From af6ef1e954cfd2c757a08e851ce052703b77ec7b Mon Sep 17 00:00:00 2001 From: Kenjiro Nakayama Date: Fri, 15 Apr 2022 21:07:10 +0900 Subject: [PATCH] Bump k8s version in kind (#825) * upgrade to latest dependencies bumping knative.dev/hack f067737...6ffd841: > 6ffd841 Update community files (# 168) > 02c525c Update community files (# 167) > 0e0784b Update community files (# 166) > a75ca49 Update community files (# 165) > 9c0ea69 Update community files (# 164) > c7a1ce1 Update community files (# 163) bumping knative.dev/networking 55757e9...1145ec5: > 1145ec5 upgrade to latest dependencies (# 658) > 56c4a3e upgrade to latest dependencies (# 657) > c173eed Add certificates config keys in config-network (# 648) > f96f8e2 upgrade to latest dependencies (# 655) > 224a816 Update actions (# 656) > 57ad9cf Update community files (# 654) > 88881dd Update community files (# 653) > 0d114b7 upgrade to latest dependencies (# 652) > 7307ffd Update community files (# 651) > 7fa8012 Update community files (# 650) > a49d1a2 Update actions (# 649) > 5dd0002 Update actions (# 647) > dde40b0 drop knative.dev/release label (# 646) > 0aef61e Update community files (# 645) > 84f7ed6 Update actions (# 644) > a1261cd Update community files (# 643) > 7e90d10 Update community files (# 642) > 09072d9 upgrade to latest dependencies (# 641) bumping knative.dev/pkg 1f7514a...e325df6: > e325df6 upgrade to latest dependencies (# 2490) > 00c122e Add genreconcile for ConfigMap (# 2489) > 6bb6518 Update actions (# 2488) > 5b0e728 drop deprecated eventing repos (# 2463) > 75629c8 Update community files (# 2487) > ca82d2b Add `NewProxyAutoTLSTransport` and `DialTLSWithBackOff` to support TLS proxy (# 2479) > e2b4d74 Update community files (# 2486) > 4d62e1d bump our min k8s version to 1.22 (# 2485) > 9ae44fe Update community files (# 2484) > 29f716f Fix `InitialBuckets()` for statefulSetBuilder's electors (# 2483) > 8db11d0 Update community files (# 2482) > dcd5d7c bump go version of tekton downstream workflow (# 2481) > 0ce1e92 Update actions (# 2480) > 4f42bf4 Update actions (# 2478) > 7479994 Update actions (# 2477) > c2f1f3e Update community files (# 2476) > 0a1ec2e upgrade to latest dependencies (# 2474) Signed-off-by: Knative Automation * Bump k8s version in kind * Use kind 0.11.1 Co-authored-by: Knative Automation --- .github/workflows/kind-e2e-upgrade.yaml | 19 ++++---- .github/workflows/kind-e2e.yaml | 19 ++++---- go.mod | 6 +-- go.sum | 16 +++---- .../networking/config/certificate.yaml | 2 +- .../networking/config/config-network.yaml | 35 +++++++++++++- .../networking/config/domain-claim.yaml | 2 +- .../knative.dev/networking/config/domain.yaml | 2 +- .../networking/config/ingress.yaml | 2 +- .../knative.dev/networking/config/realm.yaml | 2 +- .../networking/config/serverlessservice.yaml | 2 +- vendor/knative.dev/networking/pkg/network.go | 45 ++++++++++++++++++ vendor/knative.dev/pkg/hack/update-codegen.sh | 2 +- .../knative.dev/pkg/leaderelection/context.go | 2 +- vendor/knative.dev/pkg/network/h2c.go | 13 +++++ vendor/knative.dev/pkg/network/transports.go | 47 +++++++++++++++++-- vendor/knative.dev/pkg/version/version.go | 2 +- vendor/modules.txt | 6 +-- 18 files changed, 171 insertions(+), 53 deletions(-) diff --git a/.github/workflows/kind-e2e-upgrade.yaml b/.github/workflows/kind-e2e-upgrade.yaml index 06dee89e7..4ba632dd0 100644 --- a/.github/workflows/kind-e2e-upgrade.yaml +++ b/.github/workflows/kind-e2e-upgrade.yaml @@ -20,9 +20,8 @@ jobs: fail-fast: false # Keep running if one leg fails. matrix: k8s-version: - - v1.21.1 - - v1.22.0 - - v1.23.0 + - v1.22.7 + - v1.23.5 upstream-traffic: - plain @@ -33,15 +32,13 @@ jobs: # This is attempting to make it a bit clearer what's being tested. # See: https://github.com/kubernetes-sigs/kind/releases include: - - k8s-version: v1.21.1 - kind-version: v0.11.1 - kind-image-sha: sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6 - - k8s-version: v1.22.0 - kind-version: v0.11.1 - kind-image-sha: sha256:f97edf7f7ed53c57762b24f90a34fad101386c5bd4d93baeb45449557148c717 - - k8s-version: v1.23.0 + - k8s-version: v1.22.7 + kind-version: v0.12.0 + kind-image-sha: sha256:1dfd72d193bf7da64765fd2f2898f78663b9ba366c2aa74be1fd7498a1873166 + + - k8s-version: v1.23.5 kind-version: v0.11.1 - kind-image-sha: sha256:49824ab1727c04e56a21a5d8372a402fcd32ea51ac96a2706a12af38934f81ac + kind-image-sha: sha256:a69c29d3d502635369a5fe92d8e503c09581fcd406ba6598acc5d80ff5ba81b1 env: GOPATH: ${{ github.workspace }} diff --git a/.github/workflows/kind-e2e.yaml b/.github/workflows/kind-e2e.yaml index e0aeb9ed5..8c3bcb253 100644 --- a/.github/workflows/kind-e2e.yaml +++ b/.github/workflows/kind-e2e.yaml @@ -20,9 +20,8 @@ jobs: fail-fast: false # Keep running if one leg fails. matrix: k8s-version: - - v1.21.1 - - v1.22.0 - - v1.23.0 + - v1.22.7 + - v1.23.5 gateway: - quay.io/maistra/proxyv2-ubi8:2.1.0 @@ -37,15 +36,13 @@ jobs: # This is attempting to make it a bit clearer what's being tested. # See: https://github.com/kubernetes-sigs/kind/releases include: - - k8s-version: v1.21.1 - kind-version: v0.11.1 - kind-image-sha: sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6 - - k8s-version: v1.22.0 - kind-version: v0.11.1 - kind-image-sha: sha256:f97edf7f7ed53c57762b24f90a34fad101386c5bd4d93baeb45449557148c717 - - k8s-version: v1.23.0 + - k8s-version: v1.22.7 + kind-version: v0.12.0 + kind-image-sha: sha256:1dfd72d193bf7da64765fd2f2898f78663b9ba366c2aa74be1fd7498a1873166 + + - k8s-version: v1.23.5 kind-version: v0.11.1 - kind-image-sha: sha256:49824ab1727c04e56a21a5d8372a402fcd32ea51ac96a2706a12af38934f81ac + kind-image-sha: sha256:a69c29d3d502635369a5fe92d8e503c09581fcd406ba6598acc5d80ff5ba81b1 env: GOPATH: ${{ github.workspace }} diff --git a/go.mod b/go.mod index 8bedd6ce9..50e592fd6 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( k8s.io/apimachinery v0.23.5 k8s.io/client-go v0.23.5 k8s.io/code-generator v0.23.5 - knative.dev/hack v0.0.0-20220328133751-f06773764ce3 - knative.dev/networking v0.0.0-20220323170318-55757e9c20d6 - knative.dev/pkg v0.0.0-20220325200448-1f7514acd0c2 + knative.dev/hack v0.0.0-20220411131823-6ffd8417de7c + knative.dev/networking v0.0.0-20220412163509-1145ec58c8be + knative.dev/pkg v0.0.0-20220412134708-e325df66cb51 ) diff --git a/go.sum b/go.sum index 733250717..b39a10aca 100644 --- a/go.sum +++ b/go.sum @@ -1158,7 +1158,6 @@ k8s.io/gengo v0.0.0-20220307231824-4627b89bbf1b/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAE k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.40.2-0.20220227211518-7ea6d6adb645/go.mod h1:N3kgBtsFxMb4nQ0eBDgbHEt/dtxBuTkSFQ+7K5OUoz4= k8s.io/klog/v2 v2.60.1-0.20220317184644-43cc75f9ae89 h1:bUNlsw5yb353zbKMj8srOr6V2Ajhz1VkTKonP1L8r2o= k8s.io/klog/v2 v2.60.1-0.20220317184644-43cc75f9ae89/go.mod h1:N3kgBtsFxMb4nQ0eBDgbHEt/dtxBuTkSFQ+7K5OUoz4= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 h1:E3J9oCLlaobFUqsjG9DfKbP2BmgwBL2p7pn0A3dG9W4= @@ -1167,15 +1166,12 @@ k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc= k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -knative.dev/hack v0.0.0-20220224013837-e1785985d364/go.mod h1:PHt8x8yX5Z9pPquBEfIj0X66f8iWkWfR0S/sarACJrI= -knative.dev/hack v0.0.0-20220318020218-14f832e506f8/go.mod h1:PHt8x8yX5Z9pPquBEfIj0X66f8iWkWfR0S/sarACJrI= -knative.dev/hack v0.0.0-20220328133751-f06773764ce3 h1:kXLX7HS7gwQglz+p8ohdxDdO3akLAN+MTfz/B+eUeu4= -knative.dev/hack v0.0.0-20220328133751-f06773764ce3/go.mod h1:PHt8x8yX5Z9pPquBEfIj0X66f8iWkWfR0S/sarACJrI= -knative.dev/networking v0.0.0-20220323170318-55757e9c20d6 h1:3dutSZL6nk/Rt30n0AAq5WfwRJBkHFBHRLdMosDnDh4= -knative.dev/networking v0.0.0-20220323170318-55757e9c20d6/go.mod h1:tI+j9UGI4eHeinQktrQpHNS0pZ+XII1yF7ZtGyemkm0= -knative.dev/pkg v0.0.0-20220318133418-7f16595277b2/go.mod h1:nKJ2L4o7or3j58eqMK843kbIM0SiYnAXXsisfEQECS8= -knative.dev/pkg v0.0.0-20220325200448-1f7514acd0c2 h1:dJ1YKQ1IvCfxtYqS1dHm18VT153ntHi5uJsFVv7oxfc= -knative.dev/pkg v0.0.0-20220325200448-1f7514acd0c2/go.mod h1:5xt0nzCwxvQ2N4w71smY7pYm5nVrQ8qnRsMinSLVpio= +knative.dev/hack v0.0.0-20220411131823-6ffd8417de7c h1:aXsFXeky/GccNQxwf72CS4NR3EoqTqsCVNKQnblfwr0= +knative.dev/hack v0.0.0-20220411131823-6ffd8417de7c/go.mod h1:PHt8x8yX5Z9pPquBEfIj0X66f8iWkWfR0S/sarACJrI= +knative.dev/networking v0.0.0-20220412163509-1145ec58c8be h1:MmwR4SfwlXgt/jnjronkTTOKBrwN1mP/VNhHH08pIoc= +knative.dev/networking v0.0.0-20220412163509-1145ec58c8be/go.mod h1:6OZIUimxPelIIudzHWRd+Lc7ippC5t+DC8CsZKCOjcI= +knative.dev/pkg v0.0.0-20220412134708-e325df66cb51 h1:4AmaxeY7+r/PYYz3HS9pMY21Mw3ykO6STLFEk2FoJ2s= +knative.dev/pkg v0.0.0-20220412134708-e325df66cb51/go.mod h1:j2MeD8s+JoCu1vegX80GbRXV/xd20Jm1NznxBYtVXiM= pgregory.net/rapid v0.3.3/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= diff --git a/vendor/knative.dev/networking/config/certificate.yaml b/vendor/knative.dev/networking/config/certificate.yaml index 30b592182..14f1fb77d 100644 --- a/vendor/knative.dev/networking/config/certificate.yaml +++ b/vendor/knative.dev/networking/config/certificate.yaml @@ -18,8 +18,8 @@ metadata: name: certificates.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking app.kubernetes.io/version: devel - serving.knative.dev/release: devel knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev diff --git a/vendor/knative.dev/networking/config/config-network.yaml b/vendor/knative.dev/networking/config/config-network.yaml index 0bdc75e0e..aed72bba5 100644 --- a/vendor/knative.dev/networking/config/config-network.yaml +++ b/vendor/knative.dev/networking/config/config-network.yaml @@ -21,9 +21,8 @@ metadata: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: networking app.kubernetes.io/version: devel - serving.knative.dev/release: devel annotations: - knative.dev/example-checksum: "7c86cb6a" + knative.dev/example-checksum: "d0b91f80" data: _example: | ################################ @@ -189,3 +188,35 @@ data: # NOTE: This flag is in an alpha state and is mostly here to enable internal testing # for now. Use with caution. activator-san: "" + + # The server certificates to serve the TLS traffic from ingress to activator. + # It is specified by the secret name, which has the "tls.crt" and "tls.key" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + activator-cert-secret: "" + + # The CA public certificate used to sign the queue-proxy TLS certificate. + # It is specified by the secret name, which has the "ca.crt" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + queue-proxy-ca: "" + + # The SAN (Subject Alt Name) used to validate the activator TLS certificate. + # It must be set when "queue-proxy-ca" is specified. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + queue-proxy-san: "" + + # The server certificates to serve the TLS traffic from activator to queue-proxy. + # It is specified by the secret name, which has the "tls.crt" and "tls.key" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + queue-proxy-cert-secret: "" diff --git a/vendor/knative.dev/networking/config/domain-claim.yaml b/vendor/knative.dev/networking/config/domain-claim.yaml index 92ab3c3d2..0045e2b31 100644 --- a/vendor/knative.dev/networking/config/domain-claim.yaml +++ b/vendor/knative.dev/networking/config/domain-claim.yaml @@ -18,8 +18,8 @@ metadata: name: clusterdomainclaims.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking app.kubernetes.io/version: devel - serving.knative.dev/release: devel knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev diff --git a/vendor/knative.dev/networking/config/domain.yaml b/vendor/knative.dev/networking/config/domain.yaml index ba9c139a3..87ba1e089 100644 --- a/vendor/knative.dev/networking/config/domain.yaml +++ b/vendor/knative.dev/networking/config/domain.yaml @@ -19,7 +19,7 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/version: devel - serving.knative.dev/release: devel + app.kubernetes.io/component: networking knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev diff --git a/vendor/knative.dev/networking/config/ingress.yaml b/vendor/knative.dev/networking/config/ingress.yaml index bf2541361..7f4cff2ba 100644 --- a/vendor/knative.dev/networking/config/ingress.yaml +++ b/vendor/knative.dev/networking/config/ingress.yaml @@ -18,8 +18,8 @@ metadata: name: ingresses.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking app.kubernetes.io/version: devel - serving.knative.dev/release: devel knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev diff --git a/vendor/knative.dev/networking/config/realm.yaml b/vendor/knative.dev/networking/config/realm.yaml index c1b7c0ce5..935724544 100644 --- a/vendor/knative.dev/networking/config/realm.yaml +++ b/vendor/knative.dev/networking/config/realm.yaml @@ -18,8 +18,8 @@ metadata: name: realms.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking app.kubernetes.io/version: devel - serving.knative.dev/release: devel knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev diff --git a/vendor/knative.dev/networking/config/serverlessservice.yaml b/vendor/knative.dev/networking/config/serverlessservice.yaml index 3075c2a16..4626b520c 100644 --- a/vendor/knative.dev/networking/config/serverlessservice.yaml +++ b/vendor/knative.dev/networking/config/serverlessservice.yaml @@ -18,8 +18,8 @@ metadata: name: serverlessservices.networking.internal.knative.dev labels: app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking app.kubernetes.io/version: devel - serving.knative.dev/release: devel knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev diff --git a/vendor/knative.dev/networking/pkg/network.go b/vendor/knative.dev/networking/pkg/network.go index 26a2633ca..fef813530 100644 --- a/vendor/knative.dev/networking/pkg/network.go +++ b/vendor/knative.dev/networking/pkg/network.go @@ -196,6 +196,21 @@ const ( // ActivatorSANKey is the config for the SAN used to validate the activator TLS certificate. ActivatorSANKey = "activator-san" + + // ActivatorCertKey is the config for the