upgrade to latest dependencies (#722)

bumping knative.dev/pkg fb44e94...2f55fe0:
  > 2f55fe0 Fix potential slowloris attack (# 2682)
  > 8d1efe1 Update community files (# 2683)
  > 4a80605 Add health checks (# 2671)
  > 33e6b88 fix: `reconcilerImpl.updateStatus` calculates state difference in debug mode only (# 2678)
  > c889c5b upgrade to latest dependencies (# 2679)

Signed-off-by: Knative Automation <automation@knative.team>

go.mod

@@ -12,7 +12,7 @@ require (
 	k8s.io/code-generator v0.25.4
 	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1
 	knative.dev/hack v0.0.0-20230210215449-d71d569c4308
-	knative.dev/pkg v0.0.0-20230210013552-fb44e94cccb1
+	knative.dev/pkg v0.0.0-20230215234751-2f55fe00c5a1
 )
 
 require (

go.sum

@@ -800,8 +800,8 @@ k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJ
 k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 knative.dev/hack v0.0.0-20230210215449-d71d569c4308 h1:zH5OedRfo9SB22o25VNQ+vygceTvOujsnLYaALb8jos=
 knative.dev/hack v0.0.0-20230210215449-d71d569c4308/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
-knative.dev/pkg v0.0.0-20230210013552-fb44e94cccb1 h1:VUjBhCMWbugVNWkGIbgW6yfjvAuEPCN7UE1xzMeHJvE=
-knative.dev/pkg v0.0.0-20230210013552-fb44e94cccb1/go.mod h1:VO/fcEsq43seuONRQxZyftWHjpMabYzRHDtpSEQ/eoQ=
+knative.dev/pkg v0.0.0-20230215234751-2f55fe00c5a1 h1:uFmSftQza1crgKoZWRvPthuGynJgVEN3aFcXORqZpDQ=
+knative.dev/pkg v0.0.0-20230215234751-2f55fe00c5a1/go.mod h1:YVKzsxts9YjMq9xbG1GrMWwwGmkJRpJxqCa6iIOKb28=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

pkg/client/injection/reconciler/caching/v1alpha1/image/reconciler.go

@@ -24,6 +24,7 @@ import (
 	fmt "fmt"
 
 	zap "go.uber.org/zap"
+	"go.uber.org/zap/zapcore"
 	v1 "k8s.io/api/core/v1"
 	equality "k8s.io/apimachinery/pkg/api/equality"
 	errors "k8s.io/apimachinery/pkg/api/errors"
@@ -272,7 +273,7 @@ func (r *reconcilerImpl) Reconcile(ctx context.Context, key string) error {
 		// the elected leader is expected to write modifications.
 		logger.Warn("Saw status changes when we aren't the leader!")
 	default:
-		if err = r.updateStatus(ctx, original, resource); err != nil {
+		if err = r.updateStatus(ctx, logger, original, resource); err != nil {
 			logger.Warnw("Failed to update resource status", zap.Error(err))
 			r.Recorder.Eventf(resource, v1.EventTypeWarning, "UpdateFailed",
 				"Failed to update status for %q: %v", resource.Name, err)
@@ -308,7 +309,7 @@ func (r *reconcilerImpl) Reconcile(ctx context.Context, key string) error {
 	return nil
 }
 
-func (r *reconcilerImpl) updateStatus(ctx context.Context, existing *v1alpha1.Image, desired *v1alpha1.Image) error {
+func (r *reconcilerImpl) updateStatus(ctx context.Context, logger *zap.SugaredLogger, existing *v1alpha1.Image, desired *v1alpha1.Image) error {
 	existing = existing.DeepCopy()
 	return reconciler.RetryUpdateConflicts(func(attempts int) (err error) {
 		// The first iteration tries to use the injectionInformer's state, subsequent attempts fetch the latest state via API.
@@ -327,8 +328,10 @@ func (r *reconcilerImpl) updateStatus(ctx context.Context, existing *v1alpha1.Im
 			return nil
 		}
 
