feat: add new otel config (#8624 )

* feat: add new otel config Signed-off-by: Calum Murray <cmurray@redhat.com> * chore: run ./hack/update-deps.sh Signed-off-by: Calum Murray <cmurray@redhat.com> * chore: fix boilerplate comments to use tabs instead of spaces Signed-off-by: Calum Murray <cmurray@redhat.com> * fix(test): otel config tests work Signed-off-by: Calum Murray <cmurray@redhat.com> * fix: configmap comments reflect eventing resources, not serving Signed-off-by: Calum Murray <cmurray@redhat.com> * change example metrics url to more sensible value Signed-off-by: Calum Murray <cmurray@redhat.com> * chore: update codegen to correct configmap checksum Signed-off-by: Calum Murray <cmurray@redhat.com> * cleanup: drop request metrics as they are unused in eventing Signed-off-by: Calum Murray <cmurray@redhat.com> * chore: fix configmap checksum Signed-off-by: Calum Murray <cmurray@redhat.com> --------- Signed-off-by: Calum Murray <cmurray@redhat.com>
[main] Upgrade to latest dependencies (#8625 )
2025-07-11 18:10:06 +00:00 · 2025-07-09 06:50:03 +00:00 · 2025-07-08 15:51:02 +00:00 · 2025-07-08 12:05:03 +00:00 · 2025-07-08 01:37:51 +00:00 · 2025-06-30 14:16:11 +00:00
2961 changed files with 255197 additions and 79200 deletions
--- a/.github/workflows/kind-e2e.yaml
+++ b/.github/workflows/kind-e2e.yaml
@ -17,25 +17,15 @@ jobs:
      fail-fast: false # Keep running if one leg fails.
      matrix:
        k8s-version:
-          - v1.30.8
-          - v1.31.4
+          - v1.32.x
+          - v1.33.x

        test-suite:
        - ./test/e2e
        - ./test/conformance
        - ./test/experimental

-        # Map between K8s and KinD versions.
-        # This is attempting to make it a bit clearer what's being tested.
-        # See: https://github.com/kubernetes-sigs/kind/releases/tag/v0.20.0
        include:
-        - k8s-version: v1.30.8
-          kind-version: v0.26.0
-          kind-image-sha: sha256:17cd608b3971338d9180b00776cb766c50d0a0b6b904ab4ff52fd3fc5c6369bf
-        - k8s-version: v1.31.4
-          kind-version: v0.26.0
-          kind-image-sha: sha256:2cb39f7295fe7eafee0842b1052a599a4fb0f8bcf3f83d96c7f4864c357c6c30
-
        # Add the flags we use for each of these test suites.
        - test-suite: ./test/e2e
          extra-test-flags: >
@ -55,7 +45,6 @@ jobs:
      ARTIFACTS: ${{ github.workspace }}/artifacts

      NODE_VERSION: ${{ matrix.k8s-version }}
-      NODE_SHA: ${{ matrix.kind-image-sha }}

    steps:
    - name: Set up Go
@ -63,26 +52,18 @@ jobs:

    # Install the latest release of ko
    - name: Install ko
-      uses: ko-build/setup-ko@v0.6
+      uses: ko-build/setup-ko@v0.9

    - name: Check out code onto GOPATH
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4

    - name: Install KinD
-      run: |
-        set -x
-
-        # Disable swap otherwise memory enforcement doesn't work
-        # See: https://kubernetes.slack.com/archives/CEKK1KTN2/p1600009955324200
-        sudo swapoff -a
-        sudo rm -f /swapfile
-
-        curl -Lo ./kind https://github.com/kubernetes-sigs/kind/releases/download/${{ matrix.kind-version }}/kind-$(uname)-amd64
-        chmod +x ./kind
-        sudo mv kind /usr/local/bin
-
-    - name: Create KinD Cluster
-      run: ./hack/create-kind-cluster.sh
+      # TODO: replace with chainguard-dev/actions/setup-kind
+      uses: chainguard-dev/actions/setup-kind@16e2fd6603a1c6a1fbc880fdbb922b2e8e2be3e7 # main
+      with:
+        k8s-version: ${{ matrix.k8s-version }}
+        kind-worker-count: 1
+        cluster-suffix: c${{ github.run_id }}.local

    - name: Install Knative Eventing
      run: |
--- a/.golangci.yaml
+++ b/.golangci.yaml
@ -1,16 +1,11 @@
+version: "2"
 run:
-  timeout: 10m
-
  build-tags:
    - e2e
    - probe
    - preupgrade
    - postupgrade
    - postdowngrade
-
-  skip-dirs:
-    - pkg/client
-
 linters:
  enable:
    - asciicheck
@ -20,10 +15,53 @@ linters:
    - unparam
  disable:
    - errcheck
-
-issues:
-  exclude-rules:
-    - path: test # Excludes /test, *_test.go etc.
-      linters:
-        - gosec
-        - unparam
+  settings:
+    staticcheck:
+      checks:
+      - all
+      - '-SA1019'  # Temporary ignore SA1019: use of deprecated types or methods
+      - '-ST1003'  # Temporary ignore ST1003: We have a lot of "Api" where it should be "API"
+      - '-ST1005'  # Temporary ignore ST1005: error strings should not be capitalized
+      - '-ST1016'  # Temporary ignore ST1016: methods on the same type should have the same receiver name
+      - '-ST1019'  # Temporary ignore ST1019: multiple imports of a module with different names
+      - '-QF1002'  # Temporary ignore QF1002: could use tagged switch
+      - '-QF1003'  # Temporary ignore QF1003: Convert if/else-if chain to tagged switch
+      - '-QF1007'  # Temporary ignore QF1007: merge conditional assignment into variable declaration
+      - '-QF1008'  # Temporary ignore QF1008: Omit embedded fields from selector expression
+      - '-QF1009'  # Temporary ignore QF1009: Merge conditional assignment into variable declaration
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    rules:
+      - linters:
+          - gosec
+          - unparam
+        path: test
+      - linters:
+          - staticcheck
+        text: "ST1003"  # A lot of "Api" instead of "API" names
+        path: pkg/reconciler/testing/v1/apiserversource.go
+      - linters:
+          - staticcheck
+        text: "ST1001"  # Prohibit dot imports
+        path: test/e2e/helpers/.*_helper.go
+      - linters:
+          - staticcheck
+        text: "ST1001"  # Prohibit dot imports
+        path: test/rekt/features/.*.go
+    paths:
+      - pkg/client
+      - third_party/
+      - builtin$
+      - examples$
+formatters:
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
--- a/35
+++ b/35
@ -6,10 +6,8 @@ aliases:
  - itsmurugappan
  client-wg-leads:
  - dsimansk
-  - rhuss
  client-writers:
  - dsimansk
-  - rhuss
  - vyasgun
  docs-reviewers:
  - nainaz
@ -23,6 +21,7 @@ aliases:
  - cali0707
  - creydr
  eventing-wg-leads:
+  - creydr
  - pierDipi
  eventing-writers:
  - Leo6Leo
@ -49,23 +48,23 @@ aliases:
  knative-admin:
  - aliok
  - cardil
-  - davidhadas
  - dprotaso
  - dsimansk
  - evankanderson
+  - gauron99
  - knative-automation
  - knative-prow-releaser-robot
  - knative-prow-robot
  - knative-prow-updater-robot
  - knative-test-reporter-robot
-  - nainaz
-  - psschwei
-  - salaboy
+  - matzew
+  - nrrso
  - skonto
  - upodroid
  knative-release-leads:
  - dprotaso
  - dsimansk
+  - gauron99
  - skonto
  knative-robots:
  - knative-automation
@ -102,43 +101,31 @@ aliases:
  - davidhadas
  - evankanderson
  serving-approvers:
+  - dsimansk
  - skonto
  serving-reviewers:
-  - izabelacg
  - skonto
  serving-triage:
-  - izabelacg
  - skonto
  serving-wg-leads:
  - dprotaso
  serving-writers:
  - dprotaso
+  - dsimansk
  - skonto
  steering-committee:
  - aliok
-  - davidhadas
  - dprotaso
-  - dsimansk
  - evankanderson
-  - nainaz
-  - psschwei
-  - salaboy
-  technical-oversight-committee:
-  - aliok
-  - davidhadas
-  - dprotaso
-  - dsimansk
-  - evankanderson
-  - nainaz
-  - psschwei
-  - salaboy
+  - matzew
+  - nrrso
  ux-wg-leads:
+  - Leo6Leo
  - cali0707
-  - leo6leo
  - mmejia02
  - zainabhusain227
  ux-writers:
+  - Leo6Leo
  - cali0707
-  - leo6leo
  - mmejia02
  - zainabhusain227
--- a/cmd/broker/ingress/main.go
+++ b/cmd/broker/ingress/main.go
@ -75,7 +75,7 @@ type envConfig struct {
 	PodName       string `envconfig:"POD_NAME" required:"true"`
 	ContainerName string `envconfig:"CONTAINER_NAME" required:"true"`
 	Port          int    `envconfig:"INGRESS_PORT" default:"8080"`
-	MaxTTL        int    `envconfig:"MAX_TTL" default:"255"`
+	MaxTTL        int32  `envconfig:"MAX_TTL" default:"255"`
 	HTTPPort      int    `envconfig:"INGRESS_PORT" default:"8080"`
 	HTTPSPort     int    `envconfig:"INGRESS_PORT_HTTPS" default:"8443"`
 }
@ -171,7 +171,7 @@ func main() {

 	oidcTokenProvider := auth.NewOIDCTokenProvider(ctx)
 	authVerifier := auth.NewVerifier(ctx, eventpolicyinformer.Get(ctx).Lister(), trustBundleConfigMapLister, configMapWatcher)
-	handler, err = ingress.NewHandler(logger, reporter, broker.TTLDefaulter(logger, int32(env.MaxTTL)), brokerInformer, authVerifier, oidcTokenProvider, trustBundleConfigMapLister, ctxFunc)
+	handler, err = ingress.NewHandler(logger, reporter, broker.TTLDefaulter(logger, env.MaxTTL), brokerInformer, authVerifier, oidcTokenProvider, trustBundleConfigMapLister, ctxFunc)
 	if err != nil {
 		logger.Fatal("Error creating Handler", zap.Error(err))
 	}
--- a/cmd/controller/main.go
+++ b/cmd/controller/main.go
@ -20,15 +20,19 @@ import (
 	// Uncomment the following line to load the gcp plugin (only required to authenticate against GKE clusters).
 	// _ "k8s.io/client-go/plugin/pkg/client/auth/gcp"

+	"knative.dev/eventing/pkg/certificates"
 	"knative.dev/pkg/injection/sharedmain"

-	filteredFactory "knative.dev/pkg/client/injection/kube/informers/factory/filtered"
+	kubefilteredfactory "knative.dev/pkg/client/injection/kube/informers/factory/filtered"
 	"knative.dev/pkg/signals"

+	eventingfilteredfactory "knative.dev/eventing/pkg/client/injection/informers/factory/filtered"
+
 	"knative.dev/eventing/pkg/apis/sinks"
 	"knative.dev/eventing/pkg/auth"
 	"knative.dev/eventing/pkg/eventingtls"
 	"knative.dev/eventing/pkg/reconciler/eventpolicy"
+	"knative.dev/eventing/pkg/reconciler/eventtransform"
 	"knative.dev/eventing/pkg/reconciler/jobsink"

 	"knative.dev/eventing/pkg/reconciler/apiserversource"
@ -49,10 +53,16 @@ import (
 func main() {
 	ctx := signals.NewContext()

-	ctx = filteredFactory.WithSelectors(ctx,
+	ctx = kubefilteredfactory.WithSelectors(ctx,
 		auth.OIDCLabelSelector,
 		eventingtls.TrustBundleLabelSelector,
 		sinks.JobSinkJobsLabelSelector,
+		eventtransform.JsonataResourcesSelector,
+		certificates.SecretLabelSelectorPair,
+	)
+
+	ctx = eventingfilteredfactory.WithSelectors(ctx,
+		eventtransform.JsonataResourcesSelector,
 	)

 	sharedmain.MainWithContext(ctx, "controller",
@ -84,5 +94,8 @@ func main() {
 		// Sugar
 		sugarnamespace.NewController,
 		sugartrigger.NewController,
+
+		// Transform
+		eventtransform.NewController,
 	)
 }
--- a/cmd/schema/main.go
+++ b/cmd/schema/main.go
@ -26,7 +26,9 @@ import (
 	eventingv1alpha1 "knative.dev/eventing/pkg/apis/eventing/v1alpha1"
 	flowsv1 "knative.dev/eventing/pkg/apis/flows/v1"
 	messagingv1 "knative.dev/eventing/pkg/apis/messaging/v1"
+	sinksv1alpha1 "knative.dev/eventing/pkg/apis/sinks/v1alpha1"
 	sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
+	sourcesv1alpha1 "knative.dev/eventing/pkg/apis/sources/v1alpha1"
 )

 // schema is a tool to dump the schema for Eventing resources.
@ -40,15 +42,21 @@ func main() {
 	registry.Register(&messagingv1.Channel{})
 	registry.Register(&messagingv1.InMemoryChannel{})

+	// Sinks
+	registry.Register(&sinksv1alpha1.JobSink{})
+	registry.Register(&sinksv1alpha1.IntegrationSink{})
+
 	// Sources
 	registry.Register(&sourcesv1.ApiServerSource{})
 	registry.Register(&sourcesv1.SinkBinding{})
 	registry.Register(&sourcesv1.ContainerSource{}) // WARNING: THIS DOES NOT WORK OUT OF THE BOX: See https://github.com/knative/eventing/issues/5353.
+	registry.Register(&sourcesv1alpha1.IntegrationSource{})

 	// Flows
 	registry.Register(&flowsv1.Sequence{})
 	registry.Register(&flowsv1.Parallel{})
 	registry.Register(&eventingv1alpha1.EventPolicy{})
+	registry.Register(&eventingv1alpha1.EventTransform{})

 	if err := commands.New("knative.dev/eventing").Execute(); err != nil {
 		log.Fatal("Error during command execution: ", err)
--- a/cmd/webhook/main.go
+++ b/cmd/webhook/main.go
@ -79,7 +79,8 @@ func init() {
 var ourTypes = map[schema.GroupVersionKind]resourcesemantics.GenericCRD{
 	// For group eventing.knative.dev.
 	// v1alpha1
-	eventingv1alpha1.SchemeGroupVersion.WithKind("EventPolicy"): &eventingv1alpha1.EventPolicy{},
+	eventingv1alpha1.SchemeGroupVersion.WithKind("EventPolicy"):    &eventingv1alpha1.EventPolicy{},
+	eventingv1alpha1.SchemeGroupVersion.WithKind("EventTransform"): &eventingv1alpha1.EventTransform{},
 	// v1beta1
 	eventingv1beta1.SchemeGroupVersion.WithKind("EventType"): &eventingv1beta1.EventType{},
 	// v1beta2
--- a/cmd/websocketsource/main.go
+++ b/cmd/websocketsource/main.go
@ -45,6 +45,7 @@ func init() {
 func main() {
 	flag.Parse()

+	//nolint:staticcheck
 	k_sink := os.Getenv("K_SINK")
 	if k_sink != "" {
 		sink = k_sink
--- a/config/300-eventtransform.yaml
+++ b/config/300-eventtransform.yaml
@ -0,0 +1 @@
+./core/resources/eventtransform.yaml
--- a/config/400-config-eventing-integrations-images.yaml
+++ b/config/400-config-eventing-integrations-images.yaml
@ -0,0 +1 @@
+../third_party/eventing-integrations-latest/eventing-integrations-images.yaml
--- a/config/400-config-eventing-transformations-images.yaml
+++ b/config/400-config-eventing-transformations-images.yaml
@ -0,0 +1 @@
+../third_party/eventing-integrations-latest/eventing-transformations-images.yaml
--- a/config/core-tls/integration-sink-tls-certificate.yaml
+++ b/config/core-tls/integration-sink-tls-certificate.yaml
@ -1,48 +0,0 @@
-# Copyright 2023 The Knative Authors
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: integration-sink-server-tls
-  namespace: knative-eventing
-spec:
-  # Secret names are always required.
-  secretName: integration-sink-server-tls
-
-  secretTemplate:
-    labels:
-      app.kubernetes.io/component: integration-sink
-      app.kubernetes.io/name: knative-eventing
-
-  # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator
-  duration: 2160h0m0s # 90d
-  renewBefore: 360h0m0s # 15d
-  subject:
-    organizations:
-      - local
-  privateKey:
-    algorithm: RSA
-    encoding: PKCS1
-    size: 2048
-    rotationPolicy: Always
-
-  dnsNames:
-    - integration-sink.knative-eventing.svc.cluster.local
-    - integration-sink.knative-eventing.svc
-
-  issuerRef:
-    name: knative-eventing-ca-issuer
-    kind: ClusterIssuer
-    group: cert-manager.io
--- a/config/core/configmaps/eventing-integrations-images.yaml
+++ b/config/core/configmaps/eventing-integrations-images.yaml
@ -0,0 +1 @@
+../../../third_party/eventing-integrations-latest/eventing-integrations-images.yaml
--- a/config/core/configmaps/eventing-transformations-images.yaml
+++ b/config/core/configmaps/eventing-transformations-images.yaml
@ -0,0 +1 @@
+../../../third_party/eventing-integrations-latest/eventing-transformations-images.yaml
--- a/config/core/configmaps/observability.yaml
+++ b/config/core/configmaps/observability.yaml
@ -23,7 +23,7 @@ metadata:
    app.kubernetes.io/version: devel
    app.kubernetes.io/name: knative-eventing
  annotations:
-    knative.dev/example-checksum: "f46cf09d"
+    knative.dev/example-checksum: "b7377954"
 data:
  _example: |
    ################################
@ -41,34 +41,45 @@ data:
    # this example block and unindented to be in the data block
    # to actually change the configuration.

-    # metrics.backend-destination field specifies the system metrics destination.
-    # It supports either prometheus (the default) or stackdriver.
-    # Note: Using stackdriver will incur additional charges
-    metrics.backend-destination: prometheus
+     # metrics-protocol field specifies the protocol used when exporting metrics
+    # It supports either 'none' (the default), 'prometheus', 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC)
+    metrics-protocol: http/protobuf

-    # metrics.request-metrics-backend-destination specifies the request metrics
-    # destination. If non-empty, it enables queue proxy to send request metrics.
-    # Currently supported values: prometheus, stackdriver.
-    metrics.request-metrics-backend-destination: prometheus
+    # metrics-endpoint field specifies the destination metrics should be exported to.
+    #
+    # The endpoint MUST be set when the protocol is http/protobuf or grpc.
+    # The endpoint MUST NOT be set when the protocol is none.
+    #
+    # When the protocol is prometheus the endpoint can accept a 'host:port' string to customize the
+    # listening host interface and port.
+    metrics-endpoint: http://collector.otel.svc.cluster.local/

-    # metrics.stackdriver-project-id field specifies the stackdriver project ID. This
-    # field is optional. When running on GCE, application default credentials will be
-    # used if this field is not provided.
-    metrics.stackdriver-project-id: "<your stackdriver project id>"
-
-    # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to
-    # Stackdriver using "global" resource type and custom metric type if the
-    # metrics are not supported by "knative_broker", "knative_trigger", and "knative_source" resource types.
-    # Setting this flag to "true" could cause extra Stackdriver charge.
-    # If metrics.backend-destination is not Stackdriver, this is ignored.
-    metrics.allow-stackdriver-custom-metrics: "false"
-
-    # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from
-    # the pods via an HTTP server in the format expected by the pprof visualization tool. When
-    # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008.
-    # The HTTP context root for profiling is then /debug/pprof/.
-    profiling.enable: "false"
+    # metrics-export-interval specifies the global metrics reporting period for control and data plane components.
+    # If a zero or negative value is passed the default reporting OTel period is used (60 secs).
+    metrics-export-interval: 60s

    # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating
    # a failure to send a cloud event to the sink.
    sink-event-error-reporting.enable: "false"
+
+    # runtime-profiling indicates whether it is allowed to retrieve runtime profiling data from
+    # the pods via an HTTP server in the format expected by the pprof visualization tool. When
+    # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008.
+    # The HTTP context root for profiling is then /debug/pprof/.
+    runtime-profiling: enabled
+
+
+    # tracing-protocol field specifies the protocol used when exporting traces
+    # It supports either 'none' (the default), 'prometheus', 'http/protobuf' (OTLP HTTP), 'grpc' (OTLP gRPC)
+    # or `stdout` for debugging purposes
+    tracing-protocol: http/protobuf
+
+    # tracing-endpoint field specifies the destination traces should be exporter to.
+    #
+    # The endpoint MUST be set when the protocol is http/protobuf or grpc.
+    # The endpoint MUST NOT be set when the protocol is none.
+    tracing-endpoint: http://jaeger-collector.observability:4318/v1/traces
+
+    # tracing-sampling-rate allows the user to specify what percentage of all traces should be exported
+    # The value should be between 0 (never sample) to 1 (always sample)
+    tracing-sampling-rate: "1"
--- a/config/core/configmaps/tracing.yaml
+++ b/config/core/configmaps/tracing.yaml
@ -23,33 +23,11 @@ metadata:
    app.kubernetes.io/version: devel
    app.kubernetes.io/name: knative-eventing
  annotations:
-    knative.dev/example-checksum: "0492ceb0"
+    knative.dev/example-checksum: "04c7e9a3"
 data:
  _example: |
-    ################################
-    #                              #
-    #    EXAMPLE CONFIGURATION     #
-    #                              #
-    ################################
-    # This block is not actually functional configuration,
-    # but serves to illustrate the available configuration
-    # options and document them in a way that is accessible
-    # to users that `kubectl edit` this config map.
-    #
-    # These sample configuration options may be copied out of
-    # this example block and unindented to be in the data block
-    # to actually change the configuration.
-    #
-    # This may be "zipkin" or "none". the default is "none"
-    backend: "none"
-
-    # URL to zipkin collector where traces are sent.
-    # This must be specified when backend is "zipkin"
-    zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans"
-
-    # Enable zipkin debug mode. This allows all spans to be sent to the server
-    # bypassing sampling.
-    debug: "false"
-
-    # Percentage (0-1) of requests to trace
-    sample-rate: "0.1"
+    ###########################################################
+    #                                                         #
+    #  This config is deprecated - use config-observability   #
+    #                                                         #
+    ###########################################################
--- a/config/core/deployments/controller.yaml
+++ b/config/core/deployments/controller.yaml
@ -77,6 +77,59 @@ spec:
              fieldRef:
                fieldPath: metadata.name

