From 0e56fb12a379b51163f398cccdf5e9559b8e1453 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Fri, 6 Oct 2023 12:15:23 -0400 Subject: [PATCH 01/24] E2E tests for broker: TLS key pair rotation (#3287) * progress save * add the new cert rotation test * Update the rekt test * Format the files * workspace save * maven * Clean up * Clean up * Format * Fix the rekt test CA cert issue on Source Co-authored-by: Pierangelo Di Pilato * Format fix * Re-order the prerequisite * Enable the strict transportation mode in TLS rekt tests * Fix the reviewDog comment * Update test/e2e_new/broker_eventing_tls_test.go Co-authored-by: Pierangelo Di Pilato * Fix the format of the shell script * Fix the format of the shell script * Update the Strict feature flag * Add the code to inject the feature flag to the context in the broker controller * Run go import * Fix the controller tests * Set the default value to all other feature flags when we are updating the transport-encryption feature flag --------- Co-authored-by: Pierangelo Di Pilato Co-authored-by: Pierangelo Di Pilato --- .../pkg/reconciler/broker/controller.go | 8 +- .../pkg/reconciler/broker/controller_test.go | 4 + .../kafka/broker/core/metrics/Metrics.java | 46 +++++--- .../config-transport-encryption/features.yaml | 32 +++++ test/e2e_new/broker_eventing_tls_test.go | 48 ++++++++ test/reconciler-tests.sh | 6 + test/rekt/features/broker_auth.go | 4 + test/rekt/features/broker_tls.go | 111 ++++++++++++++++++ 8 files changed, 239 insertions(+), 20 deletions(-) create mode 100644 test/config-transport-encryption/features.yaml create mode 100644 test/e2e_new/broker_eventing_tls_test.go create mode 100644 test/rekt/features/broker_tls.go diff --git a/control-plane/pkg/reconciler/broker/controller.go b/control-plane/pkg/reconciler/broker/controller.go index 113d51ce97..781dd16a8e 100644 --- a/control-plane/pkg/reconciler/broker/controller.go +++ b/control-plane/pkg/reconciler/broker/controller.go @@ -88,8 +88,13 @@ func NewController(ctx context.Context, watcher configmap.Watcher, env *config.E ) } + featureStore := feature.NewStore(logging.FromContext(ctx).Named("feature-config-store")) + featureStore.WatchConfigs(watcher) + impl := brokerreconciler.NewImpl(ctx, reconciler, kafka.BrokerClass, func(impl *controller.Impl) controller.Options { - return controller.Options{PromoteFilterFunc: kafka.BrokerClassFilter()} + return controller.Options{ + ConfigStore: featureStore, + PromoteFilterFunc: kafka.BrokerClassFilter()} }) reconciler.Resolver = resolver.NewURIResolverFromTracker(ctx, impl.Tracker) @@ -97,6 +102,7 @@ func NewController(ctx context.Context, watcher configmap.Watcher, env *config.E features := feature.FromContext(ctx) caCerts, err := reconciler.getCaCerts() + if err != nil && (features.IsStrictTransportEncryption() || features.IsPermissiveTransportEncryption()) { // We only need to warn here as the broker won't reconcile properly without the proper certs because the prober won't succeed logger.Warn("Failed to get CA certs when at least one address uses TLS", zap.Error(err)) diff --git a/control-plane/pkg/reconciler/broker/controller_test.go b/control-plane/pkg/reconciler/broker/controller_test.go index 555c32e56c..e714216e5d 100644 --- a/control-plane/pkg/reconciler/broker/controller_test.go +++ b/control-plane/pkg/reconciler/broker/controller_test.go @@ -89,6 +89,10 @@ func TestNewController(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: apisconfig.FlagsConfigName, }, + }, &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "config-features", + }, }), env, ) diff --git a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/metrics/Metrics.java b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/metrics/Metrics.java index 9f0a11bc3d..6ff61f3d19 100644 --- a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/metrics/Metrics.java +++ b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/metrics/Metrics.java @@ -62,17 +62,22 @@ public class Metrics { public static final boolean DISABLE_KAFKA_CLIENTS_METRICS = Boolean.parseBoolean(System.getenv("DISABLE_KAFKA_CLIENTS_METRICS")); - // There are different thread polls usable, mainly, each with its own drawbacks for our use case: - // - cached thread pools - // - fixed thread pools + // There are different thread polls usable, mainly, each with its own drawbacks + // for our use case: + // - cached thread pools + // - fixed thread pools // - // A cached thread might grow unbounded and since creating, updating and deleting resources - // trigger the usage of this executor, a bad actor might start continuously creating, updating + // A cached thread might grow unbounded and since creating, updating and + // deleting resources + // trigger the usage of this executor, a bad actor might start continuously + // creating, updating // and deleting resources which will cause resource exhaustion. // - // A fixed thread poll doesn't give the best possible latency for every resource, but it's + // A fixed thread poll doesn't give the best possible latency for every + // resource, but it's // bounded, so we keep the resource usage under control. - // We might want to provide configs to make it bigger than a single thread but a single thread + // We might want to provide configs to make it bigger than a single thread but a + // single thread // to start with is good enough for now. public static final ExecutorService meterBinderExecutor = Executors.newSingleThreadExecutor(); @@ -80,17 +85,19 @@ public class Metrics { Runtime.getRuntime().addShutdownHook(new Thread(meterBinderExecutor::shutdown)); } - // Micrometer employs a naming convention that separates lowercase words with a '.' (dot) character. - // Different monitoring systems have different recommendations regarding naming convention, and some naming + // Micrometer employs a naming convention that separates lowercase words with a + // '.' (dot) character. + // Different monitoring systems have different recommendations regarding naming + // convention, and some naming // conventions may be incompatible for one system and not another. - // Each Micrometer implementation for a monitoring system comes with a naming convention that transforms lowercase + // Each Micrometer implementation for a monitoring system comes with a naming + // convention that transforms lowercase // dot notation names to the monitoring system’s recommended naming convention. - // Additionally, this naming convention implementation sanitizes metric names and tags of special characters that + // Additionally, this naming convention implementation sanitizes metric names + // and tags of special characters that // are disallowed by the monitoring system. - /** - * In prometheus format --> http_events_sent_total - */ + /** In prometheus format --> http_events_sent_total */ public static final String HTTP_EVENTS_SENT_COUNT = "http.events.sent"; /** @@ -221,8 +228,8 @@ public static MeterRegistry getRegistry() { * Register the given consumer to the global meter registry. * * @param consumer consumer to bind to the global registry. - * @param Record key type. - * @param Record value