├── CODE-OF-CONDUCT.md ├── LICENSE ├── OWNERS ├── OWNERS_ALIASES ├── README.md ├── SECURITY.md ├── conformance └── tests │ └── results │ └── v1.0 │ ├── 2022-04-11-google-cloud-run │ ├── README.md │ ├── serving_api_e2e.log │ └── serving_runtime_e2e.log │ ├── 2022-04-13-google-cloud-run-for-anthos │ ├── README.md │ ├── serving_api_e2e.log │ └── serving_runtime_e2e.log │ └── 2022-11-15-ibm-cloud-code-engine │ ├── README.md │ ├── serving_api_2022-11-15_e2e.log │ └── serving_runtime_2022-11-15_e2e.log ├── docs ├── README.md ├── conformance_procedure.md ├── examples │ └── serving │ │ └── cloud_run.md ├── knative_certificate_application_form.md ├── run_serving_tests.md └── terms_and_conditions.md ├── knative-conformance.md ├── specs ├── README.md ├── common │ ├── error-signalling.md │ └── knative-serving-conformance-testing-workflow.md ├── eventing │ ├── README.md │ ├── control-plane.md │ ├── data-plane.md │ ├── images │ │ └── eventing-overview.svg │ ├── motivation.md │ └── overview.md └── serving │ ├── README.md │ ├── images │ └── object_model.png │ ├── knative-api-specification-1.0.md │ ├── motivation.md │ ├── overview.md │ └── runtime-contract.md ├── test-plan ├── OWNERS └── eventing │ ├── README.md │ ├── broker-lifecycle-conformance.md │ └── control-plane │ └── broker-lifecycle │ ├── broker.yaml │ ├── trigger-no-broker.yaml │ └── trigger.yaml └── test └── presubmit-tests.sh.tmpl /CODE-OF-CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Knative Community Code of Conduct 2 | 3 | The [Knative Community Code of Conduct](https://github.com/knative/community/blob/main/CODE-OF-CONDUCT.md) is defined in the [Knative community repository](https://github.com/knative/community). 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - steering-committee 3 | - technical-oversight-committee 4 | 5 | -------------------------------------------------------------------------------- /OWNERS_ALIASES: -------------------------------------------------------------------------------- 1 | # This file is auto-generated from peribolos. 2 | # Do not modify this file, instead modify peribolos/knative.yaml 3 | 4 | aliases: 5 | client-reviewers: 6 | - itsmurugappan 7 | client-wg-leads: 8 | - dsimansk 9 | client-writers: 10 | - dsimansk 11 | - vyasgun 12 | docs-reviewers: 13 | - nainaz 14 | - skonto 15 | docs-writers: 16 | - csantanapr 17 | - skonto 18 | eventing-reviewers: 19 | - Leo6Leo 20 | - aslom 21 | - cali0707 22 | - creydr 23 | eventing-wg-leads: 24 | - creydr 25 | - pierDipi 26 | eventing-writers: 27 | - Leo6Leo 28 | - aliok 29 | - cali0707 30 | - creydr 31 | - lionelvillard 32 | - matzew 33 | - pierDipi 34 | func-reviewers: 35 | - jrangelramos 36 | - nainaz 37 | func-writers: 38 | - gauron99 39 | - jrangelramos 40 | - lance 41 | - lkingland 42 | - matejvasek 43 | - matzew 44 | - salaboy 45 | functions-wg-leads: 46 | - lkingland 47 | - salaboy 48 | knative-admin: 49 | - aliok 50 | - cardil 51 | - dprotaso 52 | - dsimansk 53 | - evankanderson 54 | - gauron99 55 | - knative-automation 56 | - knative-prow-releaser-robot 57 | - knative-prow-robot 58 | - knative-prow-updater-robot 59 | - knative-test-reporter-robot 60 | - matzew 61 | - nrrso 62 | - skonto 63 | - upodroid 64 | knative-release-leads: 65 | - dprotaso 66 | - dsimansk 67 | - gauron99 68 | - skonto 69 | knative-robots: 70 | - knative-automation 71 | - knative-prow-releaser-robot 72 | - knative-prow-robot 73 | - knative-prow-updater-robot 74 | - knative-test-reporter-robot 75 | operations-reviewers: 76 | - aliok 77 | - houshengbo 78 | - matzew 79 | operations-wg-leads: 80 | - houshengbo 81 | operations-writers: 82 | - aliok 83 | - houshengbo 84 | - matzew 85 | productivity-leads: 86 | - cardil 87 | - upodroid 88 | productivity-reviewers: 89 | - evankanderson 90 | - mgencur 91 | productivity-wg-leads: 92 | - cardil 93 | - upodroid 94 | productivity-writers: 95 | - cardil 96 | - upodroid 97 | security-wg-leads: 98 | - davidhadas 99 | - evankanderson 100 | security-writers: 101 | - davidhadas 102 | - evankanderson 103 | serving-approvers: 104 | - dsimansk 105 | - skonto 106 | serving-reviewers: 107 | - skonto 108 | serving-triage: 109 | - skonto 110 | serving-wg-leads: 111 | - dprotaso 112 | serving-writers: 113 | - dprotaso 114 | - dsimansk 115 | - skonto 116 | steering-committee: 117 | - aliok 118 | - dprotaso 119 | - evankanderson 120 | - matzew 121 | - nrrso 122 | ux-wg-leads: 123 | - cali0707 124 | - leo6leo 125 | - mmejia02 126 | - zainabhusain227 127 | ux-writers: 128 | - cali0707 129 | - leo6leo 130 | - mmejia02 131 | - zainabhusain227 132 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Knative Specs Repository 2 | 3 | This repository contains the specifications for Knative components, along with 4 | policies and procedures around conformance and certification. 5 | 6 | - [Knative Specs](specs/) contains the core specs for Knative components (Serving and Eventing), along with optional extensions 7 | - [Policies and Procedures](docs/) provides policies for contributing to the specs, and procedures of testing conformance to the Knative spec, and the Knative certification process 8 | - [Qualifying Offerings and Self-Testing](/knative-conformance.md) Summarizes the conformance qualification process and eligibility for conformance 9 | 10 | ## contributing 11 | 12 | For a list of help wanted issues across Knative to contribute to, take a look 13 | at [CLOTRIBUTOR](https://clotributor.dev/search?project=knative&page=1). 14 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Knative Security Policy 2 | 3 | We're extremely grateful for security researchers and users that report vulnerabilities to the Knative Open Source Community. All reports are thoroughly investigated by a set of community volunteers. 4 | 5 | To make a report, please email the private security@knative.team list with the security details and the details expected for all Knative bug reports. 6 | 7 | See [Knative Security and Disclosure Information](https://knative.dev/docs/reference/security/) for more details. 8 | -------------------------------------------------------------------------------- /conformance/tests/results/v1.0/2022-04-11-google-cloud-run/README.md: -------------------------------------------------------------------------------- 1 | ## Product 2 | 3 | | **Title** | | 4 | | ------------------ | -------------------------------------------- | 5 | | **Vendor** | Google | 6 | | **Product Name / Version** | Cloud Run | 7 | | **Website URL for Product** | https://cloud.google.com/run | 8 | 9 | ## How to reproduce test results 10 | 11 | Please see https://github.com/knative/specs/blob/main/docs/examples/serving/cloud_run.md. -------------------------------------------------------------------------------- /conformance/tests/results/v1.0/2022-04-11-google-cloud-run/serving_runtime_e2e.log: -------------------------------------------------------------------------------- 1 | === RUN TestMustHaveCgroupConfigured 2 | === PAUSE TestMustHaveCgroupConfigured 3 | === RUN TestShouldHaveCgroupReadOnly 4 | === PAUSE TestShouldHaveCgroupReadOnly 5 | === RUN TestCmdArgs 6 | === PAUSE TestCmdArgs 7 | === RUN TestMustNotContainerConstraints 8 | === PAUSE TestMustNotContainerConstraints 9 | === RUN TestShouldNotContainerConstraints 10 | === PAUSE TestShouldNotContainerConstraints 11 | === RUN TestSecretsViaEnv 12 | === PAUSE TestSecretsViaEnv 13 | === RUN TestConfigsViaEnv 14 | === PAUSE TestConfigsViaEnv 15 | === RUN TestShouldEnvVars 16 | === PAUSE TestShouldEnvVars 17 | === RUN TestMustEnvVars 18 | === PAUSE TestMustEnvVars 19 | === RUN TestShouldHaveStdinEOF 20 | I0411 11:56:57.223035 3808303 gcp.go:122] WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.25+; use gcloud instead. 21 | To learn more, consult https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins 22 | service.go:113: Creating a new Service service should-have-stdin-e-o-f-jwwvjfgm 23 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-have-stdin-e-o-f-jwwvjfgm,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 24 | service.go:131: Waiting for Service to transition to Ready. service should-have-stdin-e-o-f-jwwvjfgm 25 | service.go:136: Checking to ensure Service Status is populated for Ready service 26 | service.go:142: Getting latest objects Created by Service 27 | service.go:145: Successfully created Service should-have-stdin-e-o-f-jwwvjfgm 28 | spoof.go:111: Spoofing should-have-stdin-e-o-f-jwwvjfgm-whediza7la-uc.a.run.app -> should-have-stdin-e-o-f-jwwvjfgm-whediza7la-uc.a.run.app 29 | --- PASS: TestShouldHaveStdinEOF (9.70s) 30 | === RUN TestMustHaveFiles 31 | === PAUSE TestMustHaveFiles 32 | === RUN TestShouldHaveFiles 33 | === PAUSE TestShouldHaveFiles 34 | === RUN TestMustHaveHeadersSet 35 | === PAUSE TestMustHaveHeadersSet 36 | === RUN TestShouldHaveHeadersSet 37 | === PAUSE TestShouldHaveHeadersSet 38 | === RUN TestProtocols 39 | === PAUSE TestProtocols 40 | === RUN TestProbeRuntime 41 | === PAUSE TestProbeRuntime 42 | === RUN TestProbeRuntimeAfterStartup 43 | === PAUSE TestProbeRuntimeAfterStartup 44 | === RUN TestShouldHaveSysctlReadOnly 45 | === PAUSE TestShouldHaveSysctlReadOnly 46 | === RUN TestMustRunAsUser 47 | user_test.go:40: Container.securityContext is not required by Knative Serving API Specification 48 | --- SKIP: TestMustRunAsUser (0.00s) 49 | === RUN TestShouldRunAsUserContainerDefault 50 | user_test.go:82: Container.securityContext is not required by Knative Serving API Specification 51 | --- SKIP: TestShouldRunAsUserContainerDefault (0.00s) 52 | === RUN TestWorkingDirService 53 | === PAUSE TestWorkingDirService 54 | === CONT TestMustHaveCgroupConfigured 55 | === CONT TestShouldHaveSysctlReadOnly 56 | === CONT TestMustEnvVars 57 | === CONT TestWorkingDirService 58 | === CONT TestShouldNotContainerConstraints 59 | === CONT TestShouldHaveHeadersSet 60 | === CONT TestConfigsViaEnv 61 | === CONT TestCmdArgs 62 | === CONT TestShouldEnvVars 63 | === CONT TestMustNotContainerConstraints 64 | === CONT TestProbeRuntime 65 | readiness_probe_test.go:51: Container.readinessProbe is not required by Knative Serving API Specification 66 | === CONT TestProbeRuntimeAfterStartup 67 | --- SKIP: TestProbeRuntime (0.00s) 68 | === CONT TestProtocols 69 | === CONT TestProbeRuntimeAfterStartup 70 | readiness_probe_test.go:162: Container.readinessProbe behaviour after startup is not defined by Knative Serving API Specification 71 | === RUN TestProtocols/h2c 72 | --- SKIP: TestProbeRuntimeAfterStartup (0.00s) 73 | === PAUSE TestProtocols/h2c 74 | === CONT TestShouldHaveFiles 75 | === RUN TestProtocols/http1 76 | === PAUSE TestProtocols/http1 77 | === RUN TestProtocols/default 78 | === PAUSE TestProtocols/default 79 | === CONT TestMustHaveHeadersSet 80 | service.go:113: Creating a new Service service must-have-headers-set-xxmcvtwh 81 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:must-have-headers-set-xxmcvtwh,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 82 | === CONT TestMustHaveCgroupConfigured 83 | service.go:113: Creating a new Service service must-have-cgroup-configured-loecsqyi 84 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:must-have-cgroup-configured-loecsqyi,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 85 | === CONT TestMustEnvVars 86 | service.go:113: Creating a new Service service must-env-vars-tcgttbgl 87 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:must-env-vars-tcgttbgl,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 88 | === CONT TestWorkingDirService 89 | service.go:113: Creating a new Service service working-dir-service-ztoccxqu 90 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:working-dir-service-ztoccxqu,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 91 | === CONT TestCmdArgs 92 | service.go:113: Creating a new Service service cmd-args-sfigrqsw 93 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:cmd-args-sfigrqsw,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 94 | === CONT TestShouldHaveSysctlReadOnly 95 | service.go:113: Creating a new Service service should-have-sysctl-read-only-pkmabzua 96 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-have-sysctl-read-only-pkmabzua,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 97 | === RUN TestMustNotContainerConstraints/TestArbitraryPortName 98 | === PAUSE TestMustNotContainerConstraints/TestArbitraryPortName 99 | === RUN TestMustNotContainerConstraints/TestMountPropagation 100 | === PAUSE TestMustNotContainerConstraints/TestMountPropagation 101 | === CONT TestSecretsViaEnv 102 | === CONT TestShouldHaveFiles 103 | service.go:113: Creating a new Service service should-have-files-pqkwuhne 104 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-have-files-pqkwuhne,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 105 | === CONT TestShouldHaveHeadersSet 106 | service.go:113: Creating a new Service service should-have-headers-set-utoirhna 107 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-have-headers-set-utoirhna,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 108 | === CONT TestShouldEnvVars 109 | service.go:113: Creating a new Service service should-env-vars-hiwntwsm 110 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-env-vars-hiwntwsm,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 111 | === RUN TestShouldNotContainerConstraints/TestPoststartHook 112 | === PAUSE TestShouldNotContainerConstraints/TestPoststartHook 113 | === RUN TestShouldNotContainerConstraints/TestPrestopHook 114 | === PAUSE TestShouldNotContainerConstraints/TestPrestopHook 115 | === RUN TestShouldNotContainerConstraints/TestMultiplePorts 116 | === PAUSE TestShouldNotContainerConstraints/TestMultiplePorts 117 | === RUN TestShouldNotContainerConstraints/TestHostPort 118 | === PAUSE TestShouldNotContainerConstraints/TestHostPort 119 | === RUN TestShouldNotContainerConstraints/TestStdin 120 | === PAUSE TestShouldNotContainerConstraints/TestStdin 121 | === RUN TestShouldNotContainerConstraints/TestStdinOnce 122 | === PAUSE TestShouldNotContainerConstraints/TestStdinOnce 123 | === RUN TestShouldNotContainerConstraints/TestTTY 124 | === PAUSE TestShouldNotContainerConstraints/TestTTY 125 | === RUN TestShouldNotContainerConstraints/TestInvalidUID 126 | === PAUSE TestShouldNotContainerConstraints/TestInvalidUID 127 | === CONT TestMustHaveFiles 128 | === RUN TestSecretsViaEnv/env 129 | === PAUSE TestSecretsViaEnv/env 130 | === RUN TestSecretsViaEnv/envFrom 131 | === PAUSE TestSecretsViaEnv/envFrom 132 | === CONT TestShouldHaveCgroupReadOnly 133 | === RUN TestConfigsViaEnv/env 134 | === PAUSE TestConfigsViaEnv/env 135 | === RUN TestConfigsViaEnv/envFrom 136 | === PAUSE TestConfigsViaEnv/envFrom 137 | === CONT TestProtocols/h2c 138 | service.go:113: Creating a new Service service protocols-h2c-fjfntlzn 139 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:protocols-h2c-fjfntlzn,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 140 | === CONT TestShouldHaveCgroupReadOnly 141 | service.go:113: Creating a new Service service should-have-cgroup-read-only-ejlobofw 142 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-have-cgroup-read-only-ejlobofw,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 143 | === CONT TestMustHaveFiles 144 | service.go:113: Creating a new Service service must-have-files-piqsyrgi 145 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:must-have-files-piqsyrgi,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 146 | === CONT TestMustHaveCgroupConfigured 147 | service.go:131: Waiting for Service to transition to Ready. service must-have-cgroup-configured-loecsqyi 148 | === CONT TestCmdArgs 149 | service.go:131: Waiting for Service to transition to Ready. service cmd-args-sfigrqsw 150 | === CONT TestShouldHaveCgroupReadOnly 151 | service.go:131: Waiting for Service to transition to Ready. service should-have-cgroup-read-only-ejlobofw 152 | === CONT TestShouldHaveHeadersSet 153 | service.go:131: Waiting for Service to transition to Ready. service should-have-headers-set-utoirhna 154 | === CONT TestMustHaveHeadersSet 155 | service.go:131: Waiting for Service to transition to Ready. service must-have-headers-set-xxmcvtwh 156 | === CONT TestMustEnvVars 157 | service.go:131: Waiting for Service to transition to Ready. service must-env-vars-tcgttbgl 158 | === CONT TestProtocols/h2c 159 | service.go:131: Waiting for Service to transition to Ready. service protocols-h2c-fjfntlzn 160 | === CONT TestShouldHaveSysctlReadOnly 161 | service.go:131: Waiting for Service to transition to Ready. service should-have-sysctl-read-only-pkmabzua 162 | === CONT TestWorkingDirService 163 | service.go:131: Waiting for Service to transition to Ready. service working-dir-service-ztoccxqu 164 | === CONT TestMustHaveFiles 165 | service.go:131: Waiting for Service to transition to Ready. service must-have-files-piqsyrgi 166 | === CONT TestShouldHaveFiles 167 | service.go:131: Waiting for Service to transition to Ready. service should-have-files-pqkwuhne 168 | === CONT TestShouldEnvVars 169 | service.go:131: Waiting for Service to transition to Ready. service should-env-vars-hiwntwsm 170 | === CONT TestMustHaveCgroupConfigured 171 | service.go:136: Checking to ensure Service Status is populated for Ready service 172 | service.go:142: Getting latest objects Created by Service 173 | service.go:145: Successfully created Service must-have-cgroup-configured-loecsqyi 174 | spoof.go:111: Spoofing must-have-cgroup-configured-loecsqyi-whediza7la-uc.a.run.app -> must-have-cgroup-configured-loecsqyi-whediza7la-uc.a.run.app 175 | --- PASS: TestMustHaveCgroupConfigured (8.57s) 176 | === CONT TestProtocols/default 177 | service.go:113: Creating a new Service service protocols-default-itajgdxw 178 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:protocols-default-itajgdxw,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 179 | === CONT TestShouldHaveHeadersSet 180 | service.go:136: Checking to ensure Service Status is populated for Ready service 181 | === CONT TestProtocols/default 182 | service.go:131: Waiting for Service to transition to Ready. service protocols-default-itajgdxw 183 | === CONT TestShouldHaveHeadersSet 184 | service.go:142: Getting latest objects Created by Service 185 | === CONT TestShouldHaveFiles 186 | service.go:136: Checking to ensure Service Status is populated for Ready service 187 | === CONT TestShouldHaveHeadersSet 188 | service.go:145: Successfully created Service should-have-headers-set-utoirhna 189 | spoof.go:111: Spoofing should-have-headers-set-utoirhna-whediza7la-uc.a.run.app -> should-have-headers-set-utoirhna-whediza7la-uc.a.run.app 190 | === CONT TestShouldHaveFiles 191 | service.go:142: Getting latest objects Created by Service 192 | === CONT TestShouldHaveCgroupReadOnly 193 | service.go:136: Checking to ensure Service Status is populated for Ready service 194 | === CONT TestWorkingDirService 195 | service.go:136: Checking to ensure Service Status is populated for Ready service 196 | === CONT TestCmdArgs 197 | service.go:136: Checking to ensure Service Status is populated for Ready service 198 | === CONT TestWorkingDirService 199 | service.go:142: Getting latest objects Created by Service 200 | === CONT TestShouldHaveCgroupReadOnly 201 | service.go:142: Getting latest objects Created by Service 202 | === CONT TestMustHaveHeadersSet 203 | service.go:136: Checking to ensure Service Status is populated for Ready service 204 | === CONT TestMustEnvVars 205 | service.go:136: Checking to ensure Service Status is populated for Ready service 206 | === CONT TestShouldHaveSysctlReadOnly 207 | service.go:136: Checking to ensure Service Status is populated for Ready service 208 | === CONT TestShouldEnvVars 209 | service.go:136: Checking to ensure Service Status is populated for Ready service 210 | === CONT TestMustHaveHeadersSet 211 | service.go:142: Getting latest objects Created by Service 212 | === CONT TestShouldHaveSysctlReadOnly 213 | service.go:142: Getting latest objects Created by Service 214 | === CONT TestCmdArgs 215 | service.go:142: Getting latest objects Created by Service 216 | === CONT TestProtocols/h2c 217 | service.go:136: Checking to ensure Service Status is populated for Ready service 218 | === CONT TestMustEnvVars 219 | service.go:142: Getting latest objects Created by Service 220 | === CONT TestShouldEnvVars 221 | service.go:142: Getting latest objects Created by Service 222 | === CONT TestProtocols/h2c 223 | service.go:142: Getting latest objects Created by Service 224 | === CONT TestShouldHaveFiles 225 | service.go:145: Successfully created Service should-have-files-pqkwuhne 226 | spoof.go:111: Spoofing should-have-files-pqkwuhne-whediza7la-uc.a.run.app -> should-have-files-pqkwuhne-whediza7la-uc.a.run.app 227 | === CONT TestWorkingDirService 228 | service.go:145: Successfully created Service working-dir-service-ztoccxqu 229 | spoof.go:111: Spoofing working-dir-service-ztoccxqu-whediza7la-uc.a.run.app -> working-dir-service-ztoccxqu-whediza7la-uc.a.run.app 230 | --- PASS: TestShouldHaveHeadersSet (11.33s) 231 | === CONT TestProtocols/http1 232 | service.go:113: Creating a new Service service protocols-http1-ccguvhrl 233 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:protocols-http1-ccguvhrl,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 234 | === CONT TestMustHaveHeadersSet 235 | service.go:145: Successfully created Service must-have-headers-set-xxmcvtwh 236 | spoof.go:111: Spoofing must-have-headers-set-xxmcvtwh-whediza7la-uc.a.run.app -> must-have-headers-set-xxmcvtwh-whediza7la-uc.a.run.app 237 | === CONT TestShouldEnvVars 238 | service.go:145: Successfully created Service should-env-vars-hiwntwsm 239 | spoof.go:111: Spoofing should-env-vars-hiwntwsm-whediza7la-uc.a.run.app -> should-env-vars-hiwntwsm-whediza7la-uc.a.run.app 240 | === CONT TestShouldHaveSysctlReadOnly 241 | service.go:145: Successfully created Service should-have-sysctl-read-only-pkmabzua 242 | spoof.go:111: Spoofing should-have-sysctl-read-only-pkmabzua-whediza7la-uc.a.run.app -> should-have-sysctl-read-only-pkmabzua-whediza7la-uc.a.run.app 243 | === CONT TestShouldHaveCgroupReadOnly 244 | service.go:145: Successfully created Service should-have-cgroup-read-only-ejlobofw 245 | spoof.go:111: Spoofing should-have-cgroup-read-only-ejlobofw-whediza7la-uc.a.run.app -> should-have-cgroup-read-only-ejlobofw-whediza7la-uc.a.run.app 246 | === CONT TestCmdArgs 247 | service.go:145: Successfully created Service cmd-args-sfigrqsw 248 | spoof.go:111: Spoofing cmd-args-sfigrqsw-whediza7la-uc.a.run.app -> cmd-args-sfigrqsw-whediza7la-uc.a.run.app 249 | === CONT TestProtocols/http1 250 | service.go:131: Waiting for Service to transition to Ready. service protocols-http1-ccguvhrl 251 | --- PASS: TestShouldHaveFiles (11.79s) 252 | === CONT TestMustNotContainerConstraints/TestArbitraryPortName 253 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:must-not-container-constraints-test-arbit-cvenfytt,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 254 | === CONT TestProtocols/h2c 255 | service.go:145: Successfully created Service protocols-h2c-fjfntlzn 256 | spoof.go:111: Spoofing protocols-h2c-fjfntlzn-whediza7la-uc.a.run.app -> protocols-h2c-fjfntlzn-whediza7la-uc.a.run.app 257 | === CONT TestMustNotContainerConstraints/TestMountPropagation 258 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:must-not-container-constraints-test-mount-djyvcnvd,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 259 | === CONT TestMustEnvVars 260 | service.go:145: Successfully created Service must-env-vars-tcgttbgl 261 | spoof.go:111: Spoofing must-env-vars-tcgttbgl-whediza7la-uc.a.run.app -> must-env-vars-tcgttbgl-whediza7la-uc.a.run.app 262 | --- PASS: TestMustNotContainerConstraints (0.04s) 263 | --- PASS: TestMustNotContainerConstraints/TestArbitraryPortName (0.12s) 264 | --- PASS: TestMustNotContainerConstraints/TestMountPropagation (0.06s) 265 | === CONT TestShouldNotContainerConstraints/TestPoststartHook 266 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-pos-ieaptcsu,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 267 | === CONT TestMustHaveFiles 268 | service.go:136: Checking to ensure Service Status is populated for Ready service 269 | === CONT TestShouldNotContainerConstraints/TestStdin 270 | --- PASS: TestShouldEnvVars (12.05s) 271 | === CONT TestShouldNotContainerConstraints/TestStdin 272 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-std-dvedgibn,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 273 | === CONT TestMustHaveFiles 274 | service.go:142: Getting latest objects Created by Service 275 | --- PASS: TestShouldHaveSysctlReadOnly (12.18s) 276 | === CONT TestShouldNotContainerConstraints/TestInvalidUID 277 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-inv-autyuhqa,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 278 | --- PASS: TestWorkingDirService (12.19s) 279 | === CONT TestShouldNotContainerConstraints/TestTTY 280 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-t-t-kzgaqtss,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 281 | === CONT TestShouldNotContainerConstraints/TestStdinOnce 282 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-std-psjptrbg,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 283 | === CONT TestShouldNotContainerConstraints/TestMultiplePorts 284 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-mul-smehvaai,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 285 | --- PASS: TestShouldHaveCgroupReadOnly (12.21s) 286 | === CONT TestShouldNotContainerConstraints/TestPrestopHook 287 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-pre-qncrezta,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 288 | === CONT TestShouldNotContainerConstraints/TestHostPort 289 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-hos-gwquksmb,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 290 | === CONT TestSecretsViaEnv/env 291 | envpropagation_test.go:40: Container.env.valueFrom is not required by Knative Serving API Specification 292 | === CONT TestSecretsViaEnv/envFrom 293 | envpropagation_test.go:62: Container.envFrom is not required by Knative Serving API Specification 294 | === CONT TestConfigsViaEnv/env 295 | --- PASS: TestSecretsViaEnv (0.01s) 296 | --- SKIP: TestSecretsViaEnv/env (0.00s) 297 | --- SKIP: TestSecretsViaEnv/envFrom (0.00s) 298 | === CONT TestConfigsViaEnv/env 299 | envpropagation_test.go:86: Container.env.valueFrom is not required by Knative Serving API Specification 300 | === CONT TestConfigsViaEnv/envFrom 301 | envpropagation_test.go:108: Container.envFrom is not required by Knative Serving API Specification 302 | --- PASS: TestConfigsViaEnv (0.05s) 303 | --- SKIP: TestConfigsViaEnv/env (0.00s) 304 | --- SKIP: TestConfigsViaEnv/envFrom (0.00s) 305 | --- PASS: TestShouldNotContainerConstraints (0.04s) 306 | --- PASS: TestShouldNotContainerConstraints/TestPoststartHook (0.24s) 307 | --- PASS: TestShouldNotContainerConstraints/TestTTY (0.06s) 308 | --- PASS: TestShouldNotContainerConstraints/TestStdin (0.25s) 309 | --- PASS: TestShouldNotContainerConstraints/TestHostPort (0.06s) 310 | --- PASS: TestShouldNotContainerConstraints/TestStdinOnce (0.25s) 311 | --- PASS: TestShouldNotContainerConstraints/TestPrestopHook (0.23s) 312 | --- PASS: TestShouldNotContainerConstraints/TestInvalidUID (0.31s) 313 | --- PASS: TestShouldNotContainerConstraints/TestMultiplePorts (0.29s) 314 | === CONT TestMustHaveFiles 315 | service.go:145: Successfully created Service must-have-files-piqsyrgi 316 | spoof.go:111: Spoofing must-have-files-piqsyrgi-whediza7la-uc.a.run.app -> must-have-files-piqsyrgi-whediza7la-uc.a.run.app 317 | --- PASS: TestCmdArgs (12.78s) 318 | --- PASS: TestMustHaveHeadersSet (12.82s) 319 | --- PASS: TestMustEnvVars (13.57s) 320 | --- PASS: TestMustHaveFiles (14.05s) 321 | === CONT TestProtocols/http1 322 | service.go:136: Checking to ensure Service Status is populated for Ready service 323 | service.go:142: Getting latest objects Created by Service 324 | service.go:145: Successfully created Service protocols-http1-ccguvhrl 325 | spoof.go:111: Spoofing protocols-http1-ccguvhrl-whediza7la-uc.a.run.app -> protocols-http1-ccguvhrl-whediza7la-uc.a.run.app 326 | === CONT TestProtocols/default 327 | service.go:136: Checking to ensure Service Status is populated for Ready service 328 | service.go:142: Getting latest objects Created by Service 329 | service.go:145: Successfully created Service protocols-default-itajgdxw 330 | spoof.go:111: Spoofing protocols-default-itajgdxw-whediza7la-uc.a.run.app -> protocols-default-itajgdxw-whediza7la-uc.a.run.app 331 | --- PASS: TestProtocols (0.00s) 332 | --- PASS: TestProtocols/h2c (13.48s) 333 | --- PASS: TestProtocols/default (9.95s) 334 | --- PASS: TestProtocols/http1 (7.28s) 335 | PASS 336 | ok knative.dev/serving/test/conformance/runtime 28.435s 337 | -------------------------------------------------------------------------------- /conformance/tests/results/v1.0/2022-04-13-google-cloud-run-for-anthos/README.md: -------------------------------------------------------------------------------- 1 | ## Product 2 | 3 | | **Title** | | 4 | | ------------------ | -------------------------------------------- | 5 | | **Vendor** | Google | 6 | | **Product Name / Version** | Cloud Run for Anthos | 7 | | **Website URL for Product** | https://cloud.google.com/anthos/run | 8 | 9 | -------------------------------------------------------------------------------- /conformance/tests/results/v1.0/2022-11-15-ibm-cloud-code-engine/README.md: -------------------------------------------------------------------------------- 1 | ## Product 2 | 3 | | **Title** | | 4 | | ------------------ | -------------------------------------------- | 5 | | **Vendor** | IBM Cloud | 6 | | **Product Name / Version** | Code Engine | 7 | | **Website URL for Product** | https://www.ibm.com/cloud/code-engine | 8 | -------------------------------------------------------------------------------- /conformance/tests/results/v1.0/2022-11-15-ibm-cloud-code-engine/serving_runtime_2022-11-15_e2e.log: -------------------------------------------------------------------------------- 1 | === RUN TestMustHaveCgroupConfigured 2 | === PAUSE TestMustHaveCgroupConfigured 3 | === RUN TestShouldHaveCgroupReadOnly 4 | === PAUSE TestShouldHaveCgroupReadOnly 5 | === RUN TestCmdArgs 6 | === PAUSE TestCmdArgs 7 | === RUN TestMustNotContainerConstraints 8 | === PAUSE TestMustNotContainerConstraints 9 | === RUN TestShouldNotContainerConstraints 10 | === PAUSE TestShouldNotContainerConstraints 11 | === RUN TestSecretsViaEnv 12 | === PAUSE TestSecretsViaEnv 13 | === RUN TestConfigsViaEnv 14 | === PAUSE TestConfigsViaEnv 15 | === RUN TestShouldEnvVars 16 | === PAUSE TestShouldEnvVars 17 | === RUN TestMustEnvVars 18 | === PAUSE TestMustEnvVars 19 | === RUN TestShouldHaveStdinEOF 20 | service.go:113: Creating a new Service service should-have-stdin-e-o-f-wsxbvvmg 21 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-have-stdin-e-o-f-wsxbvvmg,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 22 | service.go:131: Waiting for Service to transition to Ready. service should-have-stdin-e-o-f-wsxbvvmg 23 | service.go:136: Checking to ensure Service Status is populated for Ready service 24 | service.go:142: Getting latest objects Created by Service 25 | service.go:145: Successfully created Service should-have-stdin-e-o-f-wsxbvvmg 26 | spoof.go:110: Spoofing should-have-stdin-e-o-f-wsxbvvmg.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> should-have-stdin-e-o-f-wsxbvvmg.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 27 | --- PASS: TestShouldHaveStdinEOF (24.68s) 28 | === RUN TestMustHaveFiles 29 | === PAUSE TestMustHaveFiles 30 | === RUN TestShouldHaveFiles 31 | === PAUSE TestShouldHaveFiles 32 | === RUN TestMustHaveHeadersSet 33 | === PAUSE TestMustHaveHeadersSet 34 | === RUN TestShouldHaveHeadersSet 35 | === PAUSE TestShouldHaveHeadersSet 36 | === RUN TestProtocols 37 | === PAUSE TestProtocols 38 | === RUN TestProbeRuntime 39 | === PAUSE TestProbeRuntime 40 | === RUN TestProbeRuntimeAfterStartup 41 | === PAUSE TestProbeRuntimeAfterStartup 42 | === RUN TestShouldHaveSysctlReadOnly 43 | === PAUSE TestShouldHaveSysctlReadOnly 44 | === RUN TestMustRunAsUser 45 | user_test.go:40: Container.securityContext is not required by Knative Serving API Specification 46 | --- SKIP: TestMustRunAsUser (0.00s) 47 | === RUN TestShouldRunAsUserContainerDefault 48 | user_test.go:82: Container.securityContext is not required by Knative Serving API Specification 49 | --- SKIP: TestShouldRunAsUserContainerDefault (0.00s) 50 | === RUN TestWorkingDirService 51 | === PAUSE TestWorkingDirService 52 | === CONT TestMustHaveCgroupConfigured 53 | === CONT TestMustHaveFiles 54 | === CONT TestSecretsViaEnv 55 | === CONT TestProbeRuntime 56 | readiness_probe_test.go:56: Container.readinessProbe is not required by Knative Serving API Specification 57 | === CONT TestShouldHaveHeadersSet 58 | === CONT TestWorkingDirService 59 | === CONT TestShouldEnvVars 60 | --- SKIP: TestProbeRuntime (0.00s) 61 | === CONT TestMustNotContainerConstraints 62 | === CONT TestMustEnvVars 63 | === CONT TestConfigsViaEnv 64 | === CONT TestCmdArgs 65 | === CONT TestShouldHaveSysctlReadOnly 66 | === CONT TestShouldNotContainerConstraints 67 | === CONT TestMustHaveFiles 68 | service.go:113: Creating a new Service service must-have-files-ziexhexw 69 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:must-have-files-ziexhexw,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 70 | === RUN TestSecretsViaEnv/env 71 | === PAUSE TestSecretsViaEnv/env 72 | === RUN TestSecretsViaEnv/envFrom 73 | === PAUSE TestSecretsViaEnv/envFrom 74 | === CONT TestShouldHaveCgroupReadOnly 75 | === RUN TestMustNotContainerConstraints/TestArbitraryPortName 76 | === PAUSE TestMustNotContainerConstraints/TestArbitraryPortName 77 | === CONT TestShouldEnvVars 78 | service.go:113: Creating a new Service service should-env-vars-lzjgxpym 79 | === CONT TestMustHaveCgroupConfigured 80 | service.go:113: Creating a new Service service must-have-cgroup-configured-xedjysdl 81 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:must-have-cgroup-configured-xedjysdl,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 82 | === CONT TestShouldHaveHeadersSet 83 | service.go:113: Creating a new Service service should-have-headers-set-olpupsuq 84 | === CONT TestShouldEnvVars 85 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-env-vars-lzjgxpym,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 86 | === RUN TestMustNotContainerConstraints/TestMountPropagation 87 | === CONT TestMustEnvVars 88 | service.go:113: Creating a new Service service must-env-vars-hlgjthem 89 | === PAUSE TestMustNotContainerConstraints/TestMountPropagation 90 | === CONT