+          - name: EVENT_TRANSFORM_JSONATA_IMAGE
+            valueFrom:
+              configMapKeyRef:
+                key: transform-jsonata
+                name: eventing-transformations-images
+
+          - name: INTEGRATION_SOURCE_TIMER_IMAGE
+            valueFrom:
+              configMapKeyRef:
+                key: timer-source
+                name: eventing-integrations-images
+
+          - name: INTEGRATION_SOURCE_AWS_S3_IMAGE
+            valueFrom:
+              configMapKeyRef:
+                key: aws-s3-source
+                name: eventing-integrations-images
+
+          - name: INTEGRATION_SOURCE_AWS_SQS_IMAGE
+            valueFrom:
+              configMapKeyRef:
+                key: aws-sqs-source
+                name: eventing-integrations-images
+
+          - name: INTEGRATION_SOURCE_AWS_DDB_STREAMS_IMAGE
+            valueFrom:
+              configMapKeyRef:
+                key: aws-ddb-streams-source
+                name: eventing-integrations-images
+
+          - name: INTEGRATION_SINK_LOG_IMAGE
+            valueFrom:
+              configMapKeyRef:
+                key: log-sink
+                name: eventing-integrations-images
+
+          - name: INTEGRATION_SINK_AWS_S3_IMAGE
+            valueFrom:
+              configMapKeyRef:
+                key: aws-s3-sink
+                name: eventing-integrations-images
+
+          - name: INTEGRATION_SINK_AWS_SQS_IMAGE
+            valueFrom:
+              configMapKeyRef:
+                key: aws-sqs-sink
+                name: eventing-integrations-images
+
+          - name: INTEGRATION_SINK_AWS_SNS_IMAGE
+            valueFrom:
+              configMapKeyRef:
+                key: aws-sns-sink
+                name: eventing-integrations-images

 ##         Adapter settings
 #          - name: K_LOGGING_CONFIG
--- a/config/core/resources/eventtransform.yaml
+++ b/config/core/resources/eventtransform.yaml
@ -0,0 +1,281 @@
+# Copyright 2025 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: eventtransforms.eventing.knative.dev
+  labels:
+    knative.dev/crd-install: "true"
+    duck.knative.dev/addressable: "true"
+    app.kubernetes.io/version: devel
+    app.kubernetes.io/name: knative-eventing
+spec:
+  group: eventing.knative.dev
+  versions:
+    - name: v1alpha1
+      served: true
+      storage: true
+      subresources:
+        status: { }
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              description: Spec defines the desired state of the EventTransform.
+              type: object
+              properties:
+                jsonata:
+                  type: object
+                  properties:
+                    expression:
+                      description: Expression is the JSONata expression (https://jsonata.org/).
+                      type: string
+                reply:
+                  description: |
+                    Reply is the configuration on how to handle responses from Sink. It can only be set if Sink is set.
+                    Only one "type" can be used.
+                    The used type must match the top-level transformation, if you need to mix transformation types, use compositions and chain transformations together to achieve your desired outcome.
+                  type: object
+                  properties:
+                    jsonata:
+                      type: object
+                      properties:
+                        expression:
+                          description: Expression is the JSONata expression (https://jsonata.org/).
+                          type: string
+                    discard:
+                      description: |
+                        Discard discards responses from Sink and return empty response body.
+                        When set to false, it returns the exact sink response body.
+                        When set to true, Discard is mutually exclusive with EventTransformations in the reply
+                        section, it can either be discarded or transformed.
+                        Default: false.
+                      type: boolean
+                sink:
+                  description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.  If not present, the transformation will send back the transformed event as response, this is useful to leverage the built-in Broker reply feature to re-publish a transformed event back to the broker. '
+                  type: object
+                  properties:
+                    CACerts:
+                      description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any.
+                      type: string
+                    audience:
+                      description: Audience is the OIDC audience. This need only be set, if the target is not an Addressable and thus the Audience can't be received from the Addressable itself. In case the Addressable specifies an Audience too, the Destinations Audience takes preference.
+                      type: string
+                    ref:
+                      description: Ref points to an Addressable.
+                      type: object
+                      properties:
+                        address:
+                          description: Address points to a specific Address Name.
+                          type: string
+                        apiVersion:
+                          description: API version of the referent.
+                          type: string
+                        group:
+                          description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086'
+                          type: string
+                        kind:
+                          description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                          type: string
+                        name:
+                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                          type: string
+                        namespace:
+                          description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.'
+                          type: string
+                    uri:
+                      description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.
+                      type: string
+            status:
+              description: Status represents the current state of the EventTransform. This data may be out of date.
+              type: object
+              properties:
+                address:
+                  description: Address is a single Addressable address. If Addresses is present, Address will be ignored by clients.
+                  type: object
+                  required:
+                    - url
+                  properties:
+                    CACerts:
+                      description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
+                      type: string
+                    audience:
+                      description: Audience is the OIDC audience for this address.
+                      type: string
+                    name:
+                      description: Name is the name of the address.
+                      type: string
+                    url:
+                      type: string
+                addresses:
+                  description: Addresses is a list of addresses for different protocols (HTTP and HTTPS) If Addresses is present, Address must be ignored by clients.
+                  type: array
+                  items:
+                    type: object
+                    required:
+                      - url
+                    properties:
+                      CACerts:
+                        description: CACerts is the Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
+                        type: string
+                      audience:
+                        description: Audience is the OIDC audience for this address.
+                        type: string
+                      name:
+                        description: Name is the name of the address.
+                        type: string
+                      url:
+                        type: string
+                annotations:
+                  description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                auth:
+                  description: Auth defines the attributes that provide the generated service account name in the resource status.
+                  type: object
+                  required:
+                    - serviceAccountName
+                  properties:
+                    serviceAccountName:
+                      description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
+                      type: string
+                    serviceAccountNames:
+                      description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication. This list can have len() > 1, when the component uses multiple identities (e.g. in case of a Parallel).
+                      type: array
+                      items:
+                        type: string
+                conditions:
+                  description: Conditions the latest available observations of a resource's current state.
+                  type: array
+                  items:
+                    type: object
+                    required:
+                      - type
+                      - status
+                    properties:
+                      lastTransitionTime:
+                        description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
+                        type: string
+                      message:
+                        description: A human readable message indicating details about the transition.
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition.
+                        type: string
+                      severity:
+                        description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False, Unknown.
+                        type: string
+                      type:
+                        description: Type of condition.
+                        type: string
+                jsonata:
+                  description: JsonataTransformationStatus is the status associated with JsonataEventTransformationSpec.
+                  type: object
+                  properties:
+                    deployment:
+                      type: object
+                      properties:
+                        availableReplicas:
+                          description: Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.
+                          type: integer
+                          format: int32
+                        collisionCount:
+                          description: Count of hash collisions for the Deployment. The Deployment controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ReplicaSet.
+                          type: integer
+                          format: int32
+                        conditions:
+                          description: Represents the latest available observations of a deployment's current state.
+                          type: array
+                          items:
+                            type: object
+                            properties:
+                              lastTransitionTime:
+                                description: Last time the condition transitioned from one status to another.
+                                type: string
+                              lastUpdateTime:
+                                description: The last time this condition was updated.
+                                type: string
+                              message:
+                                description: A human readable message indicating details about the transition.
+                                type: string
+                              reason:
+                                description: The reason for the condition's last transition.
+                                type: string
+                              status:
+                                description: Status of the condition, one of True, False, Unknown.
+                                type: string
+                              type:
+                                description: Type of deployment condition.
+                                type: string
+                        observedGeneration:
+                          description: The generation observed by the deployment controller.
+                          type: integer
+                          format: int64
+                        readyReplicas:
+                          description: readyReplicas is the number of pods targeted by this Deployment with a Ready Condition.
+                          type: integer
+                          format: int32
+                        replicas:
+                          description: Total number of non-terminated pods targeted by this deployment (their labels match the selector).
+                          type: integer
+                          format: int32
+                        unavailableReplicas:
+                          description: Total number of unavailable pods targeted by this deployment. This is the total number of pods that are still required for the deployment to have 100% available capacity. They may either be pods that are running but not yet available or pods that still have not been created.
+                          type: integer
+                          format: int32
+                        updatedReplicas:
+                          description: Total number of non-terminated pods targeted by this deployment that have the desired template spec.
+                          type: integer
+                          format: int32
+                observedGeneration:
+                  description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
+                  type: integer
+                  format: int64
+                sinkAudience:
+                  description: SinkAudience is the OIDC audience of the sink.
+                  type: string
+                sinkCACerts:
+                  description: SinkCACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
+                  type: string
+                sinkUri:
+                  description: SinkURI is the current active sink URI that has been configured for the Source.
+                  type: string
+
+      additionalPrinterColumns:
+        - name: URL
+          type: string
+          jsonPath: ".status.address.url"
+        - name: Sink
+          type: string
+          jsonPath: ".status.sinkUri"
+        - name: Ready
+          type: string
+          jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
+        - name: Reason
+          type: string
+          jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
+  names:
+    kind: EventTransform
+    plural: eventtransforms
+    singular: eventtransform
+    categories:
+      - all
+      - knative
+      - eventing
+  scope: Namespaced
--- a/config/core/resources/integrationsource.yaml
+++ b/config/core/resources/integrationsource.yaml
@ -322,6 +322,10 @@ spec:
                                name:
                                  description: 'Secret name'
                                  type: string
+                template:
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                  description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/'
            status:
              type: object
              properties:
@ -399,10 +403,10 @@ spec:
          jsonPath: ".status.sinkUri"
        - name: Age
          type: date
-          jsonPath: .metadata.creationTimestamp
+          jsonPath: ".metadata.creationTimestamp"
        - name: Ready
          type: string
-          jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
+          jsonPath: ".status.conditions[?(@.type=='Ready')].status"
        - name: Reason
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
--- a/config/core/roles/addressable-resolvers-clusterrole.yaml
+++ b/config/core/roles/addressable-resolvers-clusterrole.yaml
@ -188,3 +188,25 @@ rules:
    - get
    - list
    - watch
+
+---
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: eventtransforms-addressable-resolver
+  labels:
+    duck.knative.dev/addressable: "true"
+    app.kubernetes.io/version: devel
+    app.kubernetes.io/name: knative-eventing
+# Do not use this role directly. These rules will be added to the "addressable-resolver" role.
+rules:
+  - apiGroups:
+      - eventing.knative.dev
+    resources:
+      - eventtransforms
+      - eventtransforms/status
+    verbs:
+      - get
+      - list
+      - watch
--- a/config/core/roles/clusterrole-namespaced.yaml
+++ b/config/core/roles/clusterrole-namespaced.yaml
@ -79,6 +79,19 @@ rules:
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: knative-sinks-namespaced-admin
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    app.kubernetes.io/version: devel
+    app.kubernetes.io/name: knative-eventing
+rules:
+  - apiGroups: ["sinks.knative.dev"]
+    resources: ["*"]
+    verbs: ["*"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: knative-eventing-namespaced-edit
  labels:
@ -86,7 +99,7 @@ metadata:
    app.kubernetes.io/version: devel
    app.kubernetes.io/name: knative-eventing
 rules:
-  - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"]
+  - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev", "sinks.knative.dev"]
    resources: ["*"]
    verbs: ["create", "update", "patch", "delete"]
 ---
@ -99,6 +112,6 @@ metadata:
    app.kubernetes.io/version: devel
    app.kubernetes.io/name: knative-eventing
 rules:
-  - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"]
+  - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev", "sinks.knative.dev"]
    resources: ["*"]
    verbs: ["get", "list", "watch"]
--- a/config/core/roles/controller-clusterroles.yaml
+++ b/config/core/roles/controller-clusterroles.yaml
@ -64,11 +64,13 @@ rules:
      - "list"
      - "watch"

-  # PingSource controller manipulates Deployment owner reference
+  # PingSource and EventTransform controllers manipulate Deployment and ConfigMap owner reference
  - apiGroups:
      - "apps"
+      - ""
    resources:
      - "deployments/finalizers"
+      - "configmaps/finalizers"
    verbs:
      - "update"

@ -99,6 +101,8 @@ rules:
      - "eventtypes/status"
      - "eventpolicies"
      - "eventpolicies/status"
+      - "eventtransforms"
+      - "eventtransforms/status"
    verbs:
      - "get"
      - "list"
@ -130,6 +134,23 @@ rules:
    resources:
      - "brokers/finalizers"
      - "triggers/finalizers"
+      - "eventtransforms/finalizers"
+    verbs:
+      - "update"
+
+  # EventTransform controller manipulates SinkBinding owner reference
+  - apiGroups:
+      - "sources.knative.dev"
+    resources:
+      - "sinkbindings/finalizers"
+    verbs:
+      - "update"
+
+  # EventTransform controller manipulates Service owner reference
+  - apiGroups:
+      - ""
+    resources:
+      - "services/finalizers"
    verbs:
      - "update"

@ -221,3 +242,37 @@ rules:
      - "delete"
      - "patch"
      - "watch"
+
+  - apiGroups:
+      - "cert-manager.io"
+    resources:
+      - "certificates"
+    verbs:
+      - "get"
+      - "list"
+      - "create"
+      - "update"
+      - "delete"
+      - "patch"
+      - "watch"
+
+  # EventTransform controller manipulates Certificate owner reference
+  - apiGroups:
+      - "cert-manager.io"
+    resources:
+      - "certificates/finalizers"
+    verbs:
+      - "update"
+
+  - apiGroups:
+      - "acme.cert-manager.io"
+    resources:
+      - "challenges"
+    verbs:
+      - "get"
+      - "list"
+      - "create"
+      - "update"
+      - "delete"
+      - "patch"
+      - "watch"
--- a/config/post-install/placeholder.go
+++ b/config/post-install/placeholder.go
@ -16,4 +16,6 @@ limitations under the License.

 // Package post_install is a placeholder that allows us to pull in config files
 // via go mod vendor.
+//
+//nolint:staticcheck
 package post_install
--- a/config/post-install/storage-version-migrator.yaml
+++ b/config/post-install/storage-version-migrator.yaml
@ -41,6 +41,9 @@ spec:
      containers:
        - name: migrate
          image: ko://knative.dev/pkg/apiextensions/storageversion/cmd/migrate
+          env:
+            - name: IGNORE_NOT_FOUND
+              value: "true"
          args:
            - "apiserversources.sources.knative.dev"
            - "brokers.eventing.knative.dev"
--- a/docs/eventing-api.md
+++ b/docs/eventing-api.md
@ -2649,6 +2649,8 @@ Resource Types:
 <ul><li>
 <a href="#eventing.knative.dev/v1alpha1.EventPolicy">EventPolicy</a>
 </li><li>
+<a href="#eventing.knative.dev/v1alpha1.EventTransform">EventTransform</a>
+</li><li>
 <a href="#eventing.knative.dev/v1alpha1.RequestReply">RequestReply</a>
 </li></ul>
 <h3 id="eventing.knative.dev/v1alpha1.EventPolicy">EventPolicy
@ -2778,6 +2780,133 @@ This data may be out of date.</p>
 </tr>
 </tbody>
 </table>
+<h3 id="eventing.knative.dev/v1alpha1.EventTransform">EventTransform
+</h3>
+<p>
+<p>EventTransform represents an even transformation.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>apiVersion</code><br/>
+string</td>
+<td>
+<code>
+eventing.knative.dev/v1alpha1
+</code>
+</td>
+</tr>
+<tr>
+<td>
+<code>kind</code><br/>
+string
+</td>
+<td><code>EventTransform</code></td>
+</tr>
+<tr>
+<td>
+<code>metadata</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#objectmeta-v1-meta">
+Kubernetes meta/v1.ObjectMeta
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+Refer to the Kubernetes API documentation for the fields of the
+<code>metadata</code> field.
+</td>
+</tr>
+<tr>
+<td>
+<code>spec</code><br/>
+<em>
+<a href="#eventing.knative.dev/v1alpha1.EventTransformSpec">
+EventTransformSpec
+</a>
+</em>
+</td>
+<td>
+<p>Spec defines the desired state of the EventTransform.</p>
+<br/>
+<br/>
+<table>
+<tr>
+<td>
+<code>sink</code><br/>
+<em>
+<a href="https://pkg.go.dev/knative.dev/pkg/apis/duck/v1#Destination">
+knative.dev/pkg/apis/duck/v1.Destination
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Sink is a reference to an object that will resolve to a uri to use as the sink.</p>
+<p>If not present, the transformation will send back the transformed event as response, this
+is useful to leverage the built-in Broker reply feature to re-publish a transformed event
+back to the broker.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>reply</code><br/>
+<em>
+<a href="#eventing.knative.dev/v1alpha1.ReplySpec">
+ReplySpec
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Reply is the configuration on how to handle responses from Sink.
+It can only be set if Sink is set.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>EventTransformations</code><br/>
+<em>
+<a href="#eventing.knative.dev/v1alpha1.EventTransformations">
+EventTransformations
+</a>
+</em>
+</td>
+<td>
+<p>
+(Members of <code>EventTransformations</code> are embedded into this type.)
+</p>
+<p>EventTransformations contain all possible transformations, only one &ldquo;type&rdquo; can be used.</p>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+<tr>
+<td>
+<code>status</code><br/>
+<em>
+<a href="#eventing.knative.dev/v1alpha1.EventTransformStatus">
+EventTransformStatus
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Status represents the current state of the EventTransform.
+This data may be out of date.</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="eventing.knative.dev/v1alpha1.RequestReply">RequestReply
 </h3>
 <p>
@ -3273,6 +3402,282 @@ More info: <a href="https://kubernetes.io/docs/concepts/overview/working-with-ob
 </tr>
 </tbody>
 </table>
+<h3 id="eventing.knative.dev/v1alpha1.EventTransformSpec">EventTransformSpec
+</h3>
+<p>
+(<em>Appears on:</em><a href="#eventing.knative.dev/v1alpha1.EventTransform">EventTransform</a>)
+</p>
+<p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>sink</code><br/>
+<em>
+<a href="https://pkg.go.dev/knative.dev/pkg/apis/duck/v1#Destination">
+knative.dev/pkg/apis/duck/v1.Destination
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Sink is a reference to an object that will resolve to a uri to use as the sink.</p>
+<p>If not present, the transformation will send back the transformed event as response, this
+is useful to leverage the built-in Broker reply feature to re-publish a transformed event
+back to the broker.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>reply</code><br/>
+<em>
+<a href="#eventing.knative.dev/v1alpha1.ReplySpec">
+ReplySpec
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Reply is the configuration on how to handle responses from Sink.
+It can only be set if Sink is set.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>EventTransformations</code><br/>
+<em>
+<a href="#eventing.knative.dev/v1alpha1.EventTransformations">
+EventTransformations
+</a>
+</em>
+</td>
+<td>
+<p>
+(Members of <code>EventTransformations</code> are embedded into this type.)
+</p>
+<p>EventTransformations contain all possible transformations, only one &ldquo;type&rdquo; can be used.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="eventing.knative.dev/v1alpha1.EventTransformStatus">EventTransformStatus
+</h3>
+<p>
+(<em>Appears on:</em><a href="#eventing.knative.dev/v1alpha1.EventTransform">EventTransform</a>)
+</p>
+<p>
+<p>EventTransformStatus represents the current state of a EventTransform.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>SourceStatus</code><br/>
+<em>
+<a href="https://pkg.go.dev/knative.dev/pkg/apis/duck/v1#SourceStatus">
+knative.dev/pkg/apis/duck/v1.SourceStatus
+</a>
+</em>
+</td>
+<td>
+<p>
+(Members of <code>SourceStatus</code> are embedded into this type.)
+</p>
+<p>SourceStatus inherits duck/v1 SourceStatus, which currently provides:
+* ObservedGeneration - the &lsquo;Generation&rsquo; of the Service that was last
+processed by the controller.
+* Conditions - the latest available observations of a resource&rsquo;s current
+state.
+* SinkURI - the current active sink URI that has been configured for the
+Source.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>AddressStatus</code><br/>
+<em>
+<a href="https://pkg.go.dev/knative.dev/pkg/apis/duck/v1#AddressStatus">
+knative.dev/pkg/apis/duck/v1.AddressStatus
+</a>
+</em>
+</td>
+<td>
+<p>
+(Members of <code>AddressStatus</code> are embedded into this type.)
+</p>
+<em>(Optional)</em>
+<p>AddressStatus is the part where the EventTransform fulfills the Addressable contract.
+It exposes the endpoint as an URI to get events delivered.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>jsonata</code><br/>
+<em>
+<a href="#eventing.knative.dev/v1alpha1.JsonataEventTransformationStatus">
+JsonataEventTransformationStatus
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>JsonataTransformationStatus is the status associated with JsonataEventTransformationSpec.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="eventing.knative.dev/v1alpha1.EventTransformations">EventTransformations
+</h3>
+<p>
+(<em>Appears on:</em><a href="#eventing.knative.dev/v1alpha1.EventTransformSpec">EventTransformSpec</a>, <a href="#eventing.knative.dev/v1alpha1.ReplySpec">ReplySpec</a>)
+</p>
+<p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>jsonata</code><br/>
+<em>
+<a href="#eventing.knative.dev/v1alpha1.JsonataEventTransformationSpec">
+JsonataEventTransformationSpec
+</a>
+</em>
+</td>
+<td>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="eventing.knative.dev/v1alpha1.JsonataEventTransformationSpec">JsonataEventTransformationSpec
+</h3>
+<p>
+(<em>Appears on:</em><a href="#eventing.knative.dev/v1alpha1.EventTransformations">EventTransformations</a>)
+</p>
+<p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>expression</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Expression is the JSONata expression.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="eventing.knative.dev/v1alpha1.JsonataEventTransformationStatus">JsonataEventTransformationStatus
+</h3>
+<p>
+(<em>Appears on:</em><a href="#eventing.knative.dev/v1alpha1.EventTransformStatus">EventTransformStatus</a>)
+</p>
+<p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>deployment</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#deploymentstatus-v1-apps">
+Kubernetes apps/v1.DeploymentStatus
+</a>
+</em>
+</td>
+<td>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="eventing.knative.dev/v1alpha1.ReplySpec">ReplySpec
+</h3>
+<p>
+(<em>Appears on:</em><a href="#eventing.knative.dev/v1alpha1.EventTransformSpec">EventTransformSpec</a>)
+</p>
+<p>
+<p>ReplySpec is the configurations on how to handle responses from Sink.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>EventTransformations</code><br/>
+<em>
+<a href="#eventing.knative.dev/v1alpha1.EventTransformations">
+EventTransformations
+</a>
+</em>
+</td>
+<td>
+<p>
+(Members of <code>EventTransformations</code> are embedded into this type.)
+</p>
+<p>EventTransformations for replies from the Sink, contain all possible transformations,
+only one &ldquo;type&rdquo; can be used.</p>
+<p>The used type must match the top-level transformation, if you need to mix transformation types,
+use compositions and chain transformations together to achieve your desired outcome.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>discard</code><br/>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Discard discards responses from Sink and return empty response body.</p>
+<p>When set to false, it returns the exact sink response body.
+When set to true, Discard is mutually exclusive with EventTransformations in the reply
+section, it can either be discarded or transformed.</p>
+<p>Default: false.</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="eventing.knative.dev/v1alpha1.RequestReplySpec">RequestReplySpec
 </h3>
 <p>
@ -8134,6 +8539,18 @@ Timer
 <p>AWS source configuration</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>template</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#podtemplatespec-v1-core">
+Kubernetes core/v1.PodTemplateSpec
+</a>
+</em>
+</td>
+<td>
+</td>
+</tr>
 </table>
 </td>
 </tr>
@ -8272,6 +8689,18 @@ Timer
 <p>AWS source configuration</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>template</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#podtemplatespec-v1-core">
+Kubernetes core/v1.PodTemplateSpec
+</a>
+</em>
+</td>
+<td>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="sources.knative.dev/v1alpha1.IntegrationSourceStatus">IntegrationSourceStatus
--- a/docs/mt-channel-based-broker/README.md
+++ b/docs/mt-channel-based-broker/README.md
@ -14,7 +14,7 @@ In the following the control plane components and their responsibilities are des

 The `mt-broker-controller` is kind of the heart of the MTChannelBasedBroker control plane and has the following responsibilities:

-* Watches for new `Broker` resources with the `eventing.kantive.dev/broker.class: MTChannelBasedBroker` annotation (step 2 in the diagram) and creates a new _concrete_ channel resource (step 3 in the diagram) depending on the `channel-template-spec` from the configmap referenced in the `config-br-defaults` configmap (by default this points to `config-br-default-channel`).
+* Watches for new `Broker` resources with the `eventing.knative.dev/broker.class: MTChannelBasedBroker` annotation (step 2 in the diagram) and creates a new _concrete_ channel resource (step 3 in the diagram) depending on the `channel-template-spec` from the configmap referenced in the `config-br-defaults` configmap (by default this points to `config-br-default-channel`).

