From 8de305c5cbc5f756d9b6d29334bc42eb066e471a Mon Sep 17 00:00:00 2001 From: Knative Automation Date: Wed, 26 Apr 2023 02:18:29 +0000 Subject: [PATCH] upgrade to latest dependencies bumping knative.dev/client-pkg 3bb19d6...4f052f9:%0A > 4f052f9 upgrade to latest dependencies (# 99)%0A > e75f12e upgrade to latest dependencies (# 98)%0Abumping knative.dev/eventing 193f2df...034bec9:%0A > 034bec9 [main] Upgrade to latest dependencies (# 6888)%0A > 4c2a3aa Bump Go to 1.20 in GH workflows (# 6882)%0A > 825a2b5 Create Cert-Manager resources (# 6849)%0Abumping knative.dev/serving b2a416f...2c1bb07:%0A > 2c1bb07 Update net-kourier nightly (# 13919)%0A > 0637cdf Update net-contour nightly (# 13918)%0A > 08bedbe Update net-gateway-api nightly (# 13917)%0A > e39c429 Update net-istio nightly (# 13916)%0A > 10ed0f8 Update net-certmanager nightly (# 13915)%0A > 84fa64c Update data-plane Secrets (# 13859)%0A > 22783d6 Deployment probe fixes (# 13885)%0A > 113616b add support for downwardAPI in projected volumes (# 13896)%0A > 55f8dd7 upgrade to latest dependencies (# 13912) Signed-off-by: Knative Automation --- go.mod | 6 +-- go.sum | 12 +++--- .../serving/pkg/apis/serving/fieldmask.go | 39 +++++++++++++++++-- .../pkg/apis/serving/k8s_validation.go | 28 ++++++++++++- .../serving/pkg/networking/constants.go | 4 +- vendor/modules.txt | 6 +-- 6 files changed, 77 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 7c142d252..7c574be0f 100644 --- a/go.mod +++ b/go.mod @@ -13,10 +13,10 @@ require ( k8s.io/api v0.25.4 k8s.io/apimachinery v0.25.4 k8s.io/client-go v0.25.4 - knative.dev/client-pkg v0.0.0-20230419132438-3bb19d63ba2f + knative.dev/client-pkg v0.0.0-20230425201444-4f052f9ef2f2 knative.dev/hack v0.0.0-20230417170854-f591fea109b3 knative.dev/networking v0.0.0-20230419144338-e5d04e805e50 - knative.dev/serving v0.36.1-0.20230420202939-b2a416f3bc0d + knative.dev/serving v0.37.0 ) require ( @@ -115,7 +115,7 @@ require ( k8s.io/klog/v2 v2.80.2-0.20221028030830-9ae4992afb54 // indirect k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 // indirect - knative.dev/eventing v0.36.1-0.20230418180955-193f2dffd536 // indirect + knative.dev/eventing v0.37.0 // indirect knative.dev/pkg v0.0.0-20230418073056-dfad48eaa5d0 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/kustomize/api v0.12.1 // indirect diff --git a/go.sum b/go.sum index 4cd529741..c48cee139 100644 --- a/go.sum +++ b/go.sum @@ -1055,18 +1055,18 @@ k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+O k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8= k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/client-pkg v0.0.0-20230419132438-3bb19d63ba2f h1:aVRA2C9iznL6abvjg29C4wBoZnZdP4C7I3wY7G8Cdj8= -knative.dev/client-pkg v0.0.0-20230419132438-3bb19d63ba2f/go.mod h1:c1U6Vpnzb1l24hzzZPfSUztuow5pTAu8qQRb86T7Ovs= -knative.dev/eventing v0.36.1-0.20230418180955-193f2dffd536 h1:HCvZKARYpR/4BNKVY5fCDxsKqCNH13BXTFR0mbAcD6Q= -knative.dev/eventing v0.36.1-0.20230418180955-193f2dffd536/go.mod h1:v5MzGGi/TfApMkYaRssEo2b5AOPlyzQV6a+H8169408= +knative.dev/client-pkg v0.0.0-20230425201444-4f052f9ef2f2 h1:Xc6zlrbq9X+Qh15xl8iv8Tl/qkknnOv8KwN+HzjDZU8= +knative.dev/client-pkg v0.0.0-20230425201444-4f052f9ef2f2/go.mod h1:oYnznlTBCj/bVEHo5vUSM/VS3oDFNJKDmH5+k1aC9/8= +knative.dev/eventing v0.37.0 h1:OtX8B9nvUSTNcbbpoNFDyeGaGU/5+aetj94i6oATpQU= +knative.dev/eventing v0.37.0/go.mod h1:62baPXiw5GPpPyV3f0GF64X7tOjc5x9cg64RAh1gjs4= knative.dev/hack v0.0.0-20230417170854-f591fea109b3 h1:+W4WBOq83tfGXKhtv8OB/uJeYqze3zh69GKiz1ucuqk= knative.dev/hack