upgrade to latest dependencies (#1717)

bumping knative.dev/networking 68725bd...77975a1:%0A > 77975a1 Add the new certificate names for dataplane and controlplane (# 804)%0A > c3cca43 upgrade to latest dependencies (# 803)%0A > 3f4627e Add internal trust flag to config (# 778)%0A > 02055c8 Update community files (# 801)%0Abumping knative.dev/pkg 9049667...db8a353:%0A > db8a353 Add SinkCACerts to SourceStatus (# 2733)%0Abumping knative.dev/serving 5e056a0...219285e:%0A > 219285e Update net-kourier nightly (# 13959)%0A > 2fa05bd Min TLS for tag to digest defaults to 1.2 again and is configurable (# 13962)%0A > 43df348 Update net-contour nightly (# 13958)%0A > 50a9f22 Update net-certmanager nightly (# 13961)%0A > 4e379cb Update net-gateway-api nightly (# 13957)%0A > 3d53294 Update net-istio nightly (# 13960)%0A > ea2a6c8 💄 Install ko using setup-ko, from ko-build (# 13951)%0A > e5070cd upgrade to latest dependencies (# 13950)%0A > 9778f2d Update net-istio nightly (# 13949)%0A > f27ba4e Update net-certmanager nightly (# 13944)%0A > 2840301 Update net-kourier nightly (# 13945)%0A > 117a642 Update net-gateway-api nightly (# 13943)%0A > 84a2230 Update net-contour nightly (# 13942)%0A > 7aa5edb upgrade to latest dependencies (# 13941)%0A > 01707d8 upgrade to latest dependencies (# 13940)%0A > b7d5e8d Update net-istio nightly (# 13939)%0Abumping knative.dev/eventing cd50d27...24fbfe5:%0A > 24fbfe5 Eventing TLS: support exposing https address in Broker controller (# 6930)%0A > d18cb42 Add information about retryable error in servermanager (# 6921)%0A > f92a05b Added Support for K_CA_CERTS in the heartbeats (# 6920)%0A > b8b43d0 Remove CA certs empty and non nil check, use URL scheme only (# 6928)%0A > 3c8cc05 Return error directly if one receiver of servermanager fails (# 6919)%0A > 92ab7f8 [main] Upgrade to latest dependencies (# 6927)%0A > 5c6fe57 two more for reducing to debug, instead of info (# 6922)%0A > 6cf9397 less verbose logs on scheduler component (# 6912)%0A > 69918f2 Adds ServerManager. Supports http/https message receivers (# 6908)%0A > d58e259 Install ko using setup-ko in kind e2e tests (# 6910)%0A > 9cdea5d Eventing TLS: Added Support for setting K_CA_CERTS in the ApiServerSource controller for the adapter (# 6897)%0A > add8436 Eventing TLS: support exposing https address in InMemoryChannel controller (# 6881)%0A > 59cfb6d [main] Upgrade to latest dependencies (# 6906)%0A > 03f2a3d Remove unused test helper (# 6907)%0A > 7a90c46 Remove eventing-natss from downstream tests (# 6905)%0A > ba2550b [main] Upgrade to latest dependencies (# 6904)%0A > 999eead More EventType v1beta2 work (# 6903)%0A > 66e8257 Remove sanitize HTTP body for `knativeerrordata` extension (# 6902) Signed-off-by: Knative Automation <automation@knative.team>
2023-05-09 00:34:26 -04:00 · 2023-05-09 00:34:26 -04:00 · 2dda005e4d
parent 89b599df24
commit 2dda005e4d
10 changed files with 156 additions and 22 deletions
--- a/go.mod
+++ b/go.mod
@ -46,10 +46,10 @@ require (
 	k8s.io/apimachinery v0.26.1
 	k8s.io/client-go v1.5.2
 	knative.dev/client-pkg v0.0.0-20230501131754-e5c405e16e90
-	knative.dev/eventing v0.37.1-0.20230502055954-cd50d2786189
+	knative.dev/eventing v0.37.1-0.20230508163901-24fbfe500ce6
 	knative.dev/hack v0.0.0-20230501013555-7d81248b4638
-	knative.dev/pkg v0.0.0-20230501013355-904966742b58
-	knative.dev/serving v0.37.1-0.20230502120354-5e056a02c3e3
+	knative.dev/pkg v0.0.0-20230502134655-db8a35330281
+	knative.dev/serving v0.37.1-0.20230508184426-219285e2e258
 )

