upgrade to latest dependencies (#1686)

bumping knative.dev/client-pkg e1f3e9a...e75f12e:%0A > e75f12e upgrade to latest dependencies (# 98)%0A > 3bb19d6 upgrade to latest dependencies (# 93)%0Abumping knative.dev/serving 4db179f...84fa64c:%0A > 84fa64c Update data-plane Secrets (# 13859)%0A > 22783d6 Deployment probe fixes (# 13885)%0A > 113616b add support for downwardAPI in projected volumes (# 13896)%0A > 55f8dd7 upgrade to latest dependencies (# 13912)%0A > b2a416f Update net-gateway-api nightly (# 13907)%0A > 91ac3b3 Update net-certmanager nightly (# 13904)%0A > 787ac48 Update net-istio nightly (# 13902)%0A > d315f71 Update net-contour nightly (# 13903)%0A > b38ef3a Update net-istio nightly (# 13899)%0A > b9b9d13 Update net-contour nightly (# 13900)%0A > 9530fe9 Update net-certmanager nightly (# 13897)%0A > 12bd205 Update net-kourier nightly (# 13898)%0Abumping knative.dev/networking 750a9e4...e5d04e8:%0A > e5d04e8 upgrade to latest dependencies (# 796)%0A > 62fd5d0 Update actions (# 793)%0A > b77b4a6 Bump Go version in github action (# 795)%0Abumping knative.dev/eventing cc3d254...034bec9:%0A > 034bec9 [main] Upgrade to latest dependencies (# 6888)%0A > 4c2a3aa Bump Go to 1.20 in GH workflows (# 6882)%0A > 825a2b5 Create Cert-Manager resources (# 6849)%0A > 193f2df Eventing TLS: support `K_CA_CERTS` in adapter/v2 (# 6848) Signed-off-by: Knative Automation <automation@knative.team>
2023-04-25 10:04:45 -04:00 · 2023-04-25 10:04:45 -04:00 · 88b36341ff
parent 5dc18a1cd6
commit 88b36341ff
6 changed files with 82 additions and 23 deletions
--- a/go.mod
+++ b/go.mod
@ -45,11 +45,11 @@ require (
 	k8s.io/api v0.26.1
 	k8s.io/apimachinery v0.26.1
 	k8s.io/client-go v1.5.2
-	knative.dev/client-pkg v0.0.0-20230413132753-e1f3e9aba1f4
-	knative.dev/eventing v0.36.1-0.20230418085055-cc3d254d555c
+	knative.dev/client-pkg v0.0.0-20230424160443-e75f12ea9fa0
+	knative.dev/eventing v0.36.1-0.20230425111243-034bec97c9c5
 	knative.dev/hack v0.0.0-20230417170854-f591fea109b3
 	knative.dev/pkg v0.0.0-20230418073056-dfad48eaa5d0
-	knative.dev/serving v0.36.1-0.20230418074055-4db179fe5a37
+	knative.dev/serving v0.36.1-0.20230425124544-84fa64c75bd3
 )