  Be aware that in case the default `brokerClass` in `config-br-defaults` is not set to `MTChannelBasedBroker`, the referenced configmap still must contain a `channel-template-spec`. Otherwise the user needs to define the corresponding config on the broker resource directly when using the `MTChannelBasedBroker` broker class, e.g.:

--- a/go.mod
+++ b/go.mod
@ -1,21 +1,21 @@
 module knative.dev/eventing

-go 1.22.7
+go 1.24.0

 require (
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.1-0.20210420163308-c1402a70e2f1
-	github.com/cloudevents/conformance v0.2.0
+	github.com/cert-manager/cert-manager v1.16.3
+	github.com/cloudevents/conformance v0.4.1
 	github.com/cloudevents/sdk-go/observability/opencensus/v2 v2.15.2
 	github.com/cloudevents/sdk-go/protocol/mqtt_paho/v2 v2.0.0-20240508060731-1ed9471c98bd
 	github.com/cloudevents/sdk-go/sql/v2 v2.0.0-20240712172937-3ce6b2f1f011
 	github.com/cloudevents/sdk-go/v2 v2.15.2
 	github.com/coreos/go-oidc/v3 v3.9.0
 	github.com/eclipse/paho.golang v0.12.0
-	github.com/go-jose/go-jose/v3 v3.0.3
-	github.com/google/go-cmp v0.6.0
-	github.com/google/gofuzz v1.2.0
+	github.com/go-jose/go-jose/v3 v3.0.4
+	github.com/google/go-cmp v0.7.0
 	github.com/google/uuid v1.6.0
-	github.com/gorilla/websocket v1.5.1
+	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-retryablehttp v0.7.7
 	github.com/hashicorp/golang-lru v1.0.2
@ -27,27 +27,32 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/rickb777/date v1.13.0
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/stretchr/testify v1.9.0
+	github.com/stretchr/testify v1.10.0
 	github.com/wavesoftware/go-ensure v1.0.0
 	go.opencensus.io v0.24.0
-	go.opentelemetry.io/otel v1.31.0
-	go.opentelemetry.io/otel/trace v1.31.0
+	go.opentelemetry.io/contrib/instrumentation/runtime v0.62.0
+	go.opentelemetry.io/otel v1.37.0
+	go.opentelemetry.io/otel/sdk v1.37.0
+	go.opentelemetry.io/otel/sdk/metric v1.37.0
+	go.opentelemetry.io/otel/trace v1.37.0
 	go.uber.org/atomic v1.10.0
 	go.uber.org/multierr v1.11.0
 	go.uber.org/zap v1.27.0
-	golang.org/x/net v0.34.0
-	golang.org/x/sync v0.10.0
-	k8s.io/api v0.31.4
-	k8s.io/apiextensions-apiserver v0.31.4
-	k8s.io/apimachinery v0.31.4
-	k8s.io/apiserver v0.31.4
-	k8s.io/client-go v0.31.4
-	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
-	knative.dev/hack v0.0.0-20250116150306-c142b4835bc5
-	knative.dev/hack/schema v0.0.0-20250116150306-c142b4835bc5
-	knative.dev/pkg v0.0.0-20250117084104-c43477f0052b
-	knative.dev/reconciler-test v0.0.0-20250117161605-4965c77b4dfa
-	sigs.k8s.io/yaml v1.4.0
+	golang.org/x/net v0.41.0
+	golang.org/x/sync v0.15.0
+	k8s.io/api v0.33.1
+	k8s.io/apiextensions-apiserver v0.33.1
+	k8s.io/apimachinery v0.33.1
+	k8s.io/apiserver v0.33.1
+	k8s.io/client-go v0.33.1
+	k8s.io/code-generator v0.33.1
+	k8s.io/utils v0.0.0-20241210054802-24370beab758
+	knative.dev/hack v0.0.0-20250708013849-70d4b00da6ba
+	knative.dev/hack/schema v0.0.0-20250708013849-70d4b00da6ba
+	knative.dev/pkg v0.0.0-20250708013613-d3550d4350f9
+	knative.dev/reconciler-test v0.0.0-20250708152404-d97d9007b8d3
+	sigs.k8s.io/randfill v1.0.0
+	sigs.k8s.io/yaml v1.5.0
 )

 require (
@ -58,15 +63,19 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/blendle/zapdriver v1.3.1 // indirect
+	github.com/cenkalti/backoff/v5 v5.0.2 // indirect
 	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
-	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-kit/log v0.2.1 // indirect
 	github.com/go-logfmt/logfmt v0.5.1 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
@ -74,53 +83,64 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.21.0 // indirect
-	github.com/imdario/mergo v0.3.16 // indirect
+	github.com/google/gnostic-models v0.6.9 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_golang v1.19.1 // indirect
-	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.55.0 // indirect
-	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/prometheus/client_golang v1.22.0 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.65.0 // indirect
+	github.com/prometheus/procfs v0.16.1 // indirect
 	github.com/prometheus/statsd_exporter v0.22.7 // indirect
 	github.com/rickb777/plural v1.2.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/spf13/cobra v1.8.1 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.37.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.37.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0 // indirect
+	go.opentelemetry.io/otel/exporters/prometheus v0.59.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.37.0 // indirect
+	go.opentelemetry.io/otel/metric v1.37.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.7.0 // indirect
 	go.uber.org/automaxprocs v1.6.0 // indirect
-	golang.org/x/crypto v0.32.0 // indirect
-	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/oauth2 v0.23.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/term v0.28.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.6.0 // indirect
-	golang.org/x/tools v0.29.0 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/api v0.183.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
-	google.golang.org/grpc v1.69.2 // indirect
-	google.golang.org/protobuf v1.36.2 // indirect
+	go.yaml.in/yaml/v2 v2.4.2 // indirect
+	golang.org/x/crypto v0.39.0 // indirect
+	golang.org/x/mod v0.25.0 // indirect
+	golang.org/x/oauth2 v0.30.0 // indirect
+	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/term v0.32.0 // indirect
+	golang.org/x/text v0.26.0 // indirect
+	golang.org/x/time v0.10.0 // indirect
+	golang.org/x/tools v0.34.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
+	google.golang.org/api v0.198.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect
+	google.golang.org/grpc v1.73.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/code-generator v0.31.4 // indirect
 	k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 // indirect
-	k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect
+	k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7 // indirect
 	k8s.io/klog v1.0.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
+	sigs.k8s.io/gateway-api v1.1.0 // indirect
+	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
--- a/hack/release.sh
+++ b/hack/release.sh
@ -17,9 +17,50 @@
 # Documentation about this script and how to use it can be found
 # at https://github.com/knative/test-infra/tree/main/ci

-source $(dirname $0)/../vendor/knative.dev/hack/release.sh
+source "$(dirname "${BASH_SOURCE[0]}")/../vendor/knative.dev/hack/release.sh"
+
+KNATIVE_EVENTING_INTEGRATIONS_IMAGES_RELEASE="$(get_latest_knative_yaml_source "eventing-integrations" "eventing-integrations-images")"
+readonly KNATIVE_EVENTING_INTEGRATIONS_IMAGES_RELEASE
+KNATIVE_EVENTING_TRANSFORMATIONS_IMAGES_RELEASE="$(get_latest_knative_yaml_source "eventing-integrations" "eventing-transformations-images")"
+readonly KNATIVE_EVENTING_TRANSFORMATIONS_IMAGES_RELEASE
+
+readonly KNATIVE_EVENTING_INTEGRATIONS_IMAGES_CM="${REPO_ROOT_DIR}/third_party/eventing-integrations-latest/eventing-integrations-images.yaml"
+readonly KNATIVE_EVENTING_TRANSFORMATIONS_IMAGES_CM="${REPO_ROOT_DIR}/third_party/eventing-integrations-latest/eventing-transformations-images.yaml"
+
+function update_eventing_integrations_release_cms() {
+   curl "${KNATIVE_EVENTING_INTEGRATIONS_IMAGES_RELEASE}" --create-dirs -o "${KNATIVE_EVENTING_INTEGRATIONS_IMAGES_CM}" || return $?
+   curl "${KNATIVE_EVENTING_TRANSFORMATIONS_IMAGES_RELEASE}" --create-dirs -o "${KNATIVE_EVENTING_TRANSFORMATIONS_IMAGES_CM}" || return $?
+}
+
+function check_knative_nightly() {
+    local files=(
+       "${KNATIVE_EVENTING_INTEGRATIONS_IMAGES_CM}"
+       "${KNATIVE_EVENTING_TRANSFORMATIONS_IMAGES_CM}"
+       "${REPO_ROOT_DIR}/config/core/configmaps/eventing-integrations-images.yaml"
+       "${REPO_ROOT_DIR}/config/core/configmaps/eventing-transformations-images.yaml"
+       "${REPO_ROOT_DIR}/config/400-config-eventing-integrations-images.yaml"
+       "${REPO_ROOT_DIR}/config/400-config-eventing-transformations-images.yaml"
+    )
+
+    for file in "${files[@]}"; do
+        if grep -q "knative-nightly" "$file"; then
+            echo "Error: Found 'knative-nightly' in $file, is eventing-integrations for this major and minor '${TAG}' version already released? https://github.com/knative-extensions/eventing-integrations/releases"
+            cat "${file}"
+            return 1
+        fi
+    done
+
+    echo "No 'knative-nightly' occurrences found."
+}

 function build_release() {
+  if (( PUBLISH_TO_GITHUB )); then
+    # For official releases, update eventing-integrations ConfigMaps and stop the release if a nightly image is found
+    # in the ConfigMaps.
+    update_eventing_integrations_release_cms || return $?
+    check_knative_nightly || return $?
+  fi
+
  # Run `generate-yamls.sh`, which should be versioned with the
  # branch since the detail of building may change over time.
  local YAML_LIST="$(mktemp)"
--- a/hack/tools.go
+++ b/hack/tools.go
@ -36,4 +36,7 @@ import (
 	// API reference docs generation.
 	_ "github.com/ahmetb/gen-crd-api-reference-docs"
 	_ "github.com/ahmetb/gen-crd-api-reference-docs/template"
+
+	// K8s code generation tools
+	_ "k8s.io/code-generator/cmd/validation-gen"
 )
--- a/hack/update-cert-manager.sh
+++ b/hack/update-cert-manager.sh
@ -24,4 +24,4 @@ EOF
  helm template -n cert-manager cert-manager jetstack/trust-manager --create-namespace --version "${trust_manager_version}" --set crds.enabled=true > third_party/cert-manager/02-trust-manager.yaml
 }

-update_cert_manager "v1.13.3" "v0.12.0"
+update_cert_manager "v1.16.3" "v0.12.0"
--- a/hack/update-codegen.sh
+++ b/hack/update-codegen.sh
@ -52,6 +52,13 @@ ${KNATIVE_CODEGEN_PKG}/hack/generate-knative.sh "injection" \
  "sinks:v1alpha1 eventing:v1alpha1 eventing:v1beta1 eventing:v1beta2 eventing:v1beta3 eventing:v1 messaging:v1 flows:v1 sources:v1alpha1 sources:v1beta2 sources:v1 duck:v1beta1 duck:v1" \
  --go-header-file ${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt

+# Knative Injection (for cert-manager)
+OUTPUT_PKG="knative.dev/eventing/pkg/client/certmanager/injection" \
+${KNATIVE_CODEGEN_PKG}/hack/generate-knative.sh "injection" \
+  github.com/cert-manager/cert-manager/pkg/client github.com/cert-manager/cert-manager/pkg/apis "certmanager:v1 acme:v1" \
+  --disable-informer-init \
+  --go-header-file ${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt
+
 group "Generating API reference docs"

 ${REPO_ROOT_DIR}/hack/update-reference-docs.sh
--- a/pkg/adapter/apiserver/adapter.go
+++ b/pkg/adapter/apiserver/adapter.go
@ -126,7 +126,7 @@ func (a *apiServerAdapter) start(ctx context.Context, stopCh <-chan struct{}) er
 	}

 	<-stopCh
-	stop <- struct{}{}
+	close(stop)
 	return nil
 }

--- a/pkg/adapter/mtping/runner_test.go
+++ b/pkg/adapter/mtping/runner_test.go
@ -20,6 +20,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/base64"
+	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"reflect"
@ -213,8 +214,8 @@ func TestSendEventsTLS(t *testing.T) {
 	eventsChan := make(chan cloudevents.Event, 10)
 	handler := eventingtlstesting.EventChannelHandler(eventsChan)
 	events := make([]cloudevents.Event, 0, 8)
-	ca := eventingtlstesting.StartServer(ctx, t, 8500, handler)
-	hostString := "localhost:8500"
+	ca, port := eventingtlstesting.StartServer(ctx, t, 0, handler)
+	hostString := fmt.Sprintf("localhost:%d", port)

 	var wg sync.WaitGroup
 	wg.Add(1)
--- a/pkg/adapter/v2/cloudevents_test.go
+++ b/pkg/adapter/v2/cloudevents_test.go
@ -18,6 +18,7 @@ package adapter

 import (
 	"context"
+	"fmt"
 	nethttp "net/http"
 	"os"
 	"strconv"
@ -309,7 +310,7 @@ func TestTLS(t *testing.T) {
 	ctx, cancel := context.WithCancel(ctx)
 	t.Cleanup(cancel)

-	ca := eventingtlstesting.StartServer(ctx, t, 8333, nethttp.HandlerFunc(func(writer nethttp.ResponseWriter, request *nethttp.Request) {
+	ca, port := eventingtlstesting.StartServer(ctx, t, 0, nethttp.HandlerFunc(func(writer nethttp.ResponseWriter, request *nethttp.Request) {
 		if request.TLS == nil {
 			// It's not on TLS, fail request
 			writer.WriteHeader(nethttp.StatusInternalServerError)
@ -328,17 +329,17 @@ func TestTLS(t *testing.T) {
 	}{
 		{
 			name:    "https sink URL, no CA certs fail",
-			sink:    "https://localhost:8333",
+			sink:    fmt.Sprintf("https://localhost:%d", port),
 			wantErr: true,
 		},
 		{
 			name:    "https sink URL with ca certs",
-			sink:    "https://localhost:8333",
+			sink:    fmt.Sprintf("https://localhost:%d", port),
 			caCerts: pointer.String(ca),
 		},
 		{
 			name:    "http sink URL with ca certs",
-			sink:    "http://localhost:8333",
+			sink:    fmt.Sprintf("http://localhost:%d", port),
 			caCerts: pointer.String(ca),
 			wantErr: true,
 		},
--- a/pkg/adapter/v2/test/test_client.go
+++ b/pkg/adapter/v2/test/test_client.go
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package test

 import (
--- a/pkg/adapter/v2/util/crstatusevent/eventsstatus.go
+++ b/pkg/adapter/v2/util/crstatusevent/eventsstatus.go
@ -74,7 +74,9 @@ func UpdateFromConfigMap(client *CRStatusEventClient) func(configMap *corev1.Con
 	}
 }

-var contextkey struct{}
+type contextkeytype struct{}
+
+var contextkey contextkeytype

 func ContextWithCRStatus(ctx context.Context, kubeEventSink *record.EventSink, component string, source runtime.Object, logf func(format string, args ...interface{})) context.Context {

@ -144,7 +146,7 @@ func (a *crStatusEvent) createEvent(ctx context.Context, result protocol.Result)
 		reason = strconv.Itoa(res.StatusCode)
 		if res.Format != "" && res.Format != "%w" { // returns '"%w" but this does not format
 			msg += " " + fmt.Sprintf(res.Format, res.Args...)
-		} else if res.Args != nil && len(res.Args) > 0 {
+		} else if len(res.Args) > 0 {
 			if m, ok := res.Args[0].(*protocol.Receipt); ok {
 				if m.Err != nil {
 					msg += " " + m.Err.Error() // add any error message if it's there.
--- a/pkg/apis/common/integration/v1alpha1/aws.go
+++ b/pkg/apis/common/integration/v1alpha1/aws.go
@ -33,33 +33,33 @@ type AWSCommon struct {

 type AWSS3 struct {
 	AWSCommon               `json:",inline"` // Embeds AWSCommon to inherit its fields in JSON
-	Arn                     string           `json:"arn,omitempty" camel:"CAMEL_KAMELET_AWS_S3_SOURCE_BUCKETNAMEORARN"` // S3 ARN
-	DeleteAfterRead         bool             `json:"deleteAfterRead" default:"true"`                                    // Auto-delete objects after reading
-	MoveAfterRead           bool             `json:"moveAfterRead" default:"false"`                                     // Move objects after reading
-	DestinationBucket       string           `json:"destinationBucket,omitempty"`                                       // Destination bucket for moved objects
-	DestinationBucketPrefix string           `json:"destinationBucketPrefix,omitempty"`                                 // Prefix for moved objects
-	DestinationBucketSuffix string           `json:"destinationBucketSuffix,omitempty"`                                 // Suffix for moved objects
-	AutoCreateBucket        bool             `json:"autoCreateBucket" default:"false"`                                  // Auto-create S3 bucket
-	Prefix                  string           `json:"prefix,omitempty"`                                                  // S3 bucket prefix for search
-	IgnoreBody              bool             `json:"ignoreBody" default:"false"`                                        // Ignore object body
-	ForcePathStyle          bool             `json:"forcePathStyle" default:"false"`                                    // Force path style for bucket access
-	Delay                   int              `json:"delay" default:"500"`                                               // Delay between polls in milliseconds
-	MaxMessagesPerPoll      int              `json:"maxMessagesPerPoll" default:"10"`                                   // Max messages to poll per request
+	Arn                     string           `json:"arn,omitempty" camel:"BUCKET_NAME_OR_ARN"` // S3 ARN
+	DeleteAfterRead         bool             `json:"deleteAfterRead" default:"true"`           // Auto-delete objects after reading
+	MoveAfterRead           bool             `json:"moveAfterRead" default:"false"`            // Move objects after reading
+	DestinationBucket       string           `json:"destinationBucket,omitempty"`              // Destination bucket for moved objects
+	DestinationBucketPrefix string           `json:"destinationBucketPrefix,omitempty"`        // Prefix for moved objects
+	DestinationBucketSuffix string           `json:"destinationBucketSuffix,omitempty"`        // Suffix for moved objects
+	AutoCreateBucket        bool             `json:"autoCreateBucket" default:"false"`         // Auto-create S3 bucket
+	Prefix                  string           `json:"prefix,omitempty"`                         // S3 bucket prefix for search
+	IgnoreBody              bool             `json:"ignoreBody" default:"false"`               // Ignore object body
+	ForcePathStyle          bool             `json:"forcePathStyle" default:"false"`           // Force path style for bucket access
+	Delay                   int              `json:"delay" default:"500"`                      // Delay between polls in milliseconds
+	MaxMessagesPerPoll      int              `json:"maxMessagesPerPoll" default:"10"`          // Max messages to poll per request
 }

 type AWSSQS struct {
 	AWSCommon          `json:",inline"` // Embeds AWSCommon to inherit its fields in JSON
-	Arn                string           `json:"arn,omitempty" camel:"CAMEL_KAMELET_AWS_SQS_SOURCE_QUEUENAMEORARN"`               // SQS ARN
-	DeleteAfterRead    bool             `json:"deleteAfterRead" default:"true"`                                                  // Auto-delete messages after reading
-	AutoCreateQueue    bool             `json:"autoCreateQueue" default:"false"`                                                 // Auto-create SQS queue
-	Host               string           `json:"host" camel:"CAMEL_KAMELET_AWS_SQS_SOURCE_AMAZONAWSHOST" default:"amazonaws.com"` // AWS host
-	Protocol           string           `json:"protocol" default:"https"`                                                        // Communication protocol (http/https)
-	QueueURL           string           `json:"queueURL,omitempty"`                                                              // Full SQS queue URL
-	Greedy             bool             `json:"greedy" default:"false"`                                                          // Greedy scheduler
-	Delay              int              `json:"delay" default:"500"`                                                             // Delay between polls in milliseconds
-	MaxMessagesPerPoll int              `json:"maxMessagesPerPoll" default:"1"`                                                  // Max messages to return (1-10)
-	WaitTimeSeconds    int              `json:"waitTimeSeconds,omitempty"`                                                       // Wait time for messages
-	VisibilityTimeout  int              `json:"visibilityTimeout,omitempty"`                                                     // Visibility timeout in seconds
+	Arn                string           `json:"arn,omitempty" camel:"QUEUE_NAME_OR_ARN"`            // SQS ARN
+	DeleteAfterRead    bool             `json:"deleteAfterRead" default:"true"`                     // Auto-delete messages after reading
+	AutoCreateQueue    bool             `json:"autoCreateQueue" default:"false"`                    // Auto-create SQS queue
+	Host               string           `json:"host" camel:"AMAZONAWSHOST" default:"amazonaws.com"` // AWS host
+	Protocol           string           `json:"protocol" default:"https"`                           // Communication protocol (http/https)
+	QueueURL           string           `json:"queueURL,omitempty"`                                 // Full SQS queue URL
+	Greedy             bool             `json:"greedy" default:"false"`                             // Greedy scheduler
+	Delay              int              `json:"delay" default:"500"`                                // Delay between polls in milliseconds
+	MaxMessagesPerPoll int              `json:"maxMessagesPerPoll" default:"1"`                     // Max messages to return (1-10)
+	WaitTimeSeconds    int              `json:"waitTimeSeconds,omitempty"`                          // Wait time for messages
+	VisibilityTimeout  int              `json:"visibilityTimeout,omitempty"`                        // Visibility timeout in seconds
 }

 type AWSDDBStreams struct {
@ -71,6 +71,6 @@ type AWSDDBStreams struct {

 type AWSSNS struct {
 	AWSCommon       `json:",inline"` // Embeds AWSCommon to inherit its fields in JSON
-	Arn             string           `json:"arn,omitempty" camel:"CAMEL_KAMELET_AWS_SNS_SINK_TOPICNAMEORARN"` // SNS ARN
-	AutoCreateTopic bool             `json:"autoCreateTopic" default:"false"`                                 // Auto-create SNS topic
+	Arn             string           `json:"arn,omitempty" camel:"TOPIC_NAME_OR_ARN"` // SNS ARN
+	AutoCreateTopic bool             `json:"autoCreateTopic" default:"false"`         // Auto-create SNS topic
 }
--- a/pkg/apis/duck/v1/channelable_types.go
+++ b/pkg/apis/duck/v1/channelable_types.go
@ -138,7 +138,7 @@ func (c *Channelable) Populate() {
 }

