diff --git a/go.mod b/go.mod index 219d7f1f062..17161b973c6 100644 --- a/go.mod +++ b/go.mod @@ -45,8 +45,8 @@ require ( k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 knative.dev/hack v0.0.0-20241010131451-05b2fb30cb4d knative.dev/hack/schema v0.0.0-20241010131451-05b2fb30cb4d - knative.dev/pkg v0.0.0-20241014065030-59c22a189949 - knative.dev/reconciler-test v0.0.0-20241011013609-1678877fb244 + knative.dev/pkg v0.0.0-20241021183759-9b9d535af5ad + knative.dev/reconciler-test v0.0.0-20241015093232-09111f0f1364 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index 2e19eaf4e63..0bdd9d63251 100644 --- a/go.sum +++ b/go.sum @@ -843,10 +843,10 @@ knative.dev/hack v0.0.0-20241010131451-05b2fb30cb4d h1:aCfX7kwkvgGxXXGbso5tLqdwQ knative.dev/hack v0.0.0-20241010131451-05b2fb30cb4d/go.mod h1:R0ritgYtjLDO9527h5vb5X6gfvt5LCrJ55BNbVDsWiY= knative.dev/hack/schema v0.0.0-20241010131451-05b2fb30cb4d h1:N+UlBE8F8LJUh/m6cYSwzqdqNg65BD9jbWoWO9nfqEA= knative.dev/hack/schema v0.0.0-20241010131451-05b2fb30cb4d/go.mod h1:jRH/sx6mwwuMVhvJgnzSaoYA1N4qaIkJa+zxEGtVA5I= -knative.dev/pkg v0.0.0-20241014065030-59c22a189949 h1:7ZH7J7mzyYqhbOMEEs5ipi0PL5/rgQo+ciyLDKvIuag= -knative.dev/pkg v0.0.0-20241014065030-59c22a189949/go.mod h1:HywcanTb6dH8j9AbDOVhHX65R+Dstdq+5pYHH64TcQs= -knative.dev/reconciler-test v0.0.0-20241011013609-1678877fb244 h1:A8GY6ARaJtUQUsB10zJJvvFQ5BzrpxDF1AGpJHkCGno= -knative.dev/reconciler-test v0.0.0-20241011013609-1678877fb244/go.mod h1:PXOqfSSDHzaVPXrpEPlxsOSQRIQJGnSrj2IuVQh3Kas= +knative.dev/pkg v0.0.0-20241021183759-9b9d535af5ad h1:Nrjtr2H168rJeamH4QdyLMV1lEKHejNhaj1ymgQMfLk= +knative.dev/pkg v0.0.0-20241021183759-9b9d535af5ad/go.mod h1:StJI72GWcm/iErmk4RqFJiOo8RLbVqPbHxUqeVwAzeo= +knative.dev/reconciler-test v0.0.0-20241015093232-09111f0f1364 h1:DIc+vbaFKOSGktPXJ1MaXIXoDjlmUIXQkHiZaPcYGbQ= +knative.dev/reconciler-test v0.0.0-20241015093232-09111f0f1364/go.mod h1:PVRnK/YQo9s3foRtut00oAxvCPc9f/qV2PApZh/rMPw= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/vendor/knative.dev/pkg/webhook/configmaps/controller.go b/vendor/knative.dev/pkg/webhook/configmaps/controller.go index 80ab3cab1de..277a47d08dc 100644 --- a/vendor/knative.dev/pkg/webhook/configmaps/controller.go +++ b/vendor/knative.dev/pkg/webhook/configmaps/controller.go @@ -46,6 +46,12 @@ func NewAdmissionController( secretInformer := secretinformer.Get(ctx) options := webhook.GetOptions(ctx) + // if this environment variable is set, it overrides the value in the Options + disableNamespaceOwnership := webhook.DisableNamespaceOwnershipFromEnv() + if disableNamespaceOwnership != nil { + options.DisableNamespaceOwnership = *disableNamespaceOwnership + } + key := types.NamespacedName{Name: name} wh := &reconciler{ diff --git a/vendor/knative.dev/pkg/webhook/env.go b/vendor/knative.dev/pkg/webhook/env.go index ffb7570110d..e622f5f97b5 100644 --- a/vendor/knative.dev/pkg/webhook/env.go +++ b/vendor/knative.dev/pkg/webhook/env.go @@ -32,6 +32,8 @@ const ( secretNameEnvKey = "WEBHOOK_SECRET_NAME" //nolint:gosec // This is not a hardcoded credential tlsMinVersionEnvKey = "WEBHOOK_TLS_MIN_VERSION" + + disableNamespaceOwnershipEnvKey = "WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP" ) // PortFromEnv returns the webhook port set by portEnvKey, or default port if env var is not set. @@ -82,3 +84,15 @@ func TLSMinVersionFromEnv(defaultTLSMinVersion uint16) uint16 { panic(fmt.Sprintf("the environment variable %q has to be either '1.2' or '1.3'", tlsMinVersionEnvKey)) } } + +func DisableNamespaceOwnershipFromEnv() *bool { + disableNamespaceOwnership := os.Getenv(disableNamespaceOwnershipEnvKey) + if disableNamespaceOwnership == "" { + return nil + } + disableNamespaceOwnershipBool, err := strconv.ParseBool(disableNamespaceOwnership) + if err != nil { + panic(fmt.Sprintf("failed to convert the environment variable %q : %v", disableNamespaceOwnershipEnvKey, err)) + } + return &disableNamespaceOwnershipBool +} diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go index 4e509d7a203..6a83b478452 100644 --- a/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go +++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go @@ -84,6 +84,12 @@ func newController(ctx context.Context, name string, optsFunc ...OptionFunc) *co f(opts) } + // if this environment variable is set, it overrides the value in the Options + disableNamespaceOwnership := webhook.DisableNamespaceOwnershipFromEnv() + if disableNamespaceOwnership != nil { + wopts.DisableNamespaceOwnership = *disableNamespaceOwnership + } + key := types.NamespacedName{Name: name} wh := &reconciler{ diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go index c8afa5c1389..dc72b69d26a 100644 --- a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go +++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go @@ -70,6 +70,12 @@ func newController(ctx context.Context, name string, optsFunc ...OptionFunc) *co f(opts) } + // if this environment variable is set, it overrides the value in the Options + disableNamespaceOwnership := webhook.DisableNamespaceOwnershipFromEnv() + if disableNamespaceOwnership != nil { + woptions.DisableNamespaceOwnership = *disableNamespaceOwnership + } + wh := &reconciler{ LeaderAwareFuncs: pkgreconciler.LeaderAwareFuncs{ // Have this reconciler enqueue our singleton whenever it becomes leader. diff --git a/vendor/knative.dev/pkg/webhook/webhook.go b/vendor/knative.dev/pkg/webhook/webhook.go index 1b90e75fcaf..9dc736b40c3 100644 --- a/vendor/knative.dev/pkg/webhook/webhook.go +++ b/vendor/knative.dev/pkg/webhook/webhook.go @@ -81,8 +81,10 @@ type Options struct { // before shutting down. GracePeriod time.Duration - // DisableNamespaceOwnership configures whether the webhook adds an owner reference for the SYSTEM_NAMESPACE - // Disabling this is useful when you expect the webhook configuration to be managed by something other than knative + // DisableNamespaceOwnership configures if the SYSTEM_NAMESPACE is added as an owner reference to the + // webhook configuration resources. Overridden by the WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP environment variable. + // Disabling can be useful to avoid breaking systems that expect ownership to indicate a true controller + // relationship: https://github.com/knative/serving/issues/15483 DisableNamespaceOwnership bool // ControllerOptions encapsulates options for creating a new controller, diff --git a/vendor/modules.txt b/vendor/modules.txt index 6fd279df509..bc92e7b28e5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1078,7 +1078,7 @@ knative.dev/hack/schema/commands knative.dev/hack/schema/docs knative.dev/hack/schema/registry knative.dev/hack/schema/schema -# knative.dev/pkg v0.0.0-20241014065030-59c22a189949 +# knative.dev/pkg v0.0.0-20241021183759-9b9d535af5ad ## explicit; go 1.22.0 knative.dev/pkg/apiextensions/storageversion knative.dev/pkg/apiextensions/storageversion/cmd/migrate @@ -1223,7 +1223,7 @@ knative.dev/pkg/webhook/resourcesemantics knative.dev/pkg/webhook/resourcesemantics/conversion knative.dev/pkg/webhook/resourcesemantics/defaulting knative.dev/pkg/webhook/resourcesemantics/validation -# knative.dev/reconciler-test v0.0.0-20241011013609-1678877fb244 +# knative.dev/reconciler-test v0.0.0-20241015093232-09111f0f1364 ## explicit; go 1.22.0 knative.dev/reconciler-test/cmd/eventshub knative.dev/reconciler-test/pkg/environment