 require (
@ -237,7 +237,7 @@ require (
 	k8s.io/klog/v2 v2.90.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20230123231816-1cb3ae25d79a // indirect
 	k8s.io/utils v0.0.0-20230115233650-391b47cb4029 // indirect
-	knative.dev/networking v0.0.0-20230428120551-68725bdd1056 // indirect
+	knative.dev/networking v0.0.0-20230504184058-77975a12b2ee // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kustomize/api v0.12.1 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect
--- a/go.sum
+++ b/go.sum
@ -2529,16 +2529,16 @@ k8s.io/utils v0.0.0-20230115233650-391b47cb4029 h1:L8zDtT4jrxj+TaQYD0k8KNlr556Wa
 k8s.io/utils v0.0.0-20230115233650-391b47cb4029/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 knative.dev/client-pkg v0.0.0-20230501131754-e5c405e16e90 h1:1QBZWaLkXsKD2RR0WlEHNt26v7NJt0qLXBJk0/EPlKg=
 knative.dev/client-pkg v0.0.0-20230501131754-e5c405e16e90/go.mod h1:oYnznlTBCj/bVEHo5vUSM/VS3oDFNJKDmH5+k1aC9/8=
-knative.dev/eventing v0.37.1-0.20230502055954-cd50d2786189 h1:Nr8uXYt/248ePURdrr36gL5dQCFDChsUU3S5QL7TkbM=
-knative.dev/eventing v0.37.1-0.20230502055954-cd50d2786189/go.mod h1:jkRCS2JQWe9hzRRuzx5GnWZ43xowbWHPntoCNsnmsV0=
+knative.dev/eventing v0.37.1-0.20230508163901-24fbfe500ce6 h1:9Fk+qYI8hcQ1iQriGGXnispS7j7V/dA4yo9pTkrh8ro=
+knative.dev/eventing v0.37.1-0.20230508163901-24fbfe500ce6/go.mod h1:NP5X/LwAkZdoJKI4QWFzIYJxcZVRhVqd25Om9cCV4/Y=
 knative.dev/hack v0.0.0-20230501013555-7d81248b4638 h1:9IuXHdwp5jNmIg+0LVTQr8o4u0FYD99uCfynM9tS0XY=
 knative.dev/hack v0.0.0-20230501013555-7d81248b4638/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
-knative.dev/networking v0.0.0-20230428120551-68725bdd1056 h1:zLfvZYdTmyaXD0q+nP3mAzxFdJPy/3+/Gry+PC0nsto=
-knative.dev/networking v0.0.0-20230428120551-68725bdd1056/go.mod h1:RCR6mSg74zrog/ZYLI7/ZPJOWGQsADOZXqDOeXeOCQw=
-knative.dev/pkg v0.0.0-20230501013355-904966742b58 h1:A8F5gaIpL34Zh746M2q7HEI2+wLulYMMNrFuetRwymM=
-knative.dev/pkg v0.0.0-20230501013355-904966742b58/go.mod h1:2qWPP9Gjh9Q7ETti+WRHnBnGCSCq+6q7m3p/nmUQviE=
-knative.dev/serving v0.37.1-0.20230502120354-5e056a02c3e3 h1:V2MaraMfol2QDA5bWtRF/hnP+bdtIsox4AmJrza3D+g=
-knative.dev/serving v0.37.1-0.20230502120354-5e056a02c3e3/go.mod h1:NkU1AjyCOjWMPFQHLttabjE4FXndH8u5a+rBca+bJw8=
+knative.dev/networking v0.0.0-20230504184058-77975a12b2ee h1:d2dytSnwikNVtttk/lTjn7t6A9447DkUXADHR+zLOdU=
+knative.dev/networking v0.0.0-20230504184058-77975a12b2ee/go.mod h1:OG9AEepHd3dofzrkzb0IelqN5uzu10RjbSdhl5UruSE=
+knative.dev/pkg v0.0.0-20230502134655-db8a35330281 h1:9mN8O5XO68DKlkzEhFAShUx+O/I+TQR71vmTvYt8oF4=
+knative.dev/pkg v0.0.0-20230502134655-db8a35330281/go.mod h1:2qWPP9Gjh9Q7ETti+WRHnBnGCSCq+6q7m3p/nmUQviE=
+knative.dev/serving v0.37.1-0.20230508184426-219285e2e258 h1:lT0bOZsyip5ACQ8AG1TyHg4V2yncDQCoy8MC6SbdMVE=
+knative.dev/serving v0.37.1-0.20230508184426-219285e2e258/go.mod h1:LaiMt6wVwLU2i81MJSUh3LCHCBjCYuT9EY2ssY1oFlw=
 modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
 modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
 modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
--- a/vendor/knative.dev/eventing/pkg/apis/eventing/v1/broker_lifecycle.go
+++ b/vendor/knative.dev/eventing/pkg/apis/eventing/v1/broker_lifecycle.go
@ -81,6 +81,7 @@ func (bs *BrokerStatus) SetAddress(url *apis.URL) {