-		if diff, err := kmp.SafeDiff(existing.Status, desired.Status); err == nil && diff != "" {
-			logging.FromContext(ctx).Debug("Updating status with: ", diff)
+		if logger.Desugar().Core().Enabled(zapcore.DebugLevel) {
+			if diff, err := kmp.SafeDiff(existing.Status, desired.Status); err == nil && diff != "" {
+				logger.Debug("Updating status with: ", diff)
+			}
 		}
 
 		existing.Status = desired.Status

vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/reconciler_reconciler.go

@@ -150,6 +150,10 @@ func (g *reconcilerReconcilerGenerator) GenerateType(c *generator.Context, t *ty
 			Package: "go.uber.org/zap",
 			Name:    "SugaredLogger",
 		}),
+		"zapDebugLevel": c.Universe.Type(types.Name{
+			Package: "go.uber.org/zapcore",
+			Name:    "DebugLevel",
+		}),
 		"setsNewString": c.Universe.Function(types.Name{
 			Package: "k8s.io/apimachinery/pkg/util/sets",
 			Name:    "NewString",
@@ -520,7 +524,7 @@ func (r *reconcilerImpl) Reconcile(ctx {{.contextContext|raw}}, key string) erro
 		// the elected leader is expected to write modifications.
 		logger.Warn("Saw status changes when we aren't the leader!")
 	default:
-		if err = r.updateStatus(ctx, original, resource); err != nil {
+		if err = r.updateStatus(ctx, logger, original, resource); err != nil {
 			logger.Warnw("Failed to update resource status", zap.Error(err))
 			r.Recorder.Eventf(resource, {{.corev1EventTypeWarning|raw}}, "UpdateFailed",
 				"Failed to update status for %q: %v", resource.Name, err)
@@ -559,7 +563,7 @@ func (r *reconcilerImpl) Reconcile(ctx {{.contextContext|raw}}, key string) erro
 `
 
 var reconcilerStatusFactory = `
-func (r *reconcilerImpl) updateStatus(ctx {{.contextContext|raw}}, existing *{{.type|raw}}, desired *{{.type|raw}}) error {
+func (r *reconcilerImpl) updateStatus(ctx {{.contextContext|raw}}, logger *{{.zapSugaredLogger|raw}}, existing *{{.type|raw}}, desired *{{.type|raw}}) error {
 	existing = existing.DeepCopy()
 	return {{.reconcilerRetryUpdateConflicts|raw}}(func(attempts int) (err error) {
 		// The first iteration tries to use the injectionInformer's state, subsequent attempts fetch the latest state via API.
@@ -580,8 +584,10 @@ func (r *reconcilerImpl) updateStatus(ctx {{.contextContext|raw}}, existing *{{.
 			return nil
 		}
 
-		if diff, err := {{.kmpSafeDiff|raw}}(existing.Status, desired.Status); err == nil && diff != "" {
-			{{.loggingFromContext|raw}}(ctx).Debug("Updating status with: ", diff)
+		if logger.Desugar().Core().Enabled(zapcore.DebugLevel) {
+			if diff, err := {{.kmpSafeDiff|raw}}(existing.Status, desired.Status); err == nil && diff != "" {
+				logger.Debug("Updating status with: ", diff)
+			}
 		}
 
