From 052ab264279b7c8da753d230dd2dbf98c3363a8c Mon Sep 17 00:00:00 2001 From: knative-automation Date: Wed, 26 Apr 2023 05:00:45 -0400 Subject: [PATCH] upgrade to latest dependencies (#281) bumping knative.dev/serving b38ef3a...2c1bb07:%0A > 2c1bb07 Update net-kourier nightly (# 13919)%0A > 0637cdf Update net-contour nightly (# 13918)%0A > 08bedbe Update net-gateway-api nightly (# 13917)%0A > e39c429 Update net-istio nightly (# 13916)%0A > 10ed0f8 Update net-certmanager nightly (# 13915)%0A > 84fa64c Update data-plane Secrets (# 13859)%0A > 22783d6 Deployment probe fixes (# 13885)%0A > 113616b add support for downwardAPI in projected volumes (# 13896)%0A > 55f8dd7 upgrade to latest dependencies (# 13912)%0A > b2a416f Update net-gateway-api nightly (# 13907)%0A > 91ac3b3 Update net-certmanager nightly (# 13904)%0A > 787ac48 Update net-istio nightly (# 13902)%0A > d315f71 Update net-contour nightly (# 13903)%0Abumping knative.dev/networking 750a9e4...e5d04e8:%0A > e5d04e8 upgrade to latest dependencies (# 796)%0A > 62fd5d0 Update actions (# 793)%0A > b77b4a6 Bump Go version in github action (# 795)%0Abumping knative.dev/eventing-kafka 5ea5ea0...9a4a93a:%0A > 9a4a93a upgrade to latest dependencies (# 1336)%0A > 114fe9c upgrade to latest dependencies (# 1334)%0A > af67e08 Bump20230420 (# 1333)%0Abumping knative.dev/client-pkg 3bb19d6...4f052f9:%0A > 4f052f9 upgrade to latest dependencies (# 99)%0A > e75f12e upgrade to latest dependencies (# 98)%0Abumping knative.dev/eventing 193f2df...034bec9:%0A > 034bec9 [main] Upgrade to latest dependencies (# 6888)%0A > 4c2a3aa Bump Go to 1.20 in GH workflows (# 6882)%0A > 825a2b5 Create Cert-Manager resources (# 6849) Signed-off-by: Knative Automation --- go.mod | 10 ++--- go.sum | 20 +++++----- .../serving/pkg/apis/serving/fieldmask.go | 39 +++++++++++++++++-- .../pkg/apis/serving/k8s_validation.go | 28 ++++++++++++- .../serving/pkg/networking/constants.go | 4 +- vendor/modules.txt | 12 +++--- 6 files changed, 86 insertions(+), 27 deletions(-) diff --git a/go.mod b/go.mod index 7d532f998..cdf1d2b9e 100644 --- a/go.mod +++ b/go.mod @@ -10,8 +10,8 @@ require ( gotest.tools/v3 v3.3.0 k8s.io/apimachinery v0.25.4 k8s.io/client-go v0.25.4 - knative.dev/client-pkg v0.0.0-20230419132438-3bb19d63ba2f - knative.dev/eventing-kafka v0.36.1-0.20230419162738-5ea5ea0e3ead + knative.dev/client-pkg v0.0.0-20230425201444-4f052f9ef2f2 + knative.dev/eventing-kafka v0.37.0 knative.dev/hack v0.0.0-20230417170854-f591fea109b3 knative.dev/pkg v0.0.0-20230418073056-dfad48eaa5d0 ) @@ -116,9 +116,9 @@ require ( k8s.io/klog/v2 v2.80.2-0.20221028030830-9ae4992afb54 // indirect k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 // indirect - knative.dev/eventing v0.36.1-0.20230418180955-193f2dffd536 // indirect - knative.dev/networking v0.0.0-20230412014752-750a9e4f13f1 // indirect - knative.dev/serving v0.36.1-0.20230418170156-b38ef3a7ff2c // indirect + knative.dev/eventing v0.37.0 // indirect + knative.dev/networking v0.0.0-20230419144338-e5d04e805e50 // indirect + knative.dev/serving v0.37.0 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/kustomize/api v0.12.1 // indirect sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect diff --git a/go.sum b/go.sum index cc8312f79..3853e43ec 100644 --- a/go.sum +++ b/go.sum @@ -1052,20 +1052,20 @@ k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+O k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8= k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/client-pkg v0.0.0-20230419132438-3bb19d63ba2f h1:aVRA2C9iznL6abvjg29C4wBoZnZdP4C7I3wY7G8Cdj8= -knative.dev/client-pkg v0.0.0-20230419132438-3bb19d63ba2f/go.mod h1:c1U6Vpnzb1l24hzzZPfSUztuow5pTAu8qQRb86T7Ovs= -knative.dev/eventing v0.36.1-0.20230418180955-193f2dffd536 h1:HCvZKARYpR/4BNKVY5fCDxsKqCNH13BXTFR0mbAcD6Q= -knative.dev/eventing v0.36.1-0.20230418180955-193f2dffd536/go.mod h1:v5MzGGi/TfApMkYaRssEo2b5AOPlyzQV6a+H8169408= -knative.dev/eventing-kafka v0.36.1-0.20230419162738-5ea5ea0e3ead h1:YqEQAC2pjwA0Ah7ej/tY89ZUaYUYyEklNG6OVSiasCs= -knative.dev/eventing-kafka v0.36.1-0.20230419162738-5ea5ea0e3ead/go.mod h1:CsvoZg5zXcc457ykimu5oM+93rjiusoGwTx0BUerayc= +knative.dev/client-pkg v0.0.0-20230425201444-4f052f9ef2f2 h1:Xc6zlrbq9X+Qh15xl8iv8Tl/qkknnOv8KwN+HzjDZU8= +knative.dev/client-pkg v0.0.0-20230425201444-4f052f9ef2f2/go.mod h1:oYnznlTBCj/bVEHo5vUSM/VS3oDFNJKDmH5+k1aC9/8= +knative.dev/eventing v0.37.0 h1:OtX8B9nvUSTNcbbpoNFDyeGaGU/5+aetj94i6oATpQU= +knative.dev/eventing v0.37.0/go.mod h1:62baPXiw5GPpPyV3f0GF64X7tOjc5x9cg64RAh1gjs4= +knative.dev/eventing-kafka v0.37.0 h1:IhFYsO3akqr85nwF6i2yiGFmcLfN7qks/GmAE/MQqRA= +knative.dev/eventing-kafka v0.37.0/go.mod h1:xEEsukYookBRDpJF+H7O+zaPx7cKT0TvqW7apEAIF7E= knative.dev/hack v0.0.0-20230417170854-f591fea109b3 h1:+W4WBOq83tfGXKhtv8OB/uJeYqze3zh69GKiz1ucuqk= knative.dev/hack v0.0.0-20230417170854-f591fea109b3/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= -knative.dev/networking v0.0.0-20230412014752-750a9e4f13f1 h1:ZkkzXLF+7tgcXh4VSEFEWSUT+Rzn0Umb95ximuw0/+o= -knative.dev/networking v0.0.0-20230412014752-750a9e4f13f1/go.mod h1:Hk0NjXch4XbahSdWifEcoT/JX8Xyjk3MT3XbvAx0PLk= +knative.dev/networking v0.0.0-20230419144338-e5d04e805e50 h1:X9rPBYr7Vrm075q0iXTr7/0oklkYoyqvlnrUwNzcUhI= +knative.dev/networking v0.0.0-20230419144338-e5d04e805e50/go.mod h1:o2MyGpGfU5DoSAWCE2f/jnSC9GjGOplCslbA99yDkGo= knative.dev/pkg v0.0.0-20230418073056-dfad48eaa5d0 h1:EFQcoUo8I4bc+U3y6tR1B3ONYZSHWUdAfI7Vh7dae8g= knative.dev/pkg v0.0.0-20230418073056-dfad48eaa5d0/go.mod h1:2qWPP9Gjh9Q7ETti+WRHnBnGCSCq+6q7m3p/nmUQviE= -knative.dev/serving v0.36.1-0.20230418170156-b38ef3a7ff2c h1:ayQrrEsp2eOa1JwAncO4PI0bsjhLByQcA36eD8jOImQ= -knative.dev/serving v0.36.1-0.20230418170156-b38ef3a7ff2c/go.mod h1:JxH2HRtA7aApDHBGUGE0kG6l7ZkvVbJFgE+0V6djB3k= +knative.dev/serving v0.37.0 h1:hp/HconGRzv0kh2az9I/af1K1DY3NG3zcyiVc2rHyOk= +knative.dev/serving v0.37.0/go.mod h1:v0Xbfp7olb0Gljm5l4qNuLsIf8/2p1rIt/mphxvx1z0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go index cc59b95f3..1d4dd77eb 100644 --- a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go +++ b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go @@ -86,9 +86,8 @@ func VolumeProjectionMask(in *corev1.VolumeProjection) *corev1.VolumeProjection out.ConfigMap = in.ConfigMap out.ServiceAccountToken = in.ServiceAccountToken - // Disallowed fields - // This list is unnecessary, but added here for clarity - out.DownwardAPI = nil + // TODO(KauzClay): Should this be behind a feature flag like EmptyDir? + out.DownwardAPI = in.DownwardAPI return out } @@ -147,6 +146,40 @@ func