TestShouldHaveHeadersSet 91 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-have-headers-set-olpupsuq,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 92 | === CONT TestProbeRuntimeAfterStartup 93 | === CONT TestMustEnvVars 94 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:must-env-vars-hlgjthem,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 95 | === CONT TestShouldHaveCgroupReadOnly 96 | service.go:113: Creating a new Service service should-have-cgroup-read-only-qpyzjylk 97 | === CONT TestWorkingDirService 98 | service.go:113: Creating a new Service service working-dir-service-scwwaxak 99 | === CONT TestProbeRuntimeAfterStartup 100 | readiness_probe_test.go:164: Container.readinessProbe behaviour after startup is not defined by Knative Serving API Specification 101 | --- SKIP: TestProbeRuntimeAfterStartup (0.00s) 102 | === CONT TestProtocols 103 | === RUN TestProtocols/h2c 104 | === PAUSE TestProtocols/h2c 105 | === RUN TestProtocols/http1 106 | === PAUSE TestProtocols/http1 107 | === RUN TestProtocols/default 108 | === PAUSE TestProtocols/default 109 | === CONT TestMustHaveHeadersSet 110 | === CONT TestWorkingDirService 111 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:working-dir-service-scwwaxak,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 112 | === CONT TestCmdArgs 113 | service.go:113: Creating a new Service service cmd-args-pyucvcoq 114 | === RUN TestConfigsViaEnv/env 115 | === PAUSE TestConfigsViaEnv/env 116 | === RUN TestConfigsViaEnv/envFrom 117 | === PAUSE TestConfigsViaEnv/envFrom 118 | === CONT TestShouldHaveFiles 119 | === CONT TestCmdArgs 120 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:cmd-args-pyucvcoq,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 121 | === CONT TestShouldHaveCgroupReadOnly 122 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-have-cgroup-read-only-qpyzjylk,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 123 | === CONT TestShouldHaveSysctlReadOnly 124 | service.go:113: Creating a new Service service should-have-sysctl-read-only-xzauitaj 125 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-have-sysctl-read-only-xzauitaj,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 126 | === RUN TestShouldNotContainerConstraints/TestPoststartHook 127 | === PAUSE TestShouldNotContainerConstraints/TestPoststartHook 128 | === RUN TestShouldNotContainerConstraints/TestPrestopHook 129 | === PAUSE TestShouldNotContainerConstraints/TestPrestopHook 130 | === RUN TestShouldNotContainerConstraints/TestMultiplePorts 131 | === PAUSE TestShouldNotContainerConstraints/TestMultiplePorts 132 | === RUN TestShouldNotContainerConstraints/TestHostPort 133 | === PAUSE TestShouldNotContainerConstraints/TestHostPort 134 | === RUN TestShouldNotContainerConstraints/TestStdin 135 | === PAUSE TestShouldNotContainerConstraints/TestStdin 136 | === RUN TestShouldNotContainerConstraints/TestStdinOnce 137 | === PAUSE TestShouldNotContainerConstraints/TestStdinOnce 138 | === RUN TestShouldNotContainerConstraints/TestTTY 139 | === PAUSE TestShouldNotContainerConstraints/TestTTY 140 | === RUN TestShouldNotContainerConstraints/TestInvalidUID 141 | === PAUSE TestShouldNotContainerConstraints/TestInvalidUID 142 | === CONT TestMustHaveHeadersSet 143 | service.go:113: Creating a new Service service must-have-headers-set-gkcprhrs 144 | === CONT TestSecretsViaEnv/env 145 | envpropagation_test.go:40: Container.env.valueFrom is not required by Knative Serving API Specification 146 | === CONT TestSecretsViaEnv/envFrom 147 | envpropagation_test.go:62: Container.envFrom is not required by Knative Serving API Specification 148 | --- PASS: TestSecretsViaEnv (0.01s) 149 | --- SKIP: TestSecretsViaEnv/env (0.00s) 150 | --- SKIP: TestSecretsViaEnv/envFrom (0.00s) 151 | === CONT TestMustHaveHeadersSet 152 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:must-have-headers-set-gkcprhrs,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 153 | === CONT TestMustNotContainerConstraints/TestArbitraryPortName 154 | === CONT TestShouldHaveFiles 155 | service.go:113: Creating a new Service service should-have-files-epjcuagw 156 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-have-files-epjcuagw,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 157 | === CONT TestMustNotContainerConstraints/TestArbitraryPortName 158 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:must-not-container-constraints-test-arbit-gdsapdnu,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 159 | === CONT TestMustHaveFiles 160 | service.go:131: Waiting for Service to transition to Ready. service must-have-files-ziexhexw 161 | === CONT TestMustNotContainerConstraints/TestMountPropagation 162 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:must-not-container-constraints-test-mount-ukyxyipk,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 163 | === CONT TestShouldHaveCgroupReadOnly 164 | service.go:131: Waiting for Service to transition to Ready. service should-have-cgroup-read-only-qpyzjylk 165 | === CONT TestShouldHaveFiles 166 | service.go:131: Waiting for Service to transition to Ready. service should-have-files-epjcuagw 167 | === CONT TestShouldHaveSysctlReadOnly 168 | service.go:131: Waiting for Service to transition to Ready. service should-have-sysctl-read-only-xzauitaj 169 | === CONT TestCmdArgs 170 | service.go:131: Waiting for Service to transition to Ready. service cmd-args-pyucvcoq 171 | === CONT TestMustEnvVars 172 | service.go:131: Waiting for Service to transition to Ready. service must-env-vars-hlgjthem 173 | === CONT TestMustHaveHeadersSet 174 | service.go:131: Waiting for Service to transition to Ready. service must-have-headers-set-gkcprhrs 175 | === CONT TestShouldHaveHeadersSet 176 | service.go:131: Waiting for Service to transition to Ready. service should-have-headers-set-olpupsuq 177 | --- PASS: TestMustNotContainerConstraints (0.02s) 178 | --- PASS: TestMustNotContainerConstraints/TestArbitraryPortName (0.56s) 179 | --- PASS: TestMustNotContainerConstraints/TestMountPropagation (0.34s) 180 | === CONT TestProtocols/h2c 181 | service.go:113: Creating a new Service service protocols-h2c-hnbbevot 182 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:protocols-h2c-hnbbevot,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 183 | === CONT TestShouldEnvVars 184 | service.go:131: Waiting for Service to transition to Ready. service should-env-vars-lzjgxpym 185 | === CONT TestWorkingDirService 186 | service.go:131: Waiting for Service to transition to Ready. service working-dir-service-scwwaxak 187 | === CONT TestMustHaveCgroupConfigured 188 | service.go:131: Waiting for Service to transition to Ready. service must-have-cgroup-configured-xedjysdl 189 | === CONT TestProtocols/h2c 190 | service.go:131: Waiting for Service to transition to Ready. service protocols-h2c-hnbbevot 191 | === CONT TestMustHaveFiles 192 | service.go:136: Checking to ensure Service Status is populated for Ready service 193 | service.go:142: Getting latest objects Created by Service 194 | === CONT TestShouldHaveCgroupReadOnly 195 | service.go:136: Checking to ensure Service Status is populated for Ready service 196 | === CONT TestShouldHaveFiles 197 | service.go:136: Checking to ensure Service Status is populated for Ready service 198 | === CONT TestShouldHaveSysctlReadOnly 199 | service.go:136: Checking to ensure Service Status is populated for Ready service 200 | === CONT TestShouldHaveCgroupReadOnly 201 | service.go:142: Getting latest objects Created by Service 202 | === CONT TestMustHaveHeadersSet 203 | service.go:136: Checking to ensure Service Status is populated for Ready service 204 | === CONT TestShouldHaveFiles 205 | service.go:142: Getting latest objects Created by Service 206 | === CONT TestShouldHaveSysctlReadOnly 207 | service.go:142: Getting latest objects Created by Service 208 | === CONT TestMustHaveHeadersSet 209 | service.go:142: Getting latest objects Created by Service 210 | === CONT TestMustHaveFiles 211 | service.go:145: Successfully created Service must-have-files-ziexhexw 212 | spoof.go:110: Spoofing must-have-files-ziexhexw.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> must-have-files-ziexhexw.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 213 | === CONT TestShouldHaveCgroupReadOnly 214 | service.go:145: Successfully created Service should-have-cgroup-read-only-qpyzjylk 215 | spoof.go:110: Spoofing should-have-cgroup-read-only-qpyzjylk.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> should-have-cgroup-read-only-qpyzjylk.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 216 | === CONT TestShouldHaveFiles 217 | service.go:145: Successfully created Service should-have-files-epjcuagw 218 | spoof.go:110: Spoofing should-have-files-epjcuagw.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> should-have-files-epjcuagw.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 219 | === CONT TestShouldHaveSysctlReadOnly 220 | service.go:145: Successfully created Service should-have-sysctl-read-only-xzauitaj 221 | spoof.go:110: Spoofing should-have-sysctl-read-only-xzauitaj.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> should-have-sysctl-read-only-xzauitaj.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 222 | === CONT TestMustHaveHeadersSet 223 | service.go:145: Successfully created Service must-have-headers-set-gkcprhrs 224 | spoof.go:110: Spoofing must-have-headers-set-gkcprhrs.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> must-have-headers-set-gkcprhrs.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 225 | === CONT TestShouldEnvVars 226 | service.go:136: Checking to ensure Service Status is populated for Ready service 227 | service.go:142: Getting latest objects Created by Service 228 | === CONT TestShouldHaveHeadersSet 229 | service.go:136: Checking to ensure Service Status is populated for Ready service 230 | === CONT TestMustEnvVars 231 | service.go:136: Checking to ensure Service Status is populated for Ready service 232 | --- PASS: TestMustHaveFiles (24.35s) 233 | === CONT TestProtocols/default 234 | service.go:113: Creating a new Service service protocols-default-nhrhgqrz 235 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:protocols-default-nhrhgqrz,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 236 | === CONT TestShouldEnvVars 237 | service.go:145: Successfully created Service should-env-vars-lzjgxpym 238 | spoof.go:110: Spoofing should-env-vars-lzjgxpym.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> should-env-vars-lzjgxpym.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 239 | === CONT TestMustHaveCgroupConfigured 240 | service.go:136: Checking to ensure Service Status is populated for Ready service 241 | === CONT TestWorkingDirService 242 | service.go:136: Checking to ensure Service Status is populated for Ready service 243 | --- PASS: TestShouldHaveCgroupReadOnly (24.43s) 244 | === CONT TestConfigsViaEnv/env 245 | envpropagation_test.go:86: Container.env.valueFrom is not required by Knative Serving API Specification 246 | === CONT TestProtocols/http1 247 | service.go:113: Creating a new Service service protocols-http1-kzulalim 248 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:protocols-http1-kzulalim,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 249 | === CONT TestShouldHaveHeadersSet 250 | service.go:142: Getting latest objects Created by Service 251 | === CONT TestMustEnvVars 252 | service.go:142: Getting latest objects Created by Service 253 | --- PASS: TestShouldHaveFiles (24.45s) 254 | === CONT TestConfigsViaEnv/envFrom 255 | envpropagation_test.go:108: Container.envFrom is not required by Knative Serving API Specification 256 | --- PASS: TestConfigsViaEnv (0.01s) 257 | --- SKIP: TestConfigsViaEnv/env (0.00s) 258 | --- SKIP: TestConfigsViaEnv/envFrom (0.00s) 259 | === CONT TestShouldNotContainerConstraints/TestPoststartHook 260 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-pos-logmpqyh,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 261 | === CONT TestMustHaveCgroupConfigured 262 | service.go:142: Getting latest objects Created by Service 263 | === CONT TestWorkingDirService 264 | service.go:142: Getting latest objects Created by Service 265 | --- PASS: TestShouldHaveSysctlReadOnly (24.64s) 266 | === CONT TestShouldNotContainerConstraints/TestInvalidUID 267 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-inv-ntzlxihb,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 268 | --- PASS: TestMustHaveHeadersSet (24.63s) 269 | === CONT TestShouldNotContainerConstraints/TestTTY 270 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-t-t-otunrvcj,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 271 | === CONT TestProtocols/http1 272 | service.go:131: Waiting for Service to transition to Ready. service protocols-http1-kzulalim 273 | === CONT TestProtocols/default 274 | service.go:131: Waiting for Service to transition to Ready. service protocols-default-nhrhgqrz 275 | === CONT TestShouldNotContainerConstraints/TestStdinOnce 276 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-std-ukyjfanf,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 277 | === CONT TestShouldNotContainerConstraints/TestStdin 278 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-std-udlpncao,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 279 | === CONT TestShouldNotContainerConstraints/TestHostPort 280 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-hos-dafucklc,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 281 | === CONT TestShouldNotContainerConstraints/TestMultiplePorts 282 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-mul-idcxiron,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 283 | === CONT TestShouldNotContainerConstraints/TestPrestopHook 284 | crd.go:36: resource { <*>{&TypeMeta{Kind:,APIVersion:,} &ObjectMeta{Name:should-not-container-constraints-test-pre-yriwebrg,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},} {{&ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ManagedFields:[]ManagedFieldsEntry{},}} {}} {{0 } { } { }}} } 285 | === CONT TestProtocols/h2c 286 | service.go:136: Checking to ensure Service Status is populated for Ready service 287 | === CONT TestShouldHaveHeadersSet 288 | service.go:145: Successfully created Service should-have-headers-set-olpupsuq 289 | spoof.go:110: Spoofing should-have-headers-set-olpupsuq.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> should-have-headers-set-olpupsuq.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 290 | === CONT TestMustEnvVars 291 | service.go:145: Successfully created Service must-env-vars-hlgjthem 292 | spoof.go:110: Spoofing must-env-vars-hlgjthem.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> must-env-vars-hlgjthem.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 293 | === CONT TestProtocols/h2c 294 | service.go:142: Getting latest objects Created by Service 295 | --- PASS: TestShouldNotContainerConstraints (0.02s) 296 | --- PASS: TestShouldNotContainerConstraints/TestPoststartHook (0.37s) 297 | --- PASS: TestShouldNotContainerConstraints/TestInvalidUID (0.26s) 298 | --- PASS: TestShouldNotContainerConstraints/TestTTY (0.37s) 299 | --- PASS: TestShouldNotContainerConstraints/TestStdinOnce (0.29s) 300 | --- PASS: TestShouldNotContainerConstraints/TestStdin (0.27s) 301 | --- PASS: TestShouldNotContainerConstraints/TestMultiplePorts (0.24s) 302 | --- PASS: TestShouldNotContainerConstraints/TestPrestopHook (0.25s) 303 | --- PASS: TestShouldNotContainerConstraints/TestHostPort (0.41s) 304 | === CONT TestWorkingDirService 305 | service.go:145: Successfully created Service working-dir-service-scwwaxak 306 | spoof.go:110: Spoofing working-dir-service-scwwaxak.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> working-dir-service-scwwaxak.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 307 | === CONT TestMustHaveCgroupConfigured 308 | service.go:145: Successfully created Service must-have-cgroup-configured-xedjysdl 309 | spoof.go:110: Spoofing must-have-cgroup-configured-xedjysdl.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> must-have-cgroup-configured-xedjysdl.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 310 | --- PASS: TestShouldEnvVars (25.86s) 311 | === CONT TestProtocols/h2c 312 | service.go:145: Successfully created Service protocols-h2c-hnbbevot 313 | spoof.go:110: Spoofing protocols-h2c-hnbbevot.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> protocols-h2c-hnbbevot.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 314 | --- PASS: TestShouldHaveHeadersSet (26.94s) 315 | --- PASS: TestMustEnvVars (26.95s) 316 | --- PASS: TestWorkingDirService (26.97s) 317 | --- PASS: TestMustHaveCgroupConfigured (27.00s) 318 | === CONT TestCmdArgs 319 | service.go:136: Checking to ensure Service Status is populated for Ready service 320 | service.go:142: Getting latest objects Created by Service 321 | service.go:145: Successfully created Service cmd-args-pyucvcoq 322 | spoof.go:110: Spoofing cmd-args-pyucvcoq.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> cmd-args-pyucvcoq.