 require (
@ -237,7 +237,7 @@ require (
 	k8s.io/klog/v2 v2.90.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20230123231816-1cb3ae25d79a // indirect
 	k8s.io/utils v0.0.0-20230115233650-391b47cb4029 // indirect
-	knative.dev/networking v0.0.0-20230412014752-750a9e4f13f1 // indirect
+	knative.dev/networking v0.0.0-20230419144338-e5d04e805e50 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kustomize/api v0.12.1 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect
--- a/go.sum
+++ b/go.sum
@ -2527,18 +2527,18 @@ k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/
 k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20230115233650-391b47cb4029 h1:L8zDtT4jrxj+TaQYD0k8KNlr556WaVQylDXswKmX+dE=
 k8s.io/utils v0.0.0-20230115233650-391b47cb4029/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/client-pkg v0.0.0-20230413132753-e1f3e9aba1f4 h1:hDRpPm4Qsm+UIF+bwyWCXWq/7yfRi5+syU4R44lWa4w=
-knative.dev/client-pkg v0.0.0-20230413132753-e1f3e9aba1f4/go.mod h1:ay34oweJk5AiUQ2XuZ9VxoQYwFmSjUDEYxklv6USy1M=
-knative.dev/eventing v0.36.1-0.20230418085055-cc3d254d555c h1:9XRvapQa0EA2Gu92v3JMsW0eiF2ZTEBPx5wvBCDKcHw=
-knative.dev/eventing v0.36.1-0.20230418085055-cc3d254d555c/go.mod h1:LxPAmS/FakpbFZvC4kkBuV6QSL5EyhwQYV62XLQQaQw=
+knative.dev/client-pkg v0.0.0-20230424160443-e75f12ea9fa0 h1:XLYexGE1Z26CVgbIBWjdvDAkcxVJd5MKeyfFwB/wsNc=
+knative.dev/client-pkg v0.0.0-20230424160443-e75f12ea9fa0/go.mod h1:lLJ4XAczLp1b6suYh2VWOaDeoRHA9l89jBRhFs9fNv0=
+knative.dev/eventing v0.36.1-0.20230425111243-034bec97c9c5 h1:8p2IP/if3Ot/DgvJrc96UJh9OcKa5lS1gJ9Rgv79dLE=
+knative.dev/eventing v0.36.1-0.20230425111243-034bec97c9c5/go.mod h1:62baPXiw5GPpPyV3f0GF64X7tOjc5x9cg64RAh1gjs4=
 knative.dev/hack v0.0.0-20230417170854-f591fea109b3 h1:+W4WBOq83tfGXKhtv8OB/uJeYqze3zh69GKiz1ucuqk=
 knative.dev/hack v0.0.0-20230417170854-f591fea109b3/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
-knative.dev/networking v0.0.0-20230412014752-750a9e4f13f1 h1:ZkkzXLF+7tgcXh4VSEFEWSUT+Rzn0Umb95ximuw0/+o=
-knative.dev/networking v0.0.0-20230412014752-750a9e4f13f1/go.mod h1:Hk0NjXch4XbahSdWifEcoT/JX8Xyjk3MT3XbvAx0PLk=
+knative.dev/networking v0.0.0-20230419144338-e5d04e805e50 h1:X9rPBYr7Vrm075q0iXTr7/0oklkYoyqvlnrUwNzcUhI=
+knative.dev/networking v0.0.0-20230419144338-e5d04e805e50/go.mod h1:o2MyGpGfU5DoSAWCE2f/jnSC9GjGOplCslbA99yDkGo=
 knative.dev/pkg v0.0.0-20230418073056-dfad48eaa5d0 h1:EFQcoUo8I4bc+U3y6tR1B3ONYZSHWUdAfI7Vh7dae8g=
 knative.dev/pkg v0.0.0-20230418073056-dfad48eaa5d0/go.mod h1:2qWPP9Gjh9Q7ETti+WRHnBnGCSCq+6q7m3p/nmUQviE=
-knative.dev/serving v0.36.1-0.20230418074055-4db179fe5a37 h1:HPNbm9yYpDVn4rmAvi+Mom8Ibakh36ARjSlut0m7f3o=
-knative.dev/serving v0.36.1-0.20230418074055-4db179fe5a37/go.mod h1:JxH2HRtA7aApDHBGUGE0kG6l7ZkvVbJFgE+0V6djB3k=
+knative.dev/serving v0.36.1-0.20230425124544-84fa64c75bd3 h1:q/jrXiscC8F2fFQrCUI9MXrArL4qjpr9CdKKndOP7Ac=
+knative.dev/serving v0.36.1-0.20230425124544-84fa64c75bd3/go.mod h1:v0Xbfp7olb0Gljm5l4qNuLsIf8/2p1rIt/mphxvx1z0=
 modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
 modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
 modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
--- a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go
+++ b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go
@ -86,9 +86,8 @@ func VolumeProjectionMask(in *corev1.VolumeProjection) *corev1.VolumeProjection
 	out.ConfigMap = in.ConfigMap
 	out.ServiceAccountToken = in.ServiceAccountToken