 // GetFullType implements duck.Implementable
-func (s *Channelable) GetFullType() duck.Populatable {
+func (c *Channelable) GetFullType() duck.Populatable {
 	return &Channelable{}
 }

--- a/pkg/apis/duck/v1beta1/delivery_conversion_test.go
+++ b/pkg/apis/duck/v1beta1/delivery_conversion_test.go
@ -41,8 +41,11 @@ func TestDeliverySpecConversionBadType(t *testing.T) {
 // Test v1beta1 -> v1 -> v1beta1
 func TestDeliverySpecConversion(t *testing.T) {
 	var retryCount int32 = 10
+	//nolint:staticcheck  // ST1023 types can be inferred
 	var backoffPolicy BackoffPolicyType = BackoffPolicyLinear
+	//nolint:staticcheck  // ST1023 types can be inferred
 	var backoffPolicyExp BackoffPolicyType = BackoffPolicyExponential
+	//nolint:staticcheck  // ST1023 types can be inferred
 	var backoffPolicyBad BackoffPolicyType = "garbage"
 	badPolicyString := `unknown BackoffPolicy, got: "garbage"`

@ -118,8 +121,11 @@ func TestDeliverySpecConversion(t *testing.T) {
 // Test v1 -> v1beta1 -> v1
 func TestDeliverySpecConversionV1(t *testing.T) {
 	var retryCount int32 = 10
+	//nolint:staticcheck  // ST1023 types can be inferred
 	var backoffPolicy v1.BackoffPolicyType = v1.BackoffPolicyLinear
+	//nolint:staticcheck  // ST1023 types can be inferred
 	var backoffPolicyExp v1.BackoffPolicyType = v1.BackoffPolicyExponential
+	//nolint:staticcheck  // ST1023 types can be inferred
 	var backoffPolicyBad v1.BackoffPolicyType = "garbage"
 	badPolicyString := `unknown BackoffPolicy, got: "garbage"`

--- a/pkg/apis/eventing/v1/roundtrip_test.go
+++ b/pkg/apis/eventing/v1/roundtrip_test.go
@ -19,8 +19,8 @@ package v1
 import (
 	"testing"

-	fuzz "github.com/google/gofuzz"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
+	"sigs.k8s.io/randfill"

 	"k8s.io/apimachinery/pkg/api/apitesting/fuzzer"
 	"k8s.io/apimachinery/pkg/runtime"
@ -36,8 +36,8 @@ import (
 var FuzzerFuncs = fuzzer.MergeFuzzerFuncs(
 	func(codecs serializer.CodecFactory) []interface{} {
 		return []interface{}{
-			func(s *TriggerStatus, c fuzz.Continue) {
-				c.FuzzNoCustom(s) // fuzz the status object
+			func(s *TriggerStatus, c randfill.Continue) {
+				c.FillNoCustom(s) // fuzz the status object

 				// Clear the random fuzzed condition
 				s.Status.SetConditions(nil)
@ -46,8 +46,8 @@ var FuzzerFuncs = fuzzer.MergeFuzzerFuncs(
 				s.InitializeConditions()
 				pkgfuzzer.FuzzConditions(&s.Status, c)
 			},
-			func(s *BrokerStatus, c fuzz.Continue) {
-				c.FuzzNoCustom(s) // fuzz the status object
+			func(s *BrokerStatus, c randfill.Continue) {
+				c.FillNoCustom(s) // fuzz the status object

 				// Clear the random fuzzed condition
 				s.Status.SetConditions(nil)
--- a/pkg/apis/eventing/v1alpha1/eventtransform_defaults.go
+++ b/pkg/apis/eventing/v1alpha1/eventtransform_defaults.go
@ -0,0 +1,24 @@
+/*
+Copyright 2025 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"context"
+)
+
+func (t *EventTransform) SetDefaults(_ context.Context) {
+}
--- a/pkg/apis/eventing/v1alpha1/eventtransform_lifecycle.go
+++ b/pkg/apis/eventing/v1alpha1/eventtransform_lifecycle.go
@ -0,0 +1,213 @@
+/*
+Copyright 2025 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
+	cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
+	appsv1 "k8s.io/api/apps/v1"
+	"knative.dev/pkg/apis"
+	duckv1 "knative.dev/pkg/apis/duck/v1"
+
+	sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
+)
+
+const (
+	TransformConditionAddressable apis.ConditionType = "Addressable"
+	TransformationConditionReady  apis.ConditionType = "TransformationReady"
+
+	TransformationAddressableEmptyURL                   string = "NoURL"
+	TransformationAddressableWaitingForServiceEndpoints string = "WaitingForServiceEndpoints"
+
+	// Specific transformations conditions
+
+	// TransformationJsonataDeploymentReady is the condition to indicate that the Jsonata deployment
+	// is ready.
+	TransformationJsonataDeploymentReady       apis.ConditionType = "JsonataDeploymentReady"
+	TransformationJsonataDeploymentUnavailable string             = "JsonataDeploymentUnavailable"
+	TransformationJsonataCertificateNotReady   string             = "JsonataCertificateNotReady"
+	// TransformationJsonataSinkBindingReady is the condition to indicate that the Jsonata sink
+	// binding is ready.
+	TransformationJsonataSinkBindingReady apis.ConditionType = "JsonataSinkBindingReady"
+)
+
+var TransformCondSet = apis.NewLivingConditionSet(
+	TransformationConditionReady,
+	TransformConditionAddressable,
+)
+
+// transformJsonataConditionSet is the subset of conditions for the Jsonata transformation
+// The overall readiness of those conditions will be propagated to the top-level
+// TransformationConditionReady condition.
+var transformJsonataConditionSet = apis.NewLivingConditionSet(
+	TransformationJsonataDeploymentReady,
+	TransformationJsonataSinkBindingReady,
+)
+
+// GetConditionSet retrieves the condition set for this resource. Implements the KRShaped interface.
+func (et *EventTransform) GetConditionSet() apis.ConditionSet {
+	if et == nil {
+		return TransformCondSet
+	}
+	return et.Status.GetConditionSet()
+}
+
+func (*EventTransformStatus) GetConditionSet() apis.ConditionSet {
+	return TransformCondSet
+}
+
+// GetCondition returns the condition cutsently associated with the given type, or nil.
+func (ts *EventTransformStatus) GetCondition(t apis.ConditionType) *apis.Condition {
+	return ts.GetConditionSet().Manage(ts).GetCondition(t)
+}
+
+// IsReady returns true if the resource is ready overall.
+func (ts *EventTransformStatus) IsReady() bool {
+	return ts.GetTopLevelCondition().IsTrue()
+}
+
+// GetTopLevelCondition returns the top level Condition.
+func (ts *EventTransformStatus) GetTopLevelCondition() *apis.Condition {
+	return ts.GetConditionSet().Manage(ts).GetTopLevelCondition()
+}
+
+// InitializeConditions sets relevant unset conditions to Unknown state.
+func (ts *EventTransformStatus) InitializeConditions() {
+	ts.GetConditionSet().Manage(ts).InitializeConditions()
+}
+
+func (ts *EventTransformStatus) PropagateJsonataDeploymentStatus(ds appsv1.DeploymentStatus) bool {
+	defer ts.propagateTransformJsonataReadiness()
+	if ts.JsonataTransformationStatus == nil {
+		ts.JsonataTransformationStatus = &JsonataEventTransformationStatus{}
+	}
+	ts.JsonataTransformationStatus.Deployment = ds
+	if ds.Replicas > 0 && ds.Replicas == ds.AvailableReplicas {
+		transformJsonataConditionSet.Manage(ts).MarkTrue(TransformationJsonataDeploymentReady)
+		return true
+	}
+	transformJsonataConditionSet.Manage(ts).MarkFalse(TransformationJsonataDeploymentReady, TransformationJsonataDeploymentUnavailable, "Expected replicas: %d, available: %d", ds.Replicas, ds.AvailableReplicas)
+	return false
+}
+
+func (ts *EventTransformStatus) PropagateJsonataCertificateStatus(cs cmv1.CertificateStatus) bool {
+	defer ts.propagateTransformJsonataReadiness()
+	var topLevel *cmv1.CertificateCondition
+	for _, cond := range cs.Conditions {
+		if cond.Type == cmv1.CertificateConditionReady {
+			topLevel = &cond
+			break
+		}
+	}
+	if topLevel == nil {
+		transformJsonataConditionSet.Manage(ts).MarkUnknown(TransformationJsonataDeploymentReady, TransformationJsonataCertificateNotReady, "Certificate is progressing")
+		return false
+	}
+	if topLevel.Status == cmmeta.ConditionUnknown {
+		transformJsonataConditionSet.Manage(ts).MarkUnknown(TransformationJsonataDeploymentReady, TransformationJsonataCertificateNotReady, "Certificate is progressing, "+topLevel.Reason+" Message: "+topLevel.Message)
+		return false
+	}
+	if topLevel.Status == cmmeta.ConditionFalse {
+		transformJsonataConditionSet.Manage(ts).MarkFalse(TransformationJsonataDeploymentReady, TransformationJsonataCertificateNotReady, "Certificate is not ready, "+topLevel.Reason+" Message: "+topLevel.Message)
+		return false
+	}
+	return true
+}
+
+func (ts *EventTransformStatus) PropagateJsonataSinkBindingUnset() {
+	defer ts.propagateTransformJsonataReadiness()
+	transformJsonataConditionSet.Manage(ts).MarkTrue(TransformationJsonataSinkBindingReady)
+}
+
+func (ts *EventTransformStatus) PropagateJsonataSinkBindingStatus(sbs sourcesv1.SinkBindingStatus) bool {
+	defer ts.propagateTransformJsonataReadiness()
+	if ts.JsonataTransformationStatus == nil {
+		ts.JsonataTransformationStatus = &JsonataEventTransformationStatus{}
+	}
+	ts.SourceStatus.SinkURI = sbs.SinkURI
+	ts.SourceStatus.SinkAudience = sbs.SinkAudience
+	ts.SourceStatus.SinkCACerts = sbs.SinkCACerts
+	ts.SourceStatus.Auth = sbs.Auth
+
+	topLevel := sbs.GetCondition(apis.ConditionReady)
+	if topLevel == nil {
+		transformJsonataConditionSet.Manage(ts).MarkUnknown(TransformationJsonataSinkBindingReady, "", "")
+		return false
+	}
+	if topLevel.IsTrue() {
+		transformJsonataConditionSet.Manage(ts).MarkTrue(TransformationJsonataSinkBindingReady)
+		return true
+	}
+	if topLevel.IsFalse() {
+		transformJsonataConditionSet.Manage(ts).MarkFalse(TransformationJsonataSinkBindingReady, topLevel.Reason, topLevel.Message)
+		return false
+	}
+	transformJsonataConditionSet.Manage(ts).MarkUnknown(TransformationJsonataSinkBindingReady, topLevel.Reason, topLevel.Message)
+	return false
+}
+
+func (ts *EventTransformStatus) propagateTransformJsonataReadiness() {
+	ts.markTransformReady(transformJsonataConditionSet)
+}
+
+func (ts *EventTransformStatus) markTransformReady(set apis.ConditionSet) {
+	dCond := set.Manage(ts).GetCondition(TransformationJsonataDeploymentReady)
+	sbCond := set.Manage(ts).GetCondition(TransformationJsonataSinkBindingReady)
+	if !dCond.IsTrue() {
+		ts.propagateTransformationConditionStatus(dCond)
+		return
+	}
+	if !sbCond.IsTrue() {
+		ts.propagateTransformationConditionStatus(sbCond)
+		return
+	}
+	ts.propagateTransformationConditionStatus(sbCond)
+	ts.propagateTransformationConditionStatus(dCond)
+}
+
+func (ts *EventTransformStatus) propagateTransformationConditionStatus(cond *apis.Condition) {
+	if cond == nil {
+		ts.GetConditionSet().Manage(ts).MarkUnknown(TransformationConditionReady, "", "")
+	} else if cond.IsTrue() {
+		ts.GetConditionSet().Manage(ts).MarkTrue(TransformationConditionReady)
+	} else if cond.IsFalse() {
+		ts.GetConditionSet().Manage(ts).MarkFalse(TransformationConditionReady, cond.Reason, cond.Message)
+	} else {
+		ts.GetConditionSet().Manage(ts).MarkUnknown(TransformationConditionReady, cond.Reason, cond.Message)
+	}
+}
+
+func (ts *EventTransformStatus) MarkWaitingForServiceEndpoints() {
+	ts.GetConditionSet().Manage(ts).MarkFalse(TransformConditionAddressable, TransformationAddressableWaitingForServiceEndpoints, "URL is empty")
+}
+
+func (ts *EventTransformStatus) IsTransformationReady() bool {
+	return ts.GetConditionSet().Manage(ts).GetCondition(TransformationConditionReady).IsTrue()
+}
+
+func (ts *EventTransformStatus) SetAddresses(addresses ...duckv1.Addressable) {
+	if len(addresses) == 0 || addresses[0].URL.IsEmpty() {
+		ts.GetConditionSet().Manage(ts).MarkFalse(TransformConditionAddressable, TransformationAddressableEmptyURL, "URL is empty")
+		return
+	}
+
+	ts.AddressStatus = duckv1.AddressStatus{
+		Address:   &addresses[0],
+		Addresses: addresses,
+	}
+	ts.GetConditionSet().Manage(ts).MarkTrue(TransformConditionAddressable)
+}
--- a/pkg/apis/eventing/v1alpha1/eventtransform_lifecycle_test.go
+++ b/pkg/apis/eventing/v1alpha1/eventtransform_lifecycle_test.go
@ -0,0 +1,104 @@
+/*
+Copyright 2025 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"knative.dev/pkg/apis"
+	duckv1 "knative.dev/pkg/apis/duck/v1"
+)
+
+func TestFullLifecycle(t *testing.T) {
+
+	et := &EventTransform{
+		TypeMeta:   metav1.TypeMeta{},
+		ObjectMeta: metav1.ObjectMeta{},
+		Spec: EventTransformSpec{
+			Sink: nil,
+			EventTransformations: EventTransformations{
+				Jsonata: &JsonataEventTransformationSpec{
+					Expression: `
+    {
+        "specversion": "1.0",
+        "id": id,
+        "type": "transformed-event",
+        "source": source,
+        "reason": data.reason,
+        "message": data.message,
+        "data": $
+    }
+`,
+				},
+			},
+		},
+	}
+	et.Status.InitializeConditions()
+
+	topLevel := et.Status.GetCondition(apis.ConditionReady)
+	transformation := et.Status.GetCondition(TransformationConditionReady)
+	addressable := et.Status.GetCondition(TransformConditionAddressable)
+
+	assert.Equal(t, corev1.ConditionUnknown, topLevel.Status)
+	assert.Equal(t, corev1.ConditionUnknown, transformation.Status)
+	assert.Equal(t, corev1.ConditionUnknown, addressable.Status)
+	assert.Len(t, et.Status.Conditions, 3)
+	assert.Equal(t, false, et.Status.IsReady())
+
+	ds := appsv1.DeploymentStatus{
+		ObservedGeneration:  202,
+		Replicas:            1,
+		UpdatedReplicas:     1,
+		ReadyReplicas:       1,
+		AvailableReplicas:   1,
+		UnavailableReplicas: 0,
+	}
+	et.Status.PropagateJsonataDeploymentStatus(ds)
+
+	deploymentCondition := et.Status.GetCondition(TransformationJsonataDeploymentReady)
+	assert.Equal(t, corev1.ConditionTrue, deploymentCondition.Status)
+	assert.Len(t, et.Status.Conditions, 4)
+	assert.Equal(t, false, et.Status.IsReady())
+
+	transformationCondition := et.Status.GetCondition(TransformationConditionReady)
+	assert.Equal(t, corev1.ConditionUnknown, transformationCondition.Status, et)
+	assert.Len(t, et.Status.Conditions, 4)
+	assert.Equal(t, false, et.Status.IsReady())
+
+	et.Status.PropagateJsonataSinkBindingUnset()
+
+	transformationCondition = et.Status.GetCondition(TransformationConditionReady)
+	assert.Equal(t, corev1.ConditionTrue, transformationCondition.Status, et)
+	assert.Len(t, et.Status.Conditions, 5)
+	assert.Equal(t, false, et.Status.IsReady())
+
+	et.Status.SetAddresses(duckv1.Addressable{URL: apis.HTTPS("example.com")})
+	addrCondition := et.Status.GetCondition(TransformConditionAddressable)
+	assert.Equal(t, corev1.ConditionTrue, addrCondition.Status, et)
+	assert.Len(t, et.Status.Conditions, 5)
+
+	assert.Equal(t, true, et.Status.IsReady())
+
+	// All conditions are ready
+	for _, c := range et.Status.Conditions {
+		assert.Equal(t, true, c.IsTrue(), "Unexpected condition status %#v, expected True", c)
+	}
+}
--- a/pkg/apis/eventing/v1alpha1/eventtransform_types.go
+++ b/pkg/apis/eventing/v1alpha1/eventtransform_types.go
@ -0,0 +1,165 @@
+/*
+Copyright 2025 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	appsv1 "k8s.io/api/apps/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+
+	"knative.dev/pkg/apis"
+	duckv1 "knative.dev/pkg/apis/duck/v1"
+	"knative.dev/pkg/kmeta"
+)
+
+// +genclient
+// +genreconciler
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// EventTransform represents an even transformation.
+type EventTransform struct {
+	metav1.TypeMeta `json:",inline"`
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec defines the desired state of the EventTransform.
+	Spec EventTransformSpec `json:"spec,omitempty"`
+
+	// Status represents the current state of the EventTransform.
+	// This data may be out of date.
+	// +optional
+	Status EventTransformStatus `json:"status,omitempty"`
+}
+
+var (
+	// Check that EventTransform can be validated, can be defaulted, and has immutable fields.
+	_ apis.Validatable = (*EventTransform)(nil)
+	_ apis.Defaultable = (*EventTransform)(nil)
+
+	// Check that EventTransform can return its spec untyped.
+	_ apis.HasSpec = (*EventTransform)(nil)
+
+	_ runtime.Object = (*EventTransform)(nil)
+
+	// Check that we can create OwnerReferences to an EventTransform.
+	_ kmeta.OwnerRefable = (*EventTransform)(nil)
+
+	// Check that the type conforms to the duck Knative Resource shape.
+	_ duckv1.KRShaped = (*EventTransform)(nil)
+)
+
+type EventTransformSpec struct {
+
+	// Sink is a reference to an object that will resolve to a uri to use as the sink.
+	//
+	// If not present, the transformation will send back the transformed event as response, this
+	// is useful to leverage the built-in Broker reply feature to re-publish a transformed event
+	// back to the broker.
+	//
+	// +optional
+	Sink *duckv1.Destination `json:"sink,omitempty"`
+
+	// Reply is the configuration on how to handle responses from Sink.
+	// It can only be set if Sink is set.
+	//
+	// +optional
+	Reply *ReplySpec `json:"reply,omitempty"`
+
+	// EventTransformations contain all possible transformations, only one "type" can be used.
+	EventTransformations `json:",inline"`
+}
+
+// ReplySpec is the configurations on how to handle responses from Sink.
+type ReplySpec struct {
+	// EventTransformations for replies from the Sink, contain all possible transformations,
+	// only one "type" can be used.
+	//
+	// The used type must match the top-level transformation, if you need to mix transformation types,
+	// use compositions and chain transformations together to achieve your desired outcome.
+	EventTransformations `json:",inline"`
+
+	// Discard discards responses from Sink and return empty response body.
+	//
+	// When set to false, it returns the exact sink response body.
+	// When set to true, Discard is mutually exclusive with EventTransformations in the reply
+	// section, it can either be discarded or transformed.
+	//
+	// Default: false.
+	//
+	// +optional
+	Discard *bool `json:"discard,omitempty"`
+}
+
+type EventTransformations struct {
+	Jsonata *JsonataEventTransformationSpec `json:"jsonata,omitempty"`
+}
+
+type JsonataEventTransformationSpec struct {
+	// Expression is the JSONata expression.
+	Expression string `json:"expression,omitempty"`
+}
+
+// EventTransformStatus represents the current state of a EventTransform.
+type EventTransformStatus struct {
+	// SourceStatus inherits duck/v1 SourceStatus, which currently provides:
+	// * ObservedGeneration - the 'Generation' of the Service that was last
+	//   processed by the controller.
+	// * Conditions - the latest available observations of a resource's current
+	//   state.
+	// * SinkURI - the current active sink URI that has been configured for the
+	//   Source.
+	duckv1.SourceStatus `json:",inline"`
+
+	// AddressStatus is the part where the EventTransform fulfills the Addressable contract.
+	// It exposes the endpoint as an URI to get events delivered.
+	// +optional
+	duckv1.AddressStatus `json:",inline"`
+
+	// JsonataTransformationStatus is the status associated with JsonataEventTransformationSpec.
+	// +optional
+	JsonataTransformationStatus *JsonataEventTransformationStatus `json:"jsonata,omitempty"`
+}
+
+type JsonataEventTransformationStatus struct {
+	Deployment appsv1.DeploymentStatus `json:"deployment,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// EventTransformList is a collection of EventTransform.
+type EventTransformList struct {
+	metav1.TypeMeta `json:",inline"`
+	// +optional
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []EventTransform `json:"items"`
+}
+
+// GetGroupVersionKind returns GroupVersionKind for EventTransform
+func (ep *EventTransform) GetGroupVersionKind() schema.GroupVersionKind {
+	return SchemeGroupVersion.WithKind("EventTransform")
+}
+
+// GetUntypedSpec returns the spec of the EventTransform.
+func (ep *EventTransform) GetUntypedSpec() interface{} {
+	return ep.Spec
+}
+
+// GetStatus retrieves the status of the EventTransform. Implements the KRShaped interface.
+func (ep *EventTransform) GetStatus() *duckv1.Status {
+	return &ep.Status.Status
+}
--- a/pkg/apis/eventing/v1alpha1/eventtransform_validation.go
+++ b/pkg/apis/eventing/v1alpha1/eventtransform_validation.go
@ -0,0 +1,164 @@
+/*
+Copyright 2025 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"k8s.io/apimachinery/pkg/util/sets"
+	"knative.dev/pkg/apis"
+)
+
+func (t *EventTransform) Validate(ctx context.Context) *apis.FieldError {
+	ctx = apis.WithinParent(ctx, t.ObjectMeta)
+	return t.Spec.Validate(ctx).ViaField("spec")
+}
+
+var possibleTransformations = []string{"jsonata"}
+
+func (ts *EventTransformSpec) Validate(ctx context.Context) *apis.FieldError {
+	errs := ts.EventTransformations.Validate(ctx /* allowEmpty */, false)
+	errs = errs.Also(ts.Sink.Validate(ctx).ViaField("sink"))
+	errs = errs.Also(disallowSinkCaCerts(ts).ViaField("sink"))
+	errs = errs.Also(ts.Reply.Validate(ctx, ts).ViaField("reply"))
+
+	if apis.IsInUpdate(ctx) {
+		original := apis.GetBaseline(ctx).(*EventTransform)
+		errs = errs.Also(ts.CheckImmutableFields(ctx, original))
+	}
+
+	return errs
+}
+
+func (ets EventTransformations) Validate(ctx context.Context, allowEmpty bool) *apis.FieldError {
+	var errs *apis.FieldError
+
+	// Only one type of transformation is allowed.
+	// These are transformations field paths.
+	transformations := ets.transformations()
+
+	if len(transformations) == 0 && !allowEmpty {
+		errs = apis.ErrMissingOneOf(possibleTransformations...)
+	} else if len(transformations) > 1 {
+		errs = apis.ErrMultipleOneOf(transformations...)
+	}
+
+	errs = errs.Also(ets.Jsonata.Validate(ctx).ViaField("jsonata"))
+
+	return errs
+}
+
+func (ets EventTransformations) transformations() []string {
+	// Only one type of transformation is allowed.
+	// These are transformations field paths.
+	transformations := make([]string, 0, 2)
+
+	if ets.Jsonata != nil {
+		transformations = append(transformations, "jsonata")
+	}
+	return transformations
+}
+
+func (rs *ReplySpec) Validate(ctx context.Context, ts *EventTransformSpec) *apis.FieldError {
+	if rs == nil {
+		return nil
+	}
+	if ts.Sink == nil {
+		return apis.ErrGeneric(
+			"reply is set without spec.sink",
+			"",
+		)
+	}
+
+	errs := rs.EventTransformations.Validate(ctx /* allowEmpty */, true)
+
+	baseTransformationsSet := sets.New(ts.EventTransformations.transformations()...)
+	replyTransformationsSet := sets.New(rs.EventTransformations.transformations()...)
+	transformationsIntersection := baseTransformationsSet.Intersection(replyTransformationsSet)
+
+	replyTransformations := rs.EventTransformations.transformations()
+
+	if rs.Discard != nil && *rs.Discard {
+		replyTransformations = append(replyTransformations, "discard")
+	}
+	if len(replyTransformations) > 1 {
+		errs = apis.ErrMultipleOneOf(replyTransformations...)
+	} else if replyTransformationsSet.Len() > 0 &&
+		baseTransformationsSet.Len() > 0 &&
+		transformationsIntersection.Len() != 1 {
+		errs = apis.ErrGeneric(
+			fmt.Sprintf(
+				"Reply transformation type must match the transformation type in the top-level spec. Top-level transformations: %#v, reply transformations: %#v",
+				strings.Join(baseTransformationsSet.UnsortedList(), ", "),
+				strings.Join(replyTransformationsSet.UnsortedList(), ", "),
+			),
+			replyTransformationsSet.UnsortedList()...,
+		)
+	}
+
+	return errs
+}
+
+func (js *JsonataEventTransformationSpec) Validate(context.Context) *apis.FieldError {
+	// Jsonata parsers for Go are not maintained, therefore, we will not parse the expression here.
+	// The downside is that the errors will only be present in the status of the EventTransform resource.
+	// We can reconsider this in the future and improve.
+	return nil
+}
+
+func disallowSinkCaCerts(ts *EventTransformSpec) *apis.FieldError {
+	sink := ts.Sink
+	if sink == nil || sink.CACerts == nil || ts.Jsonata == nil {
+		return nil
+	}
+	return &apis.FieldError{
+		Message: "CACerts for the sink is not supported for JSONata transformations, to propagate CA trust bundles use labeled ConfigMaps: " +
+			"https://knative.dev/docs/eventing/features/transport-encryption/#configure-additional-ca-trust-bundles",
+		Paths: []string{"CACerts"},
+	}
+}
+
+func (in *EventTransformSpec) CheckImmutableFields(ctx context.Context, original *EventTransform) *apis.FieldError {
+	if original == nil {
+		return nil
+	}
+
+	errs := in.EventTransformations.CheckImmutableFields(ctx, original.Spec.EventTransformations)
+	errs = errs.Also(in.Reply.CheckImmutableFields(ctx, original.Spec.Reply).ViaField("reply"))
+	return errs
+}
+
+func (ets EventTransformations) CheckImmutableFields(ctx context.Context, original EventTransformations) *apis.FieldError {
+	var errs *apis.FieldError
+
+	const suggestion = "Suggestion: create a new transformation, migrate services to the new one, and delete this transformation."
+
+	if ets.Jsonata != nil && original.Jsonata == nil {
+		errs = apis.ErrGeneric("Transformations types are immutable, jsonata transformation cannot be changed to a different transformation type. " + suggestion).ViaField("jsonata")
+	} else if original.Jsonata != nil && ets.Jsonata == nil {
+		errs = apis.ErrGeneric("Transformations types are immutable, transformation type cannot be changed to a jsonata transformation. " + suggestion).ViaField("jsonata")
+	}
+
+	return errs
+}
+
+func (rs *ReplySpec) CheckImmutableFields(_ context.Context, _ *ReplySpec) *apis.FieldError {
+	// ReplySpec is fully mutable.
+	return nil
+}
--- a/pkg/apis/eventing/v1alpha1/eventtransform_validation_test.go
+++ b/pkg/apis/eventing/v1alpha1/eventtransform_validation_test.go
@ -0,0 +1,394 @@
+/*
+Copyright 2025 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	eventing "knative.dev/eventing/pkg/apis/eventing/v1alpha1"
+	"knative.dev/eventing/pkg/eventingtls/eventingtlstesting"
+	"knative.dev/pkg/apis"
+	duckv1 "knative.dev/pkg/apis/duck/v1"
+	"knative.dev/pkg/ptr"
+	"knative.dev/pkg/webhook/json"
+)
+
+func TestJSONDecode(t *testing.T) {
+
+	et := &eventing.EventTransform{}
+
+	err := json.Decode([]byte(`
+{
+  "apiVersion": "eventing.knative.dev/v1alpha1",
+  "kind": "EventTransform",
+  "metadata": {
+    "name": "identity"
+  },
+  "spec": {
+    "jsonata": {
+      "expression": "{\n  \"specversion\": \"1.0\",\n  \"id\": id,\n  \"type\": \"transformation.jsonata\",\n  \"source\": \"transformation.json.identity\",\n  \"data\": $\n}\n"
+    }
+  }
+}
+`), et, true)
+
+	assert.Nil(t, err)
+}
+
+var sink = &duckv1.Destination{
+	URI: apis.HTTP("example.com"),
+}
+
+func TestEventTransform_Validate(t *testing.T) {
+	tests := []struct {
+		name string
+		in   eventing.EventTransform
+		ctx  context.Context
+		want *apis.FieldError
+	}{
+		{
+			name: "empty",
+			in: eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec:   eventing.EventTransformSpec{},
+				Status: eventing.EventTransformStatus{},
+			},
+			ctx:  context.Background(),
+			want: apis.ErrMissingOneOf("jsonata").ViaField("spec"),
+		},
+		{
+			name: "jsonata valid",
+			in: eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec: eventing.EventTransformSpec{
+					EventTransformations: eventing.EventTransformations{
+						Jsonata: &eventing.JsonataEventTransformationSpec{
+							Expression: `{ "specversion": "1.0" }`,
+						},
+					},
+				},
+			},
+			ctx:  context.Background(),
+			want: nil,
+		},
+		{
+			name: "jsonata with reply valid",
+			in: eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec: eventing.EventTransformSpec{
+					Sink: sink,
+					EventTransformations: eventing.EventTransformations{
+						Jsonata: &eventing.JsonataEventTransformationSpec{
+							Expression: `{ "specversion": "1.0" }`,
+						},
+					},
+					Reply: &eventing.ReplySpec{
+						EventTransformations: eventing.EventTransformations{
+							Jsonata: &eventing.JsonataEventTransformationSpec{
+								Expression: `{ "specversion": "1.0" }`,
+							},
+						},
+					},
+				},
+				Status: eventing.EventTransformStatus{},
+			},
+			ctx:  context.Background(),
+			want: nil,
+		},
+		{
+			name: "jsonata with reply discard valid",
+			in: eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec: eventing.EventTransformSpec{
+					Sink: sink,
+					EventTransformations: eventing.EventTransformations{
+						Jsonata: &eventing.JsonataEventTransformationSpec{
+							Expression: `{ "specversion": "1.0" }`,
+						},
+					},
+					Reply: &eventing.ReplySpec{
+						Discard: ptr.Bool(true),
+					},
+				},
+				Status: eventing.EventTransformStatus{},
+			},
+			ctx:  context.Background(),
+			want: nil,
+		},
+		{
+			name: "jsonata with reply, jsonata reply transformations and discard = true, invalid",
+			in: eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec: eventing.EventTransformSpec{
+					Sink: sink,
+					EventTransformations: eventing.EventTransformations{
+						Jsonata: &eventing.JsonataEventTransformationSpec{
+							Expression: `{ "specversion": "1.0" }`,
+						},
+					},
+					Reply: &eventing.ReplySpec{
+						EventTransformations: eventing.EventTransformations{
+							Jsonata: &eventing.JsonataEventTransformationSpec{
+								Expression: `{ "specversion": "1.0" }`,
+							},
+						},
+						Discard: ptr.Bool(true),
+					},
+				},
+			},
+			ctx:  context.Background(),
+			want: (&apis.FieldError{}).Also(apis.ErrMultipleOneOf("jsonata", "discard").ViaField("reply").ViaField("spec")),
+		},
+		{
+			name: "jsonata update change expression",
+			in: eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec: eventing.EventTransformSpec{
+					Sink: sink,
+					EventTransformations: eventing.EventTransformations{
+						Jsonata: &eventing.JsonataEventTransformationSpec{
+							Expression: `{ "specversion": "2.0" }`,
+						},
+					},
+					Reply: &eventing.ReplySpec{
+						EventTransformations: eventing.EventTransformations{
+							Jsonata: &eventing.JsonataEventTransformationSpec{
+								Expression: `{ "specversion": "2.0" }`,
+							},
+						},
+					},
+				},
+			},
+			ctx: apis.WithinUpdate(context.Background(), &eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec: eventing.EventTransformSpec{
+					EventTransformations: eventing.EventTransformations{
+						Jsonata: &eventing.JsonataEventTransformationSpec{
+							Expression: `{ "specversion": "1.0" }`,
+						},
+					},
+					Reply: &eventing.ReplySpec{
+						EventTransformations: eventing.EventTransformations{
+							Jsonata: &eventing.JsonataEventTransformationSpec{
+								Expression: `{ "specversion": "1.0" }`,
+							},
+						},
+					},
+				},
+			}),
+			want: nil,
+		},
+		{
+			name: "transform jsonata change transformation type, have -> not have",
+			in: eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec: eventing.EventTransformSpec{
+					EventTransformations: eventing.EventTransformations{
+						Jsonata: &eventing.JsonataEventTransformationSpec{
+							Expression: `{ "specversion": "2.0" }`,
+						},
+					},
+				},
+			},
+			ctx: apis.WithinUpdate(context.Background(), &eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec: eventing.EventTransformSpec{
+					EventTransformations: eventing.EventTransformations{},
+				},
+			}),
+			want: (&apis.FieldError{}).
+				Also(
+					apis.ErrGeneric("Transformations types are immutable, jsonata transformation cannot be changed to a different transformation type. Suggestion: create a new transformation, migrate services to the new one, and delete this transformation.").
+						ViaField("jsonata"),
+				).
+				ViaField("spec"),
+		},
+		{
+			name: "transform jsonata change reply transformation type, have -> not have",
+			in: eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec: eventing.EventTransformSpec{
+					Sink: sink,
+					EventTransformations: eventing.EventTransformations{
+						Jsonata: &eventing.JsonataEventTransformationSpec{
+							Expression: `{ "specversion": "2.0" }`,
+						},
+					},
+					Reply: &eventing.ReplySpec{
+						EventTransformations: eventing.EventTransformations{
+							Jsonata: &eventing.JsonataEventTransformationSpec{
+								Expression: `{ "specversion": "2.0" }`,
+							},
+						},
+					},
+				},
+			},
+			ctx: apis.WithinUpdate(context.Background(), &eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec: eventing.EventTransformSpec{
+					EventTransformations: eventing.EventTransformations{
+						Jsonata: &eventing.JsonataEventTransformationSpec{
+							Expression: `{ "specversion": "2.0" }`,
+						},
+					},
+				},
+			}),
+			want: nil,
+		},
+		{
+			name: "transform jsonata change reply transformation type, jsonata expression -> discard",
+			in: eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec: eventing.EventTransformSpec{
+					Sink: sink,
+					EventTransformations: eventing.EventTransformations{
+						Jsonata: &eventing.JsonataEventTransformationSpec{
+							Expression: `{ "specversion": "2.0" }`,
+						},
+					},
+					Reply: &eventing.ReplySpec{
+						EventTransformations: eventing.EventTransformations{
+							Jsonata: &eventing.JsonataEventTransformationSpec{
+								Expression: `{ "specversion": "2.0" }`,
+							},
+						},
+					},
+				},
+			},
+			ctx: apis.WithinUpdate(context.Background(), &eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec: eventing.EventTransformSpec{
+					EventTransformations: eventing.EventTransformations{
+						Jsonata: &eventing.JsonataEventTransformationSpec{
+							Expression: `{ "specversion": "2.0" }`,
+						},
+					},
+					Reply: &eventing.ReplySpec{
+						Discard: ptr.Bool(true),
+					},
+				},
+			}),
+			want: nil,
+		},
+		{
+			name: "reply without sink",
+			in: eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec: eventing.EventTransformSpec{
+					EventTransformations: eventing.EventTransformations{
+						Jsonata: &eventing.JsonataEventTransformationSpec{
+							Expression: `{ "specversion": "2.0" }`,
+						},
+					},
+					Reply: &eventing.ReplySpec{
+						EventTransformations: eventing.EventTransformations{
+							Jsonata: &eventing.JsonataEventTransformationSpec{
+								Expression: `{ "specversion": "2.0" }`,
+							},
+						},
+					},
+				},
+				Status: eventing.EventTransformStatus{},
+			},
+			ctx: context.Background(),
+			want: (&apis.FieldError{}).Also(
+				apis.ErrGeneric("reply is set without spec.sink", "").
+					ViaField("reply").
+					ViaField("spec"),
+			),
+		},
+		{
+			name: "jsonata with sink unsupported CACerts",
+			in: eventing.EventTransform{
+				TypeMeta: metav1.TypeMeta{},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "name",
+				},
+				Spec: eventing.EventTransformSpec{
+					Sink: &duckv1.Destination{
+						URI:     sink.URI,
+						CACerts: ptr.String(string(eventingtlstesting.CA)),
+					},
+					EventTransformations: eventing.EventTransformations{
+						Jsonata: &eventing.JsonataEventTransformationSpec{
+							Expression: `{ "specversion": "1.0" }`,
+						},
+					},
+				},
+			},
+			ctx: context.Background(),
+			want: (&apis.FieldError{}).Also(&apis.FieldError{
+				Message: "CACerts for the sink is not supported for JSONata transformations, to propagate CA trust bundles use labeled ConfigMaps: " +
+					"https://knative.dev/docs/eventing/features/transport-encryption/#configure-additional-ca-trust-bundles",
+				Paths: []string{"spec.sink.CACerts"},
+			}),
+		},
+	}
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got := tt.in.Validate(tt.ctx)
+			assert.Equalf(t, tt.want, tt.in.Validate(tt.ctx), "Validate(%v) = %v", tt.ctx, got)
+		})
+	}
+}
--- a/pkg/apis/eventing/v1alpha1/register.go
+++ b/pkg/apis/eventing/v1alpha1/register.go
@ -49,6 +49,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&EventPolicyList{},
 		&RequestReply{},
 		&RequestReplyList{},
+		&EventTransform{},
+		&EventTransformList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil
--- a/pkg/apis/eventing/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/eventing/v1alpha1/zz_generated.deepcopy.go
@ -24,8 +24,9 @@ package v1alpha1
 import (
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
-	duckv1 "knative.dev/eventing/pkg/apis/duck/v1"
+	apisduckv1 "knative.dev/eventing/pkg/apis/duck/v1"
 	eventingv1 "knative.dev/eventing/pkg/apis/eventing/v1"
+	duckv1 "knative.dev/pkg/apis/duck/v1"
 )