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 323 | --- PASS: TestCmdArgs (30.67s) 324 | === CONT TestProtocols/default 325 | service.go:136: Checking to ensure Service Status is populated for Ready service 326 | service.go:142: Getting latest objects Created by Service 327 | === CONT TestProtocols/http1 328 | service.go:136: Checking to ensure Service Status is populated for Ready service 329 | === CONT TestProtocols/default 330 | service.go:145: Successfully created Service protocols-default-nhrhgqrz 331 | spoof.go:110: Spoofing protocols-default-nhrhgqrz.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> protocols-default-nhrhgqrz.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 332 | === CONT TestProtocols/http1 333 | service.go:142: Getting latest objects Created by Service 334 | service.go:145: Successfully created Service protocols-http1-kzulalim 335 | spoof.go:110: Spoofing protocols-http1-kzulalim.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud -> protocols-http1-kzulalim.vaw30wzxpbk.ca-tor.codeengine.appdomain.cloud 336 | --- PASS: TestProtocols (0.00s) 337 | --- PASS: TestProtocols/h2c (26.72s) 338 | --- PASS: TestProtocols/default (21.32s) 339 | --- PASS: TestProtocols/http1 (22.08s) 340 | PASS 341 | ok knative.dev/serving/test/conformance/runtime 71.235s 342 | -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- 1 | # Knative Policies and Procedures 2 | - [Knative Conformance Certification](conformance_procedure.md) 3 | - [Knative Terms and Conditions](terms_and_conditions.md) 4 | 5 | TODO(leads): 6 | - Policies for versioning the specs 7 | - Policies for contributing to the specs 8 | - Procedures for mainting Knative conformance certificates 9 | -------------------------------------------------------------------------------- /docs/conformance_procedure.md: -------------------------------------------------------------------------------- 1 | # Knative Conformance Certification 2 | Vendors can follow the procedures outlined here to become Knative conformance certified. The certification process ensures an implementation conforms to the Knative specifications, and allows use of the Knative trademark under the [Terms and Conditions](terms_and_conditions.md) guidelines. 3 | 4 | ## Certification Process Overview 5 | TODO(leads): fill in the instructions on: 6 | - How to checkout and run the conformance tests 7 | - How to upload the test results (e.g., open a PR, upload a zip file, etc.) 8 | - What form to fill in with vendor details 9 | - Who to send all this information to 10 | - What happens after submitting the documents 11 | 12 | ## Running Conformance Tests 13 | 14 | - [Running Conformance Tests for Serving](run_serving_tests.md) 15 | - Running Conformance Tests for Eventing(TODO) 16 | 17 | ## Uploading Conformance Test Results 18 | TODO(leads): complete 19 | 20 | ## Knative Cerfitication Application Form 21 | Fill out the [Knative Certificate Application Form](knative_certificate_application_form.md). 22 | 23 | ## Submitting an Application 24 | TODO(leads): complete 25 | 26 | ## Next Steps After Applying 27 | TODO(leads): complete 28 | 29 | -------------------------------------------------------------------------------- /docs/examples/serving/cloud_run.md: -------------------------------------------------------------------------------- 1 | # Running Serving Conformance Tests against Google Cloud Run 2 | 3 | 1. Check out your Knative Serving fork 4 | 5 | Create your own fork of the Knative Serving repository. Clone it to your machine: 6 | 7 | ```sh 8 | git clone git@github.com:/serving.git 9 | cd serving 10 | ``` 11 | 12 | 1. Build and upload the test images 13 | 14 | ```sh 15 | export KO_DOCKER_REPO='gcr.io/my-gcp-project' 16 | ./test/upload-test-images.sh 17 | ``` 18 | 19 | 1. Configure client objects 20 | 21 | Save the following content to a file, for example `~/kubeconfig_for_cloud_run`. 22 | 23 | ```yaml 24 | apiVersion: v1 25 | clusters: 26 | - cluster: 27 | server: https://us-central1-run.googleapis.com 28 | name: hosted 29 | contexts: 30 | - context: 31 | cluster: hosted 32 | user: hosteduser 33 | name: hostedcontext 34 | current-context: hostedcontext 35 | kind: Config 36 | preferences: {} 37 | users: 38 | - name: hosteduser 39 | user: 40 | auth-provider: 41 | config: null 42 | name: gcp 43 | ``` 44 | 45 | This file configures the client objects to connect to Cloud Run server in region `us-central1`. 46 | Change this value if you’d like to use a different [region](https://cloud.google.com/run/docs/locations). 47 | 48 | Make sure your [gcloud](https://cloud.google.com/sdk/docs/install) account has the Cloud Run 49 | Admin role ([roles/run.admin](https://cloud.google.com/run/docs/reference/iam/roles)). 50 | Authorize your gcloud account credentials: 51 | 52 | ```sh 53 | gcloud auth login 54 | gcloud auth application-default login 55 | ``` 56 | 57 | 1. Run the tests 58 | 59 | Run conformance tests for API v1: 60 | 61 | ```sh 62 | go test -v -tags=e2e -count=1 ./test/conformance/api/v1 \ 63 | -kubeconfig ~/kubeconfig_for_cloud_run -disable-logstream=true -disable-optional-api=true \ 64 | -resolvabledomain=true -test-namespace=my-gcp-project \ 65 | -request-headers="Authorization,Bearer $(gcloud auth print-identity-token)" \ 66 | -exceeding-memory-limit-size=10000 67 | ``` 68 | 69 | Run conformance tests for runtime: 70 | 71 | ```sh 72 | go test -v -tags=e2e -count=1 ./test/conformance/runtime \ 73 | -kubeconfig ~/kubeconfig_for_cloud_run -disable-logstream=true -disable-optional-api=true \ 74 | -resolvabledomain=true -test-namespace=my-gcp-project \ 75 | -request-headers="Authorization,Bearer $(gcloud auth print-identity-token)" 76 | ``` 77 | 78 | Explanations for some flags: 79 | 80 | - `kubeconfig`: The kubeconfig file you created in the previouse step. 81 | 82 | - `disable-optional-api`: Skip the tests against optional APIs. The optional APIs are not required 83 | by Knative Specification. Cloud Run does not support some of them. 84 | 85 | - `resolvabledomain`: The URL for a Cloud Run service route is resolvable. 86 | 87 | - `test-namespace`: Cloud Run uses Google Cloud Platform project ID as the namespace. 88 | 89 | - `request-headers`: Identity token from gcloud is used as authorization header for testing requests to get access to Cloud Run services. 90 | 91 | - `exceeding-memory-limit-size`: [Knative runtime contract](https://github.com/knative/specs/blob/main/specs/serving/runtime-contract.md#memory-and-cpu-limits) 92 | allows the serverless platform to automatically adjust the resource limits (e.g. memory) based on 93 | observed resource usage. When a memory exceeding usage happens, Cloud Run MAY adjust the limit 94 | to a much higher value temporarily to handle the usage peak for user applications. 10GB is used here 95 | instead of the default 500MB to get a non-200 response due to memory usage exceeding the 300MB limit. 96 | -------------------------------------------------------------------------------- /docs/knative_certificate_application_form.md: -------------------------------------------------------------------------------- 1 | # Knative Conformance Certificate Application Form 2 | TODO(leads): complete 3 | 4 | -------------------------------------------------------------------------------- /docs/run_serving_tests.md: -------------------------------------------------------------------------------- 1 | # Running Serving Conformance Tests 2 | 3 | ## Tests 4 | 5 | The standard set of Serving conformance tests is currently under 6 | [this directory](https://github.com/knative/serving/tree/main/test/conformance). 7 | 8 | ## Instructions 9 | 10 | 1. Check out your Knative Serving fork 11 | 12 | Create your own fork of the Knative Serving repository. Clone it to your machine: 13 | 14 | ```sh 15 | git clone git@github.com:/serving.git 16 | cd serving 17 | ``` 18 | 19 | 1. Build and upload the test images 20 | 21 | Set the environment variable for the docker repository to which test images should be pushed (e.g. gcr.io/[gcloud-project]). 22 | Then build and upload the test images 23 | 24 | ```sh 25 | export KO_DOCKER_REPO= 26 | ./test/upload-test-images.sh 27 | ``` 28 | 29 | 1. Configure client objects 30 | 31 | By default the tests will use the 32 | [kubeconfig file](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) 33 | at `~/.kube/config` to create [client objects](https://github.com/knative/serving/blob/ff30afc5fa738236181f50bc2e480061ad5a097d/test/clients.go#L45) 34 | connecting to your Knative platform. If `~/.kube/config` is not the one you intend to use, 35 | create your own config file. 36 | 37 | You might need to take other actions to grant authorization for the client objects to access 38 | your Knative platform. 39 | 40 | Please see [examples](#examples) section for details. 41 | 42 | 1. Run the tests 43 | 44 | Run conformance tests for API v1: 45 | 46 | ```sh 47 | go test -v -tags=e2e -count=1 ./test/conformance/api/v1 \ 48 | -kubeconfig -disable-logstream=true -disable-optional-api=true 49 | ``` 50 | 51 | Run conformance tests for runtime: 52 | 53 | ```sh 54 | go test -v -tags=e2e -count=1 ./test/conformance/runtime \ 55 | -kubeconfig -disable-logstream=true -disable-optional-api=true 56 | ``` 57 | 58 | You might need to specify extra [test flags](https://github.com/knative/serving/blob/main/test/e2e_flags.go). 59 | 60 | ## Examples 61 | 62 | Examples are under this [directory](./examples/serving/). 63 | -------------------------------------------------------------------------------- /docs/terms_and_conditions.md: -------------------------------------------------------------------------------- 1 | # Knative Conformance Terms and Conditions 2 | TODO(leads) 3 | -------------------------------------------------------------------------------- /knative-conformance.md: -------------------------------------------------------------------------------- 1 | # Qualifying Offerings and Self-Testing 2 | Any version of the Knative specifications is eligible for self-certification within the following constraints: 3 | 4 | * A version is no longer eligible one year after a minor version within the same major version has been released. For example, vX.Y is no longer eligible one year after vX.Y+1 is released. 5 | * Any version within a major version sequence is no longer eligible two years after a new major version has been released. For example, vX.Y is no longer eligible two years after vX+1.0 is released regardless of when vX.Y was released. 6 | 7 | Any certification received for a version is only valid within the timeframe that the specified version of the specifications are eligible for new certifications. For example, if vX.Y is due to become ineligible for certification on December 30, 2021, a certification for vX.Y that is approved on November 30, 2021 will only be valid for one month. 8 | 9 | All certifications become invalid when the corresponding version of the Knative specifications are no longer eligible for certification. 10 | 11 | All statements of conformance must include the specific version numbers (major and minor) of the specifications to which they have been self-certified. 12 | -------------------------------------------------------------------------------- /specs/README.md: -------------------------------------------------------------------------------- 1 | # Knative Specifications 2 | 3 | # Core Specs 4 | The core specifications can be found for: 5 | - [Serving](serving/) 6 | - [Eventing](eventing/) 7 | 8 | -------------------------------------------------------------------------------- /specs/common/error-signalling.md: -------------------------------------------------------------------------------- 1 | # Error Signalling 2 | 3 | 4 | 5 | Knative APIs use the 6 | [Kubernetes Conditions convention](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties) 7 | to communicate errors and problems to the user. Note that Knative customizes the 8 | general Kubernetes recommendation with a `severity` field, and does not include 9 | `lastHeartbeatTime` for scalability reasons. Each user-visible resource 10 | described in Resource Overview MUST have a `conditions` field in `status`, which 11 | MUST be a list of `Condition` objects described by the following table. 12 | 13 | Fields in the condition which are not marked as "REQUIRED" MAY be omitted to 14 | indicate the default value (i.e. a Condition which does not include a `status` 15 | field is equivalent to a `status` of `"Unknown"`). As `Conditions` are an output 16 | API, an implementation MAY never set these fields; the OpenAPI document MUST 17 | still describe these fields. The actual API object types in an OpenAPI document 18 | might be named `FooCondition` (for a `Foo` resource, for example) to allow 19 | better code generation and disambiguation between similar fields in the same 20 | `apiGroup`. 21 | 22 | 23 | 24 | 26 | 28 | 30 | 32 | 33 | 34 | 36 | 38 | 43 | 45 | 46 | 47 | 49 | 56 | 58 | 60 | 61 | 62 | 64 | 66 | 68 | 70 | 71 | 72 | 74 | 76 | 78 | 80 | 81 | 82 | 84 | 91 | 93 | 95 | 96 | 97 | 99 | 101 | 103 | 105 | 106 |
Field 25 | Type 27 | Description 29 | Default Value If Unset 31 |
type 35 | string 37 | The category of the condition, as a short, CamelCase word or phrase. 39 |

40 | This is the primary key of the Conditions list when viewed as a map and MUST be 41 | unique across Conditions for a given resource. 42 |

REQUIRED – No default 44 |
status 48 | Enum:
    50 | 51 |
  • "True" 52 |
  • "False" 53 |
  • "Unknown"
54 | 55 | 		The last measured status of this condition. 57 | "Unknown" 59 |
reason 63 | string 65 | One-word CamelCase reason for the condition's last transition. 67 | "" 69 |
message 73 | string 75 | Human-readable sentence describing the last transition. 77 | "" 79 |
severity 83 | Enum:
    85 | 86 |
  • "" 87 |
  • "Warning" 88 |
  • "Info"
89 | 90 | 		If present, represents the severity of the condition. An empty severity represents a severity level of "Error". 92 | "" 94 |
lastTransitionTime 98 | date-time string (RFC 3339 format) 100 | Last update time for this condition. 102 | "" (no timestamp specified) 104 |
107 | 108 | Additionally, the resource's `status.conditions` field MUST be managed as 109 | follows to enable clients (particularly user interfaces) to present useful 110 | diagnostic and error message to the user. In the following section, conditions 111 | are referred to by their `type` (aka the string value of the `type` field on the 112 | Condition). 113 | 114 | 1. Each resource MUST have a summary `Ready` condition (for ongoing systems) or 115 | `Succeeded` condition (for resources that run to completion) with 116 | `severity=""`, which MUST use the `"True"`, `"False"`, and `"Unknown"` 117 | status values as follows: 118 | 119 | 1. `"False"` MUST indicate a failure condition. 120 | 1. `"Unknown"` SHOULD indicate that reconciliation is not yet complete and 121 | success or failure is not yet determined. 122 | 1. `"True"` SHOULD indicate that the resource is fully reconciled and 123 | operating correctly. 124 | 125 | `"Unknown"` and `"True"` are specified as SHOULD rather than MUST 126 | requirements because there might be errors which prevent functioning which 127 | cannot be determined by the API stack (e.g. DNS record configuration in 128 | certain environments). Implementations are expected to treat these as "MUST" 129 | for factors within the control of the implementation. 130 | 131 | 1. For non-`Ready` conditions, any conditions with `severity=""` (aka "Error 132 | conditions") MUST be aggregated into the "Ready" condition as follows: 133 | 134 | 1. If the condition is `"False"`, `Ready`'s status MUST be `"False"`. 135 | 1. If the condition is `"Unknown"`, `Ready`'s status MUST be `"False"` or 136 | `"Unknown"`. 137 | 1. If the condition is `"True"`, `Ready`'s status can be any of `"True"`, 138 | `"False"`, or `"Unknown"`. 139 | 140 | Implementations MAY choose to report that `Ready` is `"False"` or 141 | `"Unknown"` even if all Error conditions report a status of `"True"` (i.e. 142 | there might be additional hidden implementation conditions which feed into 143 | the `Ready` condition which are not reported.) 144 | 145 | 1. Conditions with a `status` other than `"True"` SHOULD provide `message` and 146 | `reason` fields indicating the reason that the `status` is not `"True"`. 147 | Conditions where the `status` is `"False"` MUST provide a failure `reason` 148 | in the condition. (`"Unknown"` conditions might not have been reconciled, 149 | and so MAY have an empty `reason`.) 150 | 151 | Conditions type names SHOULD be chosen to describe positive conditions where 152 | `"True"` means that the condition has been satisfied. Some conditions MAY be 153 | transient (for example, `ResourcesAllocated` might change between `"True"` and 154 | `"False"` as an application scales to and from zero). It is RECOMMENDED that 155 | transient conditions be indicated with a `severity="Info"`. 156 | -------------------------------------------------------------------------------- /specs/common/knative-serving-conformance-testing-workflow.md: -------------------------------------------------------------------------------- 1 | # Knative Conformance Workflow 2 | 3 | This document covers the workflow steps to gain knative conformance 4 | 5 | ## Conformance Steps 6 | 1. Run Manual Tests 7 | 2. Open Github PR in knative/specs repo 8 | - Use PR template below 9 | - place in the following directory structure 10 | - conformance/tests/results/$spec_version/${date}-${product} directory with a metadata file and test results 11 | - ex; .../v1.0/2021-12-18-ibm-code-engine/... 