From 79a9b69b3abe3e05171b795289ea60432ebb2eac Mon Sep 17 00:00:00 2001 From: Knative Automation Date: Wed, 15 Oct 2025 16:36:54 +0000 Subject: [PATCH] upgrade to latest dependencies bumping knative.dev/serving a4c4491...4853ead: > 4853ead Fix labels and annotations propagation to k8s service on update (# 15908) bumping knative.dev/eventing b4c0bfe...d499be4: > d499be4 [release-1.18] Fix mt-broker-ingress auth to work with structured event too (# 8714) > d952cdf [release-1.18] fix: containersource template labels are correctly set on deployment (# 8645) > 9b25049 [release-1.18] Adding addressable duck on crd (# 8604) Signed-off-by: Knative Automation --- .../1.18/kafka/eventing-kafka-controller.yaml | 125 +++++------------- .../kafka/eventing-kafka-post-install.yaml | 24 ++-- .../1.18/kafka/eventing-kafka-source.yaml | 14 +- go.mod | 4 +- go.sum | 8 +- .../knative.dev/eventing/pkg/auth/verifier.go | 33 +---- .../knative.dev/eventing/pkg/utils/utils.go | 33 +++++ .../serving/pkg/testing/v1/service.go | 11 +- vendor/modules.txt | 4 +- 9 files changed, 104 insertions(+), 152 deletions(-) diff --git a/cmd/operator/kodata/eventing-source/1.18/kafka/eventing-kafka-controller.yaml b/cmd/operator/kodata/eventing-source/1.18/kafka/eventing-kafka-controller.yaml index 302341af89..15ab92ab13 100644 --- a/cmd/operator/kodata/eventing-source/1.18/kafka/eventing-kafka-controller.yaml +++ b/cmd/operator/kodata/eventing-source/1.18/kafka/eventing-kafka-controller.yaml @@ -17,7 +17,7 @@ metadata: name: kafka-broker-config namespace: knative-eventing labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" data: default.topic.partitions: "10" default.topic.replication.factor: "3" @@ -43,7 +43,7 @@ metadata: name: kafka-channel-config namespace: knative-eventing labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" data: bootstrap.servers: "my-cluster-kafka-bootstrap.kafka:9092" @@ -67,7 +67,7 @@ kind: CustomResourceDefinition metadata: name: kafkachannels.messaging.knative.dev labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" @@ -707,7 +707,7 @@ kind: CustomResourceDefinition metadata: creationTimestamp: null labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" knative.dev/crd-install: "true" name: consumers.internal.kafka.eventing.knative.dev spec: @@ -763,7 +763,7 @@ kind: CustomResourceDefinition metadata: creationTimestamp: null labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" knative.dev/crd-install: "true" name: consumergroups.internal.kafka.eventing.knative.dev spec: @@ -834,7 +834,7 @@ metadata: labels: duck.knative.dev/addressable: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" spec: group: eventing.knative.dev names: @@ -1030,7 +1030,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" @@ -1890,7 +1890,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: eventing-kafka-source-observer labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" duck.knative.dev/source: "true" rules: - apiGroups: @@ -1923,7 +1923,7 @@ metadata: name: config-kafka-source-defaults namespace: knative-eventing labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" annotations: knative.dev/example-checksum: "b6ed351d" data: @@ -1983,7 +1983,7 @@ metadata: name: config-kafka-autoscaler namespace: knative-eventing labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" data: class: "keda.autoscaling.knative.dev" min-scale: "0" @@ -2049,7 +2049,7 @@ apiVersion: v1 kind: ConfigMap metadata: labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" name: config-kafka-leader-election namespace: knative-eventing annotations: @@ -2115,7 +2115,7 @@ metadata: name: kafka-config-logging namespace: knative-eventing labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" data: config.xml: | @@ -2156,67 +2156,6 @@ data: [ ] ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-eventing - labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" - knative.dev/config-propagation: original - knative.dev/config-category: eventing - annotations: - knative.dev/example-checksum: "4002b4c2" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "stackdriver", the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # The GCP project into which stackdriver metrics will be written - # when backend is "stackdriver". If unspecified, the project-id - # is read from GCP metadata when running on GCP. - stackdriver-project-id: "my-project" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - --- # Copyright 2021 The Knative Authors # @@ -2237,7 +2176,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-kafka-addressable-resolver labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" duck.knative.dev/addressable: "true" # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -2280,7 +2219,7 @@ kind: ClusterRole metadata: name: knative-kafka-channelable-manipulator labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" duck.knative.dev/channelable: "true" # Do not use this role directly. These rules will be added to the "channelable-manipulator" role. rules: @@ -2317,7 +2256,7 @@ kind: ClusterRole metadata: name: kafka-controller labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" rules: - apiGroups: - "" @@ -2616,7 +2555,7 @@ metadata: name: kafka-controller namespace: knative-eventing labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" --- # Copyright 2020 The Knative Authors @@ -2637,7 +2576,7 @@ kind: ClusterRoleBinding metadata: name: kafka-controller labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" subjects: - kind: ServiceAccount name: kafka-controller @@ -2652,7 +2591,7 @@ kind: ClusterRoleBinding metadata: name: kafka-controller-addressable-resolver labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" subjects: - kind: ServiceAccount name: kafka-controller @@ -2683,7 +2622,7 @@ metadata: namespace: knative-eventing labels: app: kafka-controller - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" app.kubernetes.io/component: kafka-controller app.kubernetes.io/name: knative-eventing spec: @@ -2695,7 +2634,7 @@ spec: name: kafka-controller labels: app: kafka-controller - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" app.kubernetes.io/component: kafka-controller app.kubernetes.io/name: knative-eventing spec: @@ -2721,7 +2660,7 @@ spec: weight: 100 containers: - name: controller - image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/kafka-controller@sha256:e80fc086fb12b136b93f666f2a7aaa47c281fa2838aa4312c379e09d04452db3 + image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/kafka-controller@sha256:f267068a244016af0ba88679fbbb331203a0fcbe28c2e7b5ce34700cc1ff4467 imagePullPolicy: IfNotPresent env: - name: BROKER_DATA_PLANE_CONFIG_MAP_NAMESPACE @@ -2870,7 +2809,7 @@ kind: ClusterRole metadata: name: kafka-webhook-eventing labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" rules: # For watching logging configuration and getting certs. - apiGroups: @@ -2976,7 +2915,7 @@ metadata: name: kafka-webhook-eventing namespace: knative-eventing labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" --- # Copyright 2020 The Knative Authors @@ -2997,7 +2936,7 @@ kind: ClusterRoleBinding metadata: name: kafka-webhook-eventing labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" subjects: - kind: ServiceAccount name: kafka-webhook-eventing @@ -3027,7 +2966,7 @@ kind: MutatingWebhookConfiguration metadata: name: defaulting.webhook.kafka.eventing.knative.dev labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -3059,7 +2998,7 @@ kind: MutatingWebhookConfiguration metadata: name: pods.defaulting.webhook.kafka.eventing.knative.dev labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" webhooks: # Dispatcher pods webhook config. - admissionReviewVersions: ["v1", "v1beta1"] @@ -3101,7 +3040,7 @@ metadata: name: kafka-webhook-eventing-certs namespace: knative-eventing labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" # The data is populated at install time. --- @@ -3124,7 +3063,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.kafka.eventing.knative.dev labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -3158,7 +3097,7 @@ metadata: namespace: knative-eventing labels: app: kafka-webhook-eventing - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" app.kubernetes.io/component: kafka-webhook-eventing app.kubernetes.io/name: knative-eventing spec: @@ -3169,7 +3108,7 @@ spec: metadata: labels: app: kafka-webhook-eventing - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" app.kubernetes.io/component: kafka-webhook-eventing app.kubernetes.io/name: knative-eventing spec: @@ -3189,7 +3128,7 @@ spec: containers: - name: kafka-webhook-eventing terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/webhook-kafka@sha256:ac3613d5021b8ea35cd123fe6bb21d6e482f51e18af9dfb8e887f07528cf1b3d + image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/webhook-kafka@sha256:b22757418d4e87f6b1e672d090d91093a7e96c165d8bfba64e478e00bf20c714 resources: requests: cpu: 20m @@ -3259,7 +3198,7 @@ metadata: namespace: knative-eventing labels: app: kafka-webhook-eventing - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" app.kubernetes.io/component: kafka-webhook-eventing app.kubernetes.io/name: knative-eventing spec: diff --git a/cmd/operator/kodata/eventing-source/1.18/kafka/eventing-kafka-post-install.yaml b/cmd/operator/kodata/eventing-source/1.18/kafka/eventing-kafka-post-install.yaml index 263e518941..af38895057 100644 --- a/cmd/operator/kodata/eventing-source/1.18/kafka/eventing-kafka-post-install.yaml +++ b/cmd/operator/kodata/eventing-source/1.18/kafka/eventing-kafka-post-install.yaml @@ -16,7 +16,7 @@ kind: ClusterRole metadata: name: knative-kafka-controller-post-install labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" rules: [] --- @@ -39,7 +39,7 @@ metadata: name: knative-kafka-controller-post-install namespace: knative-eventing labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" --- # Copyright 2020 The Knative Authors @@ -61,7 +61,7 @@ kind: ClusterRole metadata: name: knative-kafka-storage-version-migrator labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" rules: # Storage version upgrader needs to be able to patch CRDs. - apiGroups: @@ -144,14 +144,14 @@ metadata: name: knative-kafka-storage-version-migrator namespace: knative-eventing labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: knative-kafka-storage-version-migrator labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" subjects: - kind: ServiceAccount name: knative-kafka-storage-version-migrator @@ -180,7 +180,7 @@ kind: ClusterRoleBinding metadata: name: knative-kafka-controller-post-install labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" subjects: - kind: ServiceAccount name: knative-kafka-controller-post-install @@ -212,7 +212,7 @@ metadata: namespace: knative-eventing labels: app: kafka-controller-post-install - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 @@ -220,7 +220,7 @@ spec: metadata: labels: app: kafka-controller-post-install - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" sidecar.istio.io/inject: "false" annotations: sidecar.istio.io/inject: "false" @@ -229,7 +229,7 @@ spec: restartPolicy: OnFailure containers: - name: post-install - image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/post-install@sha256:271bbfe178437ac36cf1cc09ad46b6a780d7871eeeb5f2ec514d830ad24e0ff3 + image: gcr.io/knative-releases/knative.dev/eventing-kafka-broker/control-plane/cmd/post-install@sha256:8e794c66142f64fd3dbf2c20c40c1a92abbb0ab112c07f23db6ac3c8a25d3d49 env: - name: SYSTEM_NAMESPACE valueFrom: @@ -269,7 +269,7 @@ metadata: namespace: knative-eventing labels: app: "knative-kafka-storage-version-migrator" - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 @@ -277,7 +277,7 @@ spec: metadata: labels: app: "knative-kafka-storage-version-migrator" - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" sidecar.istio.io/inject: "false" annotations: sidecar.istio.io/inject: "false" @@ -286,7 +286,7 @@ spec: restartPolicy: OnFailure containers: - name: migrate - image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:413a9f05ccbf8be0932fc9e8d0a64b4be8c6a03219cae8649615ddb5b7d4f78a + image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:3d4a00cc9abf408ba45f7e42e72c23ab74315fa66b21030f084aa09ad48c50f7 env: - name: IGNORE_NOT_FOUND value: "true" diff --git a/cmd/operator/kodata/eventing-source/1.18/kafka/eventing-kafka-source.yaml b/cmd/operator/kodata/eventing-source/1.18/kafka/eventing-kafka-source.yaml index 78eedf1871..59b2f38d17 100644 --- a/cmd/operator/kodata/eventing-source/1.18/kafka/eventing-kafka-source.yaml +++ b/cmd/operator/kodata/eventing-source/1.18/kafka/eventing-kafka-source.yaml @@ -17,7 +17,7 @@ metadata: name: config-kafka-source-data-plane namespace: knative-eventing labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" annotations: knative.dev/example-checksum: "8157ecb1" data: @@ -178,7 +178,7 @@ kind: ClusterRole metadata: name: knative-kafka-source-data-plane labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" rules: - apiGroups: - "" @@ -215,7 +215,7 @@ metadata: name: knative-kafka-source-data-plane namespace: knative-eventing labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" --- # Copyright 2021 The Knative Authors @@ -236,7 +236,7 @@ kind: ClusterRoleBinding metadata: name: knative-kafka-source-data-plane labels: - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" subjects: - kind: ServiceAccount name: knative-kafka-source-data-plane @@ -267,7 +267,7 @@ metadata: namespace: knative-eventing labels: app: kafka-source-dispatcher - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" app.kubernetes.io/component: kafka-source-dispatcher app.kubernetes.io/name: knative-eventing spec: @@ -281,7 +281,7 @@ spec: name: kafka-source-dispatcher labels: app: kafka-source-dispatcher - app.kubernetes.io/version: "a5c7f94a542f15dd8cd1732031decb7a7adb7900" + app.kubernetes.io/version: "7361675188c4857fa8f026dede0e48a08f95e6f7" app.kubernetes.io/component: kafka-channel-dispatcher app.kubernetes.io/name: knative-eventing app.kubernetes.io/kind: kafka-dispatcher @@ -308,7 +308,7 @@ spec: runAsUser: 1001 containers: - name: kafka-source-dispatcher - image: gcr.io/knative-releases/knative-kafka-broker-dispatcher-loom@sha256:228bd3e8d92ce290fa52a6a4355a670fcc5deed48566b874353dc451c9ff6451 + image: gcr.io/knative-releases/knative-kafka-broker-dispatcher-loom@sha256:f411e881f7a89a1eb3ddcf59ef3e35366a35261c5446784909f83180a2d701f6 imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /etc/config diff --git a/go.mod b/go.mod index 01efe50678..14b4e9a329 100644 --- a/go.mod +++ b/go.mod @@ -21,11 +21,11 @@ require ( k8s.io/client-go v0.32.2 k8s.io/code-generator v0.32.2 knative.dev/caching v0.0.0-20250415164313-8f20a1163dbf - knative.dev/eventing v0.45.1 + knative.dev/eventing v0.45.4 knative.dev/hack v0.0.0-20250331013814-c577ed9f7775 knative.dev/pkg v0.0.0-20250415155312-ed3e2158b883 knative.dev/reconciler-test v0.0.0-20250415170512-23f86169156f - knative.dev/serving v0.45.0 + knative.dev/serving v0.45.1 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index 7ba3b957ee..6f17e44555 100644 --- a/go.sum +++ b/go.sum @@ -1716,8 +1716,8 @@ k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJ k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= knative.dev/caching v0.0.0-20250415164313-8f20a1163dbf h1:qQnKB6mx+beHzsoKU8aKrRU0oWAfgzKG2JgWMzr8CrM= knative.dev/caching v0.0.0-20250415164313-8f20a1163dbf/go.mod h1:q8ma7YxJ8Dofr+5kf3qR72A/7Zxl9uqQlOdMwNgCXY4= -knative.dev/eventing v0.45.1 