type. + * @param Record key type. + * @param Record value type. * @return A meter binder to close once the consumer is closed. */ public static AsyncCloseable register(final Consumer consumer) { @@ -233,8 +240,8 @@ public static AsyncCloseable register(final Consumer consumer) { * Register the given producer to the global meter registry. * * @param producer Consumer to bind to the global registry. - * @param Record key type. - * @param Record value type. + * @param Record key type. + * @param Record value type. * @return A meter binder to close once the producer is closed. */ public static AsyncCloseable register(final Producer producer) { @@ -270,7 +277,8 @@ private static AsyncCloseable register(final Supplier metric }; } catch (final RejectedExecutionException ex) { - // if this task cannot be accepted for execution when the executor has been shutdown. + // if this task cannot be accepted for execution when the executor has been + // shutdown. logger.warn("Failed to bind metrics for Kafka client", ex); } } diff --git a/test/config-transport-encryption/features.yaml b/test/config-transport-encryption/features.yaml new file mode 100644 index 0000000000..ce2d561784 --- /dev/null +++ b/test/config-transport-encryption/features.yaml @@ -0,0 +1,32 @@ +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-features + namespace: knative-eventing + labels: + knative.dev/config-propagation: original + knative.dev/config-category: eventing +data: + authentication.oidc: "disabled" + delivery-retryafter: "disabled" + delivery-timeout: "enabled" + eventtype-auto-create: "disabled" + kreference-group: "disabled" + kreference-mapping: "disabled" + new-trigger-filters: "enabled" + strict-subscriber: "disabled" + transport-encryption: "Strict" diff --git a/test/e2e_new/broker_eventing_tls_test.go b/test/e2e_new/broker_eventing_tls_test.go new file mode 100644 index 0000000000..123d9fb61d --- /dev/null +++ b/test/e2e_new/broker_eventing_tls_test.go @@ -0,0 +1,48 @@ +//go:build e2e +// +build e2e + +/* + * Copyright 2023 The Knative Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package e2e_new + +import ( + "testing" + "time" + + "knative.dev/eventing-kafka-broker/test/rekt/features" + "knative.dev/pkg/system" + "knative.dev/reconciler-test/pkg/environment" + "knative.dev/reconciler-test/pkg/eventshub" + "knative.dev/reconciler-test/pkg/k8s" + "knative.dev/reconciler-test/pkg/knative" +) + +func TestBrokerTLSCARotation(t *testing.T) { + t.Parallel() + + ctx, env := global.Environment( + knative.WithKnativeNamespace(system.Namespace()), + knative.WithLoggingConfig, + knative.WithTracingConfig, + k8s.WithEventListener, + environment.Managed(t), + eventshub.WithTLS(t), + environment.WithPollTimings(5*time.Second, 4*time.Minute), + ) + + env.Test(ctx, t, features.RotateBrokerTLSCertificates()) +} diff --git a/test/reconciler-tests.sh b/test/reconciler-tests.sh index 419afdd382..1aa9a5ba6d 100755 --- a/test/reconciler-tests.sh +++ b/test/reconciler-tests.sh @@ -48,6 +48,12 @@ go_test_e2e -tags=e2e,cloudevents -timeout=1h ./test/e2e_new_channel/... || fail go_test_e2e -tags=deletecm ./test/e2e_new/... || fail_test "E2E (new deletecm) suite failed" +echo "Running E2E Reconciler Tests with strict transport encryption" + +kubectl apply -Rf "$(dirname "$0")/config-transport-encryption" + +go_test_e2e -timeout=1h ./test/e2e_new -run TLS || fail_test + if ! ${LOCAL_DEVELOPMENT}; then go_test_e2e -tags=sacura -timeout=40m ./test/e2e/... || fail_test "E2E (sacura) suite failed" fi diff --git a/test/rekt/features/broker_auth.go b/test/rekt/features/broker_auth.go index f66f8edca4..24acf2706c 100644 --- a/test/rekt/features/broker_auth.go +++ b/test/rekt/features/broker_auth.go @@ -21,15 +21,19 @@ import ( "time" "github.com/cloudevents/sdk-go/v2/test" + "github.com/google/uuid" testpkg "knative.dev/eventing-kafka-broker/test/pkg" "knative.dev/eventing-kafka-broker/test/rekt/resources/kafkaauthsecret" + "knative.dev/eventing/test/rekt/resources/broker" "knative.dev/eventing/test/rekt/resources/trigger" + "knative.dev/reconciler-test/pkg/eventshub" "knative.dev/reconciler-test/pkg/eventshub/assert" "knative.dev/reconciler-test/pkg/feature" "knative.dev/reconciler-test/pkg/manifest" + "knative.dev/reconciler-test/resources/svc" brokerconfigmap "knative.dev/eventing-kafka-broker/test/rekt/resources/configmap/broker" diff --git a/test/rekt/features/broker_tls.go b/test/rekt/features/broker_tls.go new file mode 100644 index 0000000000..705693197b --- /dev/null +++ b/test/rekt/features/broker_tls.go @@ -0,0 +1,111 @@ +/* + * Copyright 2023 The Knative Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package features + +import ( + "context" + "time" + + "k8s.io/apimachinery/pkg/types" + "knative.dev/eventing/test/rekt/resources/addressable" + "knative.dev/reconciler-test/resources/certificate" + + testpkg "knative.dev/eventing-kafka-broker/test/pkg" + + cetest "github.com/cloudevents/sdk-go/v2/test" + "github.com/google/uuid" + + brokerconfigmap "knative.dev/eventing-kafka-broker/test/rekt/resources/configmap/broker" + "knative.dev/eventing/test/rekt/features/featureflags" + "knative.dev/eventing/test/rekt/resources/broker" + "knative.dev/eventing/test/rekt/resources/trigger" + "knative.dev/pkg/system" + "knative.dev/reconciler-test/pkg/eventshub" + "knative.dev/reconciler-test/pkg/eventshub/assert" + "knative.dev/reconciler-test/pkg/feature" + "knative.dev/reconciler-test/pkg/resources/service" +) + +func RotateBrokerTLSCertificates() *feature.Feature { + + ingressCertificateName := "kafka-broker-ingress-server-tls" + ingressSecretName := "kafka-broker-ingress-server-tls" + + brokerName := feature.MakeRandomK8sName("broker") + triggerName := feature.MakeRandomK8sName("trigger") + sink := feature.MakeRandomK8sName("sink") + source := feature.MakeRandomK8sName("source") + + f := feature.NewFeatureNamed("Rotate Kafka Broker TLS certificate") + + brokerConfig := feature.MakeRandomK8sName("brokercfg") + + f.Prerequisite("transport encryption is strict", featureflags.TransportEncryptionStrict()) + f.Prerequisite("should not run when Istio is enabled", featureflags.IstioDisabled()) + + f.Setup("Create broker config", brokerconfigmap.Install(brokerConfig, + brokerconfigmap.WithNumPartitions(1), + brokerconfigmap.WithReplicationFactor(1), + brokerconfigmap.WithBootstrapServer(testpkg.BootstrapServersPlaintext))) + + f.Setup("Rotate ingress certificate", certificate.Rotate(certificate.RotateCertificate{ + Certificate: types.NamespacedName{ + Namespace: system.Namespace(), + Name: ingressCertificateName, + }, + })) + + f.Setup("install sink", eventshub.Install(sink, eventshub.StartReceiverTLS)) + f.Setup("Install broker", broker.Install(brokerName, append( + broker.WithEnvConfig(), + broker.WithConfig(brokerConfig))..., + )) + f.Setup("Broker is ready", broker.IsReady(brokerName)) + f.Setup("install trigger", func(ctx context.Context, t feature.T) { + d := service.AsDestinationRef(sink) + d.CACerts = eventshub.GetCaCerts(ctx) + trigger.Install(triggerName, brokerName, trigger.WithSubscriberFromDestination(d))(ctx, t) + }) + f.Setup("trigger is