v0.0.0-20230417170854-f591fea109b3/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= knative.dev/networking v0.0.0-20230419144338-e5d04e805e50 h1:X9rPBYr7Vrm075q0iXTr7/0oklkYoyqvlnrUwNzcUhI= knative.dev/networking v0.0.0-20230419144338-e5d04e805e50/go.mod h1:o2MyGpGfU5DoSAWCE2f/jnSC9GjGOplCslbA99yDkGo= knative.dev/pkg v0.0.0-20230418073056-dfad48eaa5d0 h1:EFQcoUo8I4bc+U3y6tR1B3ONYZSHWUdAfI7Vh7dae8g= knative.dev/pkg v0.0.0-20230418073056-dfad48eaa5d0/go.mod h1:2qWPP9Gjh9Q7ETti+WRHnBnGCSCq+6q7m3p/nmUQviE= -knative.dev/serving v0.36.1-0.20230420202939-b2a416f3bc0d h1:6J7Ss5Of8oPTVbj3Wa8VQrvbEycfqpWZBzCIdKcAcX8= -knative.dev/serving v0.36.1-0.20230420202939-b2a416f3bc0d/go.mod h1:JxH2HRtA7aApDHBGUGE0kG6l7ZkvVbJFgE+0V6djB3k= +knative.dev/serving v0.37.0 h1:hp/HconGRzv0kh2az9I/af1K1DY3NG3zcyiVc2rHyOk= +knative.dev/serving v0.37.0/go.mod h1:v0Xbfp7olb0Gljm5l4qNuLsIf8/2p1rIt/mphxvx1z0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go index cc59b95f3..1d4dd77eb 100644 --- a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go +++ b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go @@ -86,9 +86,8 @@ func VolumeProjectionMask(in *corev1.VolumeProjection) *corev1.VolumeProjection out.ConfigMap = in.ConfigMap out.ServiceAccountToken = in.ServiceAccountToken - // Disallowed fields - // This list is unnecessary, but added here for clarity - out.DownwardAPI = nil + // TODO(KauzClay): Should this be behind a feature flag like EmptyDir? + out.DownwardAPI = in.DownwardAPI return out } @@ -147,6 +146,40 @@ func ServiceAccountTokenProjectionMask(in *corev1.ServiceAccountTokenProjection) return out } +// DownwardAPIProjectionMask performs a _shallow_ copy of the Kubernetes DownwardAPIProjection +// object to a new Kubernetes DownwardAPIProjection object bringing over only the fields allowed +// in the Knative API. This does not validate the contents or the bounds of the provided fields. +func DownwardAPIProjectionMask(in *corev1.DownwardAPIProjection) *corev1.DownwardAPIProjection { + if in == nil { + return nil + } + + out := new(corev1.DownwardAPIProjection) + + out.Items = append(out.Items, in.Items...) + + return out +} + +// DownwardAPIVolumeFileMask performs a _shallow_ copy of the Kubernetes DownwardAPIVolumeFileMask +// object to a new Kubernetes DownwardAPIVolumeFileMask object bringing over only the fields allowed +// in the Knative API. This does not validate the contents or the bounds of the provided fields. +func DownwardAPIVolumeFileMask(in *corev1.DownwardAPIVolumeFile) *corev1.DownwardAPIVolumeFile { + if in == nil { + return nil + } + + out := new(corev1.DownwardAPIVolumeFile) + + // Allowed fields + out.FieldRef = in.FieldRef + out.ResourceFieldRef = in.ResourceFieldRef + out.Path = in.Path + out.Mode = in.Mode + + return out +} + // KeyToPathMask performs a _shallow_ copy of the Kubernetes KeyToPath // object to a new Kubernetes KeyToPath object bringing over only the fields allowed // in the Knative API. This does not validate the contents or the bounds of the provided fields. diff --git a/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go b/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go index 55ae1173f..efa65a05e 100644 --- a/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go +++ b/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go @@ -196,8 +196,12 @@ func validateProjectedVolumeSource(vp corev1.VolumeProjection) *apis.FieldError specified = append(specified, "serviceAccountToken") errs = errs.Also(validateServiceAccountTokenProjection(vp.ServiceAccountToken).ViaField("serviceAccountToken")) } + if