-	// Disallowed fields
-	// This list is unnecessary, but added here for clarity
-	out.DownwardAPI = nil
+	// TODO(KauzClay): Should this be behind a feature flag like EmptyDir?
+	out.DownwardAPI = in.DownwardAPI

 	return out
 }
@ -147,6 +146,40 @@ func ServiceAccountTokenProjectionMask(in *corev1.ServiceAccountTokenProjection)
 	return out
 }

+// DownwardAPIProjectionMask performs a _shallow_ copy of the Kubernetes DownwardAPIProjection
+// object to a new Kubernetes DownwardAPIProjection object bringing over only the fields allowed
+// in the Knative API. This does not validate the contents or the bounds of the provided fields.
+func DownwardAPIProjectionMask(in *corev1.DownwardAPIProjection) *corev1.DownwardAPIProjection {
+	if in == nil {
+		return nil
+	}
+
+	out := new(corev1.DownwardAPIProjection)
+
+	out.Items = append(out.Items, in.Items...)
+
+	return out
+}
+
+// DownwardAPIVolumeFileMask performs a _shallow_ copy of the Kubernetes DownwardAPIVolumeFileMask
+// object to a new Kubernetes DownwardAPIVolumeFileMask object bringing over only the fields allowed
+// in the Knative API. This does not validate the contents or the bounds of the provided fields.
+func DownwardAPIVolumeFileMask(in *corev1.DownwardAPIVolumeFile) *corev1.DownwardAPIVolumeFile {
+	if in == nil {
+		return nil
+	}
+
+	out := new(corev1.DownwardAPIVolumeFile)
+
+	// Allowed fields
+	out.FieldRef = in.FieldRef
+	out.ResourceFieldRef = in.ResourceFieldRef
+	out.Path = in.Path
+	out.Mode = in.Mode
+
+	return out
+}
+
 // KeyToPathMask performs a _shallow_ copy of the Kubernetes KeyToPath
 // object to a new Kubernetes KeyToPath object bringing over only the fields allowed
 // in the Knative API. This does not validate the contents or the bounds of the provided fields.
--- a/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go
+++ b/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go
@ -196,8 +196,12 @@ func validateProjectedVolumeSource(vp corev1.VolumeProjection) *apis.FieldError
 		specified = append(specified, "serviceAccountToken")
 		errs = errs.Also(validateServiceAccountTokenProjection(vp.ServiceAccountToken).ViaField("serviceAccountToken"))
 	}
+	if vp.DownwardAPI != nil {
+		specified = append(specified, "downwardAPI")
+		errs = errs.Also(validateDownwardAPIProjection(vp.DownwardAPI).ViaField("downwardAPI"))
+	}
 	if len(specified) == 0 {
-		errs = errs.Also(apis.ErrMissingOneOf("secret", "configMap", "serviceAccountToken"))
+		errs = errs.Also(apis.ErrMissingOneOf("secret", "configMap", "serviceAccountToken", "downwardAPI"))
 	} else if len(specified) > 1 {
 		errs = errs.Also(apis.ErrMultipleOneOf(specified...))
 	}
@ -239,6 +243,28 @@ func validateServiceAccountTokenProjection(sp *corev1.ServiceAccountTokenProject
 	return errs
 }

