From 5b73c8fd6272a6cff3f48d5154712893f0044dd0 Mon Sep 17 00:00:00 2001 From: Knative Automation Date: Wed, 18 May 2022 02:51:26 +0000 Subject: [PATCH] upgrade to latest dependencies bumping knative.dev/pkg 2d8305b...f907b31: > f907b31 Update community files (# 2520) bumping knative.dev/networking 7363ea6...3f52bdb: > 3f52bdb Update community files (# 672) > f1ee84b Split up the `networking/pkg` to separate packages (# 670) bumping knative.dev/hack f4972b4...b4d4d73: > b4d4d73 Update community files (# 178) Signed-off-by: Knative Automation --- go.mod | 6 +- go.sum | 12 +- .../forked/golang/{net => }/LICENSE | 0 .../forked/golang/golang-lru/lru.go | 133 ++++++ vendor/k8s.io/utils/lru/lru.go | 79 ++++ .../pkg/{network.go => config/config.go} | 389 +++++------------- .../networking/pkg/{ => config}/doc.go | 4 +- .../pkg/{ => config}/zz_generated.deepcopy.go | 2 +- .../networking/pkg/deprecated_config.go | 247 +++++++++++ .../networking/pkg/deprecated_header.go | 167 ++++++++ .../networking/pkg/deprecated_http.go | 116 ++++++ .../networking/pkg/deprecated_labels.go | 29 ++ .../networking/pkg/deprecated_port.go | 29 ++ .../networking/pkg/http/constants.go | 23 ++ .../knative.dev/networking/pkg/http/error.go | 29 ++ .../networking/pkg/http/header/header.go | 157 +++++++ .../probe/handler.go} | 23 +- .../pkg/{ => http/proxy}/bufferpool.go | 4 +- .../networking/pkg/http/proxy/constants.go | 28 ++ .../pkg/{stats.go => http/stats/request.go} | 7 +- .../networking/pkg/ingress/ingress.go | 6 +- .../knative.dev/networking/pkg/k8s/ports.go | 43 ++ .../networking/pkg/labels/labels.go | 25 ++ .../networking/pkg/status/status.go | 15 +- .../test/conformance/ingress/headers.go | 16 +- .../knative.dev/networking/test/e2e_flags.go | 6 +- .../test/test_images/grpc-ping/main.go | 4 +- .../test/test_images/httpproxy/httpproxy.go | 4 +- .../networking/test/test_images/retry/main.go | 4 +- .../test_images/runtime/handlers/handler.go | 8 +- .../test/test_images/timeout/timeout.go | 4 +- .../test/test_images/wsserver/echo.go | 7 +- vendor/modules.txt | 16 +- 33 files changed, 1294 insertions(+), 348 deletions(-) rename third_party/VENDOR-LICENSE/k8s.io/utils/internal/third_party/forked/golang/{net => }/LICENSE (100%) create mode 100644 vendor/k8s.io/utils/internal/third_party/forked/golang/golang-lru/lru.go create mode 100644 vendor/k8s.io/utils/lru/lru.go rename vendor/knative.dev/networking/pkg/{network.go => config/config.go} (71%) rename vendor/knative.dev/networking/pkg/{ => config}/doc.go (93%) rename vendor/knative.dev/networking/pkg/{ => config}/zz_generated.deepcopy.go (99%) create mode 100644 vendor/knative.dev/networking/pkg/deprecated_config.go create mode 100644 vendor/knative.dev/networking/pkg/deprecated_header.go create mode 100644 vendor/knative.dev/networking/pkg/deprecated_http.go create mode 100644 vendor/knative.dev/networking/pkg/deprecated_labels.go create mode 100644 vendor/knative.dev/networking/pkg/deprecated_port.go create mode 100644 vendor/knative.dev/networking/pkg/http/constants.go create mode 100644 vendor/knative.dev/networking/pkg/http/error.go create mode 100644 vendor/knative.dev/networking/pkg/http/header/header.go rename vendor/knative.dev/networking/pkg/{probe_handler.go => http/probe/handler.go} (63%) rename vendor/knative.dev/networking/pkg/{ => http/proxy}/bufferpool.go (96%) create mode 100644 vendor/knative.dev/networking/pkg/http/proxy/constants.go rename vendor/knative.dev/networking/pkg/{stats.go => http/stats/request.go} (97%) create mode 100644 vendor/knative.dev/networking/pkg/k8s/ports.go create mode 100644 vendor/knative.dev/networking/pkg/labels/labels.go diff --git a/go.mod b/go.mod index 6115371745..b66294e9c9 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( k8s.io/api v0.23.5 k8s.io/apimachinery v0.23.5 k8s.io/client-go v0.23.5 - knative.dev/hack v0.0.0-20220512014059-f4972b4daff9 - knative.dev/networking v0.0.0-20220516202057-7363ea66ba54 - knative.dev/pkg v0.0.0-20220512013937-2d8305b2e59a + knative.dev/hack v0.0.0-20220518013938-b4d4d73a2995 + knative.dev/networking v0.0.0-20220518013728-3f52bdb63511 + knative.dev/pkg v0.0.0-20220518013728-f907b31046d3 ) diff --git a/go.sum b/go.sum index 111fb51cc8..dcb2b5105e 100644 --- a/go.sum +++ b/go.sum @@ -1196,13 +1196,13 @@ k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19V k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= knative.dev/hack v0.0.0-20220427014036-5f473869d377/go.mod h1:PHt8x8yX5Z9pPquBEfIj0X66f8iWkWfR0S/sarACJrI= knative.dev/hack v0.0.0-20220503220458-46c77f157e20/go.mod h1:PHt8x8yX5Z9pPquBEfIj0X66f8iWkWfR0S/sarACJrI= -knative.dev/hack v0.0.0-20220512014059-f4972b4daff9 h1:/KjTyToOXNMD6SyBzDMnXgMBhsAePkJHY5uhpK+rYOc= -knative.dev/hack v0.0.0-20220512014059-f4972b4daff9/go.mod h1:PHt8x8yX5Z9pPquBEfIj0X66f8iWkWfR0S/sarACJrI= -knative.dev/networking v0.0.0-20220516202057-7363ea66ba54 h1:Zu1scweYeLGu/5oCezvss+IzwvBrxf/AZG2xifogXVQ= -knative.dev/networking v0.0.0-20220516202057-7363ea66ba54/go.mod h1:+H5KnK/r/4/WtRRacuQuuGEjCn0961q2o7gwl+FoZfo= +knative.dev/hack v0.0.0-20220518013938-b4d4d73a2995 h1:Bt1Mdo6K6E4gaVUFiI8ZMvFcvsb0e10vLFyW7qKRxy4= +knative.dev/hack v0.0.0-20220518013938-b4d4d73a2995/go.mod h1:PHt8x8yX5Z9pPquBEfIj0X66f8iWkWfR0S/sarACJrI= +knative.dev/networking v0.0.0-20220518013728-3f52bdb63511 h1:27VaOzdAjjd3zVKPYFZpahTyws1+n9SlwsXHzFbOZcU= +knative.dev/networking v0.0.0-20220518013728-3f52bdb63511/go.mod h1:8JUhHDPrN9DKOnvpysGIP5trCv7FiGkXq+RDP1605RA= knative.dev/pkg v0.0.0-20220503223858-245166458ef4/go.mod h1:NXK3p/UMCbFybBM9xQGii3TuMN/WKHByXcYsTwZ6Y6U= -knative.dev/pkg v0.0.0-20220512013937-2d8305b2e59a h1:lVm5ZtTrQZg3yid38zu13QgXN02clVzPkMTEyB9FRUo= -knative.dev/pkg v0.0.0-20220512013937-2d8305b2e59a/go.mod h1:mRzBIY8eoQurpADZ4+3LzNuucKOBhsSvhX6lXqMVpIc= +knative.dev/pkg v0.0.0-20220518013728-f907b31046d3 h1:NElwuc4+cGeJGwJEv65uyd552nFedHTBI4rtVZ+eDRw= +knative.dev/pkg v0.0.0-20220518013728-f907b31046d3/go.mod h1:mRzBIY8eoQurpADZ4+3LzNuucKOBhsSvhX6lXqMVpIc= pgregory.net/rapid v0.3.3/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= diff --git a/third_party/VENDOR-LICENSE/k8s.io/utils/internal/third_party/forked/golang/net/LICENSE b/third_party/VENDOR-LICENSE/k8s.io/utils/internal/third_party/forked/golang/LICENSE similarity index 100% rename from third_party/VENDOR-LICENSE/k8s.io/utils/internal/third_party/forked/golang/net/LICENSE rename to third_party/VENDOR-LICENSE/k8s.io/utils/internal/third_party/forked/golang/LICENSE diff --git a/vendor/k8s.io/utils/internal/third_party/forked/golang/golang-lru/lru.go b/vendor/k8s.io/utils/internal/third_party/forked/golang/golang-lru/lru.go new file mode 100644 index 0000000000..fd4db44072 --- /dev/null +++ b/vendor/k8s.io/utils/internal/third_party/forked/golang/golang-lru/lru.go @@ -0,0 +1,133 @@ +/* +Copyright 2013 Google Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package lru implements an LRU cache. +package golang_lru + +import "container/list" + +// Cache is an LRU cache. It is not safe for concurrent access. +type Cache struct { + // MaxEntries is the maximum number of cache entries before + // an item is evicted. Zero means no limit. + MaxEntries int + + // OnEvicted optionally specifies a callback function to be + // executed when an entry is purged from the cache. + OnEvicted func(key Key, value interface{}) + + ll *list.List + cache map[interface{}]*list.Element +} + +// A Key may be any value that is comparable. See http://golang.org/ref/spec#Comparison_operators +type Key interface{} + +type entry struct { + key Key + value interface{} +} + +// New creates a new Cache. +// If maxEntries is zero, the cache has no limit and it's assumed +// that eviction is done by the caller. +func New(maxEntries int) *Cache { + return &Cache{ + MaxEntries: maxEntries, + ll: list.New(), + cache: make(map[interface{}]*list.Element), + } +} + +// Add adds a value to the cache. +func (c *Cache) Add(key Key, value interface{}) { + if c.cache == nil { + c.cache = make(map[interface{}]*list.Element) + c.ll = list.New() + } + if ee, ok := c.cache[key]; ok { + c.ll.MoveToFront(ee) + ee.Value.(*entry).value = value + return + } + ele := c.ll.PushFront(&entry{key, value}) + c.cache[key] = ele + if c.MaxEntries != 0 && c.ll.Len() > c.MaxEntries { + c.RemoveOldest() + } +} + +// Get looks up a key's value from the cache. +func (c *Cache) Get(key Key) (value interface{}, ok bool) { + if c.cache == nil { + return + } + if ele, hit := c.cache[key]; hit { + c.ll.MoveToFront(ele) + return ele.Value.(*entry).value, true + } + return +} + +// Remove removes the provided key from the cache. +func (c *Cache) Remove(key Key) { + if c.cache == nil { + return + } + if ele, hit := c.cache[key]; hit { + c.removeElement(ele) + } +} + +// RemoveOldest removes the oldest item from the cache. +func (c *Cache) RemoveOldest() { + if c.cache == nil { + return + } + ele := c.ll.Back() + if ele != nil { + c.removeElement(ele) + } +} + +func (c *Cache) removeElement(e *list.Element) { + c.ll.Remove(e) + kv := e.Value.(*entry) + delete(c.cache, kv.key) + if c.OnEvicted != nil { + c.OnEvicted(kv.key, kv.value) + } +} + +// Len returns the number of items in the cache. +func (c *Cache) Len() int { + if c.cache == nil { + return 0 + } + return c.ll.Len() +} + +// Clear purges all stored items from the cache. +func (c *Cache) Clear() { + if c.OnEvicted != nil { + for _, e := range c.cache { + kv := e.Value.