12 | - Attach Logs from tests 13 | 3. KTC reviews 14 | - Template 15 | - logs 16 | 4. Knative Trademark Committee (KTC) provide approval / exception / or non-approval 17 | - The KTC can be contacted at trademark@knative.team 18 | 6. Post to conformance matrix - consumable by the general public as a table of version, product, vendor and outcomes. 19 | - (TBD) Should have a public “conformant implementations” showcase on https://knative.dev/offerings 20 | 21 | 22 | 23 | ## Issue Template 24 | 25 | | **Title** | *Fill out with* | 26 | | ------------------ | -------------------------------------------- | 27 | | **Vendor** | *Name of Company / Entity* | 28 | | **Product Name / Version** | *Product Name / Version* | 29 | | **Version** | *Knative conformance ver* | 30 | | **Website URL for Product** | *Website of Product* | 31 | | **Contact Name** | *Conformance contact for questions* | 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /specs/eventing/README.md: -------------------------------------------------------------------------------- 1 | # Knative Eventing API spec 2 | 3 | This directory contains the specification of the Knative Eventing API, which is 4 | implemented in [`eventing.knative.dev`](https://github.com/knative/eventing/blob/main/pkg/apis/eventing/v1) and verified 5 | via [the e2e test](https://github.com/knative/eventing/blob/main/test/e2e). 6 | 7 | **Updates to this spec should include a corresponding change to the API 8 | implementation for [eventing](https://github.com/knative/eventing/blob/main/pkg/apis/eventing/v1beta1) and 9 | [the e2e test](https://github.com/knative/eventing/blob/main/test/e2e).** 10 | 11 | Docs in this directory: 12 | 13 | - [Motivation and goals](motivation.md) 14 | - [Resource type overview](overview.md) 15 | - [Control Plane specification](control-plane.md) 16 | - [Data Plane specification](data-plane.md) 17 | -------------------------------------------------------------------------------- /specs/eventing/data-plane.md: -------------------------------------------------------------------------------- 1 | # Knative Eventing Data Plane Contract 2 | 3 | ## Terminology 4 | 5 | This document discusses communication between two parties: 6 | 7 | - **Event Senders** initiate an HTTP POST to deliver a CloudEvent. 8 | - **Event Recipients** receive an HTTP POST and accept (or reject) a CloudEvent. 9 | 10 | Additionally, these roles can be combined in different ways: 11 | 12 | - **Event Processors** can be event senders, event recipients, or both. 13 | - **Event Sources** are exclusively event senders, and never act as recipients. 14 | - **Event Sinks** are exclusively event recipients, and do not send events as 15 | part of their event handling. 16 | 17 | ## Introduction 18 | 19 | Late-binding event senders and recipients (composing applications using 20 | configuration) only works when all event senders and recipients speak a common 21 | protocol. In order to enable wide support for senders and recipients, Knative 22 | Eventing extends the 23 | [CloudEvents HTTP bindings](https://github.com/cloudevents/spec/blob/v1.0.1/http-protocol-binding.md) 24 | with additional semantics for the following reasons: 25 | 26 | - Knative Eventing aims to enable at least once event processing; hence it 27 | prefers duplicate delivery to discarded events. The CloudEvents spec does not 28 | take a stance here. 29 | 30 | - The CloudEvents HTTP bindings provide a relatively simple and efficient 31 | network protocol which can easily be supported in a wide variety of 32 | programming languages leveraging existing library investments in HTTP. The 33 | CloudEvents project has already written these libraries for many popular 34 | languages. 35 | 36 | - Knative Eventing assumes a sender-driven (push) event delivery system. That 37 | is, each recipient is actively responsible for an event until it is handled 38 | (or affirmatively delivered to all following recipients). 39 | 40 | - Knative Eventing aims to make [event sources](./overview.md#event-source) and 41 | event-processing software easier to write; as such, it imposes higher 42 | standards on system components like [brokers](./overview.md#broker) and 43 | [channels](./overview.md#channel) than on edge components. 44 | 45 | This contract defines a mechanism for a single event sender to reliably deliver 46 | a single event to a single recipient. Building from this primitive, chains of 47 | reliable event delivery and event-driven applications can be built. 48 | 49 | ## Background 50 | 51 | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", 52 | "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be 53 | interpreted as described in 54 | [RFC2119](https://datatracker.ietf.org/doc/html/rfc2119). 55 | 56 | When not specified in this document, the 57 | [CloudEvents HTTP bindings, version 1.0](https://github.com/cloudevents/spec/blob/v1.0.1/http-protocol-binding.md) 58 | and [HTTP 1.1 protocol](https://tools.ietf.org/html/rfc7230) standards MUST be 59 | followed (with the CloudEvents bindings taking precedence in the case of 60 | conflict). 61 | 62 | The current version of this document does not describe protocol negotiation or 63 | any delivery mechanism other than HTTP 1.1. Future versions might define 64 | protocol negotiation to optimize delivery; compliant implementations SHOULD aim 65 | to interoperate by ignoring unrecognized negotiation options (such as 66 | [HTTP `Upgrade` headers](https://datatracker.ietf.org/doc/html/rfc7230#section-6.7)). 67 | 68 | ## Event Delivery 69 | 70 | ### Minimum supported protocol 71 | 72 | All senders and recipients MUST support the CloudEvents 1.0 protocol and the 73 | [binary](https://github.com/cloudevents/spec/blob/v1.0.1/http-protocol-binding.md#31-binary-content-mode) 74 | and 75 | [structured](https://github.com/cloudevents/spec/blob/v1.0.1/http-protocol-binding.md#32-structured-content-mode) 76 | content modes of the CloudEvents HTTP binding. Senders which do not advertise 77 | the ability to accept [reply events](#derived-reply-events) MAY implement only 78 | one content mode, as the recipient is not allowed to negotiate the content mode. 79 | 80 | ### HTTP Verbs 81 | 82 | In the absence of specific delivery preferences, the sender MUST initiate 83 | delivery of the event to the recipient using the HTTP POST verb, using either 84 | the structured or binary encoding of the event (sender's choice). This delivery 85 | MUST be performed using the CloudEvents HTTP Binding, version 1.x. 86 | 87 | Senders MAY probe the recipient with an 88 | [HTTP OPTIONS request](https://tools.ietf.org/html/rfc7231#section-4.3.7); if 89 | implemented, the recipient MUST indicate support for the POST verb using the 90 | [`Allow` header](https://tools.ietf.org/html/rfc7231#section-7.4.1). Senders 91 | which receive an error when probing with HTTP OPTIONS SHOULD proceed using the 92 | HTTP POST mechanism. 93 | 94 | ### Event Acknowledgement and Delivery Retry 95 | 96 | Event recipients MUST use the HTTP response code to indicate acceptance of an 97 | event. The recipient SHOULD NOT return a response accepting the event until it 98 | has handled the event (processed the event or stored it in stable storage). The 99 | following response codes are explicitly defined; event recipients MAY also 100 | respond with other response codes. A response code not in this table SHOULD be 101 | treated as a retriable error. 102 | 103 | | Response code | Meaning | Retry | Delivery completed | Error | 104 | | ------------- | ------------------------------------------------- | ----- | ------------------ | ----- | 105 | | `1xx` | (Unspecified) | No\* | No\* | Yes\* | 106 | | `200` | [Accepted, event in reply](#derived-reply-events) | No | Yes | No | 107 | | `202` | Event accepted | No | Yes | No | 108 | | other `2xx` | (Unspecified) | No | Yes | No | 109 | | `3xx` | (Unspecified) | No\* | No\* | Yes\* | 110 | | `400` | Unparsable event | No | No | Yes | 111 | | `401` | Invalid / missing authentication | No | No | Yes | 112 | | `403` | Not allowed event | No | No | Yes | 113 | | `404` | Endpoint does not exist | Yes | No | Yes | 114 | | `408` | Request Timeout | Yes | No | Yes | 115 | | `409` | Conflict / Processing in progress | Yes | No | Yes | 116 | | `429` | Too Many Requests / Overloaded | Yes | No | Yes | 117 | | other `4xx` | Error | No | No | Yes | 118 | | `5xx` | Error | Yes | No | Yes | 119 | 120 | \* Unspecified `1xx`, `2xx`, and `3xx` response codes are **reserved for future 121 | extension**. Event recipients SHOULD NOT send these response codes in this spec 122 | version, but event senders MUST handle these response codes as errors or success 123 | as appropriate and implement described success or failure behavior. 124 | 125 | Recipients MUST accept duplicate delivery of events, but they are NOT REQUIRED 126 | to detect that they are duplicates. If duplicate detection is implemented, then 127 | as specified in the 128 | [CloudEvents specification](https://github.com/cloudevents/spec/blob/v1.0.1/primer.md#id), 129 | event recipients MUST use the 130 | [`source` and `id` attributes](https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#required-attributes) 131 | to identify duplicate events. This specification does not describe state 132 | requirements for recipients which need to detect duplicate events. In general, 133 | senders MAY add or update other CloudEvent attributes on each delivery attempt; 134 | see [observability](#observability) for an example case. 135 | 136 | Where possible, event senders SHOULD re-attempt delivery of events where the 137 | HTTP request returned a retryable status code. It is RECOMMENDED that event 138 | senders implement some form of congestion control (such as exponential backoff) 139 | and delivery throttling when managing retry timing. Congestion control MAY cause 140 | event delivery to fail or MAY include not retrying failed delivery attempts. 141 | This specification does not document any specific congestion control algorithm 142 | or parameters. [Brokers](./overview.md#broker) and 143 | [Channels](./overview.md#channel) MUST implement congestion control and MUST 144 | implement retries. 145 | 146 | ### Observability 147 | 148 | Event senders MAY add or update CloudEvents attributes before sending to 149 | implement observability features such as tracing; in particular, the 150 | `traceparent` and `tracestate` distributed tracing attributes defined by 151 | [W3C](https://www.w3.org/TR/trace-context/) and 152 | [CloudEvents](https://github.com/cloudevents/spec/blob/v1.0/extensions/distributed-tracing.md) 153 | MAY be modified in this way for each delivery attempt of the same event. 154 | 155 | This specification does not mandate any particular logging or metrics 156 | aggregation, nor a method of exposing observability information to users 157 | configuring the resources. Platform administrators SHOULD expose event-delivery 158 | telemetry to users through platform-specific interfaces, but such interfaces are 159 | beyond the scope of this document. 160 | 161 | ### Derived (Reply) Events 162 | 163 | In some applications, an event recipient MAY emit an event in reaction to a 164 | received event. Senders MAY choose to support this pattern by accepting an 165 | encoded CloudEvent in the HTTP response. 166 | 167 | An event sender MAY document support for this pattern by including a 168 | `Prefer: reply` header in the HTTP POST request. This header indicates to the 169 | event recipient that the caller will accept a 170 | [`200` response](#event-acknowledgement-and-repeat-delivery) which includes a 171 | CloudEvent encoded using the binary or structured formats. 172 | [Brokers](./overview.md#broker) and [Channels](./overview.md#channel) MUST 173 | indicate support for replies using the `Prefer: reply` header when sending to 174 | the `spec.subscriber` address. 175 | 176 | A recipient MAY reply to any HTTP POST with a `200` response to indicate that 177 | the event was processed successfully, with or without a response payload. If the 178 | recipient does not produce a response payload, the `202` response code is also 179 | acceptable. Responses with a `202` response code MUST NOT be processed as reply 180 | events; even if the response can be interpreted as a CloudEvent, the status 181 | monitor for the accepted-but-not-completed request MUST NOT be routed further. 182 | 183 | If a recipient chooses to reply to a sender with a `200` response code and a 184 | reply event in the absence of a `Prefer: reply` header from the sender, the 185 | sender SHOULD treat the event as accepted, and MAY log an error about the 186 | unexpected payload. If a sender will process a reply event it MUST include the 187 | `Prefer: reply` header on the POST request. 188 | -------------------------------------------------------------------------------- /specs/eventing/images/eventing-overview.svg: -------------------------------------------------------------------------------- 1 | eventing.knative.devmessaging.knative.devBrokerTriggerevents selected from Broker,replies sent back to BrokerTriggerChannelSubscriptionSubscriptionevents sent from Channel to Addressable,replies sent to second Addressable«Knative Service»Addressable«Kubernetes Service»Addressablebrokerbrokersubscriberchannelchannelsubscriberreply -------------------------------------------------------------------------------- /specs/eventing/motivation.md: -------------------------------------------------------------------------------- 1 | # Motivation 2 | 3 | The goal of the Knative Eventing project is to define common primitives to 4 | enable composing event-processing applications through configuration, rather 5 | than application code. 6 | 7 | Building by combining independent components provides a number of benefits for 8 | application designers: 9 | 10 | 1. Services are loosely coupled during development and may be deployed 11 | independently on a variety of platforms (Kubernetes, VMs, SaaS or FaaS). This 12 | composability allows re-use of common patterns and building blocks, even 13 | across programming language and tooling boundaries. 14 | 15 | 1. A producer can generate events before a consumer is listening, and a consumer 16 | can express an interest in an event or class of events that is not yet being 17 | produced. This allows event-driven applications to evolve over time without 18 | needing to closely coordinate changes. 19 | 20 | 1. Services can be connected to create new applications: 21 | - without modifying producer or consumer 22 | - with the ability to select a specific subset of events from a particular 23 | producer 24 | 25 | In order to enable loose coupling and late-binding of event producers and 26 | consumers, Knative Eventing utilizes and extends the 27 | [CloudEvents specification](https://github.com/cloudevents/spec) as the data 28 | plane protocol between components. Knative Eventing prioritizes at-least-once 29 | delivery semantics, using the CloudEvents HTTP POST (push) transport as a 30 | minimum common transport between components. 31 | 32 | Knative Eventing also defines patterns to simplify the construction and usage of 33 | event producers and consumers. 34 | -------------------------------------------------------------------------------- /specs/eventing/overview.md: -------------------------------------------------------------------------------- 1 | # Resource Types 2 | 3 | The Knative Eventing API provides primitives for two common event-processing 4 | patterns: 5 | 6 | - Topology-based event routing ([`messaging.knative.dev`](#messaging)) 7 | 8 | Events are routed based on _connections between objects_ (in particular, 9 | events flow along a [channel](#channel) to all 10 | [subscriptions](#subscription)). This model can be thought of as "event 11 | plumbing" in that events are managed like flows of water through pipes. In 12 | order to enable event processing, subscriptions provide a mechanism to route 13 | "reply" events further through the object topology. 14 | 15 | - Content-based event routing ([`eventing.knative.dev`](#eventing)) 16 | 17 | Events are selected for routing based on the event _attributes_ rather than 18 | primarily by object connections (a [broker](#broker) provides a stream of 19 | events which can be selected by a [trigger](#trigger)). This model is more 20 | akin to picking parts off a conveyor belt, where each event is considered 21 | separately for processing. Content-based routing handles reply events by 22 | re-enqueuing the events in the originating Broker. 23 | 24 | ![Overview of objects](images/eventing-overview.svg) 25 | 26 | 68 | 69 | Knative Eventing does not directly specify mechanisms for other event-processing 70 | models, including multi-stage workflows, correlated request-reply, and 71 | sequential (windowed) event processing; these models could be built using the 72 | primitives provided by Knative, or Knative could deliver events to an external 73 | system that implements these models. 74 | 75 | In addition to the primitives needed to express the above patterns, Knative 76 | Eventing defines two [_interface contracts_](#interface-contracts) to allow 77 | connecting multiple types of Kubernetes objects as event senders and recipients 78 | to the core primitives. 