ServiceAccountTokenProjectionMask(in *corev1.ServiceAccountTokenProjection) return out } +// DownwardAPIProjectionMask performs a _shallow_ copy of the Kubernetes DownwardAPIProjection +// object to a new Kubernetes DownwardAPIProjection object bringing over only the fields allowed +// in the Knative API. This does not validate the contents or the bounds of the provided fields. +func DownwardAPIProjectionMask(in *corev1.DownwardAPIProjection) *corev1.DownwardAPIProjection { + if in == nil { + return nil + } + + out := new(corev1.DownwardAPIProjection) + + out.Items = append(out.Items, in.Items...) + + return out +} + +// DownwardAPIVolumeFileMask performs a _shallow_ copy of the Kubernetes DownwardAPIVolumeFileMask +// object to a new Kubernetes DownwardAPIVolumeFileMask object bringing over only the fields allowed +// in the Knative API. This does not validate the contents or the bounds of the provided fields. +func DownwardAPIVolumeFileMask(in *corev1.DownwardAPIVolumeFile) *corev1.DownwardAPIVolumeFile { + if in == nil { + return nil + } + + out := new(corev1.DownwardAPIVolumeFile) + + // Allowed fields + out.FieldRef = in.FieldRef + out.ResourceFieldRef = in.ResourceFieldRef + out.Path = in.Path + out.Mode = in.Mode + + return out +} + // KeyToPathMask performs a _shallow_ copy of the Kubernetes KeyToPath // object to a new Kubernetes KeyToPath object bringing over only the fields allowed // in the Knative API. This does not validate the contents or the bounds of the provided fields. diff --git a/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go b/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go index 55ae1173f..efa65a05e 100644 --- a/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go +++ b/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go @@ -196,8 +196,12 @@ func validateProjectedVolumeSource(vp corev1.VolumeProjection) *apis.FieldError specified = append(specified, "serviceAccountToken") errs = errs.Also(validateServiceAccountTokenProjection(vp.ServiceAccountToken).ViaField("serviceAccountToken")) } + if vp.DownwardAPI != nil { + specified = append(specified, "downwardAPI") + errs = errs.Also(validateDownwardAPIProjection(vp.DownwardAPI).ViaField("downwardAPI")) + } if len(specified) == 0 { - errs = errs.Also(apis.ErrMissingOneOf("secret", "configMap", "serviceAccountToken")) + errs = errs.Also(apis.ErrMissingOneOf("secret", "configMap", "serviceAccountToken", "downwardAPI")) } else if len(specified) > 1 { errs = errs.Also(apis.ErrMultipleOneOf(specified...)) } @@ -239,6 +243,28 @@ func validateServiceAccountTokenProjection(sp *corev1.ServiceAccountTokenProject return errs } +func validateDownwardAPIProjection(dapi *corev1.DownwardAPIProjection) *apis.FieldError { + errs := apis.CheckDisallowedFields(*dapi, *DownwardAPIProjectionMask(dapi)) + for i := range dapi.Items { + errs = errs.Also(validateDownwardAPIVolumeFile(&dapi.Items[i]).ViaFieldIndex("items", i)) + } + return errs +} + +func validateDownwardAPIVolumeFile(vf *corev1.DownwardAPIVolumeFile) *apis.FieldError { + errs := apis.CheckDisallowedFields(*vf, *DownwardAPIVolumeFileMask(vf)) + if vf.FieldRef == nil && vf.ResourceFieldRef == nil { + errs = errs.Also(apis.ErrMissingOneOf("fieldRef", "resourceFieldRef")) + } + if vf.FieldRef != nil && vf.ResourceFieldRef != nil { + errs = errs.Also(apis.ErrGeneric("Within a single item, cannot set both", "resourceFieldRef", "fieldRef")) + } + if vf.Path == "" { + errs = errs.Also(apis.ErrMissingField("path")) + } + return errs +} + func validateKeyToPath(k2p corev1.KeyToPath) *apis.FieldError { errs := apis.CheckDisallowedFields(k2p, *KeyToPathMask(&k2p)) if k2p.Key == "" { diff --git a/vendor/knative.dev/serving/pkg/networking/constants.go b/vendor/knative.dev/serving/pkg/networking/constants.go index a832d4654..642f59c0e 100644 --- a/vendor/knative.dev/serving/pkg/networking/constants.go +++ b/vendor/knative.dev/serving/pkg/networking/constants.go @@ -52,8 +52,8 @@ const ( // e.g. Public, Private. ServiceTypeKey = networking.GroupName + "/serviceType" - // ServingCertName is used by the secret name for internal TLS as "namespace-${ServingCertName}". - // Also the secret name has the label with "${ServingCertName}: data-plane" + // ServingCertName is the secret name for internal TLS. + // Also the secret name has the label with "${ServingCertName}: data-plane-user" ServingCertName = "serving-certs" ) diff --git a/vendor/modules.txt b/vendor/modules.txt index f0e9d568c..adfd6fcb8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -805,7 +805,7 @@ k8s.io/utils/net k8s.io/utils/pointer k8s.io/utils/strings/slices k8s.io/utils/trace -# knative.dev/client-pkg v0.0.0-20230419132438-3bb19d63ba2f +# knative.dev/client-pkg v0.0.0-20230425201444-4f052f9ef2f2 ## explicit; go 1.18 knative.dev/client-pkg/pkg/apis/client knative.dev/client-pkg/pkg/apis/client/v1alpha1 @@ -839,7 +839,7 @@ knative.dev/client-pkg/pkg/util knative.dev/client-pkg/pkg/util/mock knative.dev/client-pkg/pkg/util/test knative.dev/client-pkg/pkg/wait -# knative.dev/eventing v0.36.1-0.20230418180955-193f2dffd536 +# knative.dev/eventing v0.37.0 ## explicit; go 1.19 knative.dev/eventing/pkg/apis/config knative.dev/eventing/pkg/apis/duck @@ -865,8 +865,8 @@ knative.dev/eventing/pkg/client/clientset/versioned/typed/messaging/v1 knative.dev/eventing/pkg/client/clientset/versioned/typed/sources/v1 knative.dev/eventing/pkg/client/clientset/versioned/typed/sources/v1/fake knative.dev/eventing/pkg/client/clientset/versioned/typed/sources/v1beta2 -# knative.dev/eventing-kafka v0.36.1-0.20230419162738-5ea5ea0e3ead -## explicit; go 1.18 +# knative.dev/eventing-kafka v0.37.0 +## explicit; go 1.19 knative.dev/eventing-kafka/pkg/apis/bindings knative.dev/eventing-kafka/pkg/apis/bindings/v1beta1 knative.dev/eventing-kafka/pkg/apis/sources/config @@ -877,7 +877,7 @@ knative.dev/eventing-kafka/pkg/client/clientset/versioned/typed/sources/v1beta1/ # knative.dev/hack v0.0.0-20230417170854-f591fea109b3 ## explicit; go 1.18 knative.dev/hack -# knative.dev/networking v0.0.0-20230412014752-750a9e4f13f1 +# knative.dev/networking v0.0.0-20230419144338-e5d04e805e50 ## explicit; go 1.18 knative.dev/networking/pkg knative.dev/networking/pkg/apis/networking @@ -934,7 +934,7 @@ knative.dev/pkg/tracing/propagation knative.dev/pkg/tracing/propagation/tracecontextb3 knative.dev/pkg/tracker knative.dev/pkg/webhook/resourcesemantics -# knative.dev/serving v0.36.1-0.20230418170156-b38ef3a7ff2c +# knative.dev/serving v0.37.0 ## explicit; go 1.18 knative.dev/serving/pkg/apis/autoscaling knative.dev/serving/pkg/apis/autoscaling/v1alpha1