ready", trigger.IsReady(triggerName)) + f.Setup("Broker has HTTPS address", broker.ValidateAddress(brokerName, addressable.AssertHTTPSAddress)) + + event := cetest.FullEvent() + event.SetID(uuid.New().String()) + + f.Requirement("install source", eventshub.Install(source, + eventshub.StartSenderToResourceTLS(broker.GVR(), brokerName, nil), + eventshub.InputEvent(event), + // Send multiple events so that we take into account that the certificate rotation might + // be detected by the server after some time. + eventshub.SendMultipleEvents(100, 3*time.Second), + )) + + f.Assert("Event sent", assert.OnStore(source). + MatchSentEvent(cetest.HasId(event.ID())). + AtLeast(1), + ) + f.Assert("Event received", assert.OnStore(sink). + MatchReceivedEvent(cetest.HasId(event.ID())). + AtLeast(1), + ) + f.Assert("Source match updated peer certificate", assert.OnStore(source). + MatchPeerCertificatesReceived(assert.MatchPeerCertificatesFromSecret(system.Namespace(), ingressSecretName, "tls.crt")). + AtLeast(1), + ) + + return f +} From cf72d9145dcf6fb675584ffe2d42a67ee93cea6f Mon Sep 17 00:00:00 2001 From: Leo Li Date: Tue, 10 Oct 2023 13:25:18 -0400 Subject: [PATCH 02/24] Run Dependency update --- go.mod | 2 +- go.sum | 4 +- .../eventing/hack/update-cert-manager.sh | 0 .../reconciler-test/pkg/environment/magic.go | 2 +- .../pkg/environment/namespace.go | 7 + .../pkg/eventshub/eventshub.go | 6 +- .../pkg/eventshub/forwarder/forwarder.go | 14 +- .../pkg/eventshub/istio_quit.go | 38 +++ .../pkg/eventshub/resources.go | 2 +- .../reconciler-test/pkg/manifest/manifest.go | 19 +- .../reconciler-test/pkg/manifest/options.go | 1 + .../resources/certificate/certificate.go | 218 ++++++++++++++++++ vendor/modules.txt | 3 +- 13 files changed, 302 insertions(+), 14 deletions(-) mode change 100755 => 100644 vendor/knative.dev/eventing/hack/update-cert-manager.sh create mode 100644 vendor/knative.dev/reconciler-test/pkg/eventshub/istio_quit.go create mode 100644 vendor/knative.dev/reconciler-test/resources/certificate/certificate.go diff --git a/go.mod b/go.mod index 6b45f93ac8..7ed0ba8c88 100644 --- a/go.mod +++ b/go.mod @@ -42,7 +42,7 @@ require ( knative.dev/eventing v0.38.0 knative.dev/hack v0.0.0-20230712131415-ddae80293c43 knative.dev/pkg v0.0.0-20230718152110-aef227e72ead - knative.dev/reconciler-test v0.0.0-20230731164843-19232908376e + knative.dev/reconciler-test v0.0.0-20231010075208-03cc77c11831 sigs.k8s.io/controller-runtime v0.12.3 ) diff --git a/go.sum b/go.sum index dd8adab5dd..57e011fad1 100644 --- a/go.sum +++ b/go.sum @@ -1345,8 +1345,8 @@ knative.dev/hack v0.0.0-20230712131415-ddae80293c43 h1:3SE06uNfSFGm/5XS+0trbyCUp knative.dev/hack v0.0.0-20230712131415-ddae80293c43/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= knative.dev/pkg v0.0.0-20230718152110-aef227e72ead h1:2dDzorpKuVZW3Qp7TbirMMq16FbId8f6bacQFX8jXLw= knative.dev/pkg v0.0.0-20230718152110-aef227e72ead/go.mod h1:WmrwRV/P+hGHoMraAEfwg6ec+fBTf+Obu41v354Iabc= -knative.dev/reconciler-test v0.0.0-20230731164843-19232908376e h1:kiW6vipbqTNIXicsOoUQBRH9/dYIbiTZv332Rk+YmvI= -knative.dev/reconciler-test v0.0.0-20230731164843-19232908376e/go.mod h1:i+/PWK/n3HPgjXMoj5U7CA6WRW/C3c3EfHCQ0FmrhNM= +knative.dev/reconciler-test v0.0.0-20231010075208-03cc77c11831 h1:rOisVvTe0yuJNImgOex1Z4vdqXRPP1FAg5xPxbLOSlU= +knative.dev/reconciler-test v0.0.0-20231010075208-03cc77c11831/go.mod h1:i+/PWK/n3HPgjXMoj5U7CA6WRW/C3c3EfHCQ0FmrhNM= pgregory.net/rapid v0.3.3 h1:jCjBsY4ln4Atz78QoBWxUEvAHaFyNDQg9+WU62aCn1U= pgregory.net/rapid v0.3.3/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/vendor/knative.dev/eventing/hack/update-cert-manager.sh b/vendor/knative.dev/eventing/hack/update-cert-manager.sh old mode 100755 new mode 100644 diff --git a/vendor/knative.dev/reconciler-test/pkg/environment/magic.go b/vendor/knative.dev/reconciler-test/pkg/environment/magic.go index 5213ff936b..a1808d8560 100644 --- a/vendor/knative.dev/reconciler-test/pkg/environment/magic.go +++ b/vendor/knative.dev/reconciler-test/pkg/environment/magic.go @@ -184,7 +184,7 @@ func WithEmitter(emitter milestone.Emitter) EnvOpts { } func (mr *MagicGlobalEnvironment) Environment(opts ...EnvOpts) (context.Context, Environment) { - opts = append([]EnvOpts{inNamespace()}, opts...) + opts = append(opts, inNamespace()) env := &MagicEnvironment{ c: mr.c, diff --git a/vendor/knative.dev/reconciler-test/pkg/environment/namespace.go b/vendor/knative.dev/reconciler-test/pkg/environment/namespace.go index c116e64477..18c73c8e10 100644 --- a/vendor/knative.dev/reconciler-test/pkg/environment/namespace.go +++ b/vendor/knative.dev/reconciler-test/pkg/environment/namespace.go @@ -32,6 +32,13 @@ import ( type namespaceKey struct{} +// WithNamespace overrides test namespace for given environment. +func WithNamespace(namespace string) EnvOpts { + return func(ctx context.Context, env Environment) (context.Context, error) { + return withNamespace(ctx, namespace), nil + } +} + func withNamespace(ctx context.Context, namespace string) context.Context { return context.WithValue(ctx, namespaceKey{}, namespace) } diff --git a/vendor/knative.dev/reconciler-test/pkg/eventshub/eventshub.go b/vendor/knative.dev/reconciler-test/pkg/eventshub/eventshub.go index fab7948b07..512552b8e1 100644 --- a/vendor/knative.dev/reconciler-test/pkg/eventshub/eventshub.go +++ b/vendor/knative.dev/reconciler-test/pkg/eventshub/eventshub.go @@ -23,6 +23,7 @@ import ( "golang.org/x/sync/errgroup" "knative.dev/pkg/injection" "knative.dev/pkg/logging" + "knative.dev/pkg/signals" ) type envConfig struct { @@ -39,8 +40,9 @@ type EventGeneratorStarter func(context.Context, *EventLogs) error // Start starts a new eventshub process, with the provided factories. // You can create your own eventshub providing event log factories and event generator factories. func Start(eventLogFactories map[string]EventLogFactory, eventGeneratorFactories map[string]EventGeneratorStarter) { - //nolint // nil ctx is fine here, look at the code of EnableInjectionOrDie - ctx, _ := injection.EnableInjectionOrDie(nil, nil) + ctx := signals.NewContext() + defer maybeQuitIstioProxy(ctx) // quit at exit + ctx, _ = injection.EnableInjectionOrDie(ctx, nil) ctx = ConfigureLogging(ctx, "eventshub") tracer, err := ConfigureTracing(logging.FromContext(ctx), "") diff --git a/vendor/knative.dev/reconciler-test/pkg/eventshub/forwarder/forwarder.go b/vendor/knative.dev/reconciler-test/pkg/eventshub/forwarder/forwarder.go index 19ed26e53e..e1caaeae04 100644 --- a/vendor/knative.dev/reconciler-test/pkg/eventshub/forwarder/forwarder.go +++ b/vendor/knative.dev/reconciler-test/pkg/eventshub/forwarder/forwarder.go @@ -130,15 +130,19 @@ func (o *Forwarder) ServeHTTP(writer http.ResponseWriter, request *http.Request) defer m.Finish(nil) event, eventErr := cloudeventsbindings.ToEvent(context.TODO(), m) - headers := make(http.Header) + receivedHeaders := make(http.Header) + headersToBeSent := make(http.Header) for k, v := range request.Header { if !strings.HasPrefix(k, "Ce-") { - headers[k] = v + receivedHeaders[k] = v + } + if strings.HasPrefix(k, "Kn-") { + headersToBeSent[k] = v } } // Host header is removed from