 	if url != nil {
 		bs.GetConditionSet().Manage(bs).MarkTrue(BrokerConditionAddressable)
+		bs.AddressStatus.Address.Name = &url.Scheme
 	} else {
 		bs.GetConditionSet().Manage(bs).MarkFalse(BrokerConditionAddressable, "nil URL", "URL is nil")
 	}
--- a/vendor/knative.dev/eventing/pkg/apis/eventing/v1beta1/eventtype_conversion.go
+++ b/vendor/knative.dev/eventing/pkg/apis/eventing/v1beta1/eventtype_conversion.go
@ -18,17 +18,55 @@ package v1beta1

 import (
 	"context"
-	"fmt"
+
+	"knative.dev/eventing/pkg/apis/eventing/v1beta2"

 	"knative.dev/pkg/apis"
 )

 // ConvertTo implements apis.Convertible
-func (source *EventType) ConvertTo(ctx context.Context, to apis.Convertible) error {
-	return fmt.Errorf("v1beta1 is the highest known version, got: %T", to)
+func (source *EventType) ConvertTo(ctx context.Context, obj apis.Convertible) error {
+	switch sink := obj.(type) {
+	case *v1beta2.EventType:
+		sink.ObjectMeta = source.ObjectMeta
+		sink.Status = v1beta2.EventTypeStatus{
+			Status: source.Status.Status,
+		}
+		sink.Spec = v1beta2.EventTypeSpec{
+			Type:        source.Spec.Type,
+			Source:      source.Spec.Source,
+			Schema:      source.Spec.Schema,
+			SchemaData:  source.Spec.SchemaData,
+			Broker:      source.Spec.Broker,
+			Description: source.Spec.Description,
+		}
+
+		return nil
+	default:
+		return apis.ConvertToViaProxy(ctx, source, &v1beta2.EventType{}, sink)
+	}
 }

 // ConvertFrom implements apis.Convertible
-func (sink *EventType) ConvertFrom(ctx context.Context, from apis.Convertible) error {
-	return fmt.Errorf("v1beta1 is the highest known version, got: %T", from)
+func (sink *EventType) ConvertFrom(ctx context.Context, obj apis.Convertible) error {
+	switch source := obj.(type) {
+	case *v1beta2.EventType:
+		sink.ObjectMeta = source.ObjectMeta
+		sink.Status = EventTypeStatus{
+			Status: source.Status.Status,
+		}
+
+		sink.Spec = EventTypeSpec{
+			Type:        source.Spec.Type,
+			Source:      source.Spec.Source,
+			Schema:      source.Spec.Schema,
+			SchemaData:  source.Spec.SchemaData,
+			Broker:      source.Spec.Broker,
+			Description: source.Spec.Description,
+		}
+
+		return nil
+	default:
+		return apis.ConvertFromViaProxy(ctx, source, &v1beta2.EventType{}, sink)
+	}
 }
--- a/vendor/knative.dev/eventing/pkg/apis/feature/features.go
+++ b/vendor/knative.dev/eventing/pkg/apis/feature/features.go
@ -71,6 +71,11 @@ func (e Flags) IsStrictTransportEncryption() bool {
 	return e != nil && e[TransportEncryption] == Strict
 }

+// IsDisbledTransportEncryption returns true if the TransportEncryption feature is in Disabled mode.
+func (e Flags) IsDisbledTransportEncryption() bool {
+	return e != nil && e[TransportEncryption] == Disabled
+}
+
 // NewFlagsConfigFromMap creates a Flags from the supplied Map
 func NewFlagsConfigFromMap(data map[string]string) (Flags, error) {
 	flags := Flags{}
--- a/vendor/knative.dev/eventing/pkg/apis/messaging/v1/in_memory_channel_lifecycle.go
+++ b/vendor/knative.dev/eventing/pkg/apis/messaging/v1/in_memory_channel_lifecycle.go
@ -20,6 +20,7 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/utils/pointer"
 	"knative.dev/pkg/apis"
 	v1 "knative.dev/pkg/apis/duck/v1"
 )
@ -99,6 +100,7 @@ func (imcs *InMemoryChannelStatus) InitializeConditions() {
 func (imcs *InMemoryChannelStatus) SetAddress(url *apis.URL) {
 	imcs.Address = &v1.Addressable{URL: url}
 	if url != nil {
+		imcs.Address.Name = pointer.String(url.Scheme)
 		imcCondSet.Manage(imcs).MarkTrue(InMemoryChannelConditionAddressable)
 	} else {
 		imcCondSet.Manage(imcs).MarkFalse(InMemoryChannelConditionAddressable, "emptyHostname", "hostname is the empty string")
--- a/vendor/knative.dev/networking/pkg/config/config.go
+++ b/vendor/knative.dev/networking/pkg/config/config.go
@ -68,7 +68,18 @@ const (

