knative-eventing/sa/pingsource-mt-adapter"

- "cluster.local/ns/knative-eventing/sa/imc-dispatcher"

- "cluster.local/ns/knative-eventing/sa/mt-broker-filter"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-source-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-broker-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-channel-data-plane"

to:
- operation:
hosts:
- "*.eventing-e2e2"
- "*.eventing-e2e2.svc"
- "*.eventing-e2e2.svc.cluster.local"
when:
- key: request.headers[Kn-Namespace]
values:
- "eventing-e2e2"
- from:
- source:
namespaces: [ "knative-eventing" ]
principals:
- "cluster.local/ns/knative-eventing/sa/pingsource-mt-adapter"

- "cluster.local/ns/knative-eventing/sa/imc-dispatcher"

- "cluster.local/ns/knative-eventing/sa/mt-broker-filter"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-source-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-broker-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-channel-data-plane"

to:
- operation:
paths:
- "/eventing-e2e2/*"
when:
- key: request.headers[Kn-Namespace]
values:
- "eventing-e2e2"
---
# Source: redhat-knative-istio-authz/templates/serving-allow-wait-for-drain.yaml
# Allow kubernetes to call the PreStopHook to wait for draining on port 8022 in eventing-e2e2
apiVersion: security.istio.io/v1beta1
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -529,6 +529,85 @@ spec:
values:
- "eventing-e2e3"
---
# Source: redhat-knative-istio-authz/templates/eventing-allow-to-knative-eventing-receiver.yaml
---
# Allow job-sink to receive requests from workloads and resources in eventing-e2e3.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-eventing-e2e3-to-job-sink
namespace: knative-eventing
spec:
action: ALLOW
selector:
matchLabels:
app.kubernetes.io/component: "job-sink"
rules:
# Allow to receive requests from event sources in eventing-e2e3
- from:
- source:
namespaces:
- "eventing-e2e3"
to:
- operation:
paths:
- "/eventing-e2e3/*"
- operation:
hosts:
- "*.eventing-e2e3"
- "*.eventing-e2e3.svc"
- "*.eventing-e2e3.svc.cluster.local"
- from:
- source:
namespaces: [ "knative-eventing" ]
principals:
- "cluster.local/ns/knative-eventing/sa/pingsource-mt-adapter"

- "cluster.local/ns/knative-eventing/sa/imc-dispatcher"

- "cluster.local/ns/knative-eventing/sa/mt-broker-filter"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-source-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-broker-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-channel-data-plane"

to:
- operation:
hosts:
- "*.eventing-e2e3"
- "*.eventing-e2e3.svc"
- "*.eventing-e2e3.svc.cluster.local"
when:
- key: request.headers[Kn-Namespace]
values:
- "eventing-e2e3"
- from:
- source:
namespaces: [ "knative-eventing" ]
principals:
- "cluster.local/ns/knative-eventing/sa/pingsource-mt-adapter"

- "cluster.local/ns/knative-eventing/sa/imc-dispatcher"

- "cluster.local/ns/knative-eventing/sa/mt-broker-filter"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-source-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-broker-data-plane"

- "cluster.local/ns/knative-eventing/sa/knative-kafka-channel-data-plane"

to:
- operation:
paths:
- "/eventing-e2e3/*"
when:
- key: request.headers[Kn-Namespace]
values:
- "eventing-e2e3"
---
# Source: redhat-knative-istio-authz/templates/serving-allow-wait-for-drain.yaml
# Allow kubernetes to call the PreStopHook to wait for draining on port 8022 in eventing-e2e3
apiVersion: security.istio.io/v1beta1
Expand Down
Loading

0 comments on commit 3a9bbb1

Please sign in to comment.