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@ -258,6 +259,193 @@ func (in *EventPolicyToReference) DeepCopy() *EventPolicyToReference {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *EventTransform) DeepCopyInto(out *EventTransform) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventTransform.
+func (in *EventTransform) DeepCopy() *EventTransform {
+	if in == nil {
+		return nil
+	}
+	out := new(EventTransform)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *EventTransform) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *EventTransformList) DeepCopyInto(out *EventTransformList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]EventTransform, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventTransformList.
+func (in *EventTransformList) DeepCopy() *EventTransformList {
+	if in == nil {
+		return nil
+	}
+	out := new(EventTransformList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *EventTransformList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *EventTransformSpec) DeepCopyInto(out *EventTransformSpec) {
+	*out = *in
+	if in.Sink != nil {
+		in, out := &in.Sink, &out.Sink
+		*out = new(duckv1.Destination)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Reply != nil {
+		in, out := &in.Reply, &out.Reply
+		*out = new(ReplySpec)
+		(*in).DeepCopyInto(*out)
+	}
+	in.EventTransformations.DeepCopyInto(&out.EventTransformations)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventTransformSpec.
+func (in *EventTransformSpec) DeepCopy() *EventTransformSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(EventTransformSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *EventTransformStatus) DeepCopyInto(out *EventTransformStatus) {
+	*out = *in
+	in.SourceStatus.DeepCopyInto(&out.SourceStatus)
+	in.AddressStatus.DeepCopyInto(&out.AddressStatus)
+	if in.JsonataTransformationStatus != nil {
+		in, out := &in.JsonataTransformationStatus, &out.JsonataTransformationStatus
+		*out = new(JsonataEventTransformationStatus)
+		(*in).DeepCopyInto(*out)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventTransformStatus.
+func (in *EventTransformStatus) DeepCopy() *EventTransformStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(EventTransformStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *EventTransformations) DeepCopyInto(out *EventTransformations) {
+	*out = *in
+	if in.Jsonata != nil {
+		in, out := &in.Jsonata, &out.Jsonata
+		*out = new(JsonataEventTransformationSpec)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventTransformations.
+func (in *EventTransformations) DeepCopy() *EventTransformations {
+	if in == nil {
+		return nil
+	}
+	out := new(EventTransformations)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *JsonataEventTransformationSpec) DeepCopyInto(out *JsonataEventTransformationSpec) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JsonataEventTransformationSpec.
+func (in *JsonataEventTransformationSpec) DeepCopy() *JsonataEventTransformationSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(JsonataEventTransformationSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *JsonataEventTransformationStatus) DeepCopyInto(out *JsonataEventTransformationStatus) {
+	*out = *in
+	in.Deployment.DeepCopyInto(&out.Deployment)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JsonataEventTransformationStatus.
+func (in *JsonataEventTransformationStatus) DeepCopy() *JsonataEventTransformationStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(JsonataEventTransformationStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ReplySpec) DeepCopyInto(out *ReplySpec) {
+	*out = *in
+	in.EventTransformations.DeepCopyInto(&out.EventTransformations)
+	if in.Discard != nil {
+		in, out := &in.Discard, &out.Discard
+		*out = new(bool)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplySpec.
+func (in *ReplySpec) DeepCopy() *ReplySpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ReplySpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *RequestReply) DeepCopyInto(out *RequestReply) {
 	*out = *in
@ -330,7 +518,7 @@ func (in *RequestReplySpec) DeepCopyInto(out *RequestReplySpec) {
 	}
 	if in.Delivery != nil {
 		in, out := &in.Delivery, &out.Delivery
-		*out = new(duckv1.DeliverySpec)
+		*out = new(apisduckv1.DeliverySpec)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.Secrets != nil {
--- a/pkg/apis/feature/features.go
+++ b/pkg/apis/feature/features.go
@ -148,6 +148,7 @@ func (e Flags) OIDCDiscoveryBaseURL() string {
 		return string(DefaultOIDCDiscoveryBaseURL)
 	}

+	//nolint:staticcheck
 	discoveryUrl, ok := e[OIDCDiscoveryBaseURL]
 	if !ok {
 		return string(DefaultOIDCDiscoveryBaseURL)
--- a/pkg/apis/flows/v1/roundtrip_test.go
+++ b/pkg/apis/flows/v1/roundtrip_test.go
@ -19,8 +19,8 @@ package v1
 import (
 	"testing"

-	fuzz "github.com/google/gofuzz"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
+	"sigs.k8s.io/randfill"

 	"k8s.io/apimachinery/pkg/api/apitesting/fuzzer"
 	"k8s.io/apimachinery/pkg/runtime"
@ -36,8 +36,8 @@ import (
 var FuzzerFuncs = fuzzer.MergeFuzzerFuncs(
 	func(codecs serializer.CodecFactory) []interface{} {
 		return []interface{}{
-			func(s *SequenceStatus, c fuzz.Continue) {
-				c.FuzzNoCustom(s) // fuzz the status object
+			func(s *SequenceStatus, c randfill.Continue) {
+				c.FillNoCustom(s) // fuzz the status object

