From 5808f8c9a6328058ad37b7e49b0730dfdfa0ad01 Mon Sep 17 00:00:00 2001 From: Knative Automation Date: Thu, 26 Sep 2024 13:30:30 +0000 Subject: [PATCH] upgrade to latest dependencies bumping knative.dev/pkg aabe552...c4843b7: > c4843b7 Give users the ability to disable namespace ownership of webhook configurations (# 3095) > 28b58b8 Use istio.sidecar.inject label instead of annotation (# 3096) bumping knative.dev/eventing 2869c6c...e7fca76: > e7fca76 Add Istio inject label (# 8205) > 641cbb7 Remove scheduler `wait`s to speed up recovery time (# 8200) Signed-off-by: Knative Automation --- go.mod | 4 ++-- go.sum | 8 ++++---- .../pkg/webhook/configmaps/configmaps.go | 17 ++++++++++------- .../pkg/webhook/configmaps/controller.go | 5 +++-- .../defaulting/controller.go | 7 ++++--- .../defaulting/defaulting.go | 17 ++++++++++------- .../validation/controller.go | 7 ++++--- .../validation/reconcile_config.go | 19 +++++++++++-------- vendor/knative.dev/pkg/webhook/webhook.go | 4 ++++ vendor/modules.txt | 4 ++-- 10 files changed, 54 insertions(+), 38 deletions(-) diff --git a/go.mod b/go.mod index 213a83e8..8fa89b0a 100644 --- a/go.mod +++ b/go.mod @@ -9,9 +9,9 @@ require ( k8s.io/api v0.30.3 k8s.io/apimachinery v0.30.3 k8s.io/client-go v0.30.3 - knative.dev/eventing v0.42.1-0.20240920101414-2869c6c6773e + knative.dev/eventing v0.42.1-0.20240926123447-e7fca7646f4a knative.dev/hack v0.0.0-20240909014011-fc6a8452af6d - knative.dev/pkg v0.0.0-20240923063442-aabe552ba5e6 + knative.dev/pkg v0.0.0-20240926013127-c4843b746d24 ) require ( diff --git a/go.sum b/go.sum index f112aa7c..083791bc 100644 --- a/go.sum +++ b/go.sum @@ -648,12 +648,12 @@ k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 h1:1Wof1cGQgA5pqgo8MxKPtf k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8/go.mod h1:Os6V6dZwLNii3vxFpxcNaTmH8LJJBkOTg1N0tOA0fvA= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/eventing v0.42.1-0.20240920101414-2869c6c6773e h1:Dtofpi/9NAluYE31UdAdBy1twTDVZv8juoo0M71vIP4= -knative.dev/eventing v0.42.1-0.20240920101414-2869c6c6773e/go.mod h1:CguA8wPeeeED9ZIAJ+NqCo8fGj1W3gkEvTQs7Enk/oo= +knative.dev/eventing v0.42.1-0.20240926123447-e7fca7646f4a h1:HnJ8kus8avX0oMuzA1K3mKKV+mZJ32kJGqvtIYcoeEw= +knative.dev/eventing v0.42.1-0.20240926123447-e7fca7646f4a/go.mod h1:CguA8wPeeeED9ZIAJ+NqCo8fGj1W3gkEvTQs7Enk/oo= knative.dev/hack v0.0.0-20240909014011-fc6a8452af6d h1:mgROhGJG3+g0SBkaG4Y2HxrIOLN3ZZcN4+IFZla+Zqs= knative.dev/hack v0.0.0-20240909014011-fc6a8452af6d/go.mod h1:R0ritgYtjLDO9527h5vb5X6gfvt5LCrJ55BNbVDsWiY= -knative.dev/pkg v0.0.0-20240923063442-aabe552ba5e6 h1:3x7jZIppPg3PYUPq+tMUdfW1BIz1Do7Y/gWopZZKfg8= -knative.dev/pkg v0.0.0-20240923063442-aabe552ba5e6/go.mod h1:IQi7fVFvQa6UpNnSpzlAiNPMtTvIj4MHj4vSD/PulCE= +knative.dev/pkg v0.0.0-20240926013127-c4843b746d24 h1:NJLvfA38IlzdSxNi5//yEpKeZBPezyQZA4SCcoMjC9o= +knative.dev/pkg v0.0.0-20240926013127-c4843b746d24/go.mod h1:IQi7fVFvQa6UpNnSpzlAiNPMtTvIj4MHj4vSD/PulCE= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/vendor/knative.dev/pkg/webhook/configmaps/configmaps.go b/vendor/knative.dev/pkg/webhook/configmaps/configmaps.go index d7d37b8e..aa478792 100644 --- a/vendor/knative.dev/pkg/webhook/configmaps/configmaps.go +++ b/vendor/knative.dev/pkg/webhook/configmaps/configmaps.go @@ -58,7 +58,8 @@ type reconciler struct { vwhlister admissionlisters.ValidatingWebhookConfigurationLister secretlister corelisters.SecretLister - secretName string + secretName string + disableNamespaceOwnership bool } var ( @@ -138,13 +139,15 @@ func (ac *reconciler) reconcileValidatingWebhook(ctx context.Context, caCert []b webhook := configuredWebhook.DeepCopy() - // Set the owner to namespace. - ns, err := ac.client.CoreV1().Namespaces().Get(ctx, system.Namespace(), metav1.GetOptions{}) - if err != nil { - return fmt.Errorf("failed to fetch namespace: %w", err) + if !ac.disableNamespaceOwnership { + // Set the owner to namespace. + ns, err := ac.client.CoreV1().Namespaces().Get(ctx, system.Namespace(), metav1.GetOptions{}) + if err != nil { + return fmt.Errorf("failed to fetch namespace: %w", err) + } + nsRef := *metav1.NewControllerRef(ns, corev1.SchemeGroupVersion.WithKind("Namespace")) + webhook.OwnerReferences = []metav1.OwnerReference{nsRef} } - nsRef := *metav1.NewControllerRef(ns, corev1.SchemeGroupVersion.WithKind("Namespace")) - webhook.OwnerReferences = []metav1.OwnerReference{nsRef} for i, wh := range webhook.Webhooks { if wh.Name != webhook.Name { diff --git a/vendor/knative.dev/pkg/webhook/configmaps/controller.go b/vendor/knative.dev/pkg/webhook/configmaps/controller.go index 9c2aae49..80ab3cab 100644 --- a/vendor/knative.dev/pkg/webhook/configmaps/controller.go +++ b/vendor/knative.dev/pkg/webhook/configmaps/controller.go @@ -60,8 +60,9 @@ func NewAdmissionController( key: key, path: path, - constructors: make(map[string]reflect.Value), - secretName: options.SecretName, + constructors: make(map[string]reflect.Value), + secretName: options.SecretName, + disableNamespaceOwnership: options.DisableNamespaceOwnership, client: client, vwhlister: vwhInformer.Lister(), diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go index c7f9bb13..4e509d7a 100644 --- a/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go +++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go @@ -100,9 +100,10 @@ func newController(ctx context.Context, name string, optsFunc ...OptionFunc) *co handlers: opts.types, callbacks: opts.callbacks, - withContext: opts.wc, - disallowUnknownFields: opts.disallowUnknownFields, - secretName: wopts.SecretName, + withContext: opts.wc, + disallowUnknownFields: opts.disallowUnknownFields, + secretName: wopts.SecretName, + disableNamespaceOwnership: wopts.DisableNamespaceOwnership, client: client, mwhlister: mwhInformer.Lister(), diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/defaulting.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/defaulting.go index 4140ec71..6aa08b4b 100644 --- a/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/defaulting.go +++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/defaulting.go @@ -69,8 +69,9 @@ type reconciler struct { mwhlister admissionlisters.MutatingWebhookConfigurationLister secretlister corelisters.SecretLister - disallowUnknownFields bool - secretName string + disallowUnknownFields bool + secretName string + disableNamespaceOwnership bool } // CallbackFunc is the function to be invoked. @@ -218,12 +219,14 @@ func (ac *reconciler) reconcileMutatingWebhook(ctx context.Context, caCert []byt current := configuredWebhook.DeepCopy() - ns, err := ac.client.CoreV1().Namespaces().Get(ctx, system.Namespace(), metav1.GetOptions{}) - if err != nil { - return fmt.Errorf("failed to fetch namespace: %w", err) + if !ac.disableNamespaceOwnership { + ns, err := ac.client.CoreV1().Namespaces().Get(ctx, system.Namespace(), metav1.GetOptions{}) + if err != nil { + return fmt.Errorf("failed to fetch namespace: %w", err) + } + nsRef := *metav1.NewControllerRef(ns, corev1.SchemeGroupVersion.WithKind("Namespace")) + current.OwnerReferences = []metav1.OwnerReference{nsRef} } - nsRef := *metav1.NewControllerRef(ns, corev1.SchemeGroupVersion.WithKind("Namespace")) - current.OwnerReferences = []metav1.OwnerReference{nsRef} for i, wh := range current.Webhooks { if wh.Name != current.Name { diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go index f24b3679..c8afa5c1 100644 --- a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go +++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go @@ -86,9 +86,10 @@ func newController(ctx context.Context, name string, optsFunc ...OptionFunc) *co handlers: opts.types, callbacks: opts.callbacks, - withContext: opts.wc, - disallowUnknownFields: opts.DisallowUnknownFields(), - secretName: woptions.SecretName, + withContext: opts.wc, + disallowUnknownFields: opts.DisallowUnknownFields(), + secretName: woptions.SecretName, + disableNamespaceOwnership: woptions.DisableNamespaceOwnership, client: client, vwhlister: vwhInformer.Lister(), diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/reconcile_config.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/reconcile_config.go index afbc45c0..9f3114d4 100644 --- a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/reconcile_config.go +++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/reconcile_config.go @@ -60,8 +60,9 @@ type reconciler struct { vwhlister admissionlisters.ValidatingWebhookConfigurationLister secretlister corelisters.SecretLister - disallowUnknownFields bool - secretName string + disallowUnknownFields bool + secretName string + disableNamespaceOwnership bool } var ( @@ -193,13 +194,15 @@ func (ac *reconciler) reconcileValidatingWebhook(ctx context.Context, caCert []b current := configuredWebhook.DeepCopy() - // Set the owner to namespace. - ns, err := ac.client.CoreV1().Namespaces().Get(ctx, system.Namespace(), metav1.GetOptions{}) - if err != nil { - return fmt.Errorf("failed to fetch namespace: %w", err) + if !ac.disableNamespaceOwnership { + // Set the owner to namespace. + ns, err := ac.client.CoreV1().Namespaces().Get(ctx, system.Namespace(), metav1.GetOptions{}) + if err != nil { + return fmt.Errorf("failed to fetch namespace: %w", err) + } + nsRef := *metav1.NewControllerRef(ns, corev1.SchemeGroupVersion.WithKind("Namespace")) + current.OwnerReferences = []metav1.OwnerReference{nsRef} } - nsRef := *metav1.NewControllerRef(ns, corev1.SchemeGroupVersion.WithKind("Namespace")) - current.OwnerReferences = []metav1.OwnerReference{nsRef} for i, wh := range current.Webhooks { if wh.Name != current.Name { diff --git a/vendor/knative.dev/pkg/webhook/webhook.go b/vendor/knative.dev/pkg/webhook/webhook.go index e05c6f04..1b90e75f 100644 --- a/vendor/knative.dev/pkg/webhook/webhook.go +++ b/vendor/knative.dev/pkg/webhook/webhook.go @@ -81,6 +81,10 @@ type Options struct { // before shutting down. GracePeriod time.Duration + // DisableNamespaceOwnership configures whether the webhook adds an owner reference for the SYSTEM_NAMESPACE + // Disabling this is useful when you expect the webhook configuration to be managed by something other than knative + DisableNamespaceOwnership bool + // ControllerOptions encapsulates options for creating a new controller, // including throttling and stats behavior. ControllerOptions *controller.ControllerOptions diff --git a/vendor/modules.txt b/vendor/modules.txt index c5926781..904fb6a4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -863,7 +863,7 @@ k8s.io/utils/pointer k8s.io/utils/ptr k8s.io/utils/strings/slices k8s.io/utils/trace -# knative.dev/eventing v0.42.1-0.20240920101414-2869c6c6773e +# knative.dev/eventing v0.42.1-0.20240926123447-e7fca7646f4a ## explicit; go 1.22.0 knative.dev/eventing/pkg/apis/config knative.dev/eventing/pkg/apis/duck @@ -882,7 +882,7 @@ knative.dev/eventing/pkg/eventingtls # knative.dev/hack v0.0.0-20240909014011-fc6a8452af6d ## explicit; go 1.21 knative.dev/hack -# knative.dev/pkg v0.0.0-20240923063442-aabe552ba5e6 +# knative.dev/pkg v0.0.0-20240926013127-c4843b746d24 ## explicit; go 1.22.0 knative.dev/pkg/apis knative.dev/pkg/apis/duck