+func validateDownwardAPIProjection(dapi *corev1.DownwardAPIProjection) *apis.FieldError {
+	errs := apis.CheckDisallowedFields(*dapi, *DownwardAPIProjectionMask(dapi))
+	for i := range dapi.Items {
+		errs = errs.Also(validateDownwardAPIVolumeFile(&dapi.Items[i]).ViaFieldIndex("items", i))
+	}
+	return errs
+}
+
+func validateDownwardAPIVolumeFile(vf *corev1.DownwardAPIVolumeFile) *apis.FieldError {
+	errs := apis.CheckDisallowedFields(*vf, *DownwardAPIVolumeFileMask(vf))
+	if vf.FieldRef == nil && vf.ResourceFieldRef == nil {
+		errs = errs.Also(apis.ErrMissingOneOf("fieldRef", "resourceFieldRef"))
+	}
+	if vf.FieldRef != nil && vf.ResourceFieldRef != nil {
+		errs = errs.Also(apis.ErrGeneric("Within a single item, cannot set both", "resourceFieldRef", "fieldRef"))
+	}
+	if vf.Path == "" {
+		errs = errs.Also(apis.ErrMissingField("path"))
+	}
+	return errs
+}
+
 func validateKeyToPath(k2p corev1.KeyToPath) *apis.FieldError {
 	errs := apis.CheckDisallowedFields(k2p, *KeyToPathMask(&k2p))
 	if k2p.Key == "" {
--- a/vendor/knative.dev/serving/pkg/networking/constants.go
+++ b/vendor/knative.dev/serving/pkg/networking/constants.go
@ -52,8 +52,8 @@ const (
 	// e.g. Public, Private.
 	ServiceTypeKey = networking.GroupName + "/serviceType"

-	// ServingCertName is used by the secret name for internal TLS as "namespace-${ServingCertName}".
-	// Also the secret name has the label with "${ServingCertName}: data-plane"
+	// ServingCertName is the secret name for internal TLS.
+	// Also the secret name has the label with "${ServingCertName}: data-plane-user"
 	ServingCertName = "serving-certs"
 )

--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -1671,7 +1671,7 @@ k8s.io/utils/net
 k8s.io/utils/pointer
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/client-pkg v0.0.0-20230413132753-e1f3e9aba1f4
+# knative.dev/client-pkg v0.0.0-20230424160443-e75f12ea9fa0
 ## explicit; go 1.18
 knative.dev/client-pkg/pkg/apis/client
 knative.dev/client-pkg/pkg/apis/client/v1alpha1
@ -1685,8 +1685,8 @@ knative.dev/client-pkg/pkg/serving/v1
 knative.dev/client-pkg/pkg/util
 knative.dev/client-pkg/pkg/util/test
 knative.dev/client-pkg/pkg/wait
-# knative.dev/eventing v0.36.1-0.20230418085055-cc3d254d555c
-## explicit; go 1.18
+# knative.dev/eventing v0.36.1-0.20230425111243-034bec97c9c5
+## explicit; go 1.19
 knative.dev/eventing/pkg/apis/config
 knative.dev/eventing/pkg/apis/duck
 knative.dev/eventing/pkg/apis/duck/v1
@ -1708,7 +1708,7 @@ knative.dev/eventing/pkg/client/clientset/versioned/typed/eventing/v1
 # knative.dev/hack v0.0.0-20230417170854-f591fea109b3
 ## explicit; go 1.18
 knative.dev/hack
-# knative.dev/networking v0.0.0-20230412014752-750a9e4f13f1
+# knative.dev/networking v0.0.0-20230419144338-e5d04e805e50
 ## explicit; go 1.18
 knative.dev/networking/pkg
 knative.dev/networking/pkg/apis/networking
@ -1763,7 +1763,7 @@ knative.dev/pkg/tracing/propagation
 knative.dev/pkg/tracing/propagation/tracecontextb3
 knative.dev/pkg/tracker
 knative.dev/pkg/webhook/resourcesemantics
-# knative.dev/serving v0.36.1-0.20230418074055-4db179fe5a37
+# knative.dev/serving v0.36.1-0.20230425124544-84fa64c75bd3
 ## explicit; go 1.18
 knative.dev/serving/pkg/apis/autoscaling
 knative.dev/serving/pkg/apis/autoscaling/v1alpha1