 				// Clear the random fuzzed condition
 				s.Status.SetConditions(nil)
@ -46,8 +46,8 @@ var FuzzerFuncs = fuzzer.MergeFuzzerFuncs(
 				s.InitializeConditions()
 				pkgfuzzer.FuzzConditions(&s.Status, c)
 			},
-			func(s *ParallelStatus, c fuzz.Continue) {
-				c.FuzzNoCustom(s) // fuzz the status object
+			func(s *ParallelStatus, c randfill.Continue) {
+				c.FillNoCustom(s) // fuzz the status object

 				// Clear the random fuzzed condition
 				s.Status.SetConditions(nil)
--- a/pkg/apis/messaging/config/channel_defaults_test.go
+++ b/pkg/apis/messaging/config/channel_defaults_test.go
@ -21,7 +21,6 @@ import (

 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"

 	"knative.dev/pkg/kmp"
@ -102,14 +101,14 @@ func TestChannelDefaultsConfiguration(t *testing.T) {
 		wantChannelDefaults: &ChannelDefaults{
 			NamespaceDefaults: map[string]*ChannelTemplateSpec{
 				"some-namespace": {
-					TypeMeta: v1.TypeMeta{
+					TypeMeta: metav1.TypeMeta{
 						APIVersion: "messaging.knative.dev/v1beta1",
 						Kind:       "KafkaChannel",
 					},
 				},
 			},
 			ClusterDefault: &ChannelTemplateSpec{
-				TypeMeta: v1.TypeMeta{
+				TypeMeta: metav1.TypeMeta{
 					APIVersion: "messaging.knative.dev/v1",
 					Kind:       "InMemoryChannel",
 				},
@ -137,7 +136,7 @@ func TestChannelDefaultsConfiguration(t *testing.T) {
 		wantErr: false,
 		wantChannelDefaults: &ChannelDefaults{
 			ClusterDefault: &ChannelTemplateSpec{
-				TypeMeta: v1.TypeMeta{
+				TypeMeta: metav1.TypeMeta{
 					APIVersion: "messaging.knative.dev/v1beta1",
 					Kind:       "KafkaChannel",
 				},
@ -162,7 +161,7 @@ func TestChannelDefaultsConfiguration(t *testing.T) {
 		wantChannelDefaults: &ChannelDefaults{
 			NamespaceDefaults: map[string]*ChannelTemplateSpec{
 				"some-namespace": {
-					TypeMeta: v1.TypeMeta{
+					TypeMeta: metav1.TypeMeta{
 						APIVersion: "messaging.knative.dev/v1",
 						Kind:       "InMemoryChannel",
 					},
@ -189,7 +188,7 @@ func TestChannelDefaultsConfiguration(t *testing.T) {
 		wantChannelDefaults: &ChannelDefaults{
 			NamespaceDefaults: map[string]*ChannelTemplateSpec{
 				"some-namespace": {
-					TypeMeta: v1.TypeMeta{
+					TypeMeta: metav1.TypeMeta{
 						APIVersion: "messaging.knative.dev/v1",
 						Kind:       "InMemoryChannel",
 					},
--- a/pkg/apis/messaging/v1/in_memory_channel_validation.go
+++ b/pkg/apis/messaging/v1/in_memory_channel_validation.go
@ -22,11 +22,13 @@ import (

 	"knative.dev/pkg/apis"
 	"knative.dev/pkg/kmp"
+	"knative.dev/pkg/system"

 	"knative.dev/eventing/pkg/apis/eventing"
+	_ "knative.dev/pkg/system/testing"
 )

-const eventingControllerSAName = "system:serviceaccount:knative-eventing:eventing-controller"
+var eventingControllerSAName = fmt.Sprintf("%s:%s:%s", "system:serviceaccount", system.Namespace(), "eventing-controller")

 func (imc *InMemoryChannel) Validate(ctx context.Context) *apis.FieldError {
 	errs := imc.Spec.Validate(ctx).ViaField("spec")
--- a/pkg/apis/messaging/v1/in_memory_channel_validation_test.go
+++ b/pkg/apis/messaging/v1/in_memory_channel_validation_test.go
@ -17,8 +17,11 @@ limitations under the License.
 package v1

 import (
+	"fmt"
 	"testing"

+	"knative.dev/pkg/system"
+
 	"golang.org/x/net/context"
 	authenticationv1 "k8s.io/api/authentication/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -139,7 +142,7 @@ func TestInMemoryChannelValidation(t *testing.T) {
 		want: func() *apis.FieldError {
 			diff, _ := kmp.ShortDiff(validIMCSingleSubscriber.Spec.Subscribers, validIMCTwoSubscribers.Spec.Subscribers)
 			return &apis.FieldError{
-				Message: "Channel.Spec.Subscribers changed by user test-user which was not the system:serviceaccount:knative-eventing:eventing-controller service account",
+				Message: fmt.Sprintf("%s:%s:%s", "Channel.Spec.Subscribers changed by user test-user which was not the system:serviceaccount", system.Namespace(), "eventing-controller service account"),
 				Paths:   []string{"spec.subscribers"},
 				Details: diff,
 			}
--- a/pkg/apis/messaging/v1/roundtrip_test.go
+++ b/pkg/apis/messaging/v1/roundtrip_test.go
@ -19,9 +19,9 @@ package v1
 import (
 	"testing"

-	fuzz "github.com/google/gofuzz"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
 	"knative.dev/eventing/pkg/apis/messaging"
+	"sigs.k8s.io/randfill"

 	"k8s.io/apimachinery/pkg/api/apitesting/fuzzer"
 	"k8s.io/apimachinery/pkg/runtime"
@ -37,8 +37,8 @@ import (
 var FuzzerFuncs = fuzzer.MergeFuzzerFuncs(
 	func(codecs serializer.CodecFactory) []interface{} {
 		return []interface{}{
-			func(ch *Channel, c fuzz.Continue) {
-				c.FuzzNoCustom(ch) // fuzz the Channel
+			func(ch *Channel, c randfill.Continue) {
+				c.FillNoCustom(ch) // fuzz the Channel
 				if ch != nil {
 					if ch.Annotations == nil {
 						ch.Annotations = make(map[string]string)
@ -52,8 +52,8 @@ var FuzzerFuncs = fuzzer.MergeFuzzerFuncs(
 				ch.Status.InitializeConditions()
 				pkgfuzzer.FuzzConditions(&ch.Status, c)
 			},
-			func(imc *InMemoryChannel, c fuzz.Continue) {
-				c.FuzzNoCustom(imc) // fuzz the InMemoryChannel
+			func(imc *InMemoryChannel, c randfill.Continue) {
+				c.FillNoCustom(imc) // fuzz the InMemoryChannel
 				if imc != nil {
 					if imc.Annotations == nil {
 						imc.Annotations = make(map[string]string)
@ -67,8 +67,8 @@ var FuzzerFuncs = fuzzer.MergeFuzzerFuncs(
 				imc.Status.InitializeConditions()
 				pkgfuzzer.FuzzConditions(&imc.Status, c)
 			},
-			func(s *SubscriptionStatus, c fuzz.Continue) {
-				c.FuzzNoCustom(s) // fuzz the status object
+			func(s *SubscriptionStatus, c randfill.Continue) {
+				c.FillNoCustom(s) // fuzz the status object

 				// Clear the random fuzzed condition
 				s.Status.SetConditions(nil)
--- a/pkg/apis/sinks/v1alpha1/integration_sink_lifecycle.go
+++ b/pkg/apis/sinks/v1alpha1/integration_sink_lifecycle.go
@ -17,6 +17,8 @@ limitations under the License.
 package v1alpha1

 import (
+	cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
+	cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"knative.dev/pkg/apis"
@ -35,6 +37,12 @@ const (
 	// IntegrationSinkConditionEventPoliciesReady has status True when all the applying EventPolicies for this
 	// IntegrationSink are ready.
 	IntegrationSinkConditionEventPoliciesReady apis.ConditionType = "EventPoliciesReady"
+
+	// IntegrationSinkConditionCertificateReady has status True when the IntegrationSink's certificate is ready.
+	IntegrationSinkConditionCertificateReady apis.ConditionType = "CertificateReady"
+
+	// Certificate related condition reasons
+	IntegrationSinkCertificateNotReady string = "CertificateNotReady"
 )

 var IntegrationSinkCondSet = apis.NewLivingConditionSet(
@ -112,6 +120,37 @@ func (s *IntegrationSinkStatus) PropagateDeploymentStatus(d *appsv1.DeploymentSt
 	}
 }

+func (s *IntegrationSinkStatus) PropagateCertificateStatus(cs cmv1.CertificateStatus) bool {
+	var topLevel *cmv1.CertificateCondition
+	for _, cond := range cs.Conditions {
+		if cond.Type == cmv1.CertificateConditionReady {
+			topLevel = &cond
+			break
+		}
+	}
+
+	if topLevel == nil {
+		IntegrationSinkCondSet.Manage(s).MarkUnknown(IntegrationSinkConditionCertificateReady,
+			IntegrationSinkCertificateNotReady, "Certificate is progressing")
+		return false
+	}
+
+	if topLevel.Status == cmmeta.ConditionUnknown {
+		IntegrationSinkCondSet.Manage(s).MarkUnknown(IntegrationSinkConditionCertificateReady,
+			IntegrationSinkCertificateNotReady, "Certificate is progressing, "+topLevel.Reason+" Message: "+topLevel.Message)
+		return false
+	}
+
+	if topLevel.Status == cmmeta.ConditionFalse {
+		IntegrationSinkCondSet.Manage(s).MarkFalse(IntegrationSinkConditionCertificateReady,
+			IntegrationSinkCertificateNotReady, "Certificate is not ready, "+topLevel.Reason+" Message: "+topLevel.Message)
+		return false
+	}
+
+	IntegrationSinkCondSet.Manage(s).MarkTrue(IntegrationSinkConditionCertificateReady)
+	return true
+}
+
 func (s *IntegrationSinkStatus) SetAddress(address *duckv1.Addressable) {
 	s.Address = address
 	if address == nil || address.URL.IsEmpty() {
--- a/pkg/apis/sinks/v1alpha1/integration_sink_types.go
+++ b/pkg/apis/sinks/v1alpha1/integration_sink_types.go
@ -41,7 +41,7 @@ type IntegrationSink struct {
 	Status IntegrationSinkStatus `json:"status,omitempty"`
 }

-// Check the interfaces that JobSink should be implementing.
+// Check the interfaces that IntegrationSink should be implementing.
 var (
 	_ runtime.Object     = (*IntegrationSink)(nil)
 	_ kmeta.OwnerRefable = (*IntegrationSink)(nil)
@ -49,7 +49,7 @@ var (
 	_ apis.Defaultable   = (*IntegrationSink)(nil)
 	_ apis.HasSpec       = (*IntegrationSink)(nil)
 	_ duckv1.KRShaped    = (*IntegrationSink)(nil)
-	_ apis.Convertible   = (*JobSink)(nil)
+	_ apis.Convertible   = (*IntegrationSink)(nil)
 )

 type IntegrationSinkSpec struct {
--- a/pkg/apis/sources/constants.go
+++ b/pkg/apis/sources/constants.go
@ -16,6 +16,8 @@ limitations under the License.

 package sources

+//nolint:staticcheck  // Not capitalizing "API" everywhere in this file
+
 const (
 	// ApiServerSourceAddEventType is the ApiServerSource CloudEvent type for adds.
 	ApiServerSourceAddEventType = "dev.knative.apiserver.resource.add"
--- a/pkg/apis/sources/register.go
+++ b/pkg/apis/sources/register.go
@ -36,6 +36,7 @@ const (

 var (
 	// ApiServerSourceResource respresents a Knative Eventing Sources ApiServerSource
+	//nolint:staticcheck // Not capitalizing "API"
 	ApiServerSourceResource = schema.GroupResource{
 		Group:    GroupName,
 		Resource: "apiserversources",
--- a/pkg/apis/sources/v1/container_validation.go
+++ b/pkg/apis/sources/v1/container_validation.go
@ -34,7 +34,7 @@ func (cs *ContainerSourceSpec) Validate(ctx context.Context) *apis.FieldError {
 	}

 	// Validate there is at least a container
-	if cs.Template.Spec.Containers == nil || len(cs.Template.Spec.Containers) == 0 {
+	if len(cs.Template.Spec.Containers) == 0 {
 		fe := apis.ErrMissingField("containers")
 		errs = errs.Also(fe)
 	} else {
--- a/pkg/apis/sources/v1/roundtrip_test.go
+++ b/pkg/apis/sources/v1/roundtrip_test.go
@ -20,8 +20,8 @@ import (
 	"testing"

 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	"sigs.k8s.io/randfill"

-	fuzz "github.com/google/gofuzz"
 	"k8s.io/apimachinery/pkg/api/apitesting/fuzzer"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
@ -36,8 +36,8 @@ import (
 var FuzzerFuncs = fuzzer.MergeFuzzerFuncs(
 	func(codecs serializer.CodecFactory) []interface{} {
 		return []interface{}{
-			func(source *ApiServerSource, c fuzz.Continue) {
-				c.FuzzNoCustom(source) // fuzz the source
+			func(source *ApiServerSource, c randfill.Continue) {
+				c.FillNoCustom(source) // fuzz the source
 				// Clear the random fuzzed condition
 				source.Status.SetConditions(nil)

@ -45,8 +45,8 @@ var FuzzerFuncs = fuzzer.MergeFuzzerFuncs(
 				source.Status.InitializeConditions()
 				pkgfuzzer.FuzzConditions(&source.Status, c)
 			},
-			func(source *PingSource, c fuzz.Continue) {
-				c.FuzzNoCustom(source) // fuzz the source
+			func(source *PingSource, c randfill.Continue) {
+				c.FillNoCustom(source) // fuzz the source
 				// Clear the random fuzzed condition
 				source.Status.SetConditions(nil)

@ -54,8 +54,8 @@ var FuzzerFuncs = fuzzer.MergeFuzzerFuncs(
 				source.Status.InitializeConditions()
 				pkgfuzzer.FuzzConditions(&source.Status, c)
 			},
-			func(source *ContainerSource, c fuzz.Continue) {
-				c.FuzzNoCustom(source) // fuzz the source
+			func(source *ContainerSource, c randfill.Continue) {
+				c.FillNoCustom(source) // fuzz the source
 				// Clear the random fuzzed condition
 				source.Status.SetConditions(nil)

@ -63,8 +63,8 @@ var FuzzerFuncs = fuzzer.MergeFuzzerFuncs(
 				source.Status.InitializeConditions()
 				pkgfuzzer.FuzzConditions(&source.Status, c)
 			},
-			func(source *SinkBinding, c fuzz.Continue) {
-				c.FuzzNoCustom(source) // fuzz the source
+			func(source *SinkBinding, c randfill.Continue) {
+				c.FillNoCustom(source) // fuzz the source
 				// Clear the random fuzzed condition
 				source.Status.SetConditions(nil)

--- a/pkg/apis/sources/v1/sinkbinding_lifecycle.go
+++ b/pkg/apis/sources/v1/sinkbinding_lifecycle.go
@ -23,6 +23,7 @@ import (
 	"strings"

 	"go.uber.org/zap"
+	"k8s.io/client-go/kubernetes"
 	corev1listers "k8s.io/client-go/listers/core/v1"

 	corev1 "k8s.io/api/core/v1"
@ -42,9 +43,11 @@ const (
 )

 var sbCondSet = apis.NewLivingConditionSet(
+	SinkBindingConditionAvailable,
 	SinkBindingConditionSinkProvided,
 	SinkBindingConditionOIDCIdentityCreated,
 	SinkBindingConditionOIDCTokenSecretCreated,
+	SinkBindingTrustBundlePropagated,
 )

 // GetConditionSet retrieves the condition set for this resource. Implements the KRShaped interface.
@ -86,12 +89,23 @@ func (sbs *SinkBindingStatus) InitializeConditions() {
 // MarkBindingUnavailable marks the SinkBinding's Ready condition to False with
 // the provided reason and message.
 func (sbs *SinkBindingStatus) MarkBindingUnavailable(reason, message string) {
-	sbCondSet.Manage(sbs).MarkFalse(SinkBindingConditionReady, reason, message)
+	sbCondSet.Manage(sbs).MarkFalse(SinkBindingConditionAvailable, reason, message)
 }

 // MarkBindingAvailable marks the SinkBinding's Ready condition to True.
 func (sbs *SinkBindingStatus) MarkBindingAvailable() {
-	sbCondSet.Manage(sbs).MarkTrue(SinkBindingConditionReady)
+	sbCondSet.Manage(sbs).MarkTrue(SinkBindingConditionAvailable)
+}
+
+// MarkFailedTrustBundlePropagation marks the SinkBinding's SinkBindingTrustBundlePropagated condition to False with
+// the provided reason and message.
+func (sbs *SinkBindingStatus) MarkFailedTrustBundlePropagation(reason, message string) {
+	sbCondSet.Manage(sbs).MarkFalse(SinkBindingTrustBundlePropagated, reason, message)
+}
+
+// MarkTrustBundlePropagated marks the SinkBinding's SinkBindingTrustBundlePropagated condition to True.
+func (sbs *SinkBindingStatus) MarkTrustBundlePropagated() {
+	sbCondSet.Manage(sbs).MarkTrue(SinkBindingTrustBundlePropagated)
 }

 // MarkSink sets the condition that the source has a sink configured.
@ -106,6 +120,11 @@ func (sbs *SinkBindingStatus) MarkSink(addr *duckv1.Addressable) {
 	}
 }

+// MarkSinkFailed sets the condition that the source has a sink configured.
+func (sbs *SinkBindingStatus) MarkSinkFailed(reason, messageFormat string, messageA ...interface{}) {
+	sbCondSet.Manage(sbs).MarkFalse(SinkBindingConditionSinkProvided, reason, messageFormat, messageA...)
+}
+
 func (sbs *SinkBindingStatus) MarkOIDCIdentityCreatedSucceeded() {
 	sbCondSet.Manage(sbs).MarkTrue(SinkBindingConditionOIDCIdentityCreated)
 }
@ -196,13 +215,30 @@ func (sb *SinkBinding) Do(ctx context.Context, ps *duckv1.WithPod) {
 			Value: ceOverrides,
 		})
 	}
-
-	pss, err := eventingtls.AddTrustBundleVolumes(GetTrustBundleConfigMapLister(ctx), sb, &ps.Spec.Template.Spec)
-	if err != nil {
-		logging.FromContext(ctx).Errorw("Failed to add trust bundle volumes %s/%s: %+v", zap.Error(err))
-		return
+	gvk := schema.GroupVersionKind{
+		Group:   SchemeGroupVersion.Group,
+		Version: SchemeGroupVersion.Version,
+		Kind:    "SinkBinding",
+	}
+	bundles, err := eventingtls.PropagateTrustBundles(ctx, getKubeClient(ctx), GetTrustBundleConfigMapLister(ctx), gvk, sb)
+	if err != nil {
+		logging.FromContext(ctx).Errorw("Failed to propagate trust bundles", zap.Error(err))
+	}
+	if len(bundles) > 0 {
+		pss, err := eventingtls.AddTrustBundleVolumesFromConfigMaps(bundles, &ps.Spec.Template.Spec)
+		if err != nil {
+			logging.FromContext(ctx).Errorw("Failed to add trust bundle volumes from configmaps %s/%s: %+v", zap.Error(err))
+			return
+		}
+		ps.Spec.Template.Spec = *pss
+	} else {
+		pss, err := eventingtls.AddTrustBundleVolumes(GetTrustBundleConfigMapLister(ctx), sb, &ps.Spec.Template.Spec)
+		if err != nil {
+			logging.FromContext(ctx).Errorw("Failed to add trust bundle volumes %s/%s: %+v", zap.Error(err))
+			return
+		}
+		ps.Spec.Template.Spec = *pss
 	}
-	ps.Spec.Template.Spec = *pss

 	if sb.Status.OIDCTokenSecretName != nil {
 		ps.Spec.Template.Spec.Volumes = append(ps.Spec.Template.Spec.Volumes, corev1.Volume{
@ -310,6 +346,20 @@ func (sb *SinkBinding) Undo(ctx context.Context, ps *duckv1.WithPod) {
 	}
 }