h1:XhGrwcRaROkqgGnB/njAyMnpdSaWI01QQvCpjQ7Mz+4= -knative.dev/eventing v0.45.1/go.mod h1:Fz5VjV/vWVN93UfTX3lzc+uFrvJ9wxiiKrRIPhQxoj8= +knative.dev/eventing v0.45.4 h1:M0HjsFipG6AD+ZMYRXqbSsQfBK4BXlFGEQcsCDlR9mk= +knative.dev/eventing v0.45.4/go.mod h1:Fz5VjV/vWVN93UfTX3lzc+uFrvJ9wxiiKrRIPhQxoj8= knative.dev/hack v0.0.0-20250331013814-c577ed9f7775 h1:UstB8/aowofYFHjLyZdPh1K7qB9BCx+lP1WuiCspYRE= knative.dev/hack v0.0.0-20250331013814-c577ed9f7775/go.mod h1:R0ritgYtjLDO9527h5vb5X6gfvt5LCrJ55BNbVDsWiY= knative.dev/networking v0.0.0-20250415164913-6268d931d247 h1:BQcW8ur+WAmj6GCpYHyUyWoaJWVTs/75W1EObUV/bdA= @@ -1726,8 +1726,8 @@ knative.dev/pkg v0.0.0-20250415155312-ed3e2158b883 h1:UeOY7009M0EHwdyW3P35Fc1U6F knative.dev/pkg v0.0.0-20250415155312-ed3e2158b883/go.mod h1:ptwLYr04MAyeoRvhnhhz0FFkVZTdYJV2QWnw9sZyFSM= knative.dev/reconciler-test v0.0.0-20250415170512-23f86169156f h1:4JZHD997Yav2K6JJU93sjxvcPXNHVY4lC1dWhzyeBXg= knative.dev/reconciler-test v0.0.0-20250415170512-23f86169156f/go.mod h1:jrNdg5OPDhfxYxXDLqA4iv9zvfLhNYpYKmaQvz4ZpRM= -knative.dev/serving v0.45.0 h1:+eOEwSE5+NmhQUUfARHGdSI1gwavddiPMKjl4+sHCjE= -knative.dev/serving v0.45.0/go.mod h1:AGpRclBUrrSx4KNiyDzAR4DlmENqLKrSNllnBP+h3yw= +knative.dev/serving v0.45.1 h1:tDbEZEzWeQ3KAhOZato5p7Jahdks9imerPBsiDUhkzk= +knative.dev/serving v0.45.1/go.mod h1:AGpRclBUrrSx4KNiyDzAR4DlmENqLKrSNllnBP+h3yw= nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw= pgregory.net/rapid v1.1.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= diff --git a/vendor/knative.dev/eventing/pkg/auth/verifier.go b/vendor/knative.dev/eventing/pkg/auth/verifier.go index df5c9d402d..b15d5a6eab 100644 --- a/vendor/knative.dev/eventing/pkg/auth/verifier.go +++ b/vendor/knative.dev/eventing/pkg/auth/verifier.go @@ -17,7 +17,6 @@ limitations under the License. package auth import ( - "bytes" "context" "encoding/json" "fmt" @@ -31,6 +30,7 @@ import ( "go.opencensus.io/plugin/ochttp" corev1listers "k8s.io/client-go/listers/core/v1" "knative.dev/eventing/pkg/eventingtls" + "knative.dev/eventing/pkg/utils" "knative.dev/pkg/configmap" "knative.dev/pkg/network" "knative.dev/pkg/tracing/propagation/tracecontextb3" @@ -160,7 +160,7 @@ func (v *Verifier) verifyAuthN(ctx context.Context, audience *string, req *http. // verifyAuthZ verifies if the given idToken is allowed by the resources eventPolicyStatus func (v *Verifier) verifyAuthZ(ctx context.Context, features feature.Flags, idToken *IDToken, resourceNamespace string, policyRefs []duckv1.AppliedEventPolicyRef, req *http.Request, resp http.ResponseWriter) error { if len(policyRefs) > 0 { - req, err := copyRequest(req) + req, err := utils.CopyRequest(req) if err != nil { resp.WriteHeader(http.StatusInternalServerError) return fmt.Errorf("failed to copy request body: %w", err) @@ -332,35 +332,6 @@ func (v *Verifier) getKubernetesOIDCDiscovery(features feature.Flags, client *ht return openIdConfig, nil } -// copyRequest makes a copy of the http request which can be consumed as needed, leaving the original request -// able to be consumed as well. -func copyRequest(req *http.Request) (*http.Request, error) { - // check if we actually need to copy the body, otherwise we can return the original request - if req.Body == nil || req.Body == http.NoBody { - return req, nil - } - - var buf bytes.Buffer - if _, err := buf.ReadFrom(req.Body); err != nil { - return nil, fmt.Errorf("failed to read request body while copying it: %w", err) - } - - if err := req.Body.Close(); err != nil { - return nil, fmt.Errorf("failed to close original request body ready while copying request: %w", err) - } - - // set the original request body to be readable again - req.Body = io.NopCloser(&buf) - - // return a new request with a readable body and same headers as the original - // we don't need to set any other fields as cloudevents only uses the headers - // and body to construct the Message/Event. - return &http.Request{ - Header: req.Header, - Body: io.NopCloser(bytes.NewReader(buf.Bytes())), - }, nil -} - type openIDMetadata struct { Issuer string `json:"issuer"` JWKSURI string `json:"jwks_uri"` diff --git a/vendor/knative.dev/eventing/pkg/utils/utils.go b/vendor/knative.dev/eventing/pkg/utils/utils.go index b1a73c278c..cfb8366227 100644 --- a/vendor/knative.dev/eventing/pkg/utils/utils.go +++ b/vendor/knative.dev/eventing/pkg/utils/utils.go @@ -17,6 +17,10 @@ limitations under the License. package utils import ( + "bytes" + "fmt" + "io" + "net/http" "regexp" "strings" @@ -91,3 +95,32 @@ func GenerateFixedName(owner metav1.Object, prefix string) string { // A dot must be followed by [a-z0-9] to be DNS1123 compliant. Make sure we are not joining a dot and a dash. return strings.TrimSuffix(prefix, ".") + uid } + +// CopyRequest makes a copy of the http request which can be consumed as needed, leaving the original request +// able to be consumed as well. +func CopyRequest(req *http.Request) (*http.Request, error) { + // check if we actually need to copy the body, otherwise we can return the original request + if req.Body == nil || req.Body == http.NoBody { + return req, nil + } + + var buf bytes.Buffer + if _, err := buf.ReadFrom(req.Body); err != nil { + return nil, fmt.Errorf("failed to read request body while copying it: %w", err) + } + + if err := req.Body.Close(); err != nil { + return nil, fmt.Errorf("failed to close original request body ready while copying request: %w", err) + } + + // set the original request body to be readable again + req.Body = io.NopCloser(&buf) + + // return a new request with a readable body and same headers as the original + // we don't need to set any other fields as cloudevents only uses the headers + // and body to construct the Message/Event. + return &http.Request{ + Header: req.Header, + Body: io.NopCloser(bytes.NewReader(buf.Bytes())), + }, nil +} diff --git a/vendor/knative.dev/serving/pkg/testing/v1/service.go b/vendor/knative.dev/serving/pkg/testing/v1/service.go index ddcfc8184e..f2f2154543 100644 --- a/vendor/knative.dev/serving/pkg/testing/v1/service.go +++ b/vendor/knative.dev/serving/pkg/testing/v1/service.go @@ -145,7 +145,7 @@ func WithServiceAnnotation(k, v string) ServiceOption { } } -// WithServiceAnnotationRemoved adds the given annotation to the service. +// WithServiceAnnotationRemoved removes the given annotation from the service. func WithServiceAnnotationRemoved(k string) ServiceOption { return func(svc *v1.Service) { svc.Annotations = kmeta.FilterMap(svc.Annotations, func(s string) bool { @@ -154,6 +154,15 @@ func WithServiceAnnotationRemoved(k string) ServiceOption { } } +// WithServiceLabelRemoved removes the given label from the service. +func WithServiceLabelRemoved(k string) ServiceOption { + return func(svc *v1.Service) { + svc.Labels = kmeta.FilterMap(svc.Labels, func(s string) bool { + return k == s + }) + } +} + // WithServiceImage sets the container image to be the provided string. func WithServiceImage(img string) ServiceOption { return func(svc *v1.Service) { diff --git a/vendor/modules.txt b/vendor/modules.txt index 8d6dec0a71..944e74b881 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1432,7 +1432,7 @@ k8s.io/utils/trace ## explicit; go 1.23.0 knative.dev/caching/pkg/apis/caching knative.dev/caching/pkg/apis/caching/v1alpha1 -# knative.dev/eventing v0.45.1 +# knative.dev/eventing v0.45.4 ## explicit; go 1.23.0 knative.dev/eventing/cmd/heartbeats knative.dev/eventing/pkg/apis @@ -1659,7 +1659,7 @@ knative.dev/reconciler-test/pkg/resources/service knative.dev/reconciler-test/pkg/resources/serviceaccount knative.dev/reconciler-test/pkg/state knative.dev/reconciler-test/resources/certificate -# knative.dev/serving v0.45.0 +# knative.dev/serving v0.45.1 ## explicit; go 1.24.0 knative.dev/serving/pkg/apis/autoscaling knative.dev/serving/pkg/apis/autoscaling/v1alpha1