 	// ServingInternalCertName is the name of secret contains certificates in serving
 	// system namespace.
+	//
+	// Deprecated: ServingInternalCertName is deprecated.
+	// (use ServingControlCertName or ServingRoutingCertName instead)
 	ServingInternalCertName = "knative-serving-certs"
+
+	// ServingRoutingCertName is the name of secret contains certificates for Routing data in serving
+	// system namespace. (Used by Ingress GWs and Activator)
+	ServingRoutingCertName = "routing-serving-certs"
+
+	// ServingControlCertName is the name of secret contains certificates for Control data in serving
+	// system namespace. (Used by Autoscaler and Ingress control for example)
+	ServingControlCertName = "control-serving-certs"
 )

 // Config Keys
@ -122,9 +133,39 @@ const (
 	// hostname for a Route's tag.
 	TagTemplateKey = "tag-template"

+	// InternalEncryptionKey is deprecated and replaced by InternalDataplaneTrustKey and internal-controlplane-trust
 	// InternalEncryptionKey is the name of the configuration whether
 	// internal traffic is encrypted or not.
 	InternalEncryptionKey = "internal-encryption"
+
+	// DataplaneTrustKey is the name of the configuration entry
+	// defining the level of trust used for data plane traffic.
+	DataplaneTrustKey = "dataplane-trust"
+
+	// ControlplaneTrustKey is the name of the configuration entry
+	// defining the level of trust used for control plane traffic.
+	ControlplaneTrustKey = "controlplane-trust"
+)
+
+// HTTPProtocol indicates a type of HTTP endpoint behavior
+// that Knative ingress could take.
+type Trust string
+
+const (
+	// TrustDisabled - TLS not used
+	TrustDisabled Trust = "disabled"
+
+	// TrustMinimal - TLS used. We verify that the server is using Knative certificates
+	TrustMinimal Trust = "minimal"
+
+	// TrustEnabled - TLS used. We verify that the server is using Knative certificates of the right namespace
+	TrustEnabled Trust = "enabled"
+
+	// TrustMutual - same as TrustEnabled and we also verify the identity of the client.
+	TrustMutual Trust = "mutual"
+
+	// TrustIdentity - same as TrustMutual and we also add a trusted sender identity to the message.
+	TrustIdentity Trust = "identity"
 )

 // HTTPProtocol indicates a type of HTTP endpoint behavior
@ -251,8 +292,15 @@ type Config struct {
 	// not enabled. Defaults to "http".
 	DefaultExternalScheme string

-	// DefaultExternal specifies whether internal traffic is encrypted or not.
+	// Deprecated - replaced with InternalDataplaneTrust and InternalControlplaneTrust
+	// InternalEncryption specifies whether internal traffic is encrypted or not.
 	InternalEncryption bool
+
+	// DataplaneTrust specifies the level of trust used for date plane.
+	DataplaneTrust Trust
+
+	// ControlplaneTrust specifies the level of trust used for control plane.
+	ControlplaneTrust Trust
 }

 func defaultConfig() *Config {
@ -268,6 +316,8 @@ func defaultConfig() *Config {
 		DefaultExternalScheme:         "http",
 		MeshCompatibilityMode:         MeshCompatibilityModeAuto,
 		InternalEncryption:            false,
+		DataplaneTrust:                TrustDisabled,
+		ControlplaneTrust:             TrustDisabled,
 	}
 }

@ -351,6 +401,34 @@ func NewConfigFromMap(data map[string]string) (*Config, error) {
 		return nil, fmt.Errorf("httpProtocol %s in config-network ConfigMap is not supported", data[HTTPProtocolKey])
 	}