+type kubeClientKey struct{}
+
+func WithKubeClient(ctx context.Context, k kubernetes.Interface) context.Context {
+	return context.WithValue(ctx, kubeClientKey{}, k)
+}
+
+func getKubeClient(ctx context.Context) kubernetes.Interface {
+	k := ctx.Value(kubeClientKey{})
+	if k == nil {
+		panic("No Kube client found in context.")
+	}
+	return k.(kubernetes.Interface)
+}
+
 type configMapListerKey struct{}

 func WithTrustBundleConfigMapLister(ctx context.Context, lister corev1listers.ConfigMapLister) context.Context {
--- a/pkg/apis/sources/v1/sinkbinding_lifecycle_test.go
+++ b/pkg/apis/sources/v1/sinkbinding_lifecycle_test.go
@ -32,6 +32,7 @@ import (
 	"knative.dev/pkg/apis"
 	duckv1 "knative.dev/pkg/apis/duck/v1"
 	"knative.dev/pkg/client/injection/ducks/duck/v1/addressable"
+	kubeclient "knative.dev/pkg/client/injection/kube/client/fake"
 	configmapinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/configmap/fake"
 	fakedynamicclient "knative.dev/pkg/injection/clients/dynamicclient/fake"
 	"knative.dev/pkg/resolver"
@ -165,6 +166,7 @@ func TestSinkBindingStatusIsReady(t *testing.T) {
 			s := &SinkBindingStatus{}
 			s.InitializeConditions()
 			s.MarkSink(sink)
+			s.MarkTrustBundlePropagated()
 			s.MarkBindingUnavailable("TheReason", "this is the message")
 			return s
 		}(),
@ -175,6 +177,7 @@ func TestSinkBindingStatusIsReady(t *testing.T) {
 			s := &SinkBindingStatus{}
 			s.InitializeConditions()
 			s.MarkSink(sink)
+			s.MarkTrustBundlePropagated()
 			s.MarkBindingAvailable()
 			s.MarkOIDCIdentityCreatedSucceeded()
 			s.MarkOIDCTokenSecretCreatedSuccceeded()
@ -187,6 +190,7 @@ func TestSinkBindingStatusIsReady(t *testing.T) {
 			s := &SinkBindingStatus{}
 			s.InitializeConditions()
 			s.MarkSink(sink)
+			s.MarkTrustBundlePropagated()
 			s.MarkBindingAvailable()
 			s.MarkOIDCIdentityCreatedSucceeded()
 			s.MarkOIDCTokenSecretCreatedSuccceeded()
@ -199,6 +203,7 @@ func TestSinkBindingStatusIsReady(t *testing.T) {
 			s := &SinkBindingStatus{}
 			s.InitializeConditions()
 			s.MarkSink(sink)
+			s.MarkTrustBundlePropagated()
 			s.MarkBindingAvailable()
 			s.MarkOIDCIdentityCreatedSucceededWithReason("TheReason", "feature is disabled")
 			s.MarkOIDCTokenSecretCreatedSuccceeded()
@ -211,6 +216,7 @@ func TestSinkBindingStatusIsReady(t *testing.T) {
 			s := &SinkBindingStatus{}
 			s.InitializeConditions()
 			s.MarkSink(sink)
+			s.MarkTrustBundlePropagated()
 			s.MarkBindingAvailable()
 			s.MarkOIDCIdentityCreatedFailed("TheReason", "this is a message")
 			s.MarkOIDCTokenSecretCreatedSuccceeded()
@ -223,6 +229,7 @@ func TestSinkBindingStatusIsReady(t *testing.T) {
 			s := &SinkBindingStatus{}
 			s.InitializeConditions()
 			s.MarkSink(sink)
+			s.MarkTrustBundlePropagated()
 			s.MarkBindingAvailable()
 			s.MarkOIDCIdentityCreatedSucceeded()
 			s.MarkOIDCTokenSecretCreatedSuccceeded()
@ -235,12 +242,26 @@ func TestSinkBindingStatusIsReady(t *testing.T) {
 			s := &SinkBindingStatus{}
 			s.InitializeConditions()
 			s.MarkSink(sink)
+			s.MarkTrustBundlePropagated()
 			s.MarkBindingAvailable()
 			s.MarkOIDCIdentityCreatedSucceeded()
 			s.MarkOIDCTokenSecretCreatedFailed("Some", "reason")
 			return s
 		}(),
 		want: false,
+	}, {
+		name: "mark trust bundle propagation failed",
+		s: func() *SinkBindingStatus {
+			s := &SinkBindingStatus{}
+			s.InitializeConditions()
+			s.MarkSink(sink)
+			s.MarkFailedTrustBundlePropagation("failed", "failed")
+			s.MarkBindingAvailable()
+			s.MarkOIDCIdentityCreatedSucceeded()
+			s.MarkOIDCTokenSecretCreatedSuccceeded()
+			return s
+		}(),
+		want: false,
 	}}

 	for _, test := range tests {
@ -906,6 +927,7 @@ func TestSinkBindingDo(t *testing.T) {
 			}
 			ctx = WithURIResolver(ctx, r)
 			ctx = WithTrustBundleConfigMapLister(ctx, configmapinformer.Get(ctx).Lister())
+			ctx = WithKubeClient(ctx, kubeclient.Get(ctx))

 			for _, cm := range test.configMaps {
 				_ = configmapinformer.Get(ctx).Informer().GetIndexer().Add(cm)
@ -976,3 +998,17 @@ func TestSinkBindingDoNoURI(t *testing.T) {
 		t.Error("Undo (-want, +got):", cmp.Diff(want, got))
 	}
 }
+
+func TestSinkBindingUnavailable(t *testing.T) {
+
+	sb := &SinkBinding{}
+	sb.Status.InitializeConditions()
+	sb.Status.MarkBindingUnavailable("failed", "failed")
+
+	sb.Status.InitializeConditions()
+
+	r := sb.Status.GetCondition(apis.ConditionReady)
+	if r.IsTrue() || r.IsUnknown() {
+		t.Error("unexpected condition: ", r)
+	}
+}
--- a/pkg/apis/sources/v1/sinkbinding_types.go
+++ b/pkg/apis/sources/v1/sinkbinding_types.go
@ -70,14 +70,18 @@ type SinkBindingSpec struct {
 }

 const (
-	// SinkBindingConditionReady is configured to indicate whether the Binding
+	// SinkBindingConditionAvailable is configured to indicate whether the Binding
 	// has been configured for resources subject to its runtime contract.
-	SinkBindingConditionReady = apis.ConditionReady
+	SinkBindingConditionAvailable apis.ConditionType = "SinkBindingAvailable"

 	// SinkBindingConditionSinkProvided is configured to indicate whether the
 	// sink has been properly extracted from the resolver.
 	SinkBindingConditionSinkProvided apis.ConditionType = "SinkProvided"

+	// SinkBindingTrustBundlePropagated is configured to indicate whether the
+	// TLS trust bundle has been properly propagated.
+	SinkBindingTrustBundlePropagated apis.ConditionType = "TrustBundlePropagated"
+
 	// SinkBindingConditionOIDCIdentityCreated is configured to indicate whether
 	// the OIDC identity has been created for the sink.
 	SinkBindingConditionOIDCIdentityCreated apis.ConditionType = "OIDCIdentityCreated"
--- a/pkg/apis/sources/v1alpha1/integration_types.go
+++ b/pkg/apis/sources/v1alpha1/integration_types.go
@ -17,6 +17,7 @@ limitations under the License.
 package v1alpha1

 import (
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@ -60,6 +61,8 @@ type IntegrationSourceSpec struct {

 	Aws   *Aws   `json:"aws,omitempty"`   // AWS source configuration
 	Timer *Timer `json:"timer,omitempty"` // Timer configuration
+
+	Template *corev1.PodTemplateSpec `json:"template,omitempty"` // Pod configuration
 }

 type Timer struct {
--- a/pkg/apis/sources/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/sources/v1alpha1/zz_generated.deepcopy.go
@ -22,6 +22,7 @@ limitations under the License.
 package v1alpha1

 import (
+	v1 "k8s.io/api/core/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	integrationv1alpha1 "knative.dev/eventing/pkg/apis/common/integration/v1alpha1"
 )
@ -137,6 +138,11 @@ func (in *IntegrationSourceSpec) DeepCopyInto(out *IntegrationSourceSpec) {
 		*out = new(Timer)
 		**out = **in
 	}
+	if in.Template != nil {
+		in, out := &in.Template, &out.Template
+		*out = new(v1.PodTemplateSpec)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }

--- a/pkg/broker/filter/filter_handler.go
+++ b/pkg/broker/filter/filter_handler.go
@ -425,8 +425,8 @@ func (h *Handler) handleDispatchToSubscriberRequest(ctx context.Context, trigger
 	subscriberURI := trigger.Status.SubscriberURI
 	if subscriberURI == nil {
 		// Record the event count.
-		writer.WriteHeader(http.StatusBadRequest)
-		_ = h.reporter.ReportEventCount(reportArgs, http.StatusBadRequest)
+		writer.WriteHeader(http.StatusNotFound)
+		_ = h.reporter.ReportEventCount(reportArgs, http.StatusNotFound)
 		return
 	}

