diff --git a/Gopkg.lock b/Gopkg.lock
index 6e97d2db..b648e875 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -931,7 +931,7 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:72ffa7ccc391446c34d98ce804c523c164c4979f8bd774e5c826348fb8b59970"
+  digest = "1:86a6a4c7d3720415afcf3067cc52b0bbf6b810e58544c7336e514e32cba4a540"
   name = "knative.dev/pkg"
   packages = [
     "apis",
@@ -950,7 +950,7 @@
     "metrics/metricskey",
   ]
   pruneopts = "T"
-  revision = "e73c8084c2670725d3d9aefb2e1479870d5c36d3"
+  revision = "587055b113b227ec89894f3907c960e3a9e1f85a"
 
 [[projects]]
   branch = "master"
diff --git a/vendor/knative.dev/pkg/configmap/manual_watcher.go b/vendor/knative.dev/pkg/configmap/manual_watcher.go
index 4774e522..668714ee 100644
--- a/vendor/knative.dev/pkg/configmap/manual_watcher.go
+++ b/vendor/knative.dev/pkg/configmap/manual_watcher.go
@@ -40,7 +40,7 @@ func (w *ManualWatcher) Watch(name string, o ...Observer) {
 	defer w.m.Unlock()
 
 	if w.observers == nil {
-		w.observers = make(map[string][]Observer, 1)
+		w.observers = make(map[string][]Observer, len(o))
 	}
 	w.observers[name] = append(w.observers[name], o...)
 }
diff --git a/vendor/knative.dev/pkg/test/gke/fake/credentials.json b/vendor/knative.dev/pkg/test/gke/fake/credentials.json
new file mode 100644
index 00000000..820c27c5
--- /dev/null
+++ b/vendor/knative.dev/pkg/test/gke/fake/credentials.json
@@ -0,0 +1,6 @@
+{
+  "client_id": "123456",
+  "client_secret": "123456",
+  "refresh_token": "123456",
+  "type": "authorized_user"
+}
diff --git a/vendor/knative.dev/pkg/test/spoof/spoof.go b/vendor/knative.dev/pkg/test/spoof/spoof.go
index 56798cc7..098a8772 100644
--- a/vendor/knative.dev/pkg/test/spoof/spoof.go
+++ b/vendor/knative.dev/pkg/test/spoof/spoof.go
@@ -64,7 +64,7 @@ func (r *Response) String() string {
 // Interface defines the actions that can be performed by the spoofing client.
 type Interface interface {
 	Do(*http.Request) (*Response, error)
-	Poll(*http.Request, ResponseChecker) (*Response, error)
+	Poll(*http.Request, ResponseChecker, ...ErrorRetryChecker) (*Response, error)
 }
 
 // https://medium.com/stupid-gopher-tricks/ensuring-go-interface-satisfaction-at-compile-time-1ed158e8fa17
@@ -80,6 +80,10 @@ var (
 // https://github.com/kubernetes/apimachinery/blob/cf7ae2f57dabc02a3d215f15ca61ae1446f3be8f/pkg/util/wait/wait.go#L172
 type ResponseChecker func(resp *Response) (done bool, err error)
 
+// ErrorRetryChecker is used to determine if an error should be retried or not.
+// If an error should be retried, it should return true and the wrapped error to explain why to retry.
+type ErrorRetryChecker func(e error) (retry bool, err error)
+
 // SpoofingClient is a minimal HTTP client wrapper that spoofs the domain of requests
 // for non-resolvable domains.
 type SpoofingClient struct {
@@ -199,7 +203,7 @@ func (sc *SpoofingClient) Do(req *http.Request) (*Response, error) {
 }
 
 // Poll executes an http request until it satisfies the inState condition or encounters an error.
-func (sc *SpoofingClient) Poll(req *http.Request, inState ResponseChecker) (*Response, error) {
+func (sc *SpoofingClient) Poll(req *http.Request, inState ResponseChecker, errorRetryCheckers ...ErrorRetryChecker) (*Response, error) {
 	var (
 		resp *Response
 		err  error
@@ -212,22 +216,15 @@ func (sc *SpoofingClient) Poll(req *http.Request, inState ResponseChecker) (*Res
 		req.Header.Add(pollReqHeader, "True")
 		resp, err = sc.Do(req)
 		if err != nil {
-			if isTCPTimeout(err) {
-				sc.Logf("Retrying %s for TCP timeout: %v", req.URL, err)
-				return false, nil
+			if len(errorRetryCheckers) == 0 {
+				errorRetryCheckers = []ErrorRetryChecker{DefaultErrorRetryChecker}
 			}
-			// Retrying on DNS error, since we may be using xip.io or nip.io in tests.
-			if isDNSError(err) {
-				sc.Logf("Retrying %s for DNS error: %v", req.URL, err)
-				return false, nil
-			}
-			// Repeat the poll on `connection refused` errors, which are usually transient Istio errors.
-			if isConnectionRefused(err) {
-				sc.Logf("Retrying %s for connection refused: %v", req.URL, err)
-				return false, nil
-			}
-			if isConnectionReset(err) {
-				sc.Logf("Retrying %s for connection reset: %v", req.URL, err)
+			for _, checker := range errorRetryCheckers {
+				retry, newErr := checker(err)
+				if retry {
+					sc.Logf("Retrying %s: %v", req.URL, newErr)
+					return false, nil
+				}
 			}
 			return true, err
 		}
@@ -245,6 +242,25 @@ func (sc *SpoofingClient) Poll(req *http.Request, inState ResponseChecker) (*Res
 	return resp, nil
 }
 
+// DefaultErrorRetryChecker implements the defaults for retrying on error.
+func DefaultErrorRetryChecker(err error) (bool, error) {
+	if isTCPTimeout(err) {
+		return true, fmt.Errorf("Retrying for TCP timeout: %v", err)
+	}
+	// Retrying on DNS error, since we may be using xip.io or nip.io in tests.
+	if isDNSError(err) {
+		return true, fmt.Errorf("Retrying for DNS error: %v", err)
+	}
+	// Repeat the poll on `connection refused` errors, which are usually transient Istio errors.
+	if isConnectionRefused(err) {
+		return true, fmt.Errorf("Retrying for connection refused: %v", err)
+	}
+	if isConnectionReset(err) {
+		return true, fmt.Errorf("Retrying for connection reset: %v", err)
+	}
+	return false, err
+}
+
 // logZipkinTrace provides support to log Zipkin Trace for param: spoofResponse
 // We only log Zipkin trace for HTTP server errors i.e for HTTP status codes between 500 to 600
 func (sc *SpoofingClient) logZipkinTrace(spoofResp *Response) {