the request.Header map by net/http if request.Host != "" { - headers.Set("Host", request.Host) + receivedHeaders.Set("Host", request.Host) } eventErrStr := "" @@ -150,7 +154,7 @@ func (o *Forwarder) ServeHTTP(writer http.ResponseWriter, request *http.Request) Error: eventErrStr, Event: event, Observer: o.Name, - HTTPHeaders: headers, + HTTPHeaders: receivedHeaders, Origin: request.RemoteAddr, Time: time.Now(), Kind: eventshub.EventReceived, @@ -166,6 +170,8 @@ func (o *Forwarder) ServeHTTP(writer http.ResponseWriter, request *http.Request) logging.FromContext(o.ctx).Error("Cannot create the request: ", err) } + req.Header = headersToBeSent + err = cehttp.WriteRequest(requestCtx, binding.ToMessage(event), req) if err != nil { logging.FromContext(o.ctx).Error("Cannot write the event: ", err) diff --git a/vendor/knative.dev/reconciler-test/pkg/eventshub/istio_quit.go b/vendor/knative.dev/reconciler-test/pkg/eventshub/istio_quit.go new file mode 100644 index 0000000000..6a16defb83 --- /dev/null +++ b/vendor/knative.dev/reconciler-test/pkg/eventshub/istio_quit.go @@ -0,0 +1,38 @@ +/* +Copyright 2023 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package eventshub + +import ( + "context" + "errors" + "net/http" + "syscall" + + "knative.dev/pkg/logging" +) + +// maybeQuitIstioProxy shuts down Istio's proxy when available. +func maybeQuitIstioProxy(ctx context.Context) { + log := logging.FromContext(ctx) + req, _ := http.NewRequest(http.MethodPost, "http://localhost:15020/quitquitquit", nil) + + _, err := http.DefaultClient.Do(req) + + if err != nil && !errors.Is(err, syscall.ECONNREFUSED) { + log.Warn("Ignore this warning if Istio proxy is not used on this pod", err) + } +} diff --git a/vendor/knative.dev/reconciler-test/pkg/eventshub/resources.go b/vendor/knative.dev/reconciler-test/pkg/eventshub/resources.go index 5151095b4a..59905c7b13 100644 --- a/vendor/knative.dev/reconciler-test/pkg/eventshub/resources.go +++ b/vendor/knative.dev/reconciler-test/pkg/eventshub/resources.go @@ -156,7 +156,7 @@ func Install(name string, options ...EventsHubOption) feature.StepFn { // No event recording desired, just logging. envs[EventLogsEnv] = "logger" cfg["envs"] = envs - cfg["sink"] = sinkURL + cfg["sink"] = sinkURL.URL.String() // Deploy Forwarder if _, err := manifest.InstallYamlFS(ctx, forwarderTemplates, cfg); err != nil { diff --git a/vendor/knative.dev/reconciler-test/pkg/manifest/manifest.go b/vendor/knative.dev/reconciler-test/pkg/manifest/manifest.go index e730046659..2fc8f700e9 100644 --- a/vendor/knative.dev/reconciler-test/pkg/manifest/manifest.go +++ b/vendor/knative.dev/reconciler-test/pkg/manifest/manifest.go @@ -19,8 +19,10 @@ package manifest import ( "context" "fmt" + "strings" "go.uber.org/zap" + "gopkg.in/yaml.v3" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/api/errors" @@ -88,7 +90,7 @@ func (f *YamlManifest) Apply(spec *unstructured.Unstructured) error { f.log.Info("Creating type ", spec.GroupVersionKind(), " name ", spec.GetName()) gvr, _ := meta.UnsafeGuessKindToResource(spec.GroupVersionKind()) if _, err := f.client.Resource(gvr).Namespace(spec.GetNamespace()).Create(context.Background(), spec, v1.CreateOptions{}); err != nil { - return err + return fmt.Errorf("failed to create resource %v - Resource:\n%s", err, toYaml(spec)) } } else { // Update existing one @@ -97,7 +99,7 @@ func (f *YamlManifest) Apply(spec *unstructured.Unstructured) error { gvr, _ := meta.UnsafeGuessKindToResource(spec.GroupVersionKind()) if _, err = f.client.Resource(gvr).Namespace(current.GetNamespace()).Update(context.Background(), current, v1.UpdateOptions{}); err != nil { - return err + return fmt.Errorf("failed to update resource %v - Resource:\n%s", err, toYaml(spec)) } } } @@ -213,3 +215,16 @@ func UpdateChanged(src, tgt map[string]interface{}) bool { } return changed } + +func toYaml(spec *unstructured.Unstructured) string { + s := strings.Builder{} + enc := yaml.NewEncoder(&s) + enc.SetIndent(2) + + if err := enc.Encode(spec.Object); err != nil { + return err.Error() + } + _ = enc.Close() + + return s.String() +} diff --git a/vendor/knative.dev/reconciler-test/pkg/manifest/options.go b/vendor/knative.dev/reconciler-test/pkg/manifest/options.go index 94855ddbd6..bb51fb58a3 100644 --- a/vendor/knative.dev/reconciler-test/pkg/manifest/options.go +++ b/vendor/knative.dev/reconciler-test/pkg/manifest/options.go @@ -86,6 +86,7 @@ func WithIstioPodAnnotations(cfg map[string]interface{}) { podAnnotations := map[string]interface{}{ "sidecar.istio.io/inject": "true", "sidecar.istio.io/rewriteAppHTTPProbers": "true", + "proxy.istio.io/config": "{ 'holdApplicationUntilProxyStarts': true }", } WithAnnotations(podAnnotations)(cfg) diff --git a/vendor/knative.dev/reconciler-test/resources/certificate/certificate.go b/vendor/knative.dev/reconciler-test/resources/certificate/certificate.go new file mode 100644 index 0000000000..e3e80768e1 --- /dev/null +++ b/vendor/knative.dev/reconciler-test/resources/certificate/certificate.go @@ -0,0 +1,218 @@ +/* +Copyright 2023 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package certificate + +import ( + "bytes" + "context" + "time" + + corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/wait" + "knative.dev/pkg/apis" + duckv1 "knative.dev/pkg/apis/duck/v1" + kubeclient "knative.dev/pkg/client/injection/kube/client" + "knative.dev/pkg/injection/clients/dynamicclient" + + "knative.dev/reconciler-test/pkg/feature" +) + +var ( + certificateGVR = schema.GroupVersionResource{ + Group: "cert-manager.io", + Version: "v1", + Resource: "certificates", + } +) + +type RotateCertificate struct { + Certificate types.NamespacedName +} + +// Rotate rotates a cert-manager issued certificate. +// The procedure follows the same process as the cert-manager command `cmctl renew ` +// See also https://cert-manager.io/docs/usage/certificate/#actions-triggering-private-key-rotation +func Rotate(rotate RotateCertificate) feature.StepFn { + return func(ctx context.Context, t feature.T) { + before := getSecret(ctx, t, rotate) + issueRotation(ctx, t, rotate) + waitForRotation(ctx, t, rotate, before) + } + +} + +func issueRotation(ctx context.Context, t feature.T, rotate RotateCertificate) { + var lastErr error + err := wait.PollImmediate(time.Second, time.Minute, func() (bool, error) { + err := rotateCertificate(ctx, rotate) + if err == nil { + return true, nil + } + lastErr = err + + // Retry on conflicts + if apierrors.IsConflict(err) { + return false, nil + } + + return false, err + }) + if err != nil { + t.Fatal(err, lastErr) + } +} + +type Certificate struct { + metav1.TypeMeta `json:",inline"` + // +optional + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec Spec `json:"spec"` + + Status Status `json:"status"` +} + +type Spec struct { + SecretName string `json:"secretName"` +} + +// Status defines the observed state of Certificate +type Status struct { + duckv1.Status `json:",inline"` + // Copied from https://github.com/cert-manager/cert-manager/blob/master/pkg/apis/certmanager/v1/types_certificate.go + LastFailureTime *metav1.Time `json:"lastFailureTime,omitempty"` + NotBefore *metav1.Time `json:"notBefore,omitempty"` + NotAfter *metav1.Time `json:"notAfter,omitempty"` + RenewalTime *metav1.Time `json:"renewalTime,omitempty"` + Revision *int `json:"revision,omitempty"` + NextPrivateKeySecretName *string `json:"nextPrivateKeySecretName,omitempty"` + FailedIssuanceAttempts *int `json:"failedIssuanceAttempts,omitempty"` +} + +func rotateCertificate(ctx context.Context, rotate RotateCertificate) error { + dc := dynamicclient.Get(ctx).Resource(certificateGVR) + + obj, err := dc. + Namespace(rotate.Certificate.Namespace). + Get(ctx, rotate.Certificate.Name, metav1.GetOptions{}) + if err != nil { + return err + } + + cert := &Certificate{} + if err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, cert); err != nil { + return err + } + + renewCertificate(cert) + + obj.Object, err = runtime.DefaultUnstructuredConverter.ToUnstructured(cert) + if err != nil { + return err + } + + _, err = dc. + Namespace(rotate.Certificate.Namespace). + UpdateStatus(ctx, obj, metav1.UpdateOptions{}) + if err != nil { + return err + } + + return nil +} + +func waitForRotation(ctx context.Context, t feature.T, rotate RotateCertificate, before *corev1.Secret) { + keys := []string{"tls.key", "tls.crt"} + err := wait.PollImmediate(time.Second, time.Minute, func() (bool, error) { + current := getSecret(ctx, t, rotate) + for _, key := range keys { + if bytes.Equal(before.Data[key], current.Data[key]) { + t.Logf("Value for key %s is equal", key) + return false, nil + } + } + return true, nil + }) + if err != nil { + t.Errorf("Failed while waiting for Certificate rotation to happen: %v", err) + } +} + +func getSecret(ctx context.Context, t feature.T, rotate RotateCertificate) *corev1.Secret { + obj, err := dynamicclient.Get(ctx).Resource(certificateGVR). + Namespace(rotate.Certificate.Namespace). + Get(ctx, rotate.Certificate.Name, metav1.GetOptions{}) + if err != nil { + t.Fatalf("Failed to get certificate %s/%s: %v", rotate.Certificate.Namespace, rotate.Certificate.Name, err) + } + + cert := &Certificate{} + if err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, cert); err != nil { + t.Fatal(err) + } + + secret, err := kubeclient.Get(ctx). + CoreV1(). + Secrets(rotate.Certificate.Namespace). + Get(ctx, cert.Spec.SecretName, metav1.GetOptions{}) + if err != nil { + t.Fatalf("Failed to get secret %s/%s: %v", rotate.Certificate.Namespace, cert.Spec.SecretName, err) + } + + return secret +} + +// Adapted from: +// - https://github.com/cert-manager/cert-manager/blob/843deed22f563dbdcbbf71a9fc478609ee90cb8e/pkg/api/util/conditions.go#L165-L204 +// - https://github.com/cert-manager/cert-manager/blob/843deed22f563dbdcbbf71a9fc478609ee90cb8e/cmd/ctl/pkg/renew/renew.go#L206-L214 +func renewCertificate(c *Certificate) { + + newCondition := apis.Condition{ + Type: apis.ConditionType("Issuing"), + Status: corev1.ConditionTrue, + Reason: "ManuallyTriggered", + Message: "Certificate re-issuance manually triggered", + } + + nowTime := metav1.NewTime(time.Now()) + newCondition.LastTransitionTime = apis.VolatileTime{Inner: nowTime} + + // Search through existing conditions + for idx, cond := range c.Status.GetConditions() { + // Skip unrelated conditions + if cond.Type != newCondition.Type { + continue + } + + // If this update doesn't contain a state transition, we don't update + // the conditions LastTransitionTime to Now() + if cond.Status == newCondition.Status { + newCondition.LastTransitionTime = cond.LastTransitionTime + } + + // Overwrite the existing condition + c.Status.Conditions[idx] = newCondition + return + } + + c.Status.SetConditions(append(c.Status.GetConditions(), newCondition)) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index ae93d466c7..352f0d1671 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1541,7 +1541,7 @@ knative.dev/pkg/webhook/json knative.dev/pkg/webhook/resourcesemantics knative.dev/pkg/webhook/resourcesemantics/defaulting knative.dev/pkg/webhook/resourcesemantics/validation -# knative.dev/reconciler-test v0.0.0-20230731164843-19232908376e +# knative.dev/reconciler-test v0.0.0-20231010075208-03cc77c11831 ## explicit; go 1.18 knative.dev/reconciler-test/cmd/eventshub knative.dev/reconciler-test/pkg/environment @@ -1569,6 +1569,7 @@ knative.dev/reconciler-test/pkg/resources/knativeservice knative.dev/reconciler-test/pkg/resources/secret knative.dev/reconciler-test/pkg/resources/service knative.dev/reconciler-test/pkg/state +knative.dev/reconciler-test/resources/certificate knative.dev/reconciler-test/resources/svc # sigs.k8s.io/controller-runtime v0.12.3 ## explicit; go 1.17 From 348bc3f0865263641d3dfa7485d274d60f243055 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Wed, 11 Oct 2023 09:10:10 -0400 Subject: [PATCH 03/24] Upgrade Knative eventing to release-1.11 --- go.mod | 2 +- go.sum | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 7ed0ba8c88..3de189ce94 100644 --- a/go.mod +++ b/go.mod @@ -39,7 +39,7 @@ require ( github.com/google/gofuzz v1.2.0 github.com/hashicorp/go-cleanhttp v0.5.2 github.com/kedacore/keda/v2 v2.8.1 - knative.dev/eventing v0.38.0 + knative.dev/eventing v0.38.4 knative.dev/hack v0.0.0-20230712131415-ddae80293c43 knative.dev/pkg v0.0.0-20230718152110-aef227e72ead knative.dev/reconciler-test v0.0.0-20231010075208-03cc77c11831 diff --git a/go.sum b/go.sum index 57e011fad1..e2d4403ebf 100644 --- a/go.sum +++ b/go.sum @@ -72,6 +72,7 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= @@ -102,6 +103,7 @@ github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kd github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves= github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= @@ -257,6 +259,7 @@ github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/zapr v0.2.0/go.mod h1:qhKdvif7YF5GI9NWEpyxTSSBdGmzkNguibrdCNVPunU= github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk= +github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= @@ -336,6 +339,7 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -443,6 +447,7 @@ github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:Fecb github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= @@ -498,6 +503,7 @@ github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZ github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= @@ -573,6 +579,7 @@ github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfr github.com/miekg/dns v1.1.17/go.mod h1:WgzbA6oji13JREwiNsRDNfl7jYdPnmz+VEuLrA+/48M= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= @@ -703,6 +710,7 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= @@ -740,6 +748,7 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tsenart/go-tsz v0.0.0-20180814232043-cdeb9e1e981e/go.mod h1:SWZznP1z5Ki7hDT2ioqiFKEse8K9tU2OUvaRI0NeGQo= github.com/tsenart/vegeta/v12 v12.8.4 h1:UQ7tG7WkDorKj0wjx78Z4/vsMBP8RJQMGJqRVrkvngg= github.com/tsenart/vegeta/v12 v12.8.4/go.mod h1:ZiJtwLn/9M4fTPdMY7bdbIeyNeFVE8/AHbWFqCsUuho= @@ -778,6 +787,7 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= +go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= go.etcd.io/etcd v0.5.0-alpha.5.0.20200819165624-17cef6e3e9d5/go.mod