 		existing.Status = desired.Status

vendor/knative.dev/pkg/injection/health_check.go

@@ -0,0 +1,109 @@
+/*
+Copyright 2023 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package injection
+
+import (
+	"context"
+	"errors"
+	"net/http"
+	"strconv"
+	"time"
+
+	"knative.dev/pkg/logging"
+)
+
+// HealthCheckDefaultPort defines the default port number for health probes
+const HealthCheckDefaultPort = 8080
+
+// ServeHealthProbes sets up liveness and readiness probes.
+// If user sets no probes explicitly via the context then defaults are added.
+func ServeHealthProbes(ctx context.Context, port int) error {
+	logger := logging.FromContext(ctx)
+	server := http.Server{ReadHeaderTimeout: time.Minute, Handler: muxWithHandles(ctx), Addr: ":" + strconv.Itoa(port)}
+	go func() {
+		<-ctx.Done()
+		_ = server.Shutdown(ctx)
+	}()
+
+	// start the web server on port and accept requests
+	logger.Infof("Probes server listening on port %s", port)
+	if err := server.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
+		return err
+	}
+	return nil
+}
+
+func muxWithHandles(ctx context.Context) *http.ServeMux {
+	mux := http.NewServeMux()
+	readiness := getReadinessHandleOrDefault(ctx)
+	liveness := getLivenessHandleOrDefault(ctx)
+	mux.HandleFunc("/readiness", *readiness)
+	mux.HandleFunc("/health", *liveness)
+	return mux
+}
+
+func newDefaultProbesHandle(sigCtx context.Context) http.HandlerFunc {
+	logger := logging.FromContext(sigCtx)
+	return func(w http.ResponseWriter, r *http.Request) {
+		f := func() error {
+			select {
+			// When we get SIGTERM (sigCtx done), let readiness probes start failing.
+			case <-sigCtx.Done():
+				logger.Info("Signal context canceled")
+				return errors.New("received SIGTERM from kubelet")
+			default:
+				return nil
+			}
+		}
+		if err := f(); err != nil {
+			logger.Errorf("Healthcheck failed: %v", err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		} else {
+			w.WriteHeader(http.StatusOK)
+		}
+	}
+}
+
+type addReadinessKey struct{}
+
+// AddReadiness signals to probe setup logic to add a user provided probe handler
+func AddReadiness(ctx context.Context, handlerFunc http.HandlerFunc) context.Context {
+	return context.WithValue(ctx, addReadinessKey{}, &handlerFunc)
+}
+
+func getReadinessHandleOrDefault(ctx context.Context) *http.HandlerFunc {
+	if ctx.Value(addReadinessKey{}) != nil {
+		return ctx.Value(addReadinessKey{}).(*http.HandlerFunc)
+	}
+	defaultHandle := newDefaultProbesHandle(ctx)
+	return &defaultHandle
+}
+
+type addLivenessKey struct{}
+
+// AddLiveness signals to probe setup logic to add a user provided probe handler
+func AddLiveness(ctx context.Context, handlerFunc http.HandlerFunc) context.Context {
+	return context.WithValue(ctx, addLivenessKey{}, &handlerFunc)
+}
+
+func getLivenessHandleOrDefault(ctx context.Context) *http.HandlerFunc {
+	if ctx.Value(addLivenessKey{}) != nil {
+		return ctx.Value(addLivenessKey{}).(*http.HandlerFunc)
+	}
+	defaultHandle := newDefaultProbesHandle(ctx)
+	return &defaultHandle
+}

vendor/knative.dev/pkg/metrics/prometheus_exporter.go

@@ -20,6 +20,7 @@ import (
 	"net/http"
 	"strconv"
 	"sync"
+	"time"
 
 	prom "contrib.go.opencensus.io/exporter/prometheus"
 	"go.opencensus.io/resource"
@@ -82,10 +83,10 @@ func startNewPromSrv(e *prom.Exporter, host string, port int) *http.Server {
 	if curPromSrv != nil {
 		curPromSrv.Close()
 	}
-	//nolint:gosec
 	curPromSrv = &http.Server{
-		Addr:    host + ":" + strconv.Itoa(port),
-		Handler: sm,
+		Addr:              host + ":" + strconv.Itoa(port),
+		Handler:           sm,
+		ReadHeaderTimeout: time.Minute, //https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6
 	}
 	return curPromSrv
 }

vendor/knative.dev/pkg/network/h2c.go

@@ -21,6 +21,7 @@ import (
 	"crypto/tls"
 	"net"
 	"net/http"
+	"time"
 
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/h2c"
@@ -28,10 +29,10 @@ import (
 
 // NewServer returns a new HTTP Server with HTTP2 handler.
 func NewServer(addr string, h http.Handler) *http.Server {
-	//nolint:gosec
 	h1s := &http.Server{
-		Addr:    addr,
-		Handler: h2c.NewHandler(h, &http2.Server{}),
+		Addr:              addr,
+		Handler:           h2c.NewHandler(h, &http2.Server{}),
+		ReadHeaderTimeout: time.Minute, //https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6
 	}
 
 	return h1s

vendor/modules.txt

@@ -690,7 +690,7 @@ k8s.io/utils/trace
 # knative.dev/hack v0.0.0-20230210215449-d71d569c4308
 ## explicit; go 1.18
 knative.dev/hack
-# knative.dev/pkg v0.0.0-20230210013552-fb44e94cccb1
+# knative.dev/pkg v0.0.0-20230215234751-2f55fe00c5a1
 ## explicit; go 1.18
 knative.dev/pkg/apis
 knative.dev/pkg/apis/duck