(*entry) + c.OnEvicted(kv.key, kv.value) + } + } + c.ll = nil + c.cache = nil +} diff --git a/vendor/k8s.io/utils/lru/lru.go b/vendor/k8s.io/utils/lru/lru.go new file mode 100644 index 0000000000..5d0077abfb --- /dev/null +++ b/vendor/k8s.io/utils/lru/lru.go @@ -0,0 +1,79 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package lru + +import ( + "sync" + + groupcache "k8s.io/utils/internal/third_party/forked/golang/golang-lru" +) + +type Key = groupcache.Key + +// Cache is a thread-safe fixed size LRU cache. +type Cache struct { + cache *groupcache.Cache + lock sync.RWMutex +} + +// New creates an LRU of the given size. +func New(size int) *Cache { + return &Cache{ + cache: groupcache.New(size), + } +} + +// Add adds a value to the cache. +func (c *Cache) Add(key Key, value interface{}) { + c.lock.Lock() + defer c.lock.Unlock() + c.cache.Add(key, value) +} + +// Get looks up a key's value from the cache. +func (c *Cache) Get(key Key) (value interface{}, ok bool) { + c.lock.Lock() + defer c.lock.Unlock() + return c.cache.Get(key) +} + +// Remove removes the provided key from the cache. +func (c *Cache) Remove(key Key) { + c.lock.Lock() + defer c.lock.Unlock() + c.cache.Remove(key) +} + +// RemoveOldest removes the oldest item from the cache. +func (c *Cache) RemoveOldest() { + c.lock.Lock() + defer c.lock.Unlock() + c.cache.RemoveOldest() +} + +// Len returns the number of items in the cache. +func (c *Cache) Len() int { + c.lock.RLock() + defer c.lock.RUnlock() + return c.cache.Len() +} + +// Clear purges all stored items from the cache. +func (c *Cache) Clear() { + c.lock.Lock() + defer c.lock.Unlock() + c.cache.Clear() +} diff --git a/vendor/knative.dev/networking/pkg/network.go b/vendor/knative.dev/networking/pkg/config/config.go similarity index 71% rename from vendor/knative.dev/networking/pkg/network.go rename to vendor/knative.dev/networking/pkg/config/config.go index fef8135305..1a7a59428b 100644 --- a/vendor/knative.dev/networking/pkg/network.go +++ b/vendor/knative.dev/networking/pkg/config/config.go @@ -1,11 +1,11 @@ /* -Copyright 2018 The Knative Authors +Copyright 2022 The Knative Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - https://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -14,65 +14,49 @@ See the License for the specific language governing permissions and limitations under the License. */ -package pkg +package config import ( "bytes" "errors" "fmt" "io/ioutil" - "net/http" "net/url" "strings" "text/template" - lru "github.com/hashicorp/golang-lru" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/lru" cm "knative.dev/pkg/configmap" "sigs.k8s.io/yaml" ) -const ( - // ProbePath is the name of a path that activator, autoscaler and - // prober(used by KIngress generally) use for health check. - ProbePath = "/healthz" - - // ProbeHeaderName is the name of a header that can be added to - // requests to probe the knative networking layer. Requests - // with this header will not be passed to the user container or - // included in request metrics. - ProbeHeaderName = "K-Network-Probe" - - // ProxyHeaderName is the name of an internal header that activator - // uses to mark requests going through it. - ProxyHeaderName = "K-Proxy-Request" - - // HashHeaderName is the name of an internal header that Ingress controller - // uses to find out which version of the networking config is deployed. - HashHeaderName = "K-Network-Hash" - - // HashHeaderValue is the value that must appear in the HashHeaderName - // header in order for our network hash to be injected. - HashHeaderValue = "override" - - // OriginalHostHeader is used to avoid Istio host based routing rules - // in Activator. - // The header contains the original Host value that can be rewritten - // at the Queue proxy level back to be a host header. - OriginalHostHeader = "K-Original-Host" +var ( + templateCache *lru.Cache + + // Verify the default templates are valid. + _ = template.Must(template.New("domain-template").Parse(DefaultDomainTemplate)) + _ = template.Must(template.New("tag-template").Parse(DefaultTagTemplate)) +) +func init() { + // The only failure is due to negative size. + // Store ~10 latest templates per template type. + templateCache = lru.New(10 * 2) +} + +const ( // ConfigName is the name of the configmap containing all // customizations for networking features. - ConfigName = "config-network" + ConfigMapName = "config-network" - // DefaultIngressClassKey is the name of the configuration entry - // that specifies the default Ingress. - DefaultIngressClassKey = "ingress-class" + // DefaultDomainTemplate is the default golang template to use when + // constructing the Knative Route's Domain(host) + DefaultDomainTemplate = "{{.Name}}.{{.Namespace}}.{{.Domain}}" - // DefaultCertificateClassKey is the name of the configuration entry - // that specifies the default Certificate. - DefaultCertificateClassKey = "certificate-class" + // DefaultTagTemplate is the default golang template to use when + // constructing the Knative Route's tag names. + DefaultTagTemplate = "{{.Tag}}-{{.Name}}" // IstioIngressClassName value for specifying knative's Istio // Ingress reconciler. @@ -81,43 +65,10 @@ const ( // CertManagerCertificateClassName value for specifying Knative's Cert-Manager // Certificate reconciler. CertManagerCertificateClassName = "cert-manager.certificate.networking.knative.dev" +) - // DomainTemplateKey is the name of the configuration entry that - // specifies the golang template string to use to construct the - // Knative service's DNS name. - DomainTemplateKey = "domain-template" - - // TagTemplateKey is the name of the configuration entry that - // specifies the golang template string to use to construct the - // hostname for a Route's tag. - TagTemplateKey = "tag-template" - - // RolloutDurationKey is the name of the configuration entry - // that specifies the default duration of the configuration rollout. - RolloutDurationKey = "rollout-duration" - - // NamespaceWildcardCertSelectorKey is the name of the configuration - // entry that specifies a LabelSelector to control which namespaces - // have a wildcard certificate provisioned for them. - NamespaceWildcardCertSelectorKey = "namespace-wildcard-cert-selector" - - // KubeProbeUAPrefix is the user agent prefix of the probe. - // Since K8s 1.8, prober requests have - // User-Agent = "kube-probe/{major-version}.{minor-version}". - KubeProbeUAPrefix = "kube-probe/" - - // KubeletProbeHeaderName is the name of the header supplied by kubelet - // probes. Istio with mTLS rewrites probes, but their probes pass a - // different user-agent. So we augment the probes with this header. - KubeletProbeHeaderName = "K-Kubelet-Probe" - - // DefaultDomainTemplate is the default golang template to use when - // constructing the Knative Route's Domain(host) - DefaultDomainTemplate = "{{.Name}}.{{.Namespace}}.{{.Domain}}" - - // DefaultTagTemplate is the default golang template to use when - // constructing the Knative Route's tag names. - DefaultTagTemplate = "{{.Tag}}-{{.Name}}" +// Config Keys +const ( // AutocreateClusterDomainClaimsKey is the key for the // AutocreateClusterDomainClaims property. @@ -127,68 +78,45 @@ const ( // that specifies enabling auto-TLS or not. AutoTLSKey = "auto-tls" - // HTTPProtocolKey is the name of the configuration entry that - // specifies the HTTP endpoint behavior of Knative ingress. - HTTPProtocolKey = "http-protocol" - - // UserAgentKey is the constant for header "User-Agent". - UserAgentKey = "User-Agent" - - // ActivatorUserAgent is the user-agent header value set in probe requests sent - // from activator. - ActivatorUserAgent = "Knative-Activator-Probe" - - // QueueProxyUserAgent is the user-agent header value set in probe requests sent - // from queue-proxy. - QueueProxyUserAgent = "Knative-Queue-Proxy-Probe" - - // IngressReadinessUserAgent is the user-agent header value - // set in probe requests for Ingress status. - IngressReadinessUserAgent = "Knative-Ingress-Probe" - - // AutoscalingUserAgent is the user-agent header value set in probe - // requests sent by autoscaling implementations. - AutoscalingUserAgent = "Knative-Autoscaling-Probe" - - // TagHeaderName is the name of the header entry which has a tag name as value. - // The tag name specifies which route was expected to be chosen by Ingress. - TagHeaderName = "Knative-Serving-Tag" - - // DefaultRouteHeaderName is the name of the header entry - // identifying whether a request is routed via the default route or not. - // It has one of the string value "true" or "false". - DefaultRouteHeaderName = "Knative-Serving-Default-Route" - - // ProtoAcceptContent is the content type to be used when autoscaler scrapes metrics from the QP - ProtoAcceptContent = "application/protobuf" + // DefaultCertificateClassKey is the name of the configuration entry + // that specifies the default Certificate. + DefaultCertificateClassKey = "certificate-class" - // FlushInterval controls the time when we flush the connection in the - // reverse proxies (Activator, QP). - // As of go1.16, a FlushInterval of 0 (the default) still flushes immediately - // when Content-Length is -1, which means the default works properly for - // streaming/websockets, without flushing more often than necessary for - // non-streaming requests. - FlushInterval = 0 + // DefaultExternalSchemeKey is the config for defining the scheme of external URLs. + DefaultExternalSchemeKey = "default-external-scheme" - // VisibilityLabelKey is the label to indicate visibility of Route - // and KServices. It can be an annotation too but since users are - // already using labels for domain, it probably best to keep this - // consistent. - VisibilityLabelKey = "networking.knative.dev/visibility" + // DefaultIngressClassKey is the name of the configuration entry + // that specifies the default Ingress. + DefaultIngressClassKey = "ingress-class" - // PassthroughLoadbalancingHeaderName is the name of the header that directs - // load balancers to not load balance the respective request but to - // send it to the request's target directly. - PassthroughLoadbalancingHeaderName = "K-Passthrough-Lb" + // DomainTemplateKey is the name of the configuration entry that + // specifies the golang template string to use to construct the + // Knative service's DNS name. + DomainTemplateKey = "domain-template" // EnableMeshPodAddressabilityKey is the config for enabling pod addressability in mesh. EnableMeshPodAddressabilityKey = "enable-mesh-pod-addressability" + // HTTPProtocolKey is the name of the configuration entry that + // specifies the HTTP endpoint behavior of Knative ingress. + HTTPProtocolKey = "http-protocol" + // MeshCompatibilityModeKey is the config for selecting the mesh compatibility mode. MeshCompatibilityModeKey = "mesh-compatibility-mode" - // DefaultExternalSchemeKey is the config for defining the scheme of external URLs. - DefaultExternalSchemeKey = "default-external-scheme" + // NamespaceWildcardCertSelectorKey is the name of the configuration + // entry that specifies a LabelSelector to control which namespaces + // have a wildcard certificate provisioned for them. + NamespaceWildcardCertSelectorKey = "namespace-wildcard-cert-selector" + + // RolloutDurationKey is the name of the configuration entry + // that specifies the default duration of the configuration rollout. + RolloutDurationKey = "rollout-duration" + + // TagTemplateKey is the name of the configuration entry that + // specifies the golang template string to use to construct the + // hostname for a Route's tag. + TagTemplateKey = "tag-template" // ActivatorCAKey is the config for the secret name, which stores CA public certificate used // to sign the activator TLS certificate. @@ -213,6 +141,47 @@ const ( QueueProxyCertKey = "queue-proxy-cert-secret" ) +// HTTPProtocol indicates a type of HTTP endpoint behavior +// that Knative ingress could take. +type HTTPProtocol string + +const ( + // HTTPEnabled represents HTTP protocol is enabled in Knative ingress. + HTTPEnabled HTTPProtocol = "enabled" + + // HTTPDisabled represents HTTP protocol is disabled in Knative ingress. + HTTPDisabled HTTPProtocol = "disabled" + + // HTTPRedirected represents HTTP connection is redirected to HTTPS in Knative ingress. + HTTPRedirected HTTPProtocol = "redirected" +) + +// MeshCompatibilityMode is one of enabled (always use ClusterIP), disabled +// (always use Pod IP), or auto (try PodIP, and fall back to ClusterIP if mesh +// is detected). +type MeshCompatibilityMode string + +const ( + // MeshCompatibilityModeEnabled instructs consumers of network plugins, such as + // Knative Serving, to use ClusterIP when connecting to pods. This is + // required when mesh is enabled (unless EnableMeshPodAddressability is set), + // but is less efficient. + MeshCompatibilityModeEnabled MeshCompatibilityMode = "enabled" + + // MeshCompatibilityModeDisabled instructs consumers of network plugins, such as + // Knative Serving, to connect to individual Pod IPs. This is most efficient, + // but will only work with mesh enabled when EnableMeshPodAddressability is + // used. + MeshCompatibilityModeDisabled MeshCompatibilityMode = "disabled" + + // MeshCompatibilityModeAuto instructs consumers of network plugins, such as + // Knative Serving, to heuristically determine whether to connect using the + // Cluster IP, or to ocnnect to individual Pod IPs. This is most efficient, + // determine whether mesh is enabled, and fall back from Direct Pod IP + // communication to Cluster IP as needed. + MeshCompatibilityModeAuto MeshCompatibilityMode = "auto" +) + // DomainTemplateValues are the available properties people can choose from // in their Route's "DomainTemplate" golang template sting. // We could add more over time - e.g. RevisionName if we thought that @@ -232,20 +201,6 @@ type TagTemplateValues struct { Tag string } -var ( - templateCache *lru.Cache - - // Verify the default templates are valid. - _ = template.Must(template.New("domain-template").Parse(DefaultDomainTemplate)) - _ = template.Must(template.New("tag-template").Parse(DefaultTagTemplate)) -) - -func init() { - // The only failure is due to negative size. - // Store ~10 latest templates per template type. - templateCache, _ = lru.New(10 * 2) -} - // Config contains the networking configuration defined in the // network config map. type Config struct { @@ -333,47 +288,6 @@ type Config struct { QueueProxyCertSecret string } -// HTTPProtocol indicates a type of HTTP endpoint behavior -// that Knative ingress could take. -type HTTPProtocol string - -const ( - // HTTPEnabled represents HTTP protocol is enabled in Knative ingress. - HTTPEnabled HTTPProtocol = "enabled" - - // HTTPDisabled represents HTTP protocol is disabled in Knative ingress. - HTTPDisabled HTTPProtocol = "disabled" - - // HTTPRedirected represents HTTP connection is redirected to HTTPS in Knative ingress. - HTTPRedirected HTTPProtocol = "redirected" -) - -// MeshCompatibilityMode is one of enabled (always use ClusterIP), disabled -// (always use Pod IP), or auto (try PodIP, and fall back to ClusterIP if mesh -// is detected). -type MeshCompatibilityMode string - -const ( - // MeshCompatibilityModeEnabled instructs consumers of network plugins, such as - // Knative Serving, to use ClusterIP when connecting to pods. This is - // required when mesh is enabled (unless EnableMeshPodAddressability is set), - // but is less efficient. - MeshCompatibilityModeEnabled MeshCompatibilityMode = "enabled" - - // MeshCompatibilityModeDisabled instructs consumers of network plugins, such as - // Knative Serving, to connect to individual Pod IPs. This is most efficient, - // but will only work with mesh enabled when EnableMeshPodAddressability is - // used. - MeshCompatibilityModeDisabled MeshCompatibilityMode = "disabled" - - // MeshCompatibilityModeAuto instructs consumers of network plugins, such as - // Knative Serving, to heuristically determine whether to connect using the - // Cluster IP, or to ocnnect to individual Pod IPs. This is most efficient, - // determine whether mesh is enabled, and fall back from Direct Pod IP - // communication to Cluster IP as needed. - MeshCompatibilityModeAuto MeshCompatibilityMode = "auto" -) - func defaultConfig() *Config { return &Config{ DefaultIngressClass: IstioIngressClassName, @@ -395,11 +309,6 @@ func defaultConfig() *Config { } } -// NewConfigFromConfigMap creates a Config from the supplied ConfigMap -func NewConfigFromConfigMap(configMap *corev1.ConfigMap) (*Config, error) { - return NewConfigFromMap(configMap.Data) -} - // NewConfigFromMap creates a Config from the supplied data. func NewConfigFromMap(data map[string]string) (*Config, error) { nc := defaultConfig() @@ -571,82 +480,20 @@ func checkTagTemplate(t *template.Template) error { return t.Execute(ioutil.Discard, data) } -// IsKubeletProbe returns true if the request is a Kubernetes probe. -func IsKubeletProbe(r *http.Request) bool { - return strings.HasPrefix(r.Header.Get("User-Agent"), KubeProbeUAPrefix) || - r.Header.Get(KubeletProbeHeaderName) != "" -} - -// KnativeProbeHeader returns the value for key ProbeHeaderName in request headers. -func KnativeProbeHeader(r *http.Request) string { - return r.Header.Get(ProbeHeaderName) -} - -// KnativeProxyHeader returns the value for key ProxyHeaderName in request headers. -func KnativeProxyHeader(r *http.Request) string { - return r.Header.Get(ProxyHeaderName) -} - -// IsProbe returns true if the request is a Kubernetes probe or a Knative probe, -// i.e. non-empty ProbeHeaderName header. -func IsProbe(r *http.Request) bool { - return IsKubeletProbe(r) || KnativeProbeHeader(r) != "" -} - -// RewriteHostIn removes the `Host` header from the inbound (server) request -// and replaces it with our custom header. -// This is done to avoid Istio Host based routing, see #3870. -// Queue-Proxy will execute the reverse process. -func RewriteHostIn(r *http.Request) { - h := r.Host - r.Host = "" - r.Header.Del("Host") - // Don't overwrite an existing OriginalHostHeader. - if r.Header.Get(OriginalHostHeader) == "" { - r.Header.Set(OriginalHostHeader, h) - } -} - -// RewriteHostOut undoes the `RewriteHostIn` action. -// RewriteHostOut checks if network.OriginalHostHeader was set and if it was, -// then uses that as the r.Host (which takes priority over Request.Header["Host"]). -// If the request did not have the OriginalHostHeader header set, the request is untouched. -func RewriteHostOut(r *http.Request) { - if ohh := r.Header.Get(OriginalHostHeader); ohh != "" { - r.Host = ohh - r.Header.Del("Host") - r.Header.Del(OriginalHostHeader) - } -} - -// NameForPortNumber finds the name for a given port as defined by a Service. -func NameForPortNumber(svc *corev1.Service, portNumber int32) (string, error) { - for _, port := range svc.Spec.Ports { - if port.Port == portNumber { - return port.Name, nil - } - } - return "", fmt.Errorf("no port with number %d found", portNumber) -} - -// PortNumberForName resolves a given name to a portNumber as defined by an EndpointSubset. -func PortNumberForName(sub corev1.EndpointSubset, portName string) (int32, error) { - for _, subPort := range sub.Ports { - if subPort.Name == portName { - return subPort.Port, nil +// asLabelSelector returns a LabelSelector extracted from a given configmap key. +func asLabelSelector(key string, target **metav1.LabelSelector) cm.ParseFunc { + return func(data map[string]string) error { + if raw, ok := data[key]; ok { + if len(raw) > 0 { + var selector *metav1.LabelSelector + if err := yaml.Unmarshal([]byte(raw), &selector); err != nil { + return err + } + *target = selector + } } + return nil } - return 0, fmt.Errorf("no port for name %q found", portName) -} - -// IsPotentialMeshErrorResponse returns whether the HTTP response is compatible -// with having been caused by attempting direct connection when mesh was -// enabled. For example if we get a HTTP 404 status code it's safe to assume -// mesh is not enabled even if a probe was otherwise unsuccessful. This is -// useful to avoid falling back to ClusterIP when we see errors which are -// unrelated to mesh being enabled. -func IsPotentialMeshErrorResponse(resp *http.Response) bool { - return resp.StatusCode == http.StatusServiceUnavailable || resp.StatusCode == http.StatusBadGateway } // asMode parses the value at key as a MeshCompatibilityMode into the target, if it exists. @@ -663,19 +510,3 @@ func asMode(key string, target *MeshCompatibilityMode) cm.ParseFunc { return nil } } - -// asLabelSelector returns a LabelSelector extracted from a given configmap key. -func asLabelSelector(key string, target **metav1.LabelSelector) cm.ParseFunc { - return func(data map[string]string) error { - if raw, ok := data[key]; ok { - if len(raw) > 0 { - var selector *metav1.LabelSelector - if err := yaml.Unmarshal([]byte(raw), &selector); err != nil { - return