h1:skWido08r9w6Lq/w70DO5XYIKMu4QFu1+4VsqLQuJy8= go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= @@ -790,8 +800,12 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/otel v1.10.0 h1:Y7DTJMR6zs1xkS/upamJYk0SxxN4C9AqRd77jmZnyY4= go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ= +go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= +go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= +go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/trace v1.10.0 h1:npQMbR8o7mum8uF95yFbOEJffhs1sbCOfDh8zAJiH5E= go.opentelemetry.io/otel/trace v1.10.0/go.mod h1:Sij3YYczqAdz+EhmGhE6TpTxUO5/F/AzrK+kxfGqySM= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= @@ -1341,6 +1355,8 @@ k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJ k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= knative.dev/eventing v0.38.0 h1:n6/k9IJ1kOvpZx4CMLqa1FG7g2iBiyKXwBu1Fy/81q4= knative.dev/eventing v0.38.0/go.mod h1:JUqEC0zoyfYqhRHFz8VUxjkxH9G1cQ/Y+UvhXTxUXgI= +knative.dev/eventing v0.38.4 h1:eH059bfeLilj2xAN6V7XXOh3wqzz5ssoMS/CIJpJfmk= +knative.dev/eventing v0.38.4/go.mod h1:ct8t+v6nmp1kFCy6ngkDWIEvnjJDNDoKptrfnQVh+z8= knative.dev/hack v0.0.0-20230712131415-ddae80293c43 h1:3SE06uNfSFGm/5XS+0trbyCUpgsOaBeyhPQU8FPNFz8= knative.dev/hack v0.0.0-20230712131415-ddae80293c43/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= knative.dev/pkg v0.0.0-20230718152110-aef227e72ead h1:2dDzorpKuVZW3Qp7TbirMMq16FbId8f6bacQFX8jXLw= From 885f384d434f69e67c86bd6a1db82efdf69fdcd7 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Wed, 11 Oct 2023 09:46:29 -0400 Subject: [PATCH 04/24] Upgrade Knative eventing to release-1.11 --- go.sum | 16 --- .../eventing/pkg/scheduler/state/state.go | 55 +++++++++- .../pkg/scheduler/statefulset/autoscaler.go | 100 ++++++++++++------ .../pkg/scheduler/statefulset/scheduler.go | 81 +++++++++----- .../containersource/containersource.yaml | 4 + .../test/rekt/resources/delivery/delivery.go | 4 +- .../rekt/resources/delivery/delivery.yaml | 4 + .../rekt/resources/pingsource/pingsource.yaml | 4 + .../resources/subscription/subscription.go | 4 +- .../resources/subscription/subscription.yaml | 8 ++ vendor/modules.txt | 2 +- 11 files changed, 204 insertions(+), 78 deletions(-) diff --git a/go.sum b/go.sum index e2d4403ebf..75835d0ee5 100644 --- a/go.sum +++ b/go.sum @@ -72,7 +72,6 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= @@ -103,7 +102,6 @@ github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kd github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves= github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= @@ -259,7 +257,6 @@ github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/zapr v0.2.0/go.mod h1:qhKdvif7YF5GI9NWEpyxTSSBdGmzkNguibrdCNVPunU= github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk= -github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= @@ -339,7 +336,6 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -447,7 +443,6 @@ github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:Fecb github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= @@ -503,7 +498,6 @@ github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZ github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= @@ -579,7 +573,6 @@ github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfr github.com/miekg/dns v1.1.17/go.mod h1:WgzbA6oji13JREwiNsRDNfl7jYdPnmz+VEuLrA+/48M= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= @@ -710,7 +703,6 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= @@ -748,7 +740,6 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tsenart/go-tsz v0.0.0-20180814232043-cdeb9e1e981e/go.mod h1:SWZznP1z5Ki7hDT2ioqiFKEse8K9tU2OUvaRI0NeGQo= github.com/tsenart/vegeta/v12 v12.8.4 h1:UQ7tG7WkDorKj0wjx78Z4/vsMBP8RJQMGJqRVrkvngg= github.com/tsenart/vegeta/v12 v12.8.4/go.mod h1:ZiJtwLn/9M4fTPdMY7bdbIeyNeFVE8/AHbWFqCsUuho= @@ -787,7 +778,6 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= -go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= go.etcd.io/etcd v0.5.0-alpha.5.0.20200819165624-17cef6e3e9d5/go.mod h1:skWido08r9w6Lq/w70DO5XYIKMu4QFu1+4VsqLQuJy8= go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= @@ -800,12 +790,8 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/otel v1.10.0 h1:Y7DTJMR6zs1xkS/upamJYk0SxxN4C9AqRd77jmZnyY4= go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ= -go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= -go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= -go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/trace v1.10.0 h1:npQMbR8o7mum8uF95yFbOEJffhs1sbCOfDh8zAJiH5E= go.opentelemetry.io/otel/trace v1.10.0/go.mod h1:Sij3YYczqAdz+EhmGhE6TpTxUO5/F/AzrK+kxfGqySM= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= @@ -1353,8 +1339,6 @@ k8s.io/utils v0.0.0-20200912215256-4140de9c8800/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8= k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/eventing v0.38.0 h1:n6/k9IJ1kOvpZx4CMLqa1FG7g2iBiyKXwBu1Fy/81q4= -knative.dev/eventing v0.38.0/go.mod h1:JUqEC0zoyfYqhRHFz8VUxjkxH9G1cQ/Y+UvhXTxUXgI= knative.dev/eventing v0.38.4 h1:eH059bfeLilj2xAN6V7XXOh3wqzz5ssoMS/CIJpJfmk= knative.dev/eventing v0.38.4/go.mod h1:ct8t+v6nmp1kFCy6ngkDWIEvnjJDNDoKptrfnQVh+z8= knative.dev/hack v0.0.0-20230712131415-ddae80293c43 h1:3SE06uNfSFGm/5XS+0trbyCUpgsOaBeyhPQU8FPNFz8= diff --git a/vendor/knative.dev/eventing/pkg/scheduler/state/state.go b/vendor/knative.dev/eventing/pkg/scheduler/state/state.go index fcc758cd39..2d5460cf80 100644 --- a/vendor/knative.dev/eventing/pkg/scheduler/state/state.go +++ b/vendor/knative.dev/eventing/pkg/scheduler/state/state.go @@ -20,6 +20,7 @@ import ( "context" "encoding/json" "errors" + "math" "strconv" "time" @@ -95,6 +96,13 @@ type State struct { // Stores for each vpod, a map of zonename to total number of vreplicas placed on all pods located in that zone currently ZoneSpread map[types.NamespacedName]map[string]int32 + + // Pending tracks the number of virtual replicas that haven't been scheduled yet + // because there wasn't enough free capacity. + Pending map[types.NamespacedName]int32 + + // ExpectedVReplicaByVPod is the expected virtual replicas for each vpod key + ExpectedVReplicaByVPod map[types.NamespacedName]int32 } // Free safely returns the free capacity at the given ordinal @@ -190,6 +198,8 @@ func (s *stateBuilder) State(reserved map[types.NamespacedName]map[string]int32) } free := make([]int32, 0) + pending := make(map[types.NamespacedName]int32, 4) + expectedVReplicasByVPod := make(map[types.NamespacedName]int32, len(vpods)) schedulablePods := sets.NewInt32() last := int32(-1) @@ -255,10 +265,17 @@ func (s *stateBuilder) State(reserved map[types.NamespacedName]map[string]int32) } } + for _, p := range schedulablePods.List() { + free, last = s.updateFreeCapacity(free, last, PodNameFromOrdinal(s.statefulSetName, p), 0) + } + // Getting current state from existing placements for all vpods for _, vpod := range vpods { ps := vpod.GetPlacements() + pending[vpod.GetKey()] = pendingFromVPod(vpod) + expectedVReplicasByVPod[vpod.GetKey()] = vpod.GetVReplicas() + withPlacement[vpod.GetKey()] = make(map[string]bool) podSpread[vpod.GetKey()] = make(map[string]int32) nodeSpread[vpod.GetKey()] = make(map[string]int32) @@ -321,13 +338,20 @@ func (s *stateBuilder) State(reserved map[types.NamespacedName]map[string]int32) state := &State{FreeCap: free, SchedulablePods: schedulablePods.List(), LastOrdinal: last, Capacity: s.capacity, Replicas: scale.Spec.Replicas, NumZones: int32(len(zoneMap)), NumNodes: int32(len(nodeToZoneMap)), SchedulerPolicy: s.schedulerPolicy, SchedPolicy: s.schedPolicy, DeschedPolicy: s.deschedPolicy, NodeToZoneMap: nodeToZoneMap, StatefulSetName: s.statefulSetName, PodLister: s.podLister, - PodSpread: podSpread, NodeSpread: nodeSpread, ZoneSpread: zoneSpread} + PodSpread: podSpread, NodeSpread: nodeSpread, ZoneSpread: zoneSpread, Pending: pending, ExpectedVReplicaByVPod: expectedVReplicasByVPod} s.logger.Infow("cluster state info", zap.Any("state", state), zap.Any("reserved", toJSONable(reserved))) return state, nil } +func pendingFromVPod(vpod scheduler.VPod) int32 { + expected := vpod.GetVReplicas() + scheduled := scheduler.GetTotalVReplicas(vpod.GetPlacements()) + + return int32(math.Max(float64(0), float64(expected-scheduled))) +} + func (s *stateBuilder) updateFreeCapacity(free []int32, last int32, podName string, vreplicas int32) ([]int32, int32) { ordinal := OrdinalFromPodName(podName) free = grow(free, ordinal, s.capacity) @@ -340,13 +364,29 @@ func (s *stateBuilder) updateFreeCapacity(free []int32, last int32, podName stri s.logger.Errorw("pod is overcommitted", zap.String("podName", podName), zap.Int32("free", free[ordinal])) } - if ordinal > last && free[ordinal] != s.capacity { + if ordinal > last { last = ordinal } return free, last } +func (s *State) TotalPending() int32 { + t := int32(0) + for _, p := range s.Pending { + t += p + } + return t +} + +func (s *State) TotalExpectedVReplicas() int32 { + t := int32(0) + for _, v := range s.ExpectedVReplicaByVPod { + t += v + } + return t +} + func grow(slice []int32, ordinal int32, def int32) []int32 { l := int32(len(slice)) diff := ordinal - l + 1 @@ -435,6 +475,7 @@ func (s *State) MarshalJSON() ([]byte, error) { SchedulerPolicy scheduler.SchedulerPolicyType `json:"schedulerPolicy"` SchedPolicy *scheduler.SchedulerPolicy `json:"schedPolicy"` DeschedPolicy *scheduler.SchedulerPolicy `json:"deschedPolicy"` + Pending map[string]int32 `json:"pending"` } sj := S{ @@ -453,6 +494,7 @@ func (s *State) MarshalJSON() ([]byte, error) { SchedulerPolicy: s.SchedulerPolicy, SchedPolicy: s.SchedPolicy, DeschedPolicy: s.DeschedPolicy, + Pending: toJSONablePending(s.Pending), } return json.Marshal(sj) @@ -465,3 +507,12 @@ func toJSONable(ps map[types.NamespacedName]map[string]int32) map[string]map[str } return r } + +func toJSONablePending(pending map[types.NamespacedName]int32) map[string]int32 { + r := make(map[string]int32, len(pending)) + for k, v := range pending { + r[k.String()] = v + } + return r + +} diff --git a/vendor/knative.dev/eventing/pkg/scheduler/statefulset/autoscaler.go b/vendor/knative.dev/eventing/pkg/scheduler/statefulset/autoscaler.go index 5641502e08..53b184e90c 100644 --- a/vendor/knative.dev/eventing/pkg/scheduler/statefulset/autoscaler.go +++ b/vendor/knative.dev/eventing/pkg/scheduler/statefulset/autoscaler.go @@ -52,9 +52,8 @@ type Autoscaler interface { // Start runs the autoscaler until cancelled. Start(ctx context.Context) - // Autoscale is used to immediately trigger the autoscaler with the hint - // that pending number of vreplicas couldn't be scheduled. - Autoscale(ctx context.Context, attemptScaleDown bool, pending int32) + // Autoscale is used to immediately trigger the autoscaler. + Autoscale(ctx context.Context) } type autoscaler struct { @@ -63,7 +62,7 @@ type autoscaler struct { vpodLister scheduler.VPodLister logger *zap.SugaredLogger stateAccessor st.StateAccessor - trigger chan int32 + trigger chan struct{} evictor scheduler.Evictor // capacity is the total number of virtual replicas available per pod. @@ -77,6 +76,11 @@ type autoscaler struct { // The autoscaler is considered the leader when ephemeralLeaderElectionObject is in a // bucket where we've been promoted. isLeader atomic.Bool + + // getReserved returns reserved replicas. + getReserved GetReserved + + lastCompactAttempt time.Time } var ( @@ -108,53 +112,65 @@ func newAutoscaler(ctx context.Context, cfg *Config, stateAccessor st.StateAcces vpodLister: cfg.VPodLister, stateAccessor: stateAccessor, evictor: cfg.Evictor, - trigger: make(chan int32, 1), + trigger: make(chan struct{}, 1), capacity: cfg.PodCapacity, refreshPeriod: cfg.RefreshPeriod, lock: new(sync.Mutex), isLeader: atomic.Bool{}, + getReserved: cfg.getReserved, + // Anything that is less than now() - refreshPeriod, so that we will try to compact + // as soon as we start. + lastCompactAttempt: time.Now(). + Add(-cfg.RefreshPeriod). + Add(-time.Minute), } } func (a *autoscaler) Start(ctx context.Context) { attemptScaleDown := false - pending := int32(0) for { select { case <-ctx.Done(): return case <-time.After(a.refreshPeriod): attemptScaleDown = true - case pending = <-a.trigger: + case <-a.trigger: attemptScaleDown = false } // Retry a few times, just so that we don't have to wait for the next beat when // a transient error occurs - a.syncAutoscale(ctx, attemptScaleDown, pending) - pending = int32(0) + a.syncAutoscale(ctx, attemptScaleDown) } } -func (a *autoscaler) Autoscale(ctx context.Context, attemptScaleDown bool, pending int32) { - a.syncAutoscale(ctx, attemptScaleDown, pending) +func (a *autoscaler) Autoscale(ctx context.Context) { + // We trigger the autoscaler asynchronously by using the channel so that the scale down refresh + // period is reset. + a.trigger <- struct{}{} } -func (a *autoscaler) syncAutoscale(ctx context.Context, attemptScaleDown bool, pending int32) { +func (a *autoscaler) syncAutoscale(ctx context.Context, attemptScaleDown bool) error { a.lock.Lock() defer a.lock.Unlock() + var lastErr error wait.Poll(500*time.Millisecond, 5*time.Second, func() (bool, error) { - err := a.doautoscale(ctx, attemptScaleDown, pending) + err := a.doautoscale(ctx, attemptScaleDown) + if err != nil { + logging.FromContext(ctx).Errorw("Failed to autoscale", zap.Error(err)) + } + lastErr = err return err == nil, nil }) + return lastErr } -func (a *autoscaler) doautoscale(ctx context.Context, attemptScaleDown bool, pending int32) error { +func (a *autoscaler) doautoscale(ctx context.Context, attemptScaleDown bool) error { if !a.isLeader.Load() { return nil } - state, err := a.stateAccessor.State(nil) + state, err := a.stateAccessor.State(a.getReserved()) if err != nil { a.logger.Info("error while refreshing scheduler state (will retry)", zap.Error(err)) return err @@ -168,9 +184,8 @@ func (a *autoscaler) doautoscale(ctx context.Context, attemptScaleDown bool, pen } a.logger.Debugw("checking adapter capacity", - zap.Int32("pending", pending), zap.Int32("replicas", scale.Spec.Replicas), - zap.Int32("last ordinal", state.LastOrdinal)) + zap.Any("state", state)) var scaleUpFactor, newreplicas, minNumPods int32 scaleUpFactor = 1 // Non-HA scaling @@ -183,21 +198,26 @@ func (a *autoscaler) doautoscale(ctx