--- a/pkg/broker/filter/filter_handler_test.go
+++ b/pkg/broker/filter/filter_handler_test.go
@ -138,7 +138,7 @@ func TestReceiver(t *testing.T) {
 			triggers: []*eventingv1.Trigger{
 				makeTrigger(withoutSubscriberURI()),
 			},
-			expectedStatus:     http.StatusBadRequest,
+			expectedStatus:     http.StatusNotFound,
 			expectedEventCount: true,
 		},
 		"Trigger without a Filter": {
--- a/pkg/certificates/certificate.go
+++ b/pkg/certificates/certificate.go
@ -0,0 +1,194 @@
+/*
+Copyright 2025 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package certificates
+
+import (
+	"context"
+	"fmt"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
+	cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
+	"go.uber.org/zap"
+
+	cmclient "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned"
+	cminformers "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions"
+	cmlistersv1 "github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/tools/cache"
+	"knative.dev/eventing/pkg/apis/feature"
+	"knative.dev/pkg/controller"
+	"knative.dev/pkg/injection"
+	"knative.dev/pkg/kmeta"
+	"knative.dev/pkg/logging"
+)
+
+const (
+	//nolint:gosec  // Not a credential, just a label
+	SecretLabelKey = "app.kubernetes.io/component"
+	//nolint:gosec  // Not a credential, just a label
+	SecretLabelValue = "knative-eventing"
+
+	CertificateLabelKey   = "app.kubernetes.io/component"
+	CertificateLabelValue = "knative-eventing"
+
+	SecretLabelSelectorPair      = SecretLabelKey + "=" + SecretLabelValue
+	CertificateLabelSelectorPair = CertificateLabelKey + "=" + CertificateLabelValue
+)
+
+type DynamicCertificatesInformer struct {
+	cancel atomic.Pointer[context.CancelFunc]
+	lister atomic.Pointer[cmlistersv1.CertificateLister]
+	mu     sync.Mutex
+}
+
+func NewDynamicCertificatesInformer() *DynamicCertificatesInformer {
+	return &DynamicCertificatesInformer{
+		cancel: atomic.Pointer[context.CancelFunc]{},
+		lister: atomic.Pointer[cmlistersv1.CertificateLister]{},
+		mu:     sync.Mutex{},
+	}
+}
+
+func (df *DynamicCertificatesInformer) Reconcile(ctx context.Context, features feature.Flags, handler cache.ResourceEventHandler) error {
+	logger := logging.FromContext(ctx).With(zap.String("component", "DynamicCertificatesInformer"))
+
+	df.mu.Lock()
+	defer df.mu.Unlock()
+	if !features.IsPermissiveTransportEncryption() && !features.IsStrictTransportEncryption() {
+		logger.Debugw("transport encryption is disabled, stopping informer")
+		df.stop(ctx)
+		return nil
+	}
+	if df.cancel.Load() != nil {
+		logger.Debugw("Cancel function already loaded, skipping start")
+		return nil
+	}
+	logger.Debugw("Starting dynamic certificates informer")
+
+	ctx, cancel := context.WithCancel(ctx)
+
+	client := cmclient.NewForConfigOrDie(injection.GetConfig(ctx))
+
+	factory := cminformers.NewSharedInformerFactoryWithOptions(
+		client,
+		controller.DefaultResyncPeriod,
+		cminformers.WithTweakListOptions(func(options *metav1.ListOptions) {
+			options.LabelSelector = CertificateLabelSelectorPair
+		}),
+	)
+	informer := factory.Certmanager().V1().Certificates()
+	informer.Informer().AddEventHandler(handler)
+
+	factory.Start(ctx.Done())
+	if !cache.WaitForCacheSync(ctx.Done(), informer.Informer().HasSynced) {
+		defer cancel()
+		logger.Errorw("Failed to sync certificates informer cache")
+		return fmt.Errorf("failed to sync cert-manager Certificate informer")
+	}
+
+	logger.Infow("Started dynamic certificates informer")
+
+	lister := informer.Lister()
+	df.lister.Store(&lister)
+	df.cancel.Store(&cancel) // Cancel is always set as last field since it's used as a "guard".
+
+	return nil
+}
+
+func (df *DynamicCertificatesInformer) stop(ctx context.Context) {
+	cancel := df.cancel.Load()
+	if cancel == nil {
+		logging.FromContext(ctx).Debugw("Certificate informer has not been started, nothing to stop")
+		return
+	}
+
+	(*cancel)()
+	df.cancel.Store(nil) // Cancel is always set as last field since it's used as a "guard".
+}
+
+func (df *DynamicCertificatesInformer) Lister() *atomic.Pointer[cmlistersv1.CertificateLister] {
+	df.mu.Lock()
+	defer df.mu.Unlock()
+
+	return &df.lister
+}
+
+func CertificateName(objName string) string {
+	return kmeta.ChildName(objName, "-server-tls")
+}
+
+type CertificateOption func(cert *cmv1.Certificate)
+
+func MakeCertificate(obj kmeta.OwnerRefableAccessor, opts ...CertificateOption) *cmv1.Certificate {
+	cert := &cmv1.Certificate{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      CertificateName(obj.GetName()),
+			Namespace: obj.GetNamespace(),
+			OwnerReferences: []metav1.OwnerReference{
+				*kmeta.NewControllerRef(obj),
+			},
+			Labels: map[string]string{
+				CertificateLabelKey:      CertificateLabelValue,
+				"app.kubernetes.io/name": obj.GetName(),
+			},
+		},
+		Spec: cmv1.CertificateSpec{
+			SecretName: CertificateName(obj.GetName()),
+			SecretTemplate: &cmv1.CertificateSecretTemplate{
+				Labels: map[string]string{
+					SecretLabelKey:           SecretLabelValue,
+					"app.kubernetes.io/name": obj.GetName(),
+				},
+			},
+			Duration: &metav1.Duration{
+				Duration: 90 * 24 * time.Hour, // 90 days
+			},
+			RenewBefore: &metav1.Duration{
+				Duration: 15 * 24 * time.Hour, // 15 days
+			},
+
+			Subject: &cmv1.X509Subject{
+				Organizations: []string{"local"},
+			},
+			PrivateKey: &cmv1.CertificatePrivateKey{
+				Algorithm:      cmv1.RSAKeyAlgorithm,
+				Encoding:       cmv1.PKCS1,
+				Size:           2048,
+				RotationPolicy: cmv1.RotationPolicyAlways,
+			},
+			IssuerRef: cmmeta.ObjectReference{
+				Name:  "knative-eventing-ca-issuer",
+				Kind:  "ClusterIssuer",
+				Group: "cert-manager.io",
+			},
+		},
+	}
+
+	for _, opt := range opts {
+		opt(cert)
+	}
+	return cert
+}
+
+func WithDNSNames(dnsNames ...string) CertificateOption {
+	return func(cert *cmv1.Certificate) {
+		cert.Spec.DNSNames = dnsNames
+	}
+}
--- a/pkg/certificates/certificate_test.go
+++ b/pkg/certificates/certificate_test.go
@ -0,0 +1,96 @@
+/*
+Copyright 2025 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package certificates
+
+import (
+	"fmt"
+	"testing"
+	"time"
+
+	cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
+	cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
+	"github.com/google/go-cmp/cmp"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
+	"knative.dev/pkg/kmeta"
+)
+
+func TestNewCertificate(t *testing.T) {
+
+	testNS := "test-ns"
+	testName := "test-name"
+	obj := &sourcesv1.PingSource{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      testName,
+			Namespace: testNS,
+		},
+	}
+
+	want := &cmv1.Certificate{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      CertificateName(obj.GetName()),
+			Namespace: obj.GetNamespace(),
+			OwnerReferences: []metav1.OwnerReference{
+				*kmeta.NewControllerRef(obj),
+			},
+			Labels: map[string]string{
+				"app.kubernetes.io/component": "knative-eventing",
+				"app.kubernetes.io/name":      obj.GetName(),
+			},
+		},
+		Spec: cmv1.CertificateSpec{
+			SecretName: CertificateName(obj.GetName()),
+			SecretTemplate: &cmv1.CertificateSecretTemplate{
+				Labels: map[string]string{
+					"app.kubernetes.io/component": "knative-eventing",
+					"app.kubernetes.io/name":      obj.GetName(),
+				},
+			},
+			Duration: &metav1.Duration{
+				Duration: 90 * 24 * time.Hour, // 90 days
+			},
+			RenewBefore: &metav1.Duration{
+				Duration: 15 * 24 * time.Hour, // 15 days
+			},
+
+			Subject: &cmv1.X509Subject{
+				Organizations: []string{"local"},
+			},
+			PrivateKey: &cmv1.CertificatePrivateKey{
+				Algorithm:      cmv1.RSAKeyAlgorithm,
+				Encoding:       cmv1.PKCS1,
+				Size:           2048,
+				RotationPolicy: cmv1.RotationPolicyAlways,
+			},
+			DNSNames: []string{
+				fmt.Sprintf("%s.%s.svc.cluster.local", obj.GetName()+"-deployment", obj.GetNamespace()),
+				fmt.Sprintf("%s.%s.svc", obj.GetName()+"-deployment", obj.GetNamespace()),
+			},
+			IssuerRef: cmmeta.ObjectReference{
+				Name:  "knative-eventing-ca-issuer",
+				Kind:  "ClusterIssuer",
+				Group: "cert-manager.io",
+			},
+		},
+	}
+
+	got := MakeCertificate(obj, WithDNSNames(want.Spec.DNSNames...))
+
+	if diff := cmp.Diff(want, got); diff != "" {
+		t.Error("unexpected condition (-want, +got) =", diff)
+	}
+}
--- a/pkg/client/certmanager/injection/client/client.go
+++ b/pkg/client/certmanager/injection/client/client.go
@ -0,0 +1,57 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package client
+
+import (
+	context "context"
+
+	versioned "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned"
+	rest "k8s.io/client-go/rest"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+func init() {
+	injection.Default.RegisterClient(withClientFromConfig)
+	injection.Default.RegisterClientFetcher(func(ctx context.Context) interface{} {
+		return Get(ctx)
+	})
+}
+
+// Key is used as the key for associating information with a context.Context.
+type Key struct{}
+
+func withClientFromConfig(ctx context.Context, cfg *rest.Config) context.Context {
+	return context.WithValue(ctx, Key{}, versioned.NewForConfigOrDie(cfg))
+}
+
+// Get extracts the versioned.Interface client from the context.
+func Get(ctx context.Context) versioned.Interface {
+	untyped := ctx.Value(Key{})
+	if untyped == nil {
+		if injection.GetConfig(ctx) == nil {
+			logging.FromContext(ctx).Panic(
+				"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/clientset/versioned.Interface from context. This context is not the application context (which is typically given to constructors via sharedmain).")
+		} else {
+			logging.FromContext(ctx).Panic(
+				"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/clientset/versioned.Interface from context.")
+		}
+	}
+	return untyped.(versioned.Interface)
+}
--- a/pkg/client/certmanager/injection/client/fake/fake.go
+++ b/pkg/client/certmanager/injection/client/fake/fake.go
@ -0,0 +1,57 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	context "context"
+
+	fake "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/fake"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	rest "k8s.io/client-go/rest"
+	client "knative.dev/eventing/pkg/client/certmanager/injection/client"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+func init() {
+	injection.Fake.RegisterClient(withClient)
+	injection.Fake.RegisterClientFetcher(func(ctx context.Context) interface{} {
+		return Get(ctx)
+	})
+}
+
+func withClient(ctx context.Context, cfg *rest.Config) context.Context {
+	ctx, _ = With(ctx)
+	return ctx
+}
+
+func With(ctx context.Context, objects ...runtime.Object) (context.Context, *fake.Clientset) {
+	cs := fake.NewSimpleClientset(objects...)
+	return context.WithValue(ctx, client.Key{}, cs), cs
+}
+
+// Get extracts the Kubernetes client from the context.
+func Get(ctx context.Context) *fake.Clientset {
+	untyped := ctx.Value(client.Key{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/fake.Clientset from context.")
+	}
+	return untyped.(*fake.Clientset)
+}
--- a/pkg/client/certmanager/injection/informers/acme/v1/challenge/challenge.go
+++ b/pkg/client/certmanager/injection/informers/acme/v1/challenge/challenge.go
@ -0,0 +1,47 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package challenge
+
+import (
+	context "context"
+
+	v1 "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1"
+	factory "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory"
+	controller "knative.dev/pkg/controller"
+	logging "knative.dev/pkg/logging"
+)
+
+// Key is used for associating the Informer inside the context.Context.
+type Key struct{}
+
+func WithInformer(ctx context.Context) (context.Context, controller.Informer) {
+	f := factory.Get(ctx)
+	inf := f.Acme().V1().Challenges()
+	return context.WithValue(ctx, Key{}, inf), inf.Informer()
+}
+
+// Get extracts the typed informer from the context.
+func Get(ctx context.Context) v1.ChallengeInformer {
+	untyped := ctx.Value(Key{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1.ChallengeInformer from context.")
+	}
+	return untyped.(v1.ChallengeInformer)
+}
--- a/pkg/client/certmanager/injection/informers/acme/v1/challenge/fake/fake.go
+++ b/pkg/client/certmanager/injection/informers/acme/v1/challenge/fake/fake.go
@ -0,0 +1,40 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	context "context"
+
+	challenge "knative.dev/eventing/pkg/client/certmanager/injection/informers/acme/v1/challenge"
+	fake "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/fake"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+)
+
+var Get = challenge.Get
+
+func init() {
+	injection.Fake.RegisterInformer(withInformer)
+}
+
+func withInformer(ctx context.Context) (context.Context, controller.Informer) {
+	f := fake.Get(ctx)
+	inf := f.Acme().V1().Challenges()
+	return context.WithValue(ctx, challenge.Key{}, inf), inf.Informer()
+}
--- a/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/challenge.go
+++ b/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/challenge.go
@ -0,0 +1,65 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package filtered
+
+import (
+	context "context"
+
+	v1 "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1"
+	filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+func init() {
+	injection.Default.RegisterFilteredInformers(withInformer)
+}
+
+// Key is used for associating the Informer inside the context.Context.
+type Key struct {
+	Selector string
+}
+
+func withInformer(ctx context.Context) (context.Context, []controller.Informer) {
+	untyped := ctx.Value(filtered.LabelKey{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch labelkey from context.")
+	}
+	labelSelectors := untyped.([]string)
+	infs := []controller.Informer{}
+	for _, selector := range labelSelectors {
+		f := filtered.Get(ctx, selector)
+		inf := f.Acme().V1().Challenges()
+		ctx = context.WithValue(ctx, Key{Selector: selector}, inf)
+		infs = append(infs, inf.Informer())
+	}
+	return ctx, infs
+}
+
+// Get extracts the typed informer from the context.
+func Get(ctx context.Context, selector string) v1.ChallengeInformer {
+	untyped := ctx.Value(Key{Selector: selector})
+	if untyped == nil {
+		logging.FromContext(ctx).Panicf(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1.ChallengeInformer with selector %s from context.", selector)
+	}
+	return untyped.(v1.ChallengeInformer)
+}
--- a/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/fake/fake.go
+++ b/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered/fake/fake.go
@ -0,0 +1,52 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	context "context"
+
+	filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/acme/v1/challenge/filtered"
+	factoryfiltered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+var Get = filtered.Get
+
+func init() {
+	injection.Fake.RegisterFilteredInformers(withInformer)
+}
+
+func withInformer(ctx context.Context) (context.Context, []controller.Informer) {
+	untyped := ctx.Value(factoryfiltered.LabelKey{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch labelkey from context.")
+	}
+	labelSelectors := untyped.([]string)
+	infs := []controller.Informer{}
+	for _, selector := range labelSelectors {
+		f := factoryfiltered.Get(ctx, selector)
+		inf := f.Acme().V1().Challenges()
+		ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf)
+		infs = append(infs, inf.Informer())
+	}
+	return ctx, infs
+}
--- a/pkg/client/certmanager/injection/informers/acme/v1/order/fake/fake.go
+++ b/pkg/client/certmanager/injection/informers/acme/v1/order/fake/fake.go
@ -0,0 +1,40 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	context "context"
+
+	order "knative.dev/eventing/pkg/client/certmanager/injection/informers/acme/v1/order"
+	fake "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/fake"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+)
+
+var Get = order.Get
+
+func init() {
+	injection.Fake.RegisterInformer(withInformer)
+}
+
+func withInformer(ctx context.Context) (context.Context, controller.Informer) {
+	f := fake.Get(ctx)
+	inf := f.Acme().V1().Orders()
+	return context.WithValue(ctx, order.Key{}, inf), inf.Informer()
+}
--- a/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/fake/fake.go
+++ b/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/fake/fake.go
@ -0,0 +1,52 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	context "context"
+
+	filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/acme/v1/order/filtered"
+	factoryfiltered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+var Get = filtered.Get
+
+func init() {
+	injection.Fake.RegisterFilteredInformers(withInformer)
+}
+
+func withInformer(ctx context.Context) (context.Context, []controller.Informer) {
+	untyped := ctx.Value(factoryfiltered.LabelKey{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch labelkey from context.")
+	}
+	labelSelectors := untyped.([]string)
+	infs := []controller.Informer{}
+	for _, selector := range labelSelectors {
+		f := factoryfiltered.Get(ctx, selector)
+		inf := f.Acme().V1().Orders()
+		ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf)
+		infs = append(infs, inf.Informer())
+	}
+	return ctx, infs
+}
--- a/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/order.go
+++ b/pkg/client/certmanager/injection/informers/acme/v1/order/filtered/order.go
@ -0,0 +1,65 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package filtered
+
+import (
+	context "context"
+
+	v1 "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1"
+	filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+func init() {
+	injection.Default.RegisterFilteredInformers(withInformer)
+}
+
+// Key is used for associating the Informer inside the context.Context.
+type Key struct {
+	Selector string
+}
+
+func withInformer(ctx context.Context) (context.Context, []controller.Informer) {
+	untyped := ctx.Value(filtered.LabelKey{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch labelkey from context.")
+	}
+	labelSelectors := untyped.([]string)
+	infs := []controller.Informer{}
+	for _, selector := range labelSelectors {
+		f := filtered.Get(ctx, selector)
+		inf := f.Acme().V1().Orders()
+		ctx = context.WithValue(ctx, Key{Selector: selector}, inf)
+		infs = append(infs, inf.Informer())
+	}
+	return ctx, infs
+}
+
+// Get extracts the typed informer from the context.
+func Get(ctx context.Context, selector string) v1.OrderInformer {
+	untyped := ctx.Value(Key{Selector: selector})
+	if untyped == nil {
+		logging.FromContext(ctx).Panicf(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1.OrderInformer with selector %s from context.", selector)
+	}
+	return untyped.(v1.OrderInformer)
+}
--- a/pkg/client/certmanager/injection/informers/acme/v1/order/order.go
+++ b/pkg/client/certmanager/injection/informers/acme/v1/order/order.go
@ -0,0 +1,47 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package order
+
+import (
+	context "context"
+
+	v1 "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1"
+	factory "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory"
+	controller "knative.dev/pkg/controller"
+	logging "knative.dev/pkg/logging"
+)
+
+// Key is used for associating the Informer inside the context.Context.
+type Key struct{}
+
+func WithInformer(ctx context.Context) (context.Context, controller.Informer) {
+	f := factory.Get(ctx)
+	inf := f.Acme().V1().Orders()
+	return context.WithValue(ctx, Key{}, inf), inf.Informer()
+}
+
+// Get extracts the typed informer from the context.
+func Get(ctx context.Context) v1.OrderInformer {
+	untyped := ctx.Value(Key{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1.OrderInformer from context.")
+	}
+	return untyped.(v1.OrderInformer)
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/certificate.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/certificate.go
@ -0,0 +1,47 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package certificate
+
+import (
+	context "context"
+
+	v1 "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1"
+	factory "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory"
+	controller "knative.dev/pkg/controller"
+	logging "knative.dev/pkg/logging"
+)
+
+// Key is used for associating the Informer inside the context.Context.
+type Key struct{}
+
+func WithInformer(ctx context.Context) (context.Context, controller.Informer) {
+	f := factory.Get(ctx)
+	inf := f.Certmanager().V1().Certificates()
+	return context.WithValue(ctx, Key{}, inf), inf.Informer()
+}
+
+// Get extracts the typed informer from the context.
+func Get(ctx context.Context) v1.CertificateInformer {
+	untyped := ctx.Value(Key{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1.CertificateInformer from context.")
+	}
+	return untyped.(v1.CertificateInformer)
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/fake/fake.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/fake/fake.go
@ -0,0 +1,40 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	context "context"
+
+	certificate "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/certificate"
+	fake "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/fake"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+)
+
+var Get = certificate.Get
+
+func init() {
+	injection.Fake.RegisterInformer(withInformer)
+}
+
+func withInformer(ctx context.Context) (context.Context, controller.Informer) {
+	f := fake.Get(ctx)
+	inf := f.Certmanager().V1().Certificates()
+	return context.WithValue(ctx, certificate.Key{}, inf), inf.Informer()
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/certificate.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/certificate.go
@ -0,0 +1,65 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package filtered
+
+import (
+	context "context"
+
+	v1 "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1"
+	filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+func init() {
+	injection.Default.RegisterFilteredInformers(withInformer)
+}
+
+// Key is used for associating the Informer inside the context.Context.
+type Key struct {
+	Selector string
+}
+
+func withInformer(ctx context.Context) (context.Context, []controller.Informer) {
+	untyped := ctx.Value(filtered.LabelKey{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch labelkey from context.")
+	}
+	labelSelectors := untyped.([]string)
+	infs := []controller.Informer{}
+	for _, selector := range labelSelectors {
+		f := filtered.Get(ctx, selector)
+		inf := f.Certmanager().V1().Certificates()
+		ctx = context.WithValue(ctx, Key{Selector: selector}, inf)
+		infs = append(infs, inf.Informer())
+	}
+	return ctx, infs
+}
+
+// Get extracts the typed informer from the context.
+func Get(ctx context.Context, selector string) v1.CertificateInformer {
+	untyped := ctx.Value(Key{Selector: selector})
+	if untyped == nil {
+		logging.FromContext(ctx).Panicf(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1.CertificateInformer with selector %s from context.", selector)
+	}
+	return untyped.(v1.CertificateInformer)
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/fake/fake.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered/fake/fake.go
@ -0,0 +1,52 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	context "context"
+
+	filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/certificate/filtered"
+	factoryfiltered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+var Get = filtered.Get
+
+func init() {
+	injection.Fake.RegisterFilteredInformers(withInformer)
+}
+
+func withInformer(ctx context.Context) (context.Context, []controller.Informer) {
+	untyped := ctx.Value(factoryfiltered.LabelKey{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch labelkey from context.")
+	}
+	labelSelectors := untyped.([]string)
+	infs := []controller.Informer{}
+	for _, selector := range labelSelectors {
+		f := factoryfiltered.Get(ctx, selector)
+		inf := f.Certmanager().V1().Certificates()
+		ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf)
+		infs = append(infs, inf.Informer())
+	}
+	return ctx, infs
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/certificaterequest.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/certificaterequest.go
@ -0,0 +1,47 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package certificaterequest
+
+import (
+	context "context"
+
+	v1 "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1"
+	factory "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory"
+	controller "knative.dev/pkg/controller"
+	logging "knative.dev/pkg/logging"
+)
+
+// Key is used for associating the Informer inside the context.Context.
+type Key struct{}
+
+func WithInformer(ctx context.Context) (context.Context, controller.Informer) {
+	f := factory.Get(ctx)
+	inf := f.Certmanager().V1().CertificateRequests()
+	return context.WithValue(ctx, Key{}, inf), inf.Informer()
+}
+
+// Get extracts the typed informer from the context.
+func Get(ctx context.Context) v1.CertificateRequestInformer {
+	untyped := ctx.Value(Key{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1.CertificateRequestInformer from context.")
+	}
+	return untyped.(v1.CertificateRequestInformer)
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/fake/fake.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/fake/fake.go
@ -0,0 +1,40 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	context "context"
+
+	certificaterequest "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest"
+	fake "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/fake"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+)
+
+var Get = certificaterequest.Get
+
+func init() {
+	injection.Fake.RegisterInformer(withInformer)
+}
+
+func withInformer(ctx context.Context) (context.Context, controller.Informer) {
+	f := fake.Get(ctx)
+	inf := f.Certmanager().V1().CertificateRequests()
+	return context.WithValue(ctx, certificaterequest.Key{}, inf), inf.Informer()
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/certificaterequest.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/certificaterequest.go
@ -0,0 +1,65 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package filtered
+
+import (
+	context "context"
+
+	v1 "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1"
+	filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+func init() {
+	injection.Default.RegisterFilteredInformers(withInformer)
+}
+
+// Key is used for associating the Informer inside the context.Context.
+type Key struct {
+	Selector string
+}
+
+func withInformer(ctx context.Context) (context.Context, []controller.Informer) {
+	untyped := ctx.Value(filtered.LabelKey{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch labelkey from context.")
+	}
+	labelSelectors := untyped.([]string)
+	infs := []controller.Informer{}
+	for _, selector := range labelSelectors {
+		f := filtered.Get(ctx, selector)
+		inf := f.Certmanager().V1().CertificateRequests()
+		ctx = context.WithValue(ctx, Key{Selector: selector}, inf)
+		infs = append(infs, inf.Informer())
+	}
+	return ctx, infs
+}
+
+// Get extracts the typed informer from the context.
+func Get(ctx context.Context, selector string) v1.CertificateRequestInformer {
+	untyped := ctx.Value(Key{Selector: selector})
+	if untyped == nil {
+		logging.FromContext(ctx).Panicf(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1.CertificateRequestInformer with selector %s from context.", selector)
+	}
+	return untyped.(v1.CertificateRequestInformer)
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/fake/fake.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered/fake/fake.go
@ -0,0 +1,52 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	context "context"
+
+	filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/certificaterequest/filtered"
+	factoryfiltered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+var Get = filtered.Get
+
+func init() {
+	injection.Fake.RegisterFilteredInformers(withInformer)
+}
+
+func withInformer(ctx context.Context) (context.Context, []controller.Informer) {
+	untyped := ctx.Value(factoryfiltered.LabelKey{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch labelkey from context.")
+	}
+	labelSelectors := untyped.([]string)
+	infs := []controller.Informer{}
+	for _, selector := range labelSelectors {
+		f := factoryfiltered.Get(ctx, selector)
+		inf := f.Certmanager().V1().CertificateRequests()
+		ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf)
+		infs = append(infs, inf.Informer())
+	}
+	return ctx, infs
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/clusterissuer.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/clusterissuer.go
@ -0,0 +1,47 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package clusterissuer
+
+import (
+	context "context"
+
+	v1 "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1"
+	factory "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory"
+	controller "knative.dev/pkg/controller"
+	logging "knative.dev/pkg/logging"
+)
+
+// Key is used for associating the Informer inside the context.Context.
+type Key struct{}
+
+func WithInformer(ctx context.Context) (context.Context, controller.Informer) {
+	f := factory.Get(ctx)
+	inf := f.Certmanager().V1().ClusterIssuers()
+	return context.WithValue(ctx, Key{}, inf), inf.Informer()
+}
+
+// Get extracts the typed informer from the context.
+func Get(ctx context.Context) v1.ClusterIssuerInformer {
+	untyped := ctx.Value(Key{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1.ClusterIssuerInformer from context.")
+	}
+	return untyped.(v1.ClusterIssuerInformer)
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/fake/fake.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/fake/fake.go
@ -0,0 +1,40 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	context "context"
+
+	clusterissuer "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer"
+	fake "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/fake"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+)
+
+var Get = clusterissuer.Get
+
+func init() {
+	injection.Fake.RegisterInformer(withInformer)
+}
+
+func withInformer(ctx context.Context) (context.Context, controller.Informer) {
+	f := fake.Get(ctx)
+	inf := f.Certmanager().V1().ClusterIssuers()
+	return context.WithValue(ctx, clusterissuer.Key{}, inf), inf.Informer()
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/clusterissuer.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/clusterissuer.go
@ -0,0 +1,65 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package filtered
+
+import (
+	context "context"
+
+	v1 "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1"
+	filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+func init() {
+	injection.Default.RegisterFilteredInformers(withInformer)
+}
+
+// Key is used for associating the Informer inside the context.Context.
+type Key struct {
+	Selector string
+}
+
+func withInformer(ctx context.Context) (context.Context, []controller.Informer) {
+	untyped := ctx.Value(filtered.LabelKey{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch labelkey from context.")
+	}
+	labelSelectors := untyped.([]string)
+	infs := []controller.Informer{}
+	for _, selector := range labelSelectors {
+		f := filtered.Get(ctx, selector)
+		inf := f.Certmanager().V1().ClusterIssuers()
+		ctx = context.WithValue(ctx, Key{Selector: selector}, inf)
+		infs = append(infs, inf.Informer())
+	}
+	return ctx, infs
+}
+
+// Get extracts the typed informer from the context.
+func Get(ctx context.Context, selector string) v1.ClusterIssuerInformer {
+	untyped := ctx.Value(Key{Selector: selector})
+	if untyped == nil {
+		logging.FromContext(ctx).Panicf(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1.ClusterIssuerInformer with selector %s from context.", selector)
+	}
+	return untyped.(v1.ClusterIssuerInformer)
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/fake/fake.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered/fake/fake.go
@ -0,0 +1,52 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	context "context"
+
+	filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/clusterissuer/filtered"
+	factoryfiltered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+var Get = filtered.Get
+
+func init() {
+	injection.Fake.RegisterFilteredInformers(withInformer)
+}
+
+func withInformer(ctx context.Context) (context.Context, []controller.Informer) {
+	untyped := ctx.Value(factoryfiltered.LabelKey{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch labelkey from context.")
+	}
+	labelSelectors := untyped.([]string)
+	infs := []controller.Informer{}
+	for _, selector := range labelSelectors {
+		f := factoryfiltered.Get(ctx, selector)
+		inf := f.Certmanager().V1().ClusterIssuers()
+		ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf)
+		infs = append(infs, inf.Informer())
+	}
+	return ctx, infs
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/fake/fake.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/fake/fake.go
@ -0,0 +1,40 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	context "context"
+
+	issuer "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/issuer"
+	fake "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/fake"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+)
+
+var Get = issuer.Get
+
+func init() {
+	injection.Fake.RegisterInformer(withInformer)
+}
+
+func withInformer(ctx context.Context) (context.Context, controller.Informer) {
+	f := fake.Get(ctx)
+	inf := f.Certmanager().V1().Issuers()
+	return context.WithValue(ctx, issuer.Key{}, inf), inf.Informer()
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/fake/fake.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/fake/fake.go
@ -0,0 +1,52 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	context "context"
+
+	filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered"
+	factoryfiltered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+var Get = filtered.Get
+
+func init() {
+	injection.Fake.RegisterFilteredInformers(withInformer)
+}
+
+func withInformer(ctx context.Context) (context.Context, []controller.Informer) {
+	untyped := ctx.Value(factoryfiltered.LabelKey{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch labelkey from context.")
+	}
+	labelSelectors := untyped.([]string)
+	infs := []controller.Informer{}
+	for _, selector := range labelSelectors {
+		f := factoryfiltered.Get(ctx, selector)
+		inf := f.Certmanager().V1().Issuers()
+		ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf)
+		infs = append(infs, inf.Informer())
+	}
+	return ctx, infs
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/issuer.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/filtered/issuer.go
@ -0,0 +1,65 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package filtered
+
+import (
+	context "context"
+
+	v1 "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1"
+	filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+func init() {
+	injection.Default.RegisterFilteredInformers(withInformer)
+}
+
+// Key is used for associating the Informer inside the context.Context.
+type Key struct {
+	Selector string
+}
+
+func withInformer(ctx context.Context) (context.Context, []controller.Informer) {
+	untyped := ctx.Value(filtered.LabelKey{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch labelkey from context.")
+	}
+	labelSelectors := untyped.([]string)
+	infs := []controller.Informer{}
+	for _, selector := range labelSelectors {
+		f := filtered.Get(ctx, selector)
+		inf := f.Certmanager().V1().Issuers()
+		ctx = context.WithValue(ctx, Key{Selector: selector}, inf)
+		infs = append(infs, inf.Informer())
+	}
+	return ctx, infs
+}
+
+// Get extracts the typed informer from the context.
+func Get(ctx context.Context, selector string) v1.IssuerInformer {
+	untyped := ctx.Value(Key{Selector: selector})
+	if untyped == nil {
+		logging.FromContext(ctx).Panicf(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1.IssuerInformer with selector %s from context.", selector)
+	}
+	return untyped.(v1.IssuerInformer)
+}
--- a/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/issuer.go
+++ b/pkg/client/certmanager/injection/informers/certmanager/v1/issuer/issuer.go
@ -0,0 +1,47 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package issuer
+
+import (
+	context "context"
+
+	v1 "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1"
+	factory "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory"
+	controller "knative.dev/pkg/controller"
+	logging "knative.dev/pkg/logging"
+)
+
+// Key is used for associating the Informer inside the context.Context.
+type Key struct{}
+
+func WithInformer(ctx context.Context) (context.Context, controller.Informer) {
+	f := factory.Get(ctx)
+	inf := f.Certmanager().V1().Issuers()
+	return context.WithValue(ctx, Key{}, inf), inf.Informer()
+}
+
+// Get extracts the typed informer from the context.
+func Get(ctx context.Context) v1.IssuerInformer {
+	untyped := ctx.Value(Key{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1.IssuerInformer from context.")
+	}
+	return untyped.(v1.IssuerInformer)
+}
--- a/pkg/client/certmanager/injection/informers/factory/factory.go
+++ b/pkg/client/certmanager/injection/informers/factory/factory.go
@ -0,0 +1,56 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package factory
+
+import (
+	context "context"
+
+	externalversions "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions"
+	client "knative.dev/eventing/pkg/client/certmanager/injection/client"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+func init() {
+	injection.Default.RegisterInformerFactory(withInformerFactory)
+}
+
+// Key is used as the key for associating information with a context.Context.
+type Key struct{}
+
+func withInformerFactory(ctx context.Context) context.Context {
+	c := client.Get(ctx)
+	opts := make([]externalversions.SharedInformerOption, 0, 1)
+	if injection.HasNamespaceScope(ctx) {
+		opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx)))
+	}
+	return context.WithValue(ctx, Key{},
+		externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...))
+}
+
+// Get extracts the InformerFactory from the context.
+func Get(ctx context.Context) externalversions.SharedInformerFactory {
+	untyped := ctx.Value(Key{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/informers/externalversions.SharedInformerFactory from context.")
+	}
+	return untyped.(externalversions.SharedInformerFactory)
+}
--- a/pkg/client/certmanager/injection/informers/factory/fake/fake.go
+++ b/pkg/client/certmanager/injection/informers/factory/fake/fake.go
@ -0,0 +1,45 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	context "context"
+
+	externalversions "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions"
+	fake "knative.dev/eventing/pkg/client/certmanager/injection/client/fake"
+	factory "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+)
+
+var Get = factory.Get
+
+func init() {
+	injection.Fake.RegisterInformerFactory(withInformerFactory)
+}
+
+func withInformerFactory(ctx context.Context) context.Context {
+	c := fake.Get(ctx)
+	opts := make([]externalversions.SharedInformerOption, 0, 1)
+	if injection.HasNamespaceScope(ctx) {
+		opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx)))
+	}
+	return context.WithValue(ctx, factory.Key{},
+		externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...))
+}
--- a/pkg/client/certmanager/injection/informers/factory/filtered/fake/fake_filtered_factory.go
+++ b/pkg/client/certmanager/injection/informers/factory/filtered/fake/fake_filtered_factory.go
@ -0,0 +1,60 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fakeFilteredFactory
+
+import (
+	context "context"
+
+	externalversions "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	fake "knative.dev/eventing/pkg/client/certmanager/injection/client/fake"
+	filtered "knative.dev/eventing/pkg/client/certmanager/injection/informers/factory/filtered"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+var Get = filtered.Get
+
+func init() {
+	injection.Fake.RegisterInformerFactory(withInformerFactory)
+}
+
+func withInformerFactory(ctx context.Context) context.Context {
+	c := fake.Get(ctx)
+	untyped := ctx.Value(filtered.LabelKey{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch labelkey from context.")
+	}
+	labelSelectors := untyped.([]string)
+	for _, selector := range labelSelectors {
+		selectorVal := selector
+		opts := []externalversions.SharedInformerOption{}
+		if injection.HasNamespaceScope(ctx) {
+			opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx)))
+		}
+		opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) {
+			l.LabelSelector = selectorVal
+		}))
+		ctx = context.WithValue(ctx, filtered.Key{Selector: selectorVal},
+			externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...))
+	}
+	return ctx
+}
--- a/pkg/client/certmanager/injection/informers/factory/filtered/filtered_factory.go
+++ b/pkg/client/certmanager/injection/informers/factory/filtered/filtered_factory.go
@ -0,0 +1,78 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package filteredFactory
+
+import (
+	context "context"
+
+	externalversions "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	client "knative.dev/eventing/pkg/client/certmanager/injection/client"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	logging "knative.dev/pkg/logging"
+)
+
+func init() {
+	injection.Default.RegisterInformerFactory(withInformerFactory)
+}
+
+// Key is used as the key for associating information with a context.Context.
+type Key struct {
+	Selector string
+}
+
+type LabelKey struct{}
+
+func WithSelectors(ctx context.Context, selector ...string) context.Context {
+	return context.WithValue(ctx, LabelKey{}, selector)
+}
+
+func withInformerFactory(ctx context.Context) context.Context {
+	c := client.Get(ctx)
+	untyped := ctx.Value(LabelKey{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch labelkey from context.")
+	}
+	labelSelectors := untyped.([]string)
+	for _, selector := range labelSelectors {
+		selectorVal := selector
+		opts := []externalversions.SharedInformerOption{}
+		if injection.HasNamespaceScope(ctx) {
+			opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx)))
+		}
+		opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) {
+			l.LabelSelector = selectorVal
+		}))
+		ctx = context.WithValue(ctx, Key{Selector: selectorVal},
+			externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...))
+	}
+	return ctx
+}
+
+// Get extracts the InformerFactory from the context.
+func Get(ctx context.Context, selector string) externalversions.SharedInformerFactory {
+	untyped := ctx.Value(Key{Selector: selector})
+	if untyped == nil {
+		logging.FromContext(ctx).Panicf(
+			"Unable to fetch github.com/cert-manager/cert-manager/pkg/client/informers/externalversions.SharedInformerFactory with selector %s from context.", selector)
+	}
+	return untyped.(externalversions.SharedInformerFactory)
+}
--- a/Show More
+++ b/Show More
				`@ -0,0 +1 @@`
				`../third_party/eventing-integrations-latest/eventing-integrations-images.yaml`
				`@ -0,0 +1 @@`
				`../../../third_party/eventing-integrations-latest/eventing-integrations-images.yaml`