err - } - *target = selector - } - } - return nil - } -} diff --git a/vendor/knative.dev/networking/pkg/doc.go b/vendor/knative.dev/networking/pkg/config/doc.go similarity index 93% rename from vendor/knative.dev/networking/pkg/doc.go rename to vendor/knative.dev/networking/pkg/config/doc.go index a0b73a258e..4d6130b243 100644 --- a/vendor/knative.dev/networking/pkg/doc.go +++ b/vendor/knative.dev/networking/pkg/config/doc.go @@ -1,5 +1,5 @@ /* -Copyright 2018 The Knative Authors +Copyright 2022 The Knative Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ limitations under the License. // +k8s:deepcopy-gen=package // Package network holds the typed objects that define the schemas for // configuring the knative/serving networking layer. -package pkg +package config diff --git a/vendor/knative.dev/networking/pkg/zz_generated.deepcopy.go b/vendor/knative.dev/networking/pkg/config/zz_generated.deepcopy.go similarity index 99% rename from vendor/knative.dev/networking/pkg/zz_generated.deepcopy.go rename to vendor/knative.dev/networking/pkg/config/zz_generated.deepcopy.go index 1d2fd66400..276a4b9f87 100644 --- a/vendor/knative.dev/networking/pkg/zz_generated.deepcopy.go +++ b/vendor/knative.dev/networking/pkg/config/zz_generated.deepcopy.go @@ -19,7 +19,7 @@ limitations under the License. // Code generated by deepcopy-gen. DO NOT EDIT. -package pkg +package config import ( v1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/vendor/knative.dev/networking/pkg/deprecated_config.go b/vendor/knative.dev/networking/pkg/deprecated_config.go new file mode 100644 index 0000000000..b7c31befef --- /dev/null +++ b/vendor/knative.dev/networking/pkg/deprecated_config.go @@ -0,0 +1,247 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package pkg + +import ( + corev1 "k8s.io/api/core/v1" + "knative.dev/networking/pkg/config" +) + +const ( + // ConfigName is the name of the configmap containing all + // customizations for networking features. + // + // Deprecated: use knative.dev/networking/pkg/config.ConfigMapName + ConfigName = config.ConfigMapName + + // DefaultDomainTemplate is the default golang template to use when + // constructing the Knative Route's Domain(host) + // + // Deprecated: use knative.dev/networking/pkg/config.DefaultDomainTemplate + DefaultDomainTemplate = config.DefaultDomainTemplate + + // DefaultTagTemplate is the default golang template to use when + // constructing the Knative Route's tag names. + // + // Deprecated: use knative.dev/networking/pkg/config.DefaultTagTemplate + DefaultTagTemplate = config.DefaultTagTemplate + + // DefaultIngressClassKey is the name of the configuration entry + // that specifies the default Ingress. + // + // Deprecated: use knative.dev/networking/pkg/config.DefaultIngressClassKey + DefaultIngressClassKey = config.DefaultIngressClassKey + + // DefaultCertificateClassKey is the name of the configuration entry + // that specifies the default Certificate. + // + // Deprecated: use knative.dev/networking/pkg/config.DefaultCertificateClassKey + DefaultCertificateClassKey = config.DefaultCertificateClassKey + + // IstioIngressClassName value for specifying knative's Istio + // Ingress reconciler. + // + // Deprecated: use knative.dev/networking/pkg/config.IstioIngressClassName + IstioIngressClassName = config.IstioIngressClassName + + // CertManagerCertificateClassName value for specifying Knative's Cert-Manager + // Certificate reconciler. + // + // Deprecated: use knative.dev/networking/pkg/config.CertManagerCertificateClassName + CertManagerCertificateClassName = config.CertManagerCertificateClassName + + // DomainTemplateKey is the name of the configuration entry that + // specifies the golang template string to use to construct the + // Knative service's DNS name. + // + // Deprecated: use knative.dev/networking/pkg/config.DomainTemplateKey + DomainTemplateKey = config.DomainTemplateKey + + // TagTemplateKey is the name of the configuration entry that + // specifies the golang template string to use to construct the + // hostname for a Route's tag. + // + // Deprecated: use knative.dev/networking/pkg/config.TagTemplateKey + TagTemplateKey = config.TagTemplateKey + + // RolloutDurationKey is the name of the configuration entry + // that specifies the default duration of the configuration rollout. + // + // Deprecated: use knative.dev/networking/pkg/config.RolloutDurationKey + RolloutDurationKey = config.RolloutDurationKey + + // NamespaceWildcardCertSelectorKey is the name of the configuration + // entry that specifies a LabelSelector to control which namespaces + // have a wildcard certificate provisioned for them. + // + // Deprecated: use knative.dev/networking/pkg/config.NamespaceWildcardCertSelectorKey + NamespaceWildcardCertSelectorKey = config.NamespaceWildcardCertSelectorKey + + // AutocreateClusterDomainClaimsKey is the key for the + // AutocreateClusterDomainClaims property. + // + // Deprecated: use knative.dev/networking/pkg/config.AutocreateClusterDomainClaimsKey + AutocreateClusterDomainClaimsKey = config.AutocreateClusterDomainClaimsKey + + // AutoTLSKey is the name of the configuration entry + // that specifies enabling auto-TLS or not. + // + // Deprecated: use knative.dev/networking/pkg/config.AutoTLSKey + AutoTLSKey = config.AutoTLSKey + + // HTTPProtocolKey is the name of the configuration entry that + // specifies the HTTP endpoint behavior of Knative ingress. + // + // Deprecated: use knative.dev/networking/pkg/config.HTTPProtocolKey + HTTPProtocolKey = config.HTTPProtocolKey + + // EnableMeshPodAddressabilityKey is the config for enabling pod addressability in mesh. + // + // Deprecated: use knative.dev/networking/pkg/config.EnableMeshPodAddressabilityKey + EnableMeshPodAddressabilityKey = config.EnableMeshPodAddressabilityKey + + // MeshCompatibilityModeKey is the config for selecting the mesh compatibility mode. + // + // Deprecated: use knative.dev/networking/pkg/config.MeshCompatibilityModeKey + MeshCompatibilityModeKey = config.MeshCompatibilityModeKey + + // DefaultExternalSchemeKey is the config for defining the scheme of external URLs. + // + // Deprecated: use knative.dev/networking/pkg/config.DefaultExternalSchemeKey + DefaultExternalSchemeKey = config.DefaultExternalSchemeKey + + // ActivatorCAKey is the config for the secret name, which stores CA public certificate used + // to sign the activator TLS certificate. + // + // Deprecated: use knative.dev/networking/pkg/config.ActivatorCAKey + ActivatorCAKey = config.ActivatorCAKey + + // ActivatorSANKey is the config for the SAN used to validate the activator TLS certificate. + // + // Deprecated: use knative.dev/networking/pkg/config.ActivatorSANKey + ActivatorSANKey = config.ActivatorSANKey + + // ActivatorCertKey is the config for the secret name, which stores certificates + // to serve the TLS traffic from ingress to activator. + // + // Deprecated: use knative.dev/networking/pkg/config.ActivatorCertKey + ActivatorCertKey = config.ActivatorCertKey + + // QueueProxyCAKey is the config for the secret name, which stores CA public certificate used + // to sign the queue-proxy TLS certificate. + // + // Deprecated: use knative.dev/networking/pkg/config.QueueProxyCAKey + QueueProxyCAKey = config.QueueProxyCAKey + + // QueueProxySANKey is the config for the SAN used to validate the queue-proxy TLS certificate. + // + // Deprecated: use knative.dev/networking/pkg/config.QueueProxySANKey + QueueProxySANKey = config.QueueProxySANKey + + // QueueProxyCertKey is the config for the secret name, which stores certificates + // to serve the TLS traffic from activator to queue-proxy. + // + // Deprecated: use knative.dev/networking/pkg/config.QueueProxyCertKey + QueueProxyCertKey = config.QueueProxyCertKey +) + +// DomainTemplateValues are the available properties people can choose from +// in their Route's "DomainTemplate" golang template sting. +// We could add more over time - e.g. RevisionName if we thought that +// might be of interest to people. +// +// Deprecated: use knative.dev/networking/pkg/config.DomainTemplateValues +type DomainTemplateValues = config.DomainTemplateValues + +// TagTemplateValues are the available properties people can choose from +// in their Route's "TagTemplate" golang template sting. +// +// Deprecated: use knative.dev/networking/pkg/config.TagTemplateValues +type TagTemplateValues = config.TagTemplateValues + +// Config contains the networking configuration defined in the +// network config map. +// +// Deprecated: use knative.dev/networking/pkg/config.Config +type Config = config.Config + +// HTTPProtocol indicates a type of HTTP endpoint behavior +// that Knative ingress could take. +// +// Deprecated: use knative.dev/networking/pkg/config.HTTPProtocol +type HTTPProtocol = config.HTTPProtocol + +const ( + // HTTPEnabled represents HTTP protocol is enabled in Knative ingress. + // + // Deprecated: use knative.dev/networking/pkg/config.HTTPEnabled + HTTPEnabled HTTPProtocol = config.HTTPEnabled + + // HTTPDisabled represents HTTP protocol is disabled in Knative ingress. + // + // Deprecated: use knative.dev/networking/pkg/config.HTTPDisabled + HTTPDisabled HTTPProtocol = config.HTTPDisabled + + // HTTPRedirected represents HTTP connection is redirected to HTTPS in Knative ingress. + // + // Deprecated: use knative.dev/networking/pkg/config.HTTPRedirected + HTTPRedirected HTTPProtocol = config.HTTPRedirected +) + +// MeshCompatibilityMode is one of enabled (always use ClusterIP), disabled +// (always use Pod IP), or auto (try PodIP, and fall back to ClusterIP if mesh +// is detected). +// +// Deprecated: use knative.dev/networking/pkg/config.MeshCompatibilityMode +type MeshCompatibilityMode = config.MeshCompatibilityMode + +const ( + // MeshCompatibilityModeEnabled instructs consumers of network plugins, such as + // Knative Serving, to use ClusterIP when connecting to pods. This is + // required when mesh is enabled (unless EnableMeshPodAddressability is set), + // but is less efficient. + // + // Deprecated: Use knative.dev/pkg/config/MeshCompatibilityModeEnabled + MeshCompatibilityModeEnabled MeshCompatibilityMode = config.MeshCompatibilityModeEnabled + + // MeshCompatibilityModeDisabled instructs consumers of network plugins, such as + // Knative Serving, to connect to individual Pod IPs. This is most efficient, + // but will only work with mesh enabled when EnableMeshPodAddressability is + // used. + // + // Deprecated: Use knative.dev/pkg/config/MeshCompatibilityModeDisabled + MeshCompatibilityModeDisabled MeshCompatibilityMode = config.MeshCompatibilityModeDisabled + + // MeshCompatibilityModeAuto instructs consumers of network plugins, such as + // Knative Serving, to heuristically determine whether to connect using the + // Cluster IP, or to ocnnect to individual Pod IPs. This is most efficient, + // determine whether mesh is enabled, and fall back from Direct Pod IP + // communication to Cluster IP as needed. + // + // Deprecated: Use knative.dev/pkg/config/MeshCompatibilityModeAuto + MeshCompatibilityModeAuto MeshCompatibilityMode = config.MeshCompatibilityModeAuto +) + +// NewConfigFromConfigMap creates a Config from the supplied ConfigMap +func NewConfigFromConfigMap(configMap *corev1.ConfigMap) (*Config, error) { + return NewConfigFromMap(configMap.Data) +} + +// NewConfigFromMap creates a Config from the supplied data. +// +// Deprecated: Use knative.dev/pkg/config/NewConfigFromMap +var NewConfigFromMap = config.NewConfigFromMap diff --git a/vendor/knative.dev/networking/pkg/deprecated_header.go b/vendor/knative.dev/networking/pkg/deprecated_header.go new file mode 100644 index 0000000000..f2943f84ee --- /dev/null +++ b/vendor/knative.dev/networking/pkg/deprecated_header.go @@ -0,0 +1,167 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package pkg + +import ( + "knative.dev/networking/pkg/http/header" +) + +const ( + // ProbeHeaderName is the name of a header that can be added to + // requests to probe the knative networking layer. Requests + // with this header will not be passed to the user container or + // included in request metrics. + // + // Deprecated: use knative.dev/networking/pkg/header.ProbeKey + ProbeHeaderName = header.ProbeKey + + // ProxyHeaderName is the name of an internal header that activator + // uses to mark requests going through it. + // + // Deprecated: use knative.dev/networking/pkg/header.ProxyKey + ProxyHeaderName = header.ProxyKey + + // HashHeaderName is the name of an internal header that Ingress controller + // uses to find out which version of the networking config is deployed. + // + // Deprecated: use knative.dev/networking/pkg/header.HashKey + HashHeaderName = header.HashKey + + // HashHeaderValue is the value that must appear in the HashHeaderName + // header in order for our network hash to be injected. + // + // Deprecated: use knative.dev/networking/pkg/header.HashValueOverride + HashHeaderValue = header.HashValueOverride + + // OriginalHostHeader is used to avoid Istio host based routing rules + // in Activator. + // The header contains the original Host value that can be rewritten + // at the Queue proxy level back to be a host header. + // + // Deprecated: use knative.dev/networking/pkg/header.OriginalHostKey + OriginalHostHeader = header.OriginalHostKey + + // KubeProbeUAPrefix is the user agent prefix of the probe. + // Since K8s 1.8, prober requests have + // User-Agent = "kube-probe/{major-version}.{minor-version}". + // + // Deprecated: use knative.dev/networking/pkg/header.KubeProbeUAPrefix + KubeProbeUAPrefix = header.KubeProbeUAPrefix + + // KubeletProbeHeaderName is the name of the header supplied by kubelet + // probes. Istio with mTLS rewrites probes, but their probes pass a + // different user-agent. So we augment the probes with this header. + // + // Deprecated: use knative.dev/networking/pkg/header.KubeletProbeHeaderName + KubeletProbeHeaderName = header.KubeletProbeKey + + // UserAgentKey is the constant for header "User-Agent". + // + // Deprecated: use knative.dev/networking/pkg/header.UserAgentKey + UserAgentKey = header.UserAgentKey + + // ActivatorUserAgent is the user-agent header value set in probe requests sent + // from activator. + // + // Deprecated: use knative.dev/networking/pkg/header.ActivatorUserAgent + ActivatorUserAgent = header.ActivatorUserAgent + + // QueueProxyUserAgent is the user-agent header value set in probe requests sent + // from queue-proxy. + // + // Deprecated: use knative.dev/networking/pkg/header.QueueProxyUserAgent + QueueProxyUserAgent = header.QueueProxyUserAgent + + // IngressReadinessUserAgent is the user-agent header value + // set in probe requests for Ingress status. + // + // Deprecated: use knative.dev/networking/pkg/header.IngressReadinessUserAgent + IngressReadinessUserAgent = header.IngressReadinessUserAgent + + // AutoscalingUserAgent is the user-agent header value set in probe + // requests sent by autoscaling implementations. + // + // Deprecated: use knative.dev/networking/pkg/header.ActivatorUserAgent + AutoscalingUserAgent = header.AutoscalingUserAgent + + // TagHeaderName is the name of the header entry which has a tag name as value. + // The tag name specifies which route was expected to be chosen by Ingress. + // + // Deprecated: use knative.dev/networking/pkg/header.RouteTagKey + TagHeaderName = header.RouteTagKey + + // DefaultRouteHeaderName is the name of the header entry + // identifying whether a request is routed via the default route or not. + // It has one of the string value "true" or "false". + // + // Deprecated: use knative.dev/networking/pkg/header.DefaultRouteKey + DefaultRouteHeaderName = header.DefaultRouteKey + + // PassthroughLoadbalancingHeaderName is the name of the header that directs + // load balancers to not load balance the respective request but to + // send it to the request's target directly. + // + // Deprecated: use knative.dev/networking/pkg/header.PassthroughLoadbalancingHeaderName + PassthroughLoadbalancingHeaderName = header.PassthroughLoadbalancingKey + + // ProtoAcceptContent is the content type to be used when autoscaler scrapes metrics from the QP + // + // Deprecated: use knative.dev/networking/pkg/header.ProtobufMIMEType + ProtoAcceptContent = header.ProtobufMIMEType + + // ProbeHeaderValue is the value used in 'K-Network-Probe' + // + // Deprecated: use knative.dev/networking/pkg/header.ProbeValue + ProbeHeaderValue = header.ProbeValue +) + +// IsKubeletProbe returns true if the request is a Kubernetes probe. +// +// Deprecated: use knative.dev/networking/pkg/header.IsKubeletProbe +var IsKubeletProbe = header.IsKubeletProbe + +// KnativeProbeHeader returns the value for key ProbeHeaderName in request headers. +// +// Deprecated: use knative.dev/networking/pkg/header.GetKnativeProbeValue +var KnativeProbeHeader = header.GetKnativeProbeValue + +// KnativeProxyHeader returns the value for key ProxyHeaderName in request headers. +// +// Deprecated: use knative.dev/networking/pkg/header.GetKnativeProxyValue +var KnativeProxyHeader = header.GetKnativeProxyValue + +// IsProbe returns true if the request is a Kubernetes probe or a Knative probe, +// i.e. non-empty ProbeHeaderName header. +// +// Deprecated: use knative.dev/networking/pkg/header.IsProbe +var IsProbe = header.IsProbe + +// RewriteHostIn removes the `Host` header from the inbound (server) request +// and replaces it with our custom header. +// This is done to avoid Istio Host based routing, see #3870. +// Queue-Proxy will execute the reverse process. +// +// Deprecated: use knative.dev/networking/pkg/header.RewriteHostIn +var RewriteHostIn = header.RewriteHostIn + +// RewriteHostOut undoes the `RewriteHostIn` action. +// RewriteHostOut checks if network.OriginalHostHeader was set and if it was, +// then uses that as the r.Host (which takes priority over Request.Header["Host"]). +// If the request did not have the OriginalHostHeader header set, the request is untouched. +// +// Deprecated: use knative.dev/networking/pkg/header.RewriteHostOut +var RewriteHostOut = header.RewriteHostOut diff --git a/vendor/knative.dev/networking/pkg/deprecated_http.go b/vendor/knative.dev/networking/pkg/deprecated_http.go new file mode 100644 index 0000000000..195d3f60c9 --- /dev/null +++ b/vendor/knative.dev/networking/pkg/deprecated_http.go @@ -0,0 +1,116 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package pkg + +import ( + "knative.dev/networking/pkg/http" + "knative.dev/networking/pkg/http/probe" + "knative.dev/networking/pkg/http/proxy" + "knative.dev/networking/pkg/http/stats" +) + +const ( + // ProbePath is the name of a path that activator, autoscaler and + // prober(used by KIngress generally) use for health check. + // + // Deprecated: use knative.dev/networking/pkg/http.HealthCheckPath + ProbePath = http.HealthCheckPath + + // FlushInterval controls the time when we flush the connection in the + // reverse proxies (Activator, QP). + // As of go1.16, a FlushInterval of 0 (the default) still flushes immediately + // when Content-Length is -1, which means the default works properly for + // streaming/websockets, without flushing more often than necessary for + // non-streaming requests. + // + // Deprecated: use knative.dev/networking/pkg/http.ReverseProxyFlushInterval + FlushInterval = proxy.FlushInterval +) + +type ( + // ReqEvent represents either an incoming or closed request. + // + // Deprecated: use knative.dev/networking/pkg/http/stats.ReqEvent + ReqEvent = stats.ReqEvent + + // ReqEventType denotes the type (incoming/closed) of a ReqEvent. + // + // Deprecated: use knative.dev/networking/pkg/http/stats.ReqEventType + ReqEventType = stats.ReqEventType + + // RequestStats collects statistics about requests as they flow in and out of the system. + // + // Deprecated: use knative.dev/networking/pkg/http/stats.RequestStats + RequestStats = stats.RequestStats + + // RequestStatsReport are the metrics reported from the the request stats collector + // at a given time. + // + // Deprecated: use knative.dev/networking/pkg/http/stats.RequestStatsReport + RequestStatsReport = stats.RequestStatsReport +) + +const ( + // ReqIn represents an incoming request + // + // Deprecated: use knative.dev/networking/pkg/http/stats.ReqIn + ReqIn = stats.ReqIn + + // ReqOut represents a finished request + // + // Deprecated: use knative.dev/networking/pkg/http/stats.ReqOut + ReqOut = stats.ReqOut + + // ProxiedIn represents an incoming request through a proxy. + // + // Deprecated: use knative.dev/networking/pkg/http/stats.ProxiedIn + ProxiedIn = stats.ProxiedIn + + // ProxiedOut represents a finished proxied request. + // + // Deprecated: use knative.dev/networking/pkg/http/stats.ProxiedOut + ProxiedOut = stats.ProxiedOut +) + +var ( + // NewRequestStats builds a RequestStats instance, started at the given time. + // + // Deprecated: use knative.dev/networking/pkg/http/stats.NewRequestStats + NewRequestStats = stats.NewRequestStats + + // NewBufferPool creates a new BufferPool. This is only safe to use in the context + // of a httputil.ReverseProxy, as the buffers returned via Put are not cleaned + // explicitly. + // + // Deprecated: use knative.dev/networking/pkg/http/proxy.NewBufferPool + NewBufferPool = proxy.NewBufferPool + + // NewProbeHandler wraps a HTTP handler handling probing requests around the provided HTTP handler + // + // Deprecated: use knative.dev/networking/pkg/http/probe.NewHandler + NewProbeHandler = probe.NewHandler + + // IsPotentialMeshErrorResponse returns whether the HTTP response is compatible + // with having been caused by attempting direct connection when mesh was + // enabled. For example if we get a HTTP 404 status code it's safe to assume + // mesh is not enabled even if a probe was otherwise unsuccessful. This is + // useful to avoid falling back to ClusterIP when we see errors which are + // unrelated to mesh being enabled. + // + // Deprecated: use knative.dev/networking/pkg/http.IsPotentialMeshErrorResponse + IsPotentialMeshErrorResponse = http.IsPotentialMeshErrorResponse +) diff --git a/vendor/knative.dev/networking/pkg/deprecated_labels.go b/vendor/knative.dev/networking/pkg/deprecated_labels.go new file mode 100644 index 0000000000..f8f3ebbe66 --- /dev/null +++ b/vendor/knative.dev/networking/pkg/deprecated_labels.go @@ -0,0 +1,29 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package pkg + +import "knative.dev/networking/pkg/labels" + +const ( + // VisibilityLabelKey is the label to indicate visibility of Route + // and KServices. It can be an annotation too but since users are + // already using labels for domain, it probably best to keep this + // consistent. + // + // Deprecated: use knative.dev/networking/pkg/labels.VisibilityLabelKey + VisibilityLabelKey = labels.VisibilityLabelKey +) diff --git a/vendor/knative.dev/networking/pkg/deprecated_port.go b/vendor/knative.dev/networking/pkg/deprecated_port.go new file mode 100644 index 0000000000..8b218289ce --- /dev/null +++ b/vendor/knative.dev/networking/pkg/deprecated_port.go @@ -0,0 +1,29 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package pkg + +import "knative.dev/networking/pkg/k8s" + +// NameForPortNumber finds the name for a given port as defined by a Service. +// +// Deprecated: use knative.dev/networking/pkg/k8s.NameForPortNumber +var NameForPortNumber = k8s.NameForPortNumber + +// PortNumberForName resolves a given name to a portNumber as defined by an EndpointSubset. +// +// Deprecated: use knative.dev/networking/pkg/k8s.PortNumberForName +var PortNumberForName = k8s.PortNumberForName diff --git a/vendor/knative.dev/networking/pkg/http/constants.go b/vendor/knative.dev/networking/pkg/http/constants.go new file mode 100644 index 0000000000..4012153de2 --- /dev/null +++ b/vendor/knative.dev/networking/pkg/http/constants.go @@ -0,0 +1,23 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package http + +const ( + // HealthCheckPath is the name of a path that activator, autoscaler and + // prober(used by KIngress generally) use for health check. + HealthCheckPath = "/healthz" +) diff --git a/vendor/knative.dev/networking/pkg/http/error.go b/vendor/knative.dev/networking/pkg/http/error.go new file mode 100644 index 0000000000..93878f3307 --- /dev/null +++ b/vendor/knative.dev/networking/pkg/http/error.go @@ -0,0 +1,29 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package http + +import "net/http" + +// IsPotentialMeshErrorResponse returns whether the HTTP response is compatible +// with having been caused by attempting direct connection when mesh was +// enabled. For example if we get a HTTP 404 status code it's safe to assume +// mesh is not enabled even if a probe was otherwise unsuccessful. This is +// useful to avoid falling back to ClusterIP when we see errors which are +// unrelated to mesh being enabled. +func IsPotentialMeshErrorResponse(resp *http.Response) bool { + return resp.StatusCode == http.StatusServiceUnavailable || resp.StatusCode == http.StatusBadGateway +} diff --git a/vendor/knative.dev/networking/pkg/http/header/header.go b/vendor/knative.dev/networking/pkg/http/header/header.go new file mode 100644 index 0000000000..158fb06200 --- /dev/null +++ b/vendor/knative.dev/networking/pkg/http/header/header.go @@ -0,0 +1,157 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package header + +import ( + "net/http" + "strings" +) + +// HashKey & Values +const ( + // HashKey is the name of an internal header that Ingress controller + // uses to find out which version of the networking config is deployed. + HashKey = "K-Network-Hash" + + // HashValueOverride is the value that must appear in the HashHeaderKey + // header in order for our network hash to be injected. + HashValueOverride = "override" +) + +// ProbeKey & Values +const ( + // ProbeKey is the name of a header that can be added to + // requests to probe the knative networking layer. Requests + // with this header will not be passed to the user container or + // included in request metrics. + ProbeKey = "K-Network-Probe" + + // ProbeValue is the value used in 'K-Network-Probe' + ProbeValue = "probe" +) + +const ( + // ProxyKey is the name of an internal header that activator + // uses to mark requests going through it. + ProxyKey = "K-Proxy-Request" + + // OriginalHostKey is used to avoid Istio host based routing rules + // in Activator. + // The header contains the original Host value that can be rewritten + // at the Queue proxy level back to be a host header. + OriginalHostKey = "K-Original-Host" + + // KubeletProbeKey is the name of the header supplied by kubelet + // probes. Istio with mTLS rewrites probes, but their probes pass a + // different user-agent. So we augment the probes with this header. + KubeletProbeKey = "K-Kubelet-Probe" + + // RouteTagKey is the name of the header entry which has a tag name as value. + // The tag name specifies which route was expected to be chosen by Ingress. + RouteTagKey = "Knative-Serving-Tag" + + // DefaultRouteKey is the name of the header entry + // identifying whether a request is routed via the default route or not. + // It has one of the string value "true" or "false". + DefaultRouteKey = "Knative-Serving-Default-Route" + + // PassthroughLoadbalancingKey is the name of the header that directs + // load balancers to not load balance the respective request but to + // send it to the request's target directly. + PassthroughLoadbalancingKey = "K-Passthrough-Lb" +) + +// User Agent Key & Values +const ( + // UserAgentKey is the constant for header "User-Agent". + UserAgentKey = "User-Agent" + + // KubeProbeUAPrefix is the user agent prefix of the probe. + // Since K8s 1.8, prober requests have + // User-Agent = "kube-probe/{major-version}.{minor-version}". + KubeProbeUAPrefix = "kube-probe/" + + // ActivatorUserAgent is the user-agent header value set in probe requests sent + // from activator. + ActivatorUserAgent = "Knative-Activator-Probe" + + // QueueProxyUserAgent is the user-agent header value set in probe requests sent + // from queue-proxy. + QueueProxyUserAgent = "Knative-Queue-Proxy-Probe" + + // IngressReadinessUserAgent is the user-agent header value + // set in probe requests for Ingress status. + IngressReadinessUserAgent = "Knative-Ingress-Probe" + + // AutoscalingUserAgent is the user-agent header value set in probe + // requests sent by autoscaling implementations. + AutoscalingUserAgent = "Knative-Autoscaling-Probe" +) + +// Accept Content Values +const ( + // ProtobufMIMEType is a content type to be used when autoscaler scrapes metrics from the QP + ProtobufMIMEType = "application/protobuf" +) + +// KnativeProbeHeader returns the value for key ProbeHeaderName in request headers. +func GetKnativeProbeValue(r *http.Request) string { + return r.Header.Get(ProbeKey) +} + +// KnativeProxyHeader returns the value for key ProxyHeaderName in request headers. +func GetKnativeProxyValue(r *http.Request) string { + return r.Header.Get(ProxyKey) +} + +// IsProbe returns true if the request is a Kubernetes probe or a Knative probe, +// i.e. non-empty ProbeHeaderName header. +func IsProbe(r *http.Request) bool { + return IsKubeletProbe(r) || GetKnativeProbeValue(r) != "" +} + +// IsKubeletProbe returns true if the request is a Kubernetes probe. +func IsKubeletProbe(r *http.Request) bool { + return strings.HasPrefix(r.Header.Get("User-Agent"), KubeProbeUAPrefix) || + r.Header.Get(KubeletProbeKey) != "" +} + +// RewriteHostIn removes the `Host` header from the inbound (server) request +// and replaces it with our custom header. +// This is done to avoid Istio Host based routing, see #3870. +// Queue-Proxy will execute the reverse process. +func RewriteHostIn(r *http.Request) { + h := r.Host + r.Host = "" + r.Header.Del("Host") + // Don't overwrite an existing OriginalHostHeader. + if r.Header.Get(OriginalHostKey) == "" { + r.Header.Set(OriginalHostKey, h) + } +} + +// RewriteHostOut undoes the `RewriteHostIn` action. +// RewriteHostOut checks if network.OriginalHostHeader was set and if it was, +// then uses that as the r.Host (which takes priority over Request.Header["Host"]). +// If the request did not have the OriginalHostHeader header set, the request is untouched. +func RewriteHostOut(r *http.Request) { + if ohh := r.Header.Get(OriginalHostKey); ohh != "" { + r.Host = ohh + r.Header.Del("Host") + r.Header.Del(OriginalHostKey) + } +} diff --git a/vendor/knative.dev/networking/pkg/probe_handler.go b/vendor/knative.dev/networking/pkg/http/probe/handler.go similarity index 63% rename from vendor/knative.dev/networking/pkg/probe_handler.go rename to vendor/knative.dev/networking/pkg/http/probe/handler.go index 3283ef1976..c1d86b93af 100644 --- a/vendor/knative.dev/networking/pkg/probe_handler.go +++ b/vendor/knative.dev/networking/pkg/http/probe/handler.go @@ -1,5 +1,5 @@ /* -Copyright 2019 The Knative Authors +Copyright 2022 The Knative Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,39 +14,38 @@ See the License for the specific language governing permissions and limitations under the License. */ -package pkg +package probe import ( "fmt" "net/http" -) -// ProbeHeaderValue is the value used in 'K-Network-Probe' -var ProbeHeaderValue = "probe" + "knative.dev/networking/pkg/http/header" +) type handler struct { next http.Handler } -// NewProbeHandler wraps a HTTP handler handling probing requests around the provided HTTP handler -func NewProbeHandler(next http.Handler) http.Handler { +// NewHandler wraps a HTTP handler handling probing requests around the provided HTTP handler +func NewHandler(next http.Handler) http.Handler { return &handler{next: next} } // ServeHTTP handles probing requests func (h *handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { - if ph := r.Header.Get(ProbeHeaderName); ph != ProbeHeaderValue { - r.Header.Del(HashHeaderName) + if ph := r.Header.Get(header.ProbeKey); ph != header.ProbeValue { + r.Header.Del(header.HashKey) h.next.ServeHTTP(w, r) return } - hh := r.Header.Get(HashHeaderName) + hh := r.Header.Get(header.HashKey) if hh == "" { - http.Error(w, fmt.Sprintf("a probe request must contain a non-empty %q header", HashHeaderName), http.StatusBadRequest) + http.Error(w, fmt.Sprintf("a probe request must contain a non-empty %q header", header.HashKey), http.StatusBadRequest) return } - w.Header().Set(HashHeaderName, hh) + w.Header().Set(header.HashKey, hh) w.WriteHeader(http.StatusOK) } diff --git a/vendor/knative.dev/networking/pkg/bufferpool.go b/vendor/knative.dev/networking/pkg/http/proxy/bufferpool.go similarity index 96% rename from vendor/knative.dev/networking/pkg/bufferpool.go rename to vendor/knative.dev/networking/pkg/http/proxy/bufferpool.go index de257f059f..80d81f5dae 100644 --- a/vendor/knative.dev/networking/pkg/bufferpool.go +++ b/vendor/knative.dev/networking/pkg/http/proxy/bufferpool.go @@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - https://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package pkg +package proxy import ( "net/http/httputil" diff --git a/vendor/knative.dev/networking/pkg/http/proxy/constants.go b/vendor/knative.dev/networking/pkg/http/proxy/constants.go new file mode 100644 index 0000000000..8d43e4425f --- /dev/null +++ b/vendor/knative.dev/networking/pkg/http/proxy/constants.go @@ -0,0 +1,28 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package proxy + +const ( + + // FlushInterval controls the time when we flush the connection in the + // reverse proxies (Activator, QP). + // As of go1.16, a FlushInterval of 0 (the default) still flushes immediately + // when Content-Length is -1, which means the default works properly for + // streaming/websockets, without flushing more often than necessary for + // non-streaming requests. + FlushInterval = 0 +) diff --git a/vendor/knative.dev/networking/pkg/stats.go b/vendor/knative.dev/networking/pkg/http/stats/request.go similarity index 97% rename from vendor/knative.dev/networking/pkg/stats.go rename to vendor/knative.dev/networking/pkg/http/stats/request.go index a42515ffc6..0fee36177f 100644 --- a/vendor/knative.dev/networking/pkg/stats.go +++ b/vendor/knative.dev/networking/pkg/http/stats/request.go @@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - https://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package pkg +package stats import ( "sync" @@ -24,7 +24,6 @@ import ( ) // ReqEvent represents either an incoming or closed request. -// +k8s:deepcopy-gen=false type ReqEvent struct { // Time is the time the request event happened. Time time.Time @@ -55,7 +54,6 @@ func NewRequestStats(startedAt time.Time) *RequestStats { } // RequestStats collects statistics about requests as they flow in and out of the system. -// +k8s:deepcopy-gen=false type RequestStats struct { mux sync.Mutex @@ -72,7 +70,6 @@ type RequestStats struct { // RequestStatsReport are the metrics reported from the the request stats collector // at a given time. -// +k8s:deepcopy-gen=false type RequestStatsReport struct { // AverageConcurrency is the average concurrency over the reporting timeframe. // This is calculated via the utilization at a given concurrency. For example: diff --git a/vendor/knative.dev/networking/pkg/ingress/ingress.go b/vendor/knative.dev/networking/pkg/ingress/ingress.go index 843f8c7c70..e0a9466943 100644 --- a/vendor/knative.dev/networking/pkg/ingress/ingress.go +++ b/vendor/knative.dev/networking/pkg/ingress/ingress.go @@ -23,8 +23,8 @@ import ( "strings" "k8s.io/apimachinery/pkg/util/sets" - net "knative.dev/networking/pkg" "knative.dev/networking/pkg/apis/networking/v1alpha1" + "knative.dev/networking/pkg/http/header" "knative.dev/pkg/network" ) @@ -61,8 +61,8 @@ func InsertProbe(ing *v1alpha1.Ingress) (string, error) { if elt.Headers == nil { elt.Headers = make(map[string]v1alpha1.HeaderMatch, 1) } - elt.Headers[net.HashHeaderName] = v1alpha1.HeaderMatch{Exact: net.HashHeaderValue} - elt.AppendHeaders[net.HashHeaderName] = hash + elt.Headers[header.HashKey] = v1alpha1.HeaderMatch{Exact: header.HashValueOverride} + elt.AppendHeaders[header.HashKey] = hash probePaths = append(probePaths, *elt) } rule.HTTP.Paths = append(probePaths, rule.HTTP.Paths...) diff --git a/vendor/knative.dev/networking/pkg/k8s/ports.go b/vendor/knative.dev/networking/pkg/k8s/ports.go new file mode 100644 index 0000000000..265a6b86bd --- /dev/null +++ b/vendor/knative.dev/networking/pkg/k8s/ports.go @@ -0,0 +1,43 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package k8s + +import ( + "fmt" + + corev1 "k8s.io/api/core/v1" +) + +// NameForPortNumber finds the name for a given port as defined by a Service. +func NameForPortNumber(svc *corev1.Service, portNumber int32) (string, error) { + for _, port := range svc.Spec.Ports { + if port.Port == portNumber { + return port.Name, nil + } + } + return "", fmt.Errorf("no port with number %d found", portNumber) +} + +// PortNumberForName resolves a given name to a portNumber as defined by an EndpointSubset. +func PortNumberForName(sub corev1.EndpointSubset, portName string) (int32, error) { + for _, subPort := range sub.Ports { + if subPort.Name == portName { + return subPort.Port, nil + } + } + return 0, fmt.Errorf("no port for name %q found", portName) +} diff --git a/vendor/knative.dev/networking/pkg/labels/labels.go b/vendor/knative.dev/networking/pkg/labels/labels.go new file mode 100644 index 0000000000..e3ac89506f --- /dev/null +++ b/vendor/knative.dev/networking/pkg/labels/labels.go @@ -0,0 +1,25 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package labels + +const ( + // VisibilityLabelKey is the label to indicate visibility of Route + // and KServices. It can be an annotation too but since users are + // already using labels for domain, it probably best to keep this + // consistent. + VisibilityLabelKey = "networking.knative.dev/visibility" +) diff --git a/vendor/knative.dev/networking/pkg/status/status.go b/vendor/knative.dev/networking/pkg/status/status.go index 1084444f56..815382a901 100644 --- a/vendor/knative.dev/networking/pkg/status/status.go +++ b/vendor/knative.dev/networking/pkg/status/status.go @@ -37,8 +37,9 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/client-go/util/workqueue" - network "knative.dev/networking/pkg" "knative.dev/networking/pkg/apis/networking/v1alpha1" + nethttp "knative.dev/networking/pkg/http" + "knative.dev/networking/pkg/http/header" "knative.dev/networking/pkg/ingress" "knative.dev/networking/pkg/prober" "knative.dev/pkg/kmeta" @@ -376,7 +377,7 @@ func (m *Prober) processWorkItem() bool { } probeURL := deepCopy(item.url) - probeURL.Path = path.Join(probeURL.Path, network.ProbePath) + probeURL.Path = path.Join(probeURL.Path, nethttp.HealthCheckPath) ctx, cancel := context.WithTimeout(item.context, probeTimeout) defer cancel() @@ -384,9 +385,9 @@ func (m *Prober) processWorkItem() bool { ctx, transport, probeURL.String(), - prober.WithHeader(network.UserAgentKey, network.IngressReadinessUserAgent), - prober.WithHeader(network.ProbeHeaderName, network.ProbeHeaderValue), - prober.WithHeader(network.HashHeaderName, network.HashHeaderValue), + prober.WithHeader(header.UserAgentKey, header.IngressReadinessUserAgent), + prober.WithHeader(header.ProbeKey, header.ProbeValue), + prober.WithHeader(header.HashKey, header.HashValueOverride), m.probeVerifier(item)) // In case of cancellation, drop the work item @@ -452,11 +453,11 @@ func (m *Prober) probeVerifier(item *workItem) prober.Verifier { // actually is Ready than never marking it as Ready. It is best effort. switch r.StatusCode { case http.StatusOK: - hash := r.Header.Get(network.HashHeaderName) + hash := r.Header.Get(header.HashKey) switch hash { case "": item.logger.Errorf("Probing of %s abandoned, IP: %s:%s: the response doesn't contain the %q header", - item.url, item.podIP, item.podPort, network.HashHeaderName) + item.url, item.podIP, item.podPort, header.HashKey) return true, nil case item.ingressState.hash: return true, nil diff --git a/vendor/knative.dev/networking/test/conformance/ingress/headers.go b/vendor/knative.dev/networking/test/conformance/ingress/headers.go index aed710eea8..148bb1fbc2 100644 --- a/vendor/knative.dev/networking/test/conformance/ingress/headers.go +++ b/vendor/knative.dev/networking/test/conformance/ingress/headers.go @@ -25,9 +25,9 @@ import ( "github.com/google/go-cmp/cmp" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/sets" - network "knative.dev/networking/pkg" "knative.dev/networking/pkg/apis/networking" "knative.dev/networking/pkg/apis/networking/v1alpha1" + "knative.dev/networking/pkg/http/header" "knative.dev/networking/pkg/ingress" "knative.dev/networking/test" "knative.dev/pkg/ptr" @@ -70,7 +70,7 @@ func TestProbeHeaders(t *testing.T) { want string }{{ name: "kingress generates hash", - req: network.HashHeaderValue, + req: header.HashValueOverride, want: fmt.Sprintf("%x", bytes), }, { name: "request overrides hash", @@ -87,8 +87,8 @@ func TestProbeHeaders(t *testing.T) { ros = append(ros, func(r *http.Request) { // Add the header to indicate this is a probe request. - r.Header.Set(network.ProbeHeaderName, network.ProbeHeaderValue) - r.Header.Set(network.HashHeaderName, tt.req) + r.Header.Set(header.ProbeKey, header.ProbeValue) + r.Header.Set(header.HashKey, tt.req) }) ri := RuntimeRequest(ctx, t, client, "http://"+name+".example.com", ros...) @@ -97,8 +97,8 @@ func TestProbeHeaders(t *testing.T) { return } - if got, want := ri.Request.Headers.Get(network.HashHeaderName), tt.want; got != want { - t.Errorf("Header[%q] = %q, wanted %q", network.HashHeaderName, got, want) + if got, want := ri.Request.Headers.Get(header.HashKey), tt.want; got != want { + t.Errorf("Header[%q] = %q, wanted %q", header.HashKey, got, want) } }) } @@ -129,7 +129,7 @@ func TestTagHeaders(t *testing.T) { HTTP: &v1alpha1.HTTPIngressRuleValue{ Paths: []v1alpha1.HTTPIngressPath{{ Headers: map[string]v1alpha1.HeaderMatch{ - network.TagHeaderName: { + header.RouteTagKey: { Exact: tagName, }, }, @@ -191,7 +191,7 @@ func TestTagHeaders(t *testing.T) { if tt.TagHeader != nil { ros = append(ros, func(r *http.Request) { - r.Header.Set(network.TagHeaderName, *tt.TagHeader) + r.Header.Set(header.RouteTagKey, *tt.TagHeader) }) } diff --git a/vendor/knative.dev/networking/test/e2e_flags.go b/vendor/knative.dev/networking/test/e2e_flags.go index 4030c1428d..ac8f144e4b 100644 --- a/vendor/knative.dev/networking/test/e2e_flags.go +++ b/vendor/knative.dev/networking/test/e2e_flags.go @@ -22,7 +22,7 @@ package test import ( "flag" - network "knative.dev/networking/pkg" + "knative.dev/networking/pkg/config" ) // NetworkingFlags holds the flags or defaults for knative/networking settings in the user's environment. @@ -62,12 +62,12 @@ func initializeNetworkingFlags() *NetworkingEnvironmentFlags { flag.StringVar(&f.IngressClass, "ingressClass", - network.IstioIngressClassName, + config.IstioIngressClassName, "Set this flag to the ingress class to test against.") flag.StringVar(&f.CertificateClass, "certificateClass", - network.CertManagerCertificateClassName, + config.CertManagerCertificateClassName, "Set this flag to the certificate class to test against.") flag.IntVar(&f.Buckets, diff --git a/vendor/knative.dev/networking/test/test_images/grpc-ping/main.go b/vendor/knative.dev/networking/test/test_images/grpc-ping/main.go index d3faa78748..aba0f237b5 100644 --- a/vendor/knative.dev/networking/test/test_images/grpc-ping/main.go +++ b/vendor/knative.dev/networking/test/test_images/grpc-ping/main.go @@ -28,7 +28,7 @@ import ( "google.golang.org/grpc" - networkingpkg "knative.dev/networking/pkg" + "knative.dev/networking/pkg/http/probe" ping "knative.dev/networking/test/test_images/grpc-ping/proto" "knative.dev/pkg/network" ) @@ -82,7 +82,7 @@ func (s *server) PingStream(stream ping.PingService_PingStreamServer) error { } func httpWrapper(g *grpc.Server) http.Handler { - return networkingpkg.NewProbeHandler( + return probe.NewHandler( http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.ProtoMajor == 2 && r.Header.Get("Content-Type") == "application/grpc" { g.ServeHTTP(w, r) diff --git a/vendor/knative.dev/networking/test/test_images/httpproxy/httpproxy.go b/vendor/knative.dev/networking/test/test_images/httpproxy/httpproxy.go index 08b0c247f4..db25c2c870 100644 --- a/vendor/knative.dev/networking/test/test_images/httpproxy/httpproxy.go +++ b/vendor/knative.dev/networking/test/test_images/httpproxy/httpproxy.go @@ -28,7 +28,7 @@ import ( "net/url" "github.com/rs/dnscache" - network "knative.dev/networking/pkg" + "knative.dev/networking/pkg/http/probe" "knative.dev/networking/test" ) @@ -85,7 +85,7 @@ func main() { proxy.ServeHTTP(w, r) }) // Handle forwarding requests which uses "K-Network-Hash" header. - handler = network.NewProbeHandler(handler).ServeHTTP + handler = probe.NewHandler(handler).ServeHTTP address := ":" + port diff --git a/vendor/knative.dev/networking/test/test_images/retry/main.go b/vendor/knative.dev/networking/test/test_images/retry/main.go index 263ff97e53..1d32aef724 100644 --- a/vendor/knative.dev/networking/test/test_images/retry/main.go +++ b/vendor/knative.dev/networking/test/test_images/retry/main.go @@ -22,7 +22,7 @@ import ( "net/http" "os" - network "knative.dev/networking/pkg" + "knative.dev/networking/pkg/http/probe" "knative.dev/networking/test" ) @@ -38,7 +38,7 @@ func handler(w http.ResponseWriter, r *http.Request) { } func main() { - h := network.NewProbeHandler(http.HandlerFunc(handler)) + h := probe.NewHandler(http.HandlerFunc(handler)) port := os.Getenv("PORT") if cert, key := os.Getenv("CERT"), os.Getenv("KEY"); cert != "" && key != "" { log.Print("Server starting on port with TLS ", port) diff --git a/vendor/knative.dev/networking/test/test_images/runtime/handlers/handler.go b/vendor/knative.dev/networking/test/test_images/runtime/handlers/handler.go index 9189b96a58..9c96b9eded 100644 --- a/vendor/knative.dev/networking/test/test_images/runtime/handlers/handler.go +++ b/vendor/knative.dev/networking/test/test_images/runtime/handlers/handler.go @@ -23,15 +23,17 @@ import ( "net/http/httputil" "strings" - network "knative.dev/networking/pkg" + nethttp "knative.dev/networking/pkg/http" + "knative.dev/networking/pkg/http/probe" + "knative.dev/pkg/network" ) // InitHandlers initializes all handlers. func InitHandlers(mux *http.ServeMux) { mux.HandleFunc("/", withHeaders(withRequestLog(runtimeHandler))) - h := network.NewProbeHandler(withRequestLog(withKubeletProbeHeaderCheck)) - mux.HandleFunc(network.ProbePath, h.ServeHTTP) + h := probe.NewHandler(withRequestLog(withKubeletProbeHeaderCheck)) + mux.HandleFunc(nethttp.HealthCheckPath, h.ServeHTTP) } // withRequestLog logs each request before handling it. diff --git a/vendor/knative.dev/networking/test/test_images/timeout/timeout.go b/vendor/knative.dev/networking/test/test_images/timeout/timeout.go index 6505f1273b..35a6a37bb9 100644 --- a/vendor/knative.dev/networking/test/test_images/timeout/timeout.go +++ b/vendor/knative.dev/networking/test/test_images/timeout/timeout.go @@ -24,7 +24,7 @@ import ( "strconv" "time" - network "knative.dev/networking/pkg" + "knative.dev/networking/pkg/http/probe" "knative.dev/networking/test" ) @@ -51,7 +51,7 @@ func handler(w http.ResponseWriter, r *http.Request) { } func main() { - h := network.NewProbeHandler(http.HandlerFunc(handler)) + h := probe.NewHandler(http.HandlerFunc(handler)) port := os.Getenv("PORT") if cert, key := os.Getenv("CERT"), os.Getenv("KEY"); cert != "" && key != "" { log.Print("Server starting on port with TLS ", port) diff --git a/vendor/knative.dev/networking/test/test_images/wsserver/echo.go b/vendor/knative.dev/networking/test/test_images/wsserver/echo.go index be87938d83..36f3382f05 100644 --- a/vendor/knative.dev/networking/test/test_images/wsserver/echo.go +++ b/vendor/knative.dev/networking/test/test_images/wsserver/echo.go @@ -22,7 +22,8 @@ import ( "os" "github.com/gorilla/websocket" - network "knative.dev/networking/pkg" + "knative.dev/networking/pkg/http/header" + "knative.dev/networking/pkg/http/probe" "knative.dev/networking/test" ) @@ -45,7 +46,7 @@ var upgrader = websocket.Upgrader{ } func handler(w http.ResponseWriter, r *http.Request) { - if network.IsKubeletProbe(r) { + if header.IsKubeletProbe(r) { w.WriteHeader(http.StatusOK) return } @@ -85,7 +86,7 @@ func handler(w http.ResponseWriter, r *http.Request) { func main() { flag.Parse() log.SetFlags(0) - h := network.NewProbeHandler(http.HandlerFunc(handler)) + h := probe.NewHandler(http.HandlerFunc(handler)) port := os.Getenv("PORT") if cert, key := os.Getenv("CERT"), os.Getenv("KEY"); cert != "" && key != "" { log.Print("Server starting on port with TLS ", port) diff --git a/vendor/modules.txt b/vendor/modules.txt index e87c8b8b19..64707366aa 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -800,14 +800,16 @@ k8s.io/utils/buffer k8s.io/utils/clock k8s.io/utils/clock/testing k8s.io/utils/integer +k8s.io/utils/internal/third_party/forked/golang/golang-lru k8s.io/utils/internal/third_party/forked/golang/net +k8s.io/utils/lru k8s.io/utils/net k8s.io/utils/pointer k8s.io/utils/trace -# knative.dev/hack v0.0.0-20220512014059-f4972b4daff9 +# knative.dev/hack v0.0.0-20220518013938-b4d4d73a2995 ## explicit knative.dev/hack -# knative.dev/networking v0.0.0-20220516202057-7363ea66ba54 +# knative.dev/networking v0.0.0-20220518013728-3f52bdb63511 ## explicit knative.dev/networking/config knative.dev/networking/pkg @@ -834,7 +836,15 @@ knative.dev/networking/pkg/client/injection/informers/networking/v1alpha1/server knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/ingress knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/serverlessservice knative.dev/networking/pkg/client/listers/networking/v1alpha1 +knative.dev/networking/pkg/config +knative.dev/networking/pkg/http +knative.dev/networking/pkg/http/header +knative.dev/networking/pkg/http/probe +knative.dev/networking/pkg/http/proxy +knative.dev/networking/pkg/http/stats knative.dev/networking/pkg/ingress +knative.dev/networking/pkg/k8s +knative.dev/networking/pkg/labels knative.dev/networking/pkg/prober knative.dev/networking/pkg/status knative.dev/networking/pkg/testing/status @@ -850,7 +860,7 @@ knative.dev/networking/test/test_images/runtime/handlers knative.dev/networking/test/test_images/timeout knative.dev/networking/test/test_images/wsserver knative.dev/networking/test/types -# knative.dev/pkg v0.0.0-20220512013937-2d8305b2e59a +# knative.dev/pkg v0.0.0-20220518013728-f907b31046d3 ## explicit knative.dev/pkg/apis knative.dev/pkg/apis/duck