+	switch strings.ToLower(data[DataplaneTrustKey]) {
+	case "", string(TrustDisabled):
+		// If DataplaneTrus is not set in the config-network, default is already
+		// set to TrustDisabled.
+	case string(TrustMinimal):
+		nc.DataplaneTrust = TrustMinimal
+	case string(TrustEnabled):
+		nc.DataplaneTrust = TrustEnabled
+	case string(TrustMutual):
+		nc.DataplaneTrust = TrustMutual
+	case string(TrustIdentity):
+		nc.DataplaneTrust = TrustIdentity
+	default:
+		return nil, fmt.Errorf("DataplaneTrust %q in config-network ConfigMap is not supported", data[DataplaneTrustKey])
+	}
+
+	switch strings.ToLower(data[ControlplaneTrustKey]) {
+	case "", string(TrustDisabled):
+		// If ControlplaneTrust is not set in the config-network, default is already
+		// set to TrustDisabled.
+	case string(TrustEnabled):
+		nc.ControlplaneTrust = TrustEnabled
+	case string(TrustMutual):
+		nc.ControlplaneTrust = TrustMutual
+	default:
+		return nil, fmt.Errorf("ControlplaneTrust %q in config-network ConfigMap is not supported", data[ControlplaneTrustKey])
+	}
+
 	return nc, nil
 }

--- a/vendor/knative.dev/pkg/apis/duck/v1/source_types.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1/source_types.go
@ -84,6 +84,11 @@ type SourceStatus struct {
 	// as part of its CloudEvents.
 	// +optional
 	CloudEventAttributes []CloudEventAttributes `json:"ceAttributes,omitempty"`
+
+	// SinkCACerts are Certification Authority (CA) certificates in PEM format
+	// according to https://www.rfc-editor.org/rfc/rfc7468.
+	// +optional
+	SinkCACerts *string `json:"sinkCACerts,omitempty"`
 }

 // CloudEventAttributes specifies the attributes that a Source
--- a/vendor/knative.dev/pkg/apis/duck/v1/zz_generated.deepcopy.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1/zz_generated.deepcopy.go
@ -630,6 +630,11 @@ func (in *SourceStatus) DeepCopyInto(out *SourceStatus) {
 		*out = make([]CloudEventAttributes, len(*in))
 		copy(*out, *in)
 	}
+	if in.SinkCACerts != nil {
+		in, out := &in.SinkCACerts, &out.SinkCACerts
+		*out = new(string)
+		**out = **in
+	}
 	return
 }

--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -1685,7 +1685,7 @@ knative.dev/client-pkg/pkg/serving/v1
 knative.dev/client-pkg/pkg/util
 knative.dev/client-pkg/pkg/util/test
 knative.dev/client-pkg/pkg/wait
-# knative.dev/eventing v0.37.1-0.20230502055954-cd50d2786189
+# knative.dev/eventing v0.37.1-0.20230508163901-24fbfe500ce6
 ## explicit; go 1.19
 knative.dev/eventing/pkg/apis/config
 knative.dev/eventing/pkg/apis/duck
@ -1709,7 +1709,7 @@ knative.dev/eventing/pkg/client/clientset/versioned/typed/eventing/v1
 # knative.dev/hack v0.0.0-20230501013555-7d81248b4638
 ## explicit; go 1.18
 knative.dev/hack
-# knative.dev/networking v0.0.0-20230428120551-68725bdd1056
+# knative.dev/networking v0.0.0-20230504184058-77975a12b2ee
 ## explicit; go 1.18
 knative.dev/networking/pkg
 knative.dev/networking/pkg/apis/networking
@ -1721,7 +1721,7 @@ knative.dev/networking/pkg/http/probe
 knative.dev/networking/pkg/http/proxy
 knative.dev/networking/pkg/http/stats
 knative.dev/networking/pkg/k8s
-# knative.dev/pkg v0.0.0-20230501013355-904966742b58
+# knative.dev/pkg v0.0.0-20230502134655-db8a35330281
 ## explicit; go 1.18
 knative.dev/pkg/apis
 knative.dev/pkg/apis/duck
@ -1764,7 +1764,7 @@ knative.dev/pkg/tracing/propagation
 knative.dev/pkg/tracing/propagation/tracecontextb3
 knative.dev/pkg/tracker
 knative.dev/pkg/webhook/resourcesemantics
-# knative.dev/serving v0.37.1-0.20230502120354-5e056a02c3e3
+# knative.dev/serving v0.37.1-0.20230508184426-219285e2e258
 ## explicit; go 1.18
 knative.dev/serving/pkg/apis/autoscaling
 knative.dev/serving/pkg/apis/autoscaling/v1alpha1