YipYapSource CRD

YipYapSource is a first-class Knative event source shipped as a Custom Resource Definition (CRD). It does everything ContainerSource does and adds:

Declarative CR configuration, one YipYapSource YAML per source, instead of a hand-rolled ContainerSource.
Validating admission webhook, bad specs (missing apiKeyRef, invalid mode, bad filter glob) fail at kubectl apply with a clear message, not at runtime.
Status conditions, SinkProvided, Deployed, Ready surfaced through kubectl describe yipyapsource.
CloudEvent attribute advertising, status.ceAttributes lists the event types this source emits, so consumers know what to expect.
Per-CR adapter Deployment, each YipYapSource gets its own adapter Pod with owner references, so kubectl delete yipyapsource prod cascades cleanly.
Helm-based install, one helm install sets up the CRD, controller, webhook, and all RBAC.

Use YipYapSource for any production deployment. Use ContainerSource only for quick prototypes or one-offs.

Install

helm repo add yipyap-source https://yipyap-run.github.io/knative-source
helm repo update

helm install yipyap-source yipyap-source/yipyap-source \
  --namespace yipyap-sources \
  --create-namespace

This installs:

CRD yipyapsources.sources.yipyap.run.
Controller Deployment (reconciles YipYapSource CRs).
Webhook Deployment (admission validation).
RBAC: ClusterRoles + ClusterRoleBindings for both.
Self-signed TLS bootstrap for the webhook (managed by the controller; no cert-manager dependency).

Create a YipYapSource

First, stash your API key as a Secret:

kubectl -n my-app create secret generic yipyap-creds \
  --from-literal=api-key=yy_your_org_scoped_api_key

Then apply the CR:

apiVersion: sources.yipyap.run/v1alpha1
kind: YipYapSource
metadata:
  name: prod-alerts
  namespace: my-app
spec:
  apiKeyRef:
    name: yipyap-creds
    # key: api-key    # defaults to "api-key"
  # baseURL: https://console.yipyap.run    # defaults to SaaS
  filter:
    types:
      - run.yipyap.alert.*
    severities: [warning, critical]
  mode: auto    # auto | poll | stream
  sink:
    ref:
      apiVersion: eventing.knative.dev/v1
      kind: Broker
      name: default
  ceOverrides:
    extensions:
      environment: prod
      region: us-east-1

The controller resolves the sink, provisions an adapter Deployment, and waits for it to report Available. Check progress:

kubectl get yipyapsources -n my-app
NAME          SINK                                                        READY   REASON   AGE
prod-alerts   http://broker-ingress.knative-eventing.svc.cluster.local/.. True             15s

kubectl describe yipyapsource prod-alerts -n my-app

Spec reference

Field	Type	Required	Default	Purpose
`apiKeyRef.name`	string	yes	,	Secret holding the org-scoped API key.
`apiKeyRef.key`	string	no	`api-key`	Key within the Secret.
`baseURL`	string	no	`https://console.yipyap.run`	Override for self-hosted YipYap.
`filter.types`	[]string	no	empty (all)	path.Match globs over CloudEvent type.
`filter.monitorIDs`	[]string	no	empty (all)	Restrict to specific monitor IDs.
`filter.severities`	[]string	no	empty (all)	`info`, `warning`, `critical` (alerts only).
`mode`	string	no	`auto`	`auto` (follow server hint), `poll`, or `stream`.
`sink`	Destination	yes	,	Standard Knative sink (ref or uri).
`ceOverrides.extensions`	map[string]string	no	empty	Extension attributes added to every event.
`serviceAccountName`	string	no	controller-managed	Pin a specific SA for the adapter pod.

Status reference

Field	Purpose
`conditions[Ready]`	Overall readiness, True when both SinkProvided and Deployed are True.
`conditions[SinkProvided]`	Sink URI successfully resolved.
`conditions[Deployed]`	Adapter Deployment reports `Available`.
`sinkUri`	Resolved sink URL.
`ceAttributes`	Advertised CloudEvent types and sources.
`deploymentName`	Name of the managed adapter Deployment.
`observedGeneration`	Last generation seen by the reconciler.

Helm values reference

Key values from helm show values yipyap-source/yipyap-source:

Value	Default	Purpose
`namespace.create`	`true`	Create the install namespace.
`images.controller.tag`	`""` (→ appVersion)	Override controller image tag.
`images.webhook.tag`	`""`	Webhook image tag.
`images.adapter.tag`	`""`	Adapter image tag (`yipyap-knative-source`).
`webhook.failurePolicy`	`Fail`	Admission failure policy; `Ignore` allows through when webhook is down.
`installCRD`	`true`	Set `false` if you manage the CRD separately.
`controller.resources`	100m/128Mi req	Controller pod resources.

Relationship to ContainerSource

YipYapSource provisions a Deployment running the same ghcr.io/yipyap-run/knative-source-receive-adapter image a ContainerSource would run. The difference is the management layer:

ContainerSource → user writes the Deployment+env directly.
YipYapSource → user writes a high-level CR, the controller generates the Deployment.

Migrating from ContainerSource to YipYapSource is a one-shot: apply the YipYapSource YAML, delete the old ContainerSource. Events flow through the new adapter with no data loss (cursor state is per-org, so the new adapter picks up where the old one left off).

Webhook failure policy

The admission webhook’s default failurePolicy is Fail, if the webhook is unreachable, YipYapSource create/update requests are rejected. This is best-in-class for security but means webhook downtime blocks kubectl apply. To weaken to Ignore (unsafe but more available):

helm upgrade yipyap-source yipyap-source/yipyap-source \
  --namespace yipyap-sources \
  --set webhook.failurePolicy=Ignore

Uninstall

# Delete all YipYapSource CRs first (cascades to adapter Deployments)
kubectl delete yipyapsources --all-namespaces --all

# Then uninstall the chart
helm uninstall yipyap-source --namespace yipyap-sources
kubectl delete namespace yipyap-sources

If installCRD=true (default), Helm will also remove the CRD. Double-check no YipYapSource CRs remain before uninstall.

What’s next

Architecture, how the controller fits in the overall CloudEvents pipeline.
OIDC Authentication, secure the adapter’s outbound delivery.