vp.DownwardAPI != nil { + specified = append(specified, "downwardAPI") + errs = errs.Also(validateDownwardAPIProjection(vp.DownwardAPI).ViaField("downwardAPI")) + } if len(specified) == 0 { - errs = errs.Also(apis.ErrMissingOneOf("secret", "configMap", "serviceAccountToken")) + errs = errs.Also(apis.ErrMissingOneOf("secret", "configMap", "serviceAccountToken", "downwardAPI")) } else if len(specified) > 1 { errs = errs.Also(apis.ErrMultipleOneOf(specified...)) } @@ -239,6 +243,28 @@ func validateServiceAccountTokenProjection(sp *corev1.ServiceAccountTokenProject return errs } +func validateDownwardAPIProjection(dapi *corev1.DownwardAPIProjection) *apis.FieldError { + errs := apis.CheckDisallowedFields(*dapi, *DownwardAPIProjectionMask(dapi)) + for i := range dapi.Items { + errs = errs.Also(validateDownwardAPIVolumeFile(&dapi.Items[i]).ViaFieldIndex("items", i)) + } + return errs +} + +func validateDownwardAPIVolumeFile(vf *corev1.DownwardAPIVolumeFile) *apis.FieldError { + errs := apis.CheckDisallowedFields(*vf, *DownwardAPIVolumeFileMask(vf)) + if vf.FieldRef == nil && vf.ResourceFieldRef == nil { + errs = errs.Also(apis.ErrMissingOneOf("fieldRef", "resourceFieldRef")) + } + if vf.FieldRef != nil && vf.ResourceFieldRef != nil { + errs = errs.Also(apis.ErrGeneric("Within a single item, cannot set both", "resourceFieldRef", "fieldRef")) + } + if vf.Path == "" { + errs = errs.Also(apis.ErrMissingField("path")) + } + return errs +} + func validateKeyToPath(k2p corev1.KeyToPath) *apis.FieldError { errs := apis.CheckDisallowedFields(k2p, *KeyToPathMask(&k2p)) if k2p.Key == "" { diff --git a/vendor/knative.dev/serving/pkg/networking/constants.go b/vendor/knative.dev/serving/pkg/networking/constants.go index a832d4654..642f59c0e 100644 --- a/vendor/knative.dev/serving/pkg/networking/constants.go +++ b/vendor/knative.dev/serving/pkg/networking/constants.go @@ -52,8 +52,8 @@ const ( // e.g. Public, Private. ServiceTypeKey = networking.GroupName + "/serviceType" - // ServingCertName is used by the secret name for internal TLS as "namespace-${ServingCertName}". - // Also the secret name has the label with "${ServingCertName}: data-plane" + // ServingCertName is the secret name for internal TLS. + // Also the secret name has the label with "${ServingCertName}: data-plane-user" ServingCertName = "serving-certs" ) diff --git a/vendor/modules.txt b/vendor/modules.txt index 996112077..184b71aa2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -858,7 +858,7 @@ k8s.io/utils/net k8s.io/utils/pointer k8s.io/utils/strings/slices k8s.io/utils/trace -# knative.dev/client-pkg v0.0.0-20230419132438-3bb19d63ba2f +# knative.dev/client-pkg v0.0.0-20230425201444-4f052f9ef2f2 ## explicit; go 1.18 knative.dev/client-pkg/pkg/apis/client knative.dev/client-pkg/pkg/apis/client/v1alpha1 @@ -885,7 +885,7 @@ knative.dev/client-pkg/pkg/util knative.dev/client-pkg/pkg/util/mock knative.dev/client-pkg/pkg/util/test knative.dev/client-pkg/pkg/wait -# knative.dev/eventing v0.36.1-0.20230418180955-193f2dffd536 +# knative.dev/eventing v0.37.0 ## explicit; go 1.19 knative.dev/eventing/pkg/apis/config knative.dev/eventing/pkg/apis/duck @@ -972,7 +972,7 @@ knative.dev/pkg/tracing/config knative.dev/pkg/tracing/propagation knative.dev/pkg/tracing/propagation/tracecontextb3 knative.dev/pkg/tracker -# knative.dev/serving v0.36.1-0.20230420202939-b2a416f3bc0d +# knative.dev/serving v0.37.0 ## explicit; go 1.18 knative.dev/serving/pkg/apis/autoscaling knative.dev/serving/pkg/apis/autoscaling/v1alpha1