79 | 80 | ## Interface Contracts 81 | 82 | In addition to the concrete types described below in the `messaging.knative.dev` 83 | and `eventing.knative.dev` API groups, Knative Eventing supports referencing 84 | objects in other API groups as destinations for event delivery. This is done by 85 | defining partial schemas which the referenced resources must support. The 86 | following interface contracts define resource fragments and partial schemas 87 | (required fields on an arbitrary API object) which form a basis for Knative 88 | Eventing. 89 | 90 | ### Addressable 91 | 92 | [**Addressable**](./control-plane.md#addressable) resources expose a resource 93 | `address` (HTTP URL) in their `status` object. The URL is used as a destination 94 | for delivery of events to the resource; the exposed URL must implement the 95 | [data plane contract](data-plane.md) for receiving events. 96 | 97 | [**Broker**](#broker) and [**Channel**](#channel) both implement **Addressable** 98 | to receive events from other components. 99 | 100 | ### Destination 101 | 102 | [**Destination**](./control-plane.md#duckv1destination) is an interface 103 | (resource fragment) which is used consistently through Knative Eventing to 104 | reference an event delivery destination. A Destination eventually resolves the 105 | supplied information to an URL, and may be an absolute URL or 106 | [relative](https://datatracker.ietf.org/doc/html/rfc3986#section-4.2) to an 107 | **Addressable** object reference; it also supports a Kubernetes Service object 108 | reference (as a special case). An absolute URL in a Destination may be used to 109 | reference cluster-external resources such as a virtual machine or SaaS service. 110 | 111 | ### Event Source 112 | 113 | **Event Sources** are resources which generate events and may be configured to 114 | deliver the events to a **Destination** designated by a `sink` object in the 115 | resource's `spec`. The current Knative Eventing spec does not define any 116 | specific event sources; it only specifies the `spec.sink` partial schema at this 117 | time. 118 | 119 | ## Eventing 120 | 121 | ### Broker 122 | 123 | [**Broker**](./control-plane.md#broker) provides a central event-routing hub 124 | which exposes a URL address which event senders may use to submit events to the 125 | broker. A Broker may be implemented using many different underlying 126 | event-forwarding mechanisms; the broker defines a small set of common 127 | event-delivery configuration options and implementations of the broker may 128 | define additional configuration options via a reference to an external object 129 | (either a kubernetes built-in like ConfigMap or a custom object); the format of 130 | the external objects is intentionally not standardized. 131 | 132 | ### Trigger 133 | 134 | [**Trigger**](./control-plane.md#trigger) defines a filtered delivery option 135 | to select events delivered to a **Broker** and route them to a **Destination**. 136 | Trigger implements uniform event filtering based on the CloudEvents attributes 137 | associated with the event, ignoring the payload (which might be large and/or 138 | binary and need not be parsed during event routing). The destination interface 139 | contract allows Triggers to deliver events to either cluster-local objects or 140 | external resources. 141 | 142 | ## Messaging 143 | 144 | ### Channel 145 | 146 | [**Channel**](./control-plane.md#channel) provides an abstract interface 147 | which may be fulfilled by several concrete implementations of a backing 148 | asynchronous fan-out queue. The common abstraction provided by channel allows 149 | both the composition of higher-level constructs for chained or parallel 150 | processing of events, and the replacement of particular messaging technologies 151 | (for example, allowing a development environment to use a lower-reliability 152 | channel compared with the production environment). 153 | 154 | ### Subscription 155 | 156 | [**Subscription**](./control-plane.md#subscription) defines a delivery 157 | destination for all events sent to a **Channel**. Events sent to a channel are 158 | delivered to _each_ subscription _independently_ -- a subscription maintains its 159 | own list of undelivered events and will manage retries independently of any 160 | other subscriptions to the same channel. Like **Trigger**, subscriptions use the 161 | **Destination** interface to support event delivery to many different 162 | destination types. 163 | -------------------------------------------------------------------------------- /specs/serving/README.md: -------------------------------------------------------------------------------- 1 | # Knative Serving Specification 2 | 3 | The Knative Serving specifications have been moved. See the links below for 4 | document locations: 5 | 6 | - [Knative Serving Conformance Tests](https://github.com/knative/serving/tree/main/test/conformance) 7 | 8 | Docs in this directory: 9 | 10 | - [Motivation and goals](motivation.md) - non-normative 11 | - [Resource type overview](overview.md) - non-normative 12 | - [Knative Serving API Specification](knative-api-specification-1.0.md) 13 | - [Knative Serving Runtime Specification](runtime-contract.md) 14 | -------------------------------------------------------------------------------- /specs/serving/images/object_model.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/knative/specs/75ea0ec08ab07250f3687e1cc4c7985340370d26/specs/serving/images/object_model.png -------------------------------------------------------------------------------- /specs/serving/motivation.md: -------------------------------------------------------------------------------- 1 | # Motivation 2 | 3 | The goal of the Knative Serving project is to provide a common toolkit and API 4 | framework for serverless workloads. 5 | 6 | We define serverless workloads as computing workloads that are: 7 | 8 | - Stateless 9 | - Amenable to the process scale-out model 10 | - Primarily driven by application level (L7 -- HTTP, for example) request 11 | traffic 12 | 13 | While Kubernetes provides basic primitives like Deployment, and Service in 14 | support of this model, our experience suggests that a more compact and richer 15 | opinionated model has substantial benefit for developers. In particular, by 16 | standardizing on higher-level primitives which perform substantial amounts of 17 | automation of common infrastructure, it should be possible to build consistent 18 | toolkits that provide a richer experience than updating yaml files with 19 | `kubectl`. 20 | -------------------------------------------------------------------------------- /specs/serving/overview.md: -------------------------------------------------------------------------------- 1 | # Resource Types 2 | 3 | The primary resources in the Knative Serving API are Routes, Revisions, 4 | Configurations, and Services: 5 | 6 | - A **Route** provides a named endpoint and a mechanism for routing traffic to 7 | 8 | - **Revisions**, which are immutable snapshots of code + config, created by a 9 | 10 | - **Configuration**, which acts as a stream of environments for Revisions. 11 | 12 | - A **Service** acts as a top-level container for managing a Route and 13 | Configuration which implement a network service. 14 | 15 | ![Object model](images/object_model.png) 16 | 17 | ## Route 18 | 19 | A **Route** provides a network endpoint for a user's service (which consists of a 20 | series of software and configuration Revisions over time). A Kubernetes 21 | namespace can have multiple routes. The Route provides a long-lived, stable, 22 | named, HTTP-addressable endpoint that is backed by one or more **Revisions**. 23 | The default configuration is for the Route to automatically route traffic to the 24 | latest Revision created by a **Configuration**. For more complex scenarios, the 25 | API supports splitting traffic on a percentage basis, and CI tools could 26 | maintain multiple configurations for a single Route (e.g. "golden path" and 27 | “experiments”) or reference multiple Revisions directly to pin revisions during 28 | an incremental rollout and n-way traffic split. The Route can optionally assign 29 | addressable subdomains to any or all backing Revisions. 30 | 31 | ## Revision 32 | 33 | A **Revision** is an immutable snapshot of code and configuration. A Revision 34 | references a container image. Revisions are created by updates to a 35 | **Configuration**. 36 | 37 | Revisions that are not addressable via a Route may be garbage collected and all 38 | underlying Kubernetes resources will be deleted. Revisions that are addressable via a 39 | Route will have resource utilization proportional to the load they are under. 40 | 41 | ## Configuration 42 | 43 | A **Configuration** describes the desired latest Revision state, and creates and 44 | tracks the status of Revisions as the desired state is updated. A configuration 45 | will reference a container image and associated execution metadata needed by the 46 | Revision. On updates to a Configuration's spec, a new Revision will be created; 47 | the Configuration's controller will track the status of created Revisions and 48 | makes the most recently created and most recently _ready_ Revisions available in 49 | the status section. 50 | 51 | ## Service 52 | 53 | A **Service** encapsulates a **Route** and **Configuration** which together 54 | provide a software component. A Service exists to provide a singular abstraction 55 | which can be access controlled, reasoned about, and which encapsulates software 56 | lifecycle decisions such as rollout policy and team resource ownership. A Service 57 | acts only as an orchestrator of the underlying Route and Configuration (much as 58 | a Kubernetes Deployment orchestrates ReplicaSets). Its usage is optional but 59 | recommended. 60 | 61 | The Service's controller will track the statuses of its owned Configuration and 62 | Route, reflecting their statuses and conditions as its own. 63 | 64 | The owned Configuration's Ready conditions are surfaced as the Service's 65 | ConfigurationsReady condition. The owned Routes' Ready conditions are surfaced 66 | as the Service's RoutesReady condition. 67 | 68 | ## Orchestration 69 | 70 | Revisions are created indirectly when a Configuration is created or updated. 71 | This provides: 72 | 73 | - a single referenceable resource for the Route to perform automated rollouts 74 | - a single resource that can be watched to see a history of all the Revisions 75 | created 76 | - PATCH semantics for Revisions implemented server-side, minimizing 77 | read-modify-write implemented across multiple clients, which could result in 78 | optimistic concurrency errors 79 | - the ability to rollback to a known good Configuration 80 | 81 | Update operations on the Service enable scenarios such as: 82 | 83 | - _"Push image, keep config":_ Specifying a new Revision with updated image, 84 | inheriting configuration such as env vars from the Configuration 85 | - _"Update config, keep image"_: Specifying a new Revision as just a change to 86 | Configuration, such as updating an env variable, inheriting all other 87 | configuration and image 88 | - _"Execute a controlled rollout"_: Updating the Service's traffic spec allows 89 | testing of Revisions before making them live, and controlled rollouts 90 | -------------------------------------------------------------------------------- /specs/serving/runtime-contract.md: -------------------------------------------------------------------------------- 1 | # Knative Runtime Contract 2 | 3 | ## Abstract 4 | 5 | The Knative serverless compute infrastructure extends the 6 | [Open Container Initiative Runtime Specification](https://github.com/opencontainers/runtime-spec/blob/master/spec.md) 7 | to describe the functionality and requirements for serverless execution 8 | workloads. In contrast to general-purpose containers, stateless 9 | request-triggered (i.e. on-demand) autoscaled containers have the following 10 | properties: 11 | 12 | - Little or no long-term runtime state (especially in cases where code might be 13 | scaled to zero in the absence of request traffic). 14 | - Logging and monitoring aggregation (telemetry) is important for understanding 15 | and debugging the system, as containers might be created or deleted at any 16 | time in response to autoscaling. 17 | - Multitenancy is highly desirable to allow cost sharing for bursty applications 18 | on relatively stable underlying hardware resources. 19 | 20 | This contract does not define the control surfaces over the runtime environment 21 | except by 22 | [reference to the Knative Kubernetes resources](knative-api-specification-1.0.md). 23 | Similarly, this contract does not define the implementation of metrics or 24 | logging aggregation, except to provide a contract for the collection of logging 25 | data. It is expected that access to the aggregated telemetry will be provided by 26 | the platform operator. 27 | 28 | ## Background 29 | 30 | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", 31 | "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" are to be 32 | interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). 33 | 34 | The 35 | [OCI specification](https://github.com/opencontainers/runtime-spec/blob/master/spec.md) 36 | ([v1.0.1](https://github.com/opencontainers/runtime-spec/blob/v1.0.1/spec.md)) 37 | is the basis for this document. When this document and the OCI specification 38 | conflict, this document is assumed to override the general OCI recommendations. 39 | Where this document does not specify behavior, runtime implementations SHOULD be 40 | OCI compliant with respect to those features. Additionally, the core Knative 41 | definition assumes the 42 | [Linux Container Configuration](https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md). 43 | 44 | In particular, the default Knative implementation relies on Kubernetes behavior 45 | to implement container operation. In some cases, current Kubernetes behavior in 46 | 2018 is not as performant as envisioned in this documentation. The goal of the 47 | Knative authors is to push as much of the needed functionality into Kubernetes 48 | and/or HTTP routers as possible, rather than implementing reach-around layers. 49 | 50 | This document considers two users of a given Knative environment, and is 51 | particularly concerned with the expectations of _developers_ (and _language and 52 | tooling developers_, by extension) running code in the environment. 53 | 54 | - **Developers** write code which is packaged into a container which is run on 55 | the Knative cluster. 56 | - **Language and tooling developers** typically write tools used by 57 | _developers_ to package code into containers. As such, they are concerned 58 | that tooling which wraps developer code complies with this runtime contract. 59 | - **Operators** (also known as **platform providers**) provision the compute 60 | resources and manage the software configuration of Knative and the underlying 61 | abstractions (for example, Linux, Kubernetes, etc). 62 | 63 | ## Runtime and Lifecycle 64 | 65 | Knative aims to minimize the amount of tuning and production configuration 66 | needed to run a service. Some of these production-friendly features include: 67 | 68 | 1. Stateless computation at request-scale or event-scale granularity. 69 | 1. Automatic scaling between 0 and many instances (the process scale-out 70 | model). 71 | 1. Automatic adjustment of resource requirements based on observed behavior, 72 | where possible. 73 | 74 | In order to achieve these properties, containers which are operated as part of a 75 | serverless platform are expected to observe the following properties: 76 | 77 | - Fast startup time (<1s until a request or event can be processed, given 78 | container image layer caching), 79 | - Minimize local state (in support of autoscaling and scale to zero), 80 | - CPU usage only while requests are active (see 81 | [this issue](https://github.com/knative/serving/issues/848) for reasons an 82 | operator might want to de-allocate CPU between requests). 83 | 84 | ### State 85 | 86 | In a highly-shared environment, containers might experience the following: 87 | 88 | - Containers with `status` of `stopped` MAY be immediately reclaimed by the 89 | system. 90 | - The container process MAY be started as pid 0, through the use of PID 91 | namespaces or other processes. 92 | 93 | ### Lifecycle 94 | 95 | - The container MAY be killed when the container is inactive. Containers MUST be 96 | considered "active" while they are handling at least one request, but other 97 | conditions MAY also be used to determine that a container is active. The 98 | container is sent a `SIGTERM` signal when it is killed via the 99 | [OCI specification's `kill`](https://github.com/opencontainers/runtime-spec/blob/master/runtime.md#kill) 100 | command to allow for a graceful shutdown of existing resources and 101 | connections. If the container has not shut down after a defined grace period, 102 | the container is forcibly killed via a `SIGKILL` signal. 103 | - The environment MAY restrict the use of `prestart`, `poststart`, and 104 | `poststop` hooks to platform operators rather than developers. All of these 105 | hooks are defined in the context of the runtime namespace, rather than the 106 | container namespace, and might expose system-level information (and are 107 | non-portable). 108 | - Failures of the developer-specified process MUST be logged to a 109 | developer-visible logging system. 