secret name, which stores certificates + // to serve the TLS traffic from ingress to activator. + ActivatorCertKey = "activator-cert-secret" + + // QueueProxyCAKey is the config for the secret name, which stores CA public certificate used + // to sign the queue-proxy TLS certificate. + QueueProxyCAKey = "queue-proxy-ca" + + // QueueProxySANKey is the config for the SAN used to validate the queue-proxy TLS certificate. + QueueProxySANKey = "queue-proxy-san" + + // QueueProxyCertKey is the config for the secret name, which stores certificates + // to serve the TLS traffic from activator to queue-proxy. + QueueProxyCertKey = "queue-proxy-cert-secret" ) // DomainTemplateValues are the available properties people can choose from @@ -302,6 +317,20 @@ type Config struct { // ActivatorSAN defines the SAN (Subject Alt Name) used to validate the activator TLS certificate. // It is used only when ActivatorCA is specified. ActivatorSAN string + + // ActivatorCertSecret defines the secret name of the server certificates to serve the TLS traffic from ingress to activator. + ActivatorCertSecret string + + // QueueProxyCA defines the secret name of the CA public certificate used to sign the queue-proxy TLS certificate. + // The traffic to queue-proxy is not encrypted if QueueProxyCA is empty. + QueueProxyCA string + + // QueueProxySAN defines the SAN (Subject Alt Name) used to validate the queue-proxy TLS certificate. + // It is used only when QueueProxyCA is specified. + QueueProxySAN string + + // QueueProxyCertSecret defines the secret name of the server certificates to serve the TLS traffic from activator to queue-proxy. + QueueProxyCertSecret string } // HTTPProtocol indicates a type of HTTP endpoint behavior @@ -359,6 +388,10 @@ func defaultConfig() *Config { MeshCompatibilityMode: MeshCompatibilityModeAuto, ActivatorCA: "", ActivatorSAN: "", + ActivatorCertSecret: "", + QueueProxyCA: "", + QueueProxySAN: "", + QueueProxyCertSecret: "", } } @@ -392,6 +425,10 @@ func NewConfigFromMap(data map[string]string) (*Config, error) { cm.AsString(DefaultExternalSchemeKey, &nc.DefaultExternalScheme), cm.AsString(ActivatorCAKey, &nc.ActivatorCA), cm.AsString(ActivatorSANKey, &nc.ActivatorSAN), + cm.AsString(ActivatorCertKey, &nc.ActivatorCertSecret), + cm.AsString(QueueProxyCAKey, &nc.QueueProxyCA), + cm.AsString(QueueProxySANKey, &nc.QueueProxySAN), + cm.AsString(QueueProxyCertKey, &nc.QueueProxyCertSecret), asMode(MeshCompatibilityModeKey, &nc.MeshCompatibilityMode), asLabelSelector(NamespaceWildcardCertSelectorKey, &nc.NamespaceWildcardCertSelector), ); err != nil { @@ -456,6 +493,14 @@ func NewConfigFromMap(data map[string]string) (*Config, error) { return nil, fmt.Errorf("%q must be set when %q was set", ActivatorCAKey, ActivatorSANKey) } + if nc.QueueProxyCA != "" && nc.QueueProxySAN == "" { + return nil, fmt.Errorf("%q must be set when %q was set", QueueProxySANKey, QueueProxyCAKey) + } + + if nc.QueueProxyCA == "" && nc.QueueProxySAN != "" { + return nil, fmt.Errorf("%q must be set when %q was set", QueueProxyCAKey, QueueProxySANKey) + } + return nc, nil } diff --git a/vendor/knative.dev/pkg/hack/update-codegen.sh b/vendor/knative.dev/pkg/hack/update-codegen.sh index 970a5af86..121b7c80c 100644 --- a/vendor/knative.dev/pkg/hack/update-codegen.sh +++ b/vendor/knative.dev/pkg/hack/update-codegen.sh @@ -51,7 +51,7 @@ EXTERNAL_INFORMER_PKG="k8s.io/client-go/informers" \ k8s.io/api \ "${K8S_TYPES}" \ --go-header-file ${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt \ - --force-genreconciler-kinds "Namespace,Deployment,Secret,Pod,CronJob,NetworkPolicy" + --force-genreconciler-kinds "Namespace,ConfigMap,Deployment,Secret,Pod,CronJob,NetworkPolicy" OUTPUT_PKG="knative.dev/pkg/client/injection/apiextensions" \ VERSIONED_CLIENTSET_PKG="k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" \ diff --git a/vendor/knative.dev/pkg/leaderelection/context.go b/vendor/knative.dev/pkg/leaderelection/context.go index 9e4a91822..f52733ea3 100644 --- a/vendor/knative.dev/pkg/leaderelection/context.go +++ b/vendor/knative.dev/pkg/leaderelection/context.go @@ -273,7 +273,7 @@ func (ue *unopposedElector) Run(ctx context.Context) { func (ue *unopposedElector) InitialBuckets() []reconciler.Bucket { return []reconciler.Bucket{ - reconciler.UniversalBucket(), + ue.bkt, } } diff --git a/vendor/knative.dev/pkg/network/h2c.go b/vendor/knative.dev/pkg/network/h2c.go index f950b9c34..6cc0fa733 100644 --- a/vendor/knative.dev/pkg/network/h2c.go +++ b/vendor/knative.dev/pkg/network/h2c.go @@ -54,3 +54,16 @@ func newH2CTransport(disableCompression bool) http.RoundTripper { }, } } + +// newH2Transport constructs a neew H2 transport. That transport will handles HTTPS traffic +// with TLS config. +func newH2Transport(disableCompression bool, tlsConf *tls.Config) http.RoundTripper { + return &http2.Transport{ + DisableCompression: disableCompression, + DialTLS: func(netw, addr string, tlsConf *tls.Config) (net.Conn, error) { + return DialTLSWithBackOff(context.Background(), + netw, addr, tlsConf) + }, + TLSClientConfig: tlsConf, + } +} diff --git a/vendor/knative.dev/pkg/network/transports.go b/vendor/knative.dev/pkg/network/transports.go index 26ce82395..d96eda117 100644 --- a/vendor/knative.dev/pkg/network/transports.go +++ b/vendor/knative.dev/pkg/network/transports.go @@ -18,6 +18,7 @@ package network import ( "context" + "crypto/tls" "errors" "fmt" "net" @@ -45,7 +46,7 @@ func newAutoTransport(v1, v2 http.RoundTripper) http.RoundTripper { }) } -const sleepTO = 30 * time.Millisecond +const sleep = 30 * time.Millisecond var backOffTemplate = wait.Backoff{ Duration: 50 * time.Millisecond, @@ -63,11 +64,21 @@ var DialWithBackOff = NewBackoffDialer(backOffTemplate) // between tries. func NewBackoffDialer(backoffConfig wait.Backoff) func(context.Context, string, string) (net.Conn, error) { return func(ctx context.Context, network, address string) (net.Conn, error) { - return dialBackOffHelper(ctx, network, address, backoffConfig, sleepTO) + return dialBackOffHelper(ctx, network, address, backoffConfig, nil) } } -func dialBackOffHelper(ctx context.Context, network, address string, bo wait.Backoff, sleep time.Duration) (net.Conn, error) { +// DialTLSWithBackOff is same with DialWithBackOff but takes tls config. +var DialTLSWithBackOff = NewTLSBackoffDialer(backOffTemplate) + +// NewTLSBackoffDialer is same with NewBackoffDialer but takes tls config. +func NewTLSBackoffDialer(backoffConfig wait.Backoff) func(context.Context, string, string, *tls.Config) (net.Conn, error) { + return func(ctx context.Context, network, address string, tlsConf *tls.Config) (net.Conn, error) { + return dialBackOffHelper(ctx, network, address, backoffConfig, tlsConf) + } +} + +func dialBackOffHelper(ctx context.Context, network, address string, bo wait.Backoff, tlsConf *tls.Config) (net.Conn, error) { dialer := &net.Dialer{ Timeout: bo.Duration, // Initial duration. KeepAlive: 5 * time.Second, @@ -75,7 +86,15 @@ func dialBackOffHelper(ctx context.Context, network, address string, bo wait.Bac } start := time.Now() for { - c, err := dialer.DialContext(ctx, network, address) + var ( + c net.Conn + err error + ) + if tlsConf == nil { + c, err = dialer.DialContext(ctx, network, address) + } else { + c, err = tls.DialWithDialer(dialer, network, address, tlsConf) + } if err != nil { var errNet net.Error if errors.As(err, &errNet) && errNet.Timeout() { @@ -105,6 +124,19 @@ func newHTTPTransport(disableKeepAlives, disableCompression bool, maxIdle, maxId return transport } +func newHTTPSTransport(disableKeepAlives, disableCompression bool, maxIdle, maxIdlePerHost int, tlsConf *tls.Config) http.RoundTripper { + transport := http.DefaultTransport.(*http.Transport).Clone() + transport.DialContext = DialWithBackOff + transport.DisableKeepAlives = disableKeepAlives + transport.MaxIdleConns = maxIdle + transport.MaxIdleConnsPerHost = maxIdlePerHost + transport.ForceAttemptHTTP2 = false + transport.DisableCompression = disableCompression + + transport.TLSClientConfig = tlsConf + return transport +} + // NewProberTransport creates a RoundTripper that is useful for probing, // since it will not cache connections. func NewProberTransport() http.RoundTripper { @@ -113,6 +145,13 @@ func NewProberTransport() http.RoundTripper { NewH2CTransport()) } +// NewProxyAutoTLSTransport is same with NewProxyAutoTransport but it has tls.Config to create HTTPS request. +func NewProxyAutoTLSTransport(maxIdle, maxIdlePerHost int, tlsConf *tls.Config) http.RoundTripper { + return newAutoTransport( + newHTTPSTransport(false /*disable keep-alives*/, true /*disable auto-compression*/, maxIdle, maxIdlePerHost, tlsConf), + newH2Transport(true /*disable auto-compression*/, tlsConf)) +} + // NewAutoTransport creates a RoundTripper that can use appropriate transport // based on the request's HTTP version. func NewAutoTransport(maxIdle, maxIdlePerHost int) http.RoundTripper { diff --git a/vendor/knative.dev/pkg/version/version.go b/vendor/knative.dev/pkg/version/version.go index b304f2b0a..39e34464b 100644 --- a/vendor/knative.dev/pkg/version/version.go +++ b/vendor/knative.dev/pkg/version/version.go @@ -33,7 +33,7 @@ const ( // NOTE: If you are changing this line, please also update the minimum kubernetes // version listed here: // https://github.com/knative/docs/blob/mkdocs/docs/snippets/prerequisites.md - defaultMinimumVersion = "v1.21.0" + defaultMinimumVersion = "v1.22.0" ) func getMinimumVersion() string { diff --git a/vendor/modules.txt b/vendor/modules.txt index 24255f864..c1e7fdd11 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -864,10 +864,10 @@ k8s.io/utils/internal/third_party/forked/golang/net k8s.io/utils/net k8s.io/utils/pointer k8s.io/utils/trace -# knative.dev/hack v0.0.0-20220328133751-f06773764ce3 +# knative.dev/hack v0.0.0-20220411131823-6ffd8417de7c ## explicit knative.dev/hack -# knative.dev/networking v0.0.0-20220323170318-55757e9c20d6 +# knative.dev/networking v0.0.0-20220412163509-1145ec58c8be ## explicit knative.dev/networking/config knative.dev/networking/pkg @@ -900,7 +900,7 @@ knative.dev/networking/test/test_images/runtime/handlers knative.dev/networking/test/test_images/timeout knative.dev/networking/test/test_images/wsserver knative.dev/networking/test/types -# knative.dev/pkg v0.0.0-20220325200448-1f7514acd0c2 +# knative.dev/pkg v0.0.0-20220412134708-e325df66cb51 ## explicit knative.dev/pkg/apis knative.dev/pkg/apis/duck