diff --git a/go.mod b/go.mod index 13a946833..9c6b2aa4b 100644 --- a/go.mod +++ b/go.mod @@ -20,9 +20,9 @@ require ( k8s.io/client-go v0.31.0 k8s.io/code-generator v0.31.0 k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 - knative.dev/eventing v0.42.1-0.20241016013536-6aa49dc1db88 + knative.dev/eventing v0.43.0 knative.dev/hack v0.0.0-20241010131451-05b2fb30cb4d - knative.dev/pkg v0.0.0-20241015082832-95b4b97567b5 + knative.dev/pkg v0.0.0-20241021183759-9b9d535af5ad knative.dev/reconciler-test v0.0.0-20241015093232-09111f0f1364 sigs.k8s.io/controller-runtime v0.19.0 ) diff --git a/go.sum b/go.sum index f3dd36910..ffac4d171 100644 --- a/go.sum +++ b/go.sum @@ -826,12 +826,12 @@ k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 h1:1Wof1cGQgA5pqgo8MxKPtf k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8/go.mod h1:Os6V6dZwLNii3vxFpxcNaTmH8LJJBkOTg1N0tOA0fvA= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/eventing v0.42.1-0.20241016013536-6aa49dc1db88 h1:Y50FB+2J5/DejNBre3klilKPmJFx31wv1OtTbpQUrjA= -knative.dev/eventing v0.42.1-0.20241016013536-6aa49dc1db88/go.mod h1:5+F5Htg4l8TMn2bb8sjCiFdojIFqrSPyUj81/VXIVdA= +knative.dev/eventing v0.43.0 h1:GELHZ0yYosMeV78l4alMsd7HJciEu6a3T2C5l7MPi3Y= +knative.dev/eventing v0.43.0/go.mod h1:pdrF+bEUfRkNn9ifWXS7DoVj5W31gA5KQVd8iwplXUo= knative.dev/hack v0.0.0-20241010131451-05b2fb30cb4d h1:aCfX7kwkvgGxXXGbso5tLqdwQmzBkJ9d+EIRwksKTvk= knative.dev/hack v0.0.0-20241010131451-05b2fb30cb4d/go.mod h1:R0ritgYtjLDO9527h5vb5X6gfvt5LCrJ55BNbVDsWiY= -knative.dev/pkg v0.0.0-20241015082832-95b4b97567b5 h1:0ZKQVzST2Y3nSud1hNzTYM+UhTHKOJLjSfmZmzjwpN4= -knative.dev/pkg v0.0.0-20241015082832-95b4b97567b5/go.mod h1:StJI72GWcm/iErmk4RqFJiOo8RLbVqPbHxUqeVwAzeo= +knative.dev/pkg v0.0.0-20241021183759-9b9d535af5ad h1:Nrjtr2H168rJeamH4QdyLMV1lEKHejNhaj1ymgQMfLk= +knative.dev/pkg v0.0.0-20241021183759-9b9d535af5ad/go.mod h1:StJI72GWcm/iErmk4RqFJiOo8RLbVqPbHxUqeVwAzeo= knative.dev/reconciler-test v0.0.0-20241015093232-09111f0f1364 h1:DIc+vbaFKOSGktPXJ1MaXIXoDjlmUIXQkHiZaPcYGbQ= knative.dev/reconciler-test v0.0.0-20241015093232-09111f0f1364/go.mod h1:PVRnK/YQo9s3foRtut00oAxvCPc9f/qV2PApZh/rMPw= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/vendor/knative.dev/pkg/webhook/configmaps/controller.go b/vendor/knative.dev/pkg/webhook/configmaps/controller.go index 80ab3cab1..277a47d08 100644 --- a/vendor/knative.dev/pkg/webhook/configmaps/controller.go +++ b/vendor/knative.dev/pkg/webhook/configmaps/controller.go @@ -46,6 +46,12 @@ func NewAdmissionController( secretInformer := secretinformer.Get(ctx) options := webhook.GetOptions(ctx) + // if this environment variable is set, it overrides the value in the Options + disableNamespaceOwnership := webhook.DisableNamespaceOwnershipFromEnv() + if disableNamespaceOwnership != nil { + options.DisableNamespaceOwnership = *disableNamespaceOwnership + } + key := types.NamespacedName{Name: name} wh := &reconciler{ diff --git a/vendor/knative.dev/pkg/webhook/env.go b/vendor/knative.dev/pkg/webhook/env.go index ffb757011..e622f5f97 100644 --- a/vendor/knative.dev/pkg/webhook/env.go +++ b/vendor/knative.dev/pkg/webhook/env.go @@ -32,6 +32,8 @@ const ( secretNameEnvKey = "WEBHOOK_SECRET_NAME" //nolint:gosec // This is not a hardcoded credential tlsMinVersionEnvKey = "WEBHOOK_TLS_MIN_VERSION" + + disableNamespaceOwnershipEnvKey = "WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP" ) // PortFromEnv returns the webhook port set by portEnvKey, or default port if env var is not set. @@ -82,3 +84,15 @@ func TLSMinVersionFromEnv(defaultTLSMinVersion uint16) uint16 { panic(fmt.Sprintf("the environment variable %q has to be either '1.2' or '1.3'", tlsMinVersionEnvKey)) } } + +func DisableNamespaceOwnershipFromEnv() *bool { + disableNamespaceOwnership := os.Getenv(disableNamespaceOwnershipEnvKey) + if disableNamespaceOwnership == "" { + return nil + } + disableNamespaceOwnershipBool, err := strconv.ParseBool(disableNamespaceOwnership) + if err != nil { + panic(fmt.Sprintf("failed to convert the environment variable %q : %v", disableNamespaceOwnershipEnvKey, err)) + } + return &disableNamespaceOwnershipBool +} diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go index 4e509d7a2..6a83b4784 100644 --- a/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go +++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go @@ -84,6 +84,12 @@ func newController(ctx context.Context, name string, optsFunc ...OptionFunc) *co f(opts) } + // if this environment variable is set, it overrides the value in the Options + disableNamespaceOwnership := webhook.DisableNamespaceOwnershipFromEnv() + if disableNamespaceOwnership != nil { + wopts.DisableNamespaceOwnership = *disableNamespaceOwnership + } + key := types.NamespacedName{Name: name} wh := &reconciler{ diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go index c8afa5c13..dc72b69d2 100644 --- a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go +++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go @@ -70,6 +70,12 @@ func newController(ctx context.Context, name string, optsFunc ...OptionFunc) *co f(opts) } + // if this environment variable is set, it overrides the value in the Options + disableNamespaceOwnership := webhook.DisableNamespaceOwnershipFromEnv() + if disableNamespaceOwnership != nil { + woptions.DisableNamespaceOwnership = *disableNamespaceOwnership + } + wh := &reconciler{ LeaderAwareFuncs: pkgreconciler.LeaderAwareFuncs{ // Have this reconciler enqueue our singleton whenever it becomes leader. diff --git a/vendor/knative.dev/pkg/webhook/webhook.go b/vendor/knative.dev/pkg/webhook/webhook.go index 1b90e75fc..9dc736b40 100644 --- a/vendor/knative.dev/pkg/webhook/webhook.go +++ b/vendor/knative.dev/pkg/webhook/webhook.go @@ -81,8 +81,10 @@ type Options struct { // before shutting down. GracePeriod time.Duration - // DisableNamespaceOwnership configures whether the webhook adds an owner reference for the SYSTEM_NAMESPACE - // Disabling this is useful when you expect the webhook configuration to be managed by something other than knative + // DisableNamespaceOwnership configures if the SYSTEM_NAMESPACE is added as an owner reference to the + // webhook configuration resources. Overridden by the WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP environment variable. + // Disabling can be useful to avoid breaking systems that expect ownership to indicate a true controller + // relationship: https://github.com/knative/serving/issues/15483 DisableNamespaceOwnership bool // ControllerOptions encapsulates options for creating a new controller, diff --git a/vendor/modules.txt b/vendor/modules.txt index b9d500a55..4a1796531 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1079,7 +1079,7 @@ k8s.io/utils/pointer k8s.io/utils/ptr k8s.io/utils/strings/slices k8s.io/utils/trace -# knative.dev/eventing v0.42.1-0.20241016013536-6aa49dc1db88 +# knative.dev/eventing v0.43.0 ## explicit; go 1.22.0 knative.dev/eventing/cmd/heartbeats knative.dev/eventing/pkg/adapter/v2 @@ -1209,7 +1209,7 @@ knative.dev/eventing/test/test_images/print # knative.dev/hack v0.0.0-20241010131451-05b2fb30cb4d ## explicit; go 1.21 knative.dev/hack -# knative.dev/pkg v0.0.0-20241015082832-95b4b97567b5 +# knative.dev/pkg v0.0.0-20241021183759-9b9d535af5ad ## explicit; go 1.22.0 knative.dev/pkg/apis knative.dev/pkg/apis/duck