context.Context, attemptScaleDown bool, pen newreplicas = state.LastOrdinal + 1 // Ideal number - // Take into account pending replicas and pods that are already filled (for even pod spread) - if pending > 0 { - // Make sure to allocate enough pods for holding all pending replicas. - if state.SchedPolicy != nil && contains(state.SchedPolicy.Predicates, nil, st.EvenPodSpread) && len(state.FreeCap) > 0 { //HA scaling across pods - leastNonZeroCapacity := a.minNonZeroInt(state.FreeCap) - minNumPods = int32(math.Ceil(float64(pending) / float64(leastNonZeroCapacity))) - } else { - minNumPods = int32(math.Ceil(float64(pending) / float64(a.capacity))) + if state.SchedulerPolicy == scheduler.MAXFILLUP { + newreplicas = int32(math.Ceil(float64(state.TotalExpectedVReplicas()) / float64(state.Capacity))) + } else { + // Take into account pending replicas and pods that are already filled (for even pod spread) + pending := state.TotalPending() + if pending > 0 { + // Make sure to allocate enough pods for holding all pending replicas. + if state.SchedPolicy != nil && contains(state.SchedPolicy.Predicates, nil, st.EvenPodSpread) && len(state.FreeCap) > 0 { //HA scaling across pods + leastNonZeroCapacity := a.minNonZeroInt(state.FreeCap) + minNumPods = int32(math.Ceil(float64(pending) / float64(leastNonZeroCapacity))) + } else { + minNumPods = int32(math.Ceil(float64(pending) / float64(a.capacity))) + } + newreplicas += int32(math.Ceil(float64(minNumPods)/float64(scaleUpFactor)) * float64(scaleUpFactor)) } - newreplicas += int32(math.Ceil(float64(minNumPods)/float64(scaleUpFactor)) * float64(scaleUpFactor)) - } - // Make sure to never scale down past the last ordinal - if newreplicas <= state.LastOrdinal { - newreplicas = state.LastOrdinal + scaleUpFactor + if newreplicas <= state.LastOrdinal { + // Make sure to never scale down past the last ordinal + newreplicas = state.LastOrdinal + scaleUpFactor + } } // Only scale down if permitted @@ -223,6 +243,24 @@ func (a *autoscaler) doautoscale(ctx context.Context, attemptScaleDown bool, pen } func (a *autoscaler) mayCompact(s *st.State, scaleUpFactor int32) { + + // This avoids a too aggressive scale down by adding a "grace period" based on the refresh + // period + nextAttempt := a.lastCompactAttempt.Add(a.refreshPeriod) + if time.Now().Before(nextAttempt) { + a.logger.Debugw("Compact was retried before refresh period", + zap.Time("lastCompactAttempt", a.lastCompactAttempt), + zap.Time("nextAttempt", nextAttempt), + zap.String("refreshPeriod", a.refreshPeriod.String()), + ) + return + } + + a.logger.Debugw("Trying to compact and scale down", + zap.Int32("scaleUpFactor", scaleUpFactor), + zap.Any("state", s), + ) + // when there is only one pod there is nothing to move or number of pods is just enough! if s.LastOrdinal < 1 || len(s.SchedulablePods) <= int(scaleUpFactor) { return @@ -235,6 +273,7 @@ func (a *autoscaler) mayCompact(s *st.State, scaleUpFactor int32) { usedInLastPod := s.Capacity - s.Free(s.LastOrdinal) if freeCapacity >= usedInLastPod { + a.lastCompactAttempt = time.Now() err := a.compact(s, scaleUpFactor) if err != nil { a.logger.Errorw("vreplicas compaction failed", zap.Error(err)) @@ -254,6 +293,7 @@ func (a *autoscaler) mayCompact(s *st.State, scaleUpFactor int32) { if (freeCapacity >= usedInLastXPods) && //remaining pods can hold all vreps from evicted pods (s.Replicas-scaleUpFactor >= scaleUpFactor) { //remaining # of pods is enough for HA scaling + a.lastCompactAttempt = time.Now() err := a.compact(s, scaleUpFactor) if err != nil { a.logger.Errorw("vreplicas compaction failed", zap.Error(err)) diff --git a/vendor/knative.dev/eventing/pkg/scheduler/statefulset/scheduler.go b/vendor/knative.dev/eventing/pkg/scheduler/statefulset/scheduler.go index da8db64f62..4f5890f922 100644 --- a/vendor/knative.dev/eventing/pkg/scheduler/statefulset/scheduler.go +++ b/vendor/knative.dev/eventing/pkg/scheduler/statefulset/scheduler.go @@ -58,6 +58,8 @@ import ( _ "knative.dev/eventing/pkg/scheduler/plugins/kafka/nomaxresourcecount" ) +type GetReserved func() map[types.NamespacedName]map[string]int32 + type Config struct { StatefulSetNamespace string `json:"statefulSetNamespace"` StatefulSetName string `json:"statefulSetName"` @@ -75,6 +77,9 @@ type Config struct { VPodLister scheduler.VPodLister `json:"-"` NodeLister corev1listers.NodeLister `json:"-"` + + // getReserved returns reserved replicas + getReserved GetReserved } func New(ctx context.Context, cfg *Config) (scheduler.Scheduler, error) { @@ -83,11 +88,26 @@ func New(ctx context.Context, cfg *Config) (scheduler.Scheduler, error) { podLister := podInformer.Lister().Pods(cfg.StatefulSetNamespace) stateAccessor := st.NewStateBuilder(ctx, cfg.StatefulSetNamespace, cfg.StatefulSetName, cfg.VPodLister, cfg.PodCapacity, cfg.SchedulerPolicy, cfg.SchedPolicy, cfg.DeschedPolicy, podLister, cfg.NodeLister) + + var getReserved GetReserved + cfg.getReserved = func() map[types.NamespacedName]map[string]int32 { + return getReserved() + } + autoscaler := newAutoscaler(ctx, cfg, stateAccessor) - go autoscaler.Start(ctx) + var wg sync.WaitGroup + wg.Add(1) + go func() { + wg.Wait() + autoscaler.Start(ctx) + }() + + s := newStatefulSetScheduler(ctx, cfg, stateAccessor, autoscaler, podLister) + getReserved = s.Reserved + wg.Done() - return newStatefulSetScheduler(ctx, cfg, stateAccessor, autoscaler, podLister), nil + return s, nil } // NewScheduler creates a new scheduler with pod autoscaling enabled. @@ -120,6 +140,16 @@ func NewScheduler(ctx context.Context, return s } +type Pending map[types.NamespacedName]int32 + +func (p Pending) Total() int32 { + t := int32(0) + for _, vr := range p { + t += vr + } + return t +} + // StatefulSetScheduler is a scheduler placing VPod into statefulset-managed set of pods type StatefulSetScheduler struct { ctx context.Context @@ -136,14 +166,10 @@ type StatefulSetScheduler struct { // replicas is the (cached) number of statefulset replicas. replicas int32 - // pending tracks the number of virtual replicas that haven't been scheduled yet - // because there wasn't enough free capacity. - // The autoscaler uses - pending map[types.NamespacedName]int32 - // reserved tracks vreplicas that have been placed (ie. scheduled) but haven't been // committed yet (ie. not appearing in vpodLister) - reserved map[types.NamespacedName]map[string]int32 + reserved map[types.NamespacedName]map[string]int32 + reservedMu sync.Mutex } var ( @@ -180,7 +206,6 @@ func newStatefulSetScheduler(ctx context.Context, statefulSetClient: kubeclient.Get(ctx).AppsV1().StatefulSets(cfg.StatefulSetNamespace), podLister: podlister, vpodLister: cfg.VPodLister, - pending: make(map[types.NamespacedName]int32), lock: new(sync.Mutex), stateAccessor: stateAccessor, reserved: make(map[types.NamespacedName]map[string]int32), @@ -200,6 +225,8 @@ func newStatefulSetScheduler(ctx context.Context, func (s *StatefulSetScheduler) Schedule(vpod scheduler.VPod) ([]duckv1alpha1.Placement, error) { s.lock.Lock() defer s.lock.Unlock() + s.reservedMu.Lock() + defer s.reservedMu.Unlock() vpods, err := s.vpodLister() if err != nil { @@ -227,8 +254,6 @@