110 | 111 | In addition, some serverless environments MAY use an execution model other than 112 | docker in linux (for example, [runv](https://github.com/hyperhq/runv) or 113 | [Kata Containers](https://katacontainers.io/)). Implementations using an 114 | execution model beyond docker in linux MAY alter the lifecycle contract beyond 115 | the OCI specification as long as: 116 | 117 | 1. An OCI-compliant lifecycle contract is the default, regardless of how many 118 | extensions are provided. 119 | 1. The implementation of an extended execution model or lifecycle MUST provide 120 | documentation about the extended model or lifecycle **and** documentation 121 | about how to opt in to the extended lifecycle contract. 122 | 123 | ### Errors 124 | 125 | - Platforms MAY provide mechanisms for post-mortem viewing of filesystem 126 | contents from a particular execution. Because containers (particularly failing 127 | containers) can experience frequent starts, operators or platform providers 128 | SHOULD limit the total space consumed by these failures. 129 | 130 | ### Warnings 131 | 132 | As specified by OCI. 133 | 134 | ### Operations 135 | 136 | It is expected that containers do not have direct access to the 137 | [OCI interface](https://github.com/opencontainers/runtime-spec/blob/v1.0.0-rc3/runtime.md#operations) 138 | as providing access allows containers to circumvent runtime restrictions that 139 | are enforced by the Knative control plane. The operator or platform provider MAY 140 | have the ability to directly interact with the OCI interface, but that is beyond 141 | the scope of this specification. 142 | 143 | An OPTIONAL method of invoking the `kill` operation MAY be exposed to developers 144 | to provide signalling to the container. 145 | 146 | ### Hooks 147 | 148 | Operation hooks 149 | [SHOULD NOT](https://github.com/knative/serving/blob/main/test/conformance/runtime/container_test.go) 150 | be configurable by the Knative developer. Operators or platform providers MAY 151 | use hooks to implement their own lifecycle controls. 152 | 153 | ### Linux Runtime 154 | 155 | #### File descriptors 156 | 157 | A read from the `stdin` file descriptor on the container 158 | [SHOULD](https://github.com/knative/serving/blob/main/test/conformance/runtime/file_descriptor_test.go) 159 | always result in `EOF`. The `stdout` and `stderr` file descriptors on the 160 | container SHOULD be collected and retained in a developer-accessible logging 161 | repository. (TODO:[docs#902](https://github.com/knative/docs/issues/902)). 162 | 163 | Within the container, pipes and file descriptors can be used to communicate 164 | between processes running in the same container. 165 | 166 | #### Dev symbolic links 167 | 168 | As specified by OCI. 169 | 170 | ## Network Environment 171 | 172 | For request-response functions, 0->many scaling is enabled by control of the 173 | inbound request path to enable capturing and stalling inbound requests until an 174 | autoscaled container is available to serve that request. 175 | 176 | ### Inbound network connectivity 177 | 178 | Inbound network connectivity is assumed to use HTTP/1.1 compatible transport. 179 | 180 | #### Protocols and Ports 181 | 182 | The container MUST accept HTTP/1.1 requests from the environment. The 183 | environment SHOULD 184 | [offer an HTTP/2.0 upgrade option](https://httpwg.org/specs/rfc7540.html#discover-http) 185 | (`Upgrade: h2c` on either the initial request or an `OPTIONS` request) on the 186 | same port as HTTP/1.1. The developer MAY specify this port at deployment; if the 187 | developer does not specify a port, the platform provider MUST provide a default. 188 | Only one inbound `containerPort` 189 | [SHALL](https://github.com/knative/serving/blob/main/test/conformance/runtime/container_test.go) 190 | be specified in the 191 | [`core.v1.Container`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#containerport-v1-core) 192 | specification. The `hostPort` parameter 193 | [SHOULD NOT](https://github.com/knative/serving/blob/main/test/conformance/runtime/container_test.go) 194 | be set by the developer or the platform provider, as it can interfere with 195 | ingress autoscaling. Regardless of its source, the selected port will be made 196 | available in the `PORT` environment variable. 197 | 198 | The platform provider SHOULD configure the platform to perform HTTPS termination 199 | and protocol transformation e.g. between QUIC or HTTP/2 and HTTP/1.1. Developers 200 | ought not need to implement multiple transports between the platform and their 201 | code. Unless overridden by setting the 202 | [`name`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#containerport-v1-core) 203 | field on the inbound port, the platform will perform automatic detection as 204 | described above. If the 205 | [`core.v1.Container.ports[0].name`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#containerport-v1-core) 206 | is set to one of the following values, HTTP negotiation will be disabled and the 207 | following protocol will be used: 208 | 209 | - `http1`: HTTP/1.1 transport and will not attempt to upgrade to h2c.. 210 | - `h2c`: HTTP/2 transport, as described in 211 | [section 3.4 of the HTTP2 spec (Starting HTTP/2 with Prior Knowledge)](https://httpwg.org/specs/rfc7540.html#known-http) 212 | 213 | Developers ought to use automatic content negotiation where available, and MUST 214 | NOT set the `name` field to arbitrary values, as additional transports might be 215 | defined in the future. Developers can assume all traffic is intermediated by an 216 | L7 proxy. Developers can not assume a direct network connection between their 217 | server process and client processes. 218 | 219 | #### Headers 220 | 221 | As requests to the container will be proxied by the platform, all inbound 222 | request headers 223 | [SHOULD](https://github.com/knative/serving/blob/main/test/conformance/runtime/header_test.go) 224 | be set to the same values as the incoming request. Some implementations MAY 225 | strip certain HTTP headers for security or other reasons; such implementations 226 | SHOULD document the set of stripped headers. Because the full set of HTTP 227 | headers is constantly evolving, it is RECOMMENDED that platforms which strip 228 | headers define a common prefix which covers all headers removed by the platform. 229 | 230 | In addition, the following base set of HTTP/1.1 headers 231 | [MUST](https://github.com/knative/serving/blob/main/test/conformance/runtime/header_test.go) 232 | be set on the request: 233 | 234 | - `Host` - As specified by 235 | [RFC 7230 Section 5.4](https://tools.ietf.org/html/rfc7230#section-5.4) 236 | 237 | Also, the following proxy-specific request headers 238 | [MUST](https://github.com/knative/serving/blob/main/test/conformance/runtime/header_test.go) 239 | be set: 240 | 241 | - `Forwarded` - As specified by [RFC 7239](https://tools.ietf.org/html/rfc7239). 242 | 243 | Additionally, the following legacy headers 244 | [SHOULD](https://github.com/knative/serving/blob/main/test/conformance/runtime/header_test.go) 245 | be set for compatibility with client software: 246 | 247 | - `X-Forwarded-For` 248 | - `X-Forwarded-Proto` 249 | 250 | In addition, the following headers 251 | [SHOULD](https://github.com/knative/serving/blob/main/test/conformance/runtime/header_test.go) 252 | be set to enable tracing and observability features: 253 | 254 | - Trace headers - Platform providers SHOULD provide and document headers needed 255 | to propagate trace contexts, 256 | [in the absence of w3c standardization](https://www.w3.org/2018/04/distributed-tracing-wg-charter.html). 257 | 258 | Operators and platform providers MAY provide additional headers to provide 259 | environment specific information. 260 | 261 | #### Meta Requests 262 | 263 | The 264 | [`core.v1.Container`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#container-v1-core) 265 | object allows specifying both a 266 | [`readinessProbe`](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#define-readiness-probes) 267 | and a 268 | [`livenessProbe`](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#define-a-liveness-http-request). 269 | If not provided, container startup and listening on the declared HTTP socket is 270 | considered sufficient to declare the container "ready" and "live" (see the probe 271 | definition below). If specified, liveness and readiness probes are REQUIRED to 272 | be of the `httpGet` or `tcpSocket` types, and 273 | [MUST](https://github.com/knative/serving/blob/main/test/conformance/runtime/container_test.go) 274 | target the inbound container port; platform providers SHOULD disallow other 275 | probe methods. 276 | 277 | Because serverless platforms automatically scale instances based on inbound 278 | requests, and because noncompliant (or even failing) containers might be 279 | provided by developers, the following defaults SHOULD be applied by the platform 280 | provider if not set by the developer. The probes are intended to be trivially 281 | supportable by naive conforming containers while preventing interference with 282 | developer code. These settings apply to both `livenessProbe` and 283 | `readinessProbe`: 284 | 285 | - `tcpSocket` set to the container's port 286 | - `initialDelaySeconds` set to 0 287 | - `periodSeconds` set to platform-specific value 288 | 289 | Setting `initialDelaySeconds` to a value greater than 0 impacts container 290 | startup time (aka cold start time) as a container will not serve traffic until 291 | the probe succeeds. 292 | 293 | ##### Deployment probe 294 | 295 | On the initial deployment, platform providers 296 | [SHOULD](https://github.com/knative/serving/blob/main/test/conformance/runtime/readiness_probe_test.go) 297 | start an instance of the container to validate that the container is valid and 298 | will become ready. This startup 299 | [SHOULD](https://github.com/knative/serving/blob/main/test/conformance/runtime/readiness_probe_test.go) 300 | occur even if the container would not serve any user requests. If a container 301 | cannot satisfy the `readinessProbe` during deployment startup, the Revision 302 | [SHOULD](https://github.com/knative/serving/blob/main/test/conformance/runtime/readiness_probe_test.go) 303 | be marked as failed. 304 | 305 | Initial readiness probes allow the platform to avoid attempting to later 306 | provision or scale deployments (Revisions) which cannot become healthy, and act 307 | as a backstop to developer testing (via CI/CD or otherwise) which has been 308 | performed on the supplied container. Common causes of these failures can 309 | include: malformed dynamic code not tested in the container, environment 310 | differences between testing and deployment environment, and missing or 311 | misconfigured backends. This also provides an opportunity for the container to 312 | be run at least once despite scale-to-zero guarantees. 313 | 314 | ### Outbound network connectivity 315 | 316 | OCI does not specify any properties of the network environment in which a 317 | container runs. The following items are OPTIONAL additions to the runtime 318 | contract which describe services which might be of particular value to platform 319 | providers. 320 | 321 | #### DNS 322 | 323 | Platform providers SHOULD override the DNS related configuration files under 324 | `/etc` to enable local DNS lookups in the target environment (see 325 | [Default Filesystems](#default-filesystems)). 326 | 327 | #### Metadata Services 328 | 329 | Platform providers MAY provide a network service to provide introspection and 330 | environment information to the running process. Such a network service SHOULD be 331 | an HTTP server with an operator- or provider-defined URL schema. If a metadata 332 | service is provided, the schema MUST be documented. Sample use cases for such 333 | metadata include: 334 | 335 | - Container information or control interfaces. 336 | - Host information, including maintenance or capability information. 337 | - Access to external configuration stores (such as the Kubernetes ConfigMap 338 | APIs). 339 | - Access to secrets or identity tokens, to enable key rotation. 340 | 341 | ## Configuration 342 | 343 | ### Root 344 | 345 | Platform providers MAY set the `readonly` bit on the container to `true` in 346 | order to reduce the possible disk space provisioning and management of 347 | serverless workloads. Additionally, users may set the `readOnlyRootfilesystem` 348 | field in the SecurityContext to request a read-only filesystem. Containers MUST 349 | use the provided temporary storage areas (see 350 | [Default Filesystems](#default-filesystems)) for working files and caches. 351 | 352 | ### Mounts 353 | 354 | In general, stateless applications package their dependencies within the 355 | container and do not rely on mutable external state for templates, logging 356 | configuration, etc. In some cases, it might be necessary for certain application 357 | settings to be overridden at deploy time (for example, database backends or 358 | authentication credentials). When these settings need to be loaded via a file, 359 | read-only mounts of application configuration and secrets are supported by 360 | `ConfigMap` and `Secrets` volumes. Platform providers MAY apply updates to 361 | `Secrets` and `ConfigMaps` while the application is running; these updates could 362 | complicate rollout and rollback. It is up to the developer to choose appropriate 363 | policies for mounting and updating `ConfigMap` and `Secrets` which are mounted 364 | as volumes. 365 | 366 | As serverless applications are expected to scale horizontally and statelessly, 367 | per-container volumes are likely to introduce state and scaling bottlenecks and 368 | are NOT RECOMMENDED. 369 | 370 | ### Process 371 | 372 | Serverless applications which scale horizontally are expected to be managed in a 373 | declarative fashion, and individual instances SHOULD NOT be interacted with or 374 | connected directly. 375 | 376 | - The `terminal` property 377 | [SHOULD NOT](https://github.com/knative/serving/blob/main/test/conformance/runtime/filesystem_test.go) 378 | be set to `true`. 379 | - The linux process specific properties MUST NOT be configurable by the 380 | developer, and MAY set by the operator or platform provider. 381 | 382 | The following environment variables 383 | [MUST](https://github.com/knative/serving/blob/main/test/conformance/runtime/envvars_test.go) 384 | be set: 385 | 386 | | Name | Meaning | 387 | | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------- | 388 | | `PORT` | Ingress `containerPort` for ingress requests and health checks. See [Inbound network connectivity](#inbound-network-connectivity) for more details. | 389 | 390 | The following environment variables 391 | [SHOULD](https://github.com/knative/serving/blob/main/test/conformance/runtime/envvars_test.go) 392 | be set: 393 | 394 | | Name | Meaning | 395 | | ----------------- | ---------------------------------------------------------------------------------------------------------------- | 396 | | `K_REVISION` | Name of the current Revision. | 397 | | `K_CONFIGURATION` | Name of the Configuration that created the current Revision. | 398 | | `K_SERVICE` | If the current Revision has been created by manipulating a Knative Service object, name of this Knative Service. | 399 | 400 | Platform providers MAY set additional environment variables. Standardization of 401 | such variables will follow demonstrated usage and utility. 402 | 403 | ### User 404 | 405 | Developers MAY specify that containers be run as a specific user or group ID 406 | using the `runAsUser` container property. If specified, the runtime 407 | [MUST](https://github.com/knative/serving/blob/main/test/conformance/runtime/user_test.go) 408 | run the container as the specified user ID if allowed by the platform (see 409 | below). If no `runAsUser` is specified, a platform-specific default SHALL be 410 | used. Platform Providers SHOULD document this default behavior. 411 | 412 | Operators and Platform Providers MAY prohibit certain user IDs, such as `root`, 413 | from executing code. In this case, if the identity selected by the developer is 414 | invalid, the container execution 415 | [MUST](https://github.com/knative/serving/blob/main/test/conformance/runtime/container_test.go) 416 | be failed. 417 | 418 | ### Default Filesystems 419 | 420 | The OCI specification describes a default container environment which can be 421 | used for many different purposes, including containerization of existing legacy 422 | or stateful processes which might store substantial amounts of on-disk state. In 423 | a scaled-out, stateless environment, container startup and teardown is 424 | accelerated when on-disk resources are kept to a minimum. Additionally, 425 | developers might not have access to the container's filesystems (or the 426 | containers might be rapidly recycled), so log aggregation SHOULD be provided. 427 | 428 | In addition to the filesystems recommended in the OCI, the following filesystems 429 | [MUST](https://github.com/knative/serving/blob/main/test/conformance/runtime/filesystem_test.go) 430 | be provided: 431 | 432 | | Mount | Description | 433 | | ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | 434 | | `/tmp` | MUST be Read-write.

SHOULD be backed by tmpfs if disk load is a concern. | 435 | | `/var/log` | MAY be a directory with write permissions for logs storage. Implementations MAY permit the creation of additional subdirectories and log rotation and renaming. | 436 | 437 | To enable DNS resolution, the following files might be overwritten at runtime: 438 | 439 | | File | Description | 440 | | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | 441 | | `/etc/hosts` | MAY be overridden to provide host mappings for well-known or provider-specific resources. | 442 | | `/etc/hostname` | some environments MAY set this to a different value for each container, but other environments might use the same value for all containers. | 443 | | `/etc/resolv.conf` | SHOULD be set to a valid cluster-specific recursive resolver. Providers MAY provide additional default search domains to improve customer experience in the cluster. | 444 | 445 | Platform providers MAY provide additional platform-specific mount points 446 | (example: shared read-only object stores or DB connection brokers). If provided, 447 | the location and contents of the mount points SHOULD be documented by the 448 | platform provider. 449 | 450 | ### Namespaces 451 | 452 | The namespace configuration MUST be provided by the operator or platform 453 | provider; developers or container providers MUST NOT set or assume a particular 454 | namespace configuration. 455 | 456 | ### Devices 457 | 458 | Developers MUST NOT use OCI `devices` to request additional devices beyond the 459 | [OCI specification "Default Devices"](https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#default-devices). 460 | 461 | ### Control Groups 462 | 463 | Control group (cgroups) controllers 464 | [MUST](https://github.com/knative/serving/blob/main/test/conformance/runtime/cgroup_test.go) 465 | be selected and configured by the operator or platform provider. The cgroup 466 | devices 467 | [SHOULD](https://github.com/knative/serving/blob/main/test/conformance/runtime/cgroup_test.go) 468 | be mounted as read-only. 469 | 470 | #### Memory and CPU limits 471 | 472 | The serverless platform MAY automatically adjust the resource limits (e.g. CPU) 473 | based on observed resource usage. The limits enforced to a container 474 | [SHOULD](https://github.com/knative/serving/blob/main/test/conformance/runtime/cgroup_test.go) 475 | be exposed in 476 | 477 | cgroup v1: 478 | - `/sys/fs/cgroup/memory/memory.limit_in_bytes` 479 | - `/sys/fs/cgroup/cpu/cpu.shares` 480 | - `/sys/fs/cgroup/cpu/cpu.cfs_period_us` 481 | - `/sys/fs/cgroup/cpu/cpu.cfs_quota_us` 482 | 483 | cgroup v2: 484 | - `/sys/fs/cgroup/memory.max` 485 | - `/sys/fs/cgroup/cpu.weight` 486 | - `/sys/fs/cgroup/cpu.max` 487 | 488 | Additionally, operators or the platform MAY restrict or prevent CPU scheduling 489 | for instances when no requests are active, 490 | [where this capability is available](https://github.com/knative/serving/issues/848). 491 | The Knative authors are currently discussing the best implementations options 492 | for this feature with the Kubernetes SIG-Node team. 493 | 494 | ### Sysctl 495 | 496 | The sysctl parameter applies system-wide kernel parameter tuning, which could 497 | interfere with other workloads on the host system. This is not appropriate for a 498 | shared environment, and 499 | [SHOULD NOT](https://github.com/knative/serving/blob/main/test/conformance/runtime/sysctl_test.go) 500 | be exposed for developer tuning. 501 | 502 | ### Seccomp 503 | 504 | Seccomp provides a mechanism for further restricting the set of linux syscalls 505 | permitted to the processes running inside the container environment. A seccomp 506 | sandbox MAY be enforced by the platform operator; any such application profiles 507 | SHOULD be configured and applied in a consistent mechanism outside of the 508 | container specification. A seccomp policy MAY be part of the platform security 509 | configuration that operators can tune over time as the threat environment 510 | changes. 511 | 512 | ### Rootfs Mount Propagation 513 | 514 | From the OCI spec: 515 | 516 | > `rootfsPropagation` (string, OPTIONAL) sets the rootfs's mount propagation. 517 | > Its value is either slave, private, shared or 518 | > unbindable. The 519 | > [Shared Subtrees](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt) 520 | > article in the kernel documentation has more information about mount 521 | > propagation. 522 | 523 | This option MAY be set by the operator or platform provider, and MUST NOT be 524 | configurable by the developer. Mount propagation MAY be part of the platform 525 | security configuration that operators can tune over time as the threat 526 | environment changes. 527 | 528 | ### Masked Paths 529 | 530 | This option MAY be set by the operator or platform provider, and MUST NOT be 531 | configurable by the developer. Masked paths MAY be part of the platform security 532 | configuration that operators can tune over time as the threat environment 533 | changes. 534 | 535 | ### Readonly Paths 536 | 537 | This option MAY only be set by the operator or platform provider, and MUST NOT 538 | be configurable by the developer. 539 | 540 | ### Posix-platform Hooks 541 | 542 | Operation hooks 543 | [SHOULD NOT](https://github.com/knative/serving/blob/main/test/conformance/runtime/container_test.go) 544 | be configurable by the developer. Operators or platform providers MAY use hooks 545 | to implement their own lifecycle controls. 546 | 547 | ### Annotations 548 | 549 | As specified by OCI. 550 | -------------------------------------------------------------------------------- /test-plan/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - salaboy 3 | - lionelvillard 4 | - omerbensaadon 5 | -------------------------------------------------------------------------------- /test-plan/eventing/README.md: -------------------------------------------------------------------------------- 1 | # Knative Eventing Conformance Test Plan 2 | 3 | This document describes a plan for testing Knative Eventing Conformance based on the specs that can be found here: https://github.com/knative/specs/blob/main/specs/eventing 4 | 5 | The specs are split into Control Plane and Data Plane tests, this document follows the same approach and further divides the tests into further subsections. 6 | 7 | # Control Plane 8 | 9 | https://github.com/knative/specs/blob/main/specs/eventing/control-plane.md 10 | 11 | 12 | ## Requirements: 13 | 14 | If you want to test conformance (**MUST, MUST NOT, REQUIRED**) you need: 15 | - **Prerequisites**: 16 | - Knative Eventing Installed. 17 | - `kubectl` access to the cluster as defined in the spec: https://github.com/knative/specs/blob/main/specs/eventing/control-plane.md#rbac-profile 18 | - A Kubernetes Service that can be addressable to receive and count CloudEvents that arrive 19 | - `curl` to send CloudEvents 20 | 21 | ## Test Plan for Control Plane 22 | 23 | The following sections describe the test plans for the different behaviours described in the spec and each section describes tests, commands (manual steps) and outputs that will be used to evaluate conformance. 24 | 25 | - [Broker Lifecycle Conformance](broker-lifecycle-conformance.md) 26 | - [Trigger Lifecycle Conformance TBD]() 27 | - [Channel Lifecycle Conformance TBD]() 28 | - [Subscription Lifecycle Conformance TBD]() 29 | 30 | 31 | # Data Plane 32 | 33 | https://github.com/knative/specs/blob/main/specs/eventing/data-plane.md 34 | 35 | ## Test Plan for Data Plane 36 | 37 | - [Event Ack and Delivery Retry TBD]() 38 | -------------------------------------------------------------------------------- /test-plan/eventing/broker-lifecycle-conformance.md: -------------------------------------------------------------------------------- 1 | # Broker Lifecycle 2 | 3 | From: https://github.com/knative/specs/blob/release-0.26/specs/eventing/control-plane.md#broker-lifecycle 4 | 5 | 6 | From the Spec: 7 | 8 | >> A Broker represents an Addressable endpoint (i.e. it MUST have a status.address.url field) which can receive, store, and forward events to multiple recipients based on a set of attribute filters (Triggers). 9 | 10 | >> Triggers MUST be associated with a Broker based on the spec.broker field on the Trigger; it is expected that the controller for a Broker will also control the associated Triggers. 11 | 12 | >> When the Broker's Ready condition is true, the Broker MUST provide a status.address.url which accepts all valid CloudEvents and MUST attempt to forward the received events for filtering to each associated Trigger whose Ready condition is true. As described in the Trigger Lifecycle section, a Broker MAY forward events to an associated Trigger destination which does not currently have a true Ready condition, including events received by the Broker before the Trigger was created. 13 | 14 | >> The annotation eventing.knative.dev/broker.class SHOULD be used to select a particular implementation of a Broker, if multiple implementations are available. It is RECOMMENDED to default the eventing.knative.dev/broker.class field on creation if it is unpopulated. Once created, the eventing.knative.dev/broker.class annotation and the spec.config field MUST be immutable; the Broker MUST be deleted and re-created to change the implementation class or spec.config. This pattern is chosen to make it clear that changing the implementation class or spec.config is not an atomic operation and that any implementation would be likely to result in event loss during the transition. 15 | 16 | 17 | 18 | # Testing Broker Lifecycle Conformance: 19 | 20 | We are going to be testing the previous paragraphs coming from the Knative Eventing Spec. To do this we will be creating a broker, checking its immutable properties, checking its Ready status and then creating a Trigger that links to it by making a reference. We will also checking the Trigger status, as it depends on the Broker to be ready to work correctly. We will be also checking that the broker is addressable by looking at the status conditions fields. Because this is a Control Plane test, we are not going to be sending Events to these components. 21 | 22 | You can find the resources for running these tests inside the [control-plane/broker-lifecycle/](control-plane/broker-lifecycle/) directory. 23 | - A [broker resource](control-plane/broker-lifecycle/broker.yaml) 24 | - A [trigger resource that references the broker](broker-lifecycle/trigger.yaml) 25 | - A [trigger resource that doesn't reference the broker](control-plane/broker-lifecycle/trigger-no-broker.yaml) 26 | 27 | 28 | ## [Pre] Creating a Broker 29 | 30 | ``` 31 | kubectl apply -f control-plane/broker-lifecycle/broker.yaml 32 | ``` 33 | 34 | 35 | ## [Test] Immutability 36 | 37 | Check for default annotations, this should return the name of the selected implementation: 38 | 39 | ``` 40 | kubectl get broker conformance-broker -o jsonpath='{.metadata.annotations.eventing\.knative\.dev/broker\.class}' 41 | ``` 42 | 43 | Try to patch the annotation: `eventing.knative.dev/broker.class` to see if the resource mutates: 44 | 45 | ``` 46 | kubectl patch broker conformance-broker --type merge -p '{"metadata":{"annotations":{"eventing.knative.dev/broker.class":"mutable"}}}' 47 | ``` 48 | 49 | You should get the following error: 50 | ``` 51 | Error from server (BadRequest): admission webhook "validation.webhook.eventing.knative.dev" denied the request: validation failed: Immutable fields changed (-old +new): annotations 52 | {string}: 53 | -: "MTChannelBasedBroker" 54 | +: "mutable" 55 | ``` 56 | 57 | Tested in eventing: 58 | - https://github.com/knative/eventing/blob/release-0.26/test/rekt/features/broker/control_plane.go#L90 59 | 60 | ### [Output] 61 | 62 | ``` 63 | { 64 | "test": "control-plane/broker-lifecycle/immutability-1" 65 | "output": { 66 | "brokerImplementation": "", 67 | "expectedError": "" 68 | } 69 | } 70 | ``` 71 | 72 | Try to mutate the `.spec.config` to see if the resource mutates: 73 | 74 | ``` 75 | kubectl patch broker conformance-broker --type merge -p '{"spec":{"config":{"apiVersion":"v1"}}}' 76 | ``` 77 | 78 | 79 | ### [Output] 80 | 81 | ``` 82 | { 83 | "test": "control-plane/broker-lifecycle/immutability-2" 84 | "output": { 85 | "brokerImplementation": "", 86 | "expectedError": "" 87 | } 88 | } 89 | ``` 90 | 91 | 92 | ## [Test] Broker Readiness 93 | 94 | Check for condition type `Ready` with status `True`: 95 | 96 | ``` 97 | kubectl get broker conformance-broker -ojsonpath="{.status.conditions[?(@.type == \"Ready\")].status}" 98 | ``` 99 | 100 | Tested in eventing: 101 | - https://github.com/knative/eventing/blob/release-0.26/test/conformance/helpers/broker_control_plane_test_helper.go#L104 102 | - https://github.com/knative/eventing/blob/release-0.26/test/rekt/features/broker/control_plane.go#L86 103 | 104 | ### [Output] 105 | 106 | ``` 107 | { 108 | "test": "control-plane/broker-lifecycle/broker-readiness" 109 | "output": { 110 | "brokerImplementation": "", 111 | "expectedType": "Ready", 112 | "expectedStatus": "True" 113 | } 114 | } 115 | ``` 116 | 117 | ## [Test] Broker is Addresable 118 | 119 | Running the following command should return a URL 120 | 121 | ``` 122 | kubectl get broker conformance-broker -ojsonpath="{.status.address.url}" 123 | ``` 124 | 125 | Tested in eventing: 126 | - https://github.com/knative/eventing/blob/release-0.26/test/conformance/helpers/broker_control_plane_test_helper.go#L109 127 | - https://github.com/knative/eventing/blob/release-0.26/test/rekt/features/broker/control_plane.go#L88 128 | 129 | ### [Output] 130 | 131 | ``` 132 | { 133 | "test": "control-plane/broker-lifecycle/broker-addressable" 134 | "output": { 135 | "brokerImplementation": "", 136 | "obtainedURL": "", 137 | } 138 | } 139 | ``` 140 | 141 | ## [Pre] Create Trigger for Broker 142 | 143 | Create a trigger that points to the broker: 144 | 145 | ``` 146 | kubectl apply -f control-plane/broker-lifecycle/trigger.yaml 147 | ``` 148 | 149 | ## [Test] Broker Reference in Trigger 150 | 151 | Check that the `Trigger` is making a reference to the `Broker`, this should return the name of the broker. 152 | 153 | ``` 154 | kubectl get trigger conformance-trigger -ojsonpath="{.spec.broker}" 155 | ``` 156 | 157 | Tested in eventing: 158 | - https://github.com/knative/eventing/blob/release-0.26/test/rekt/features/broker/control_plane.go#L114 159 | 160 | ### [Output] 161 | 162 | ``` 163 | { 164 | "test": "control-plane/broker-lifecycle/broker-reference-in-trigger" 165 | "output": { 166 | "brokerImplementation": "", 167 | "expectedReference": "conformance-broker" 168 | } 169 | } 170 | ``` 171 | 172 | ## [Test] Trigger for Broker Readiness 173 | 174 | Check for condition type `Ready` with status `True`: 175 | 176 | ``` 177 | kubectl get trigger conformance-trigger -ojsonpath="{.status.conditions[?(@.type == \"Ready\")].status}" 178 | ``` 179 | 180 | Tested in eventing: 181 | - https://github.com/knative/eventing/blob/release-0.26/test/conformance/helpers/broker_control_plane_test_helper.go#L139 182 | - https://github.com/knative/eventing/blob/release-0.26/test/rekt/features/broker/control_plane.go#L112 183 | 184 | ### [Output] 185 | 186 | ``` 187 | { 188 | "test": "control-plane/broker-lifecycle/trigger-for-broker-readiness" 189 | "output": { 190 | "brokerImplementation": "", 191 | "expectedType": "Ready", 192 | "expectedStatus": "True" 193 | } 194 | } 195 | ``` 196 | 197 | # Clean up & Congratulations 198 | 199 | Make sure that you clean up all resources created in these tests by running: 200 | 201 | ``` 202 | kubectl delete -f control-plane/broker-lifecycle/ 203 | ``` 204 | 205 | 206 | Congratulations you have tested the **Broker Lifecycle Conformance** :metal: ! 207 | -------------------------------------------------------------------------------- /test-plan/eventing/control-plane/broker-lifecycle/broker.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: eventing.knative.dev/v1 2 | kind: broker 3 | metadata: 4 | name: conformance-broker 5 | -------------------------------------------------------------------------------- /test-plan/eventing/control-plane/broker-lifecycle/trigger-no-broker.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: eventing.knative.dev/v1 2 | kind: Trigger 3 | metadata: 4 | name: conformance-trigger 5 | spec: 6 | broker: non-existent-broker 7 | subscriber: 8 | uri: http://events-counter-service.default.svc.cluster.local/events 9 | -------------------------------------------------------------------------------- /test-plan/eventing/control-plane/broker-lifecycle/trigger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: eventing.knative.dev/v1 2 | kind: Trigger 3 | metadata: 4 | name: conformance-trigger 5 | spec: 6 | broker: conformance-broker 7 | subscriber: 8 | uri: http://events-counter-service.default.svc.cluster.local/events 9 | -------------------------------------------------------------------------------- /test/presubmit-tests.sh.tmpl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # TODO(approvers): replace with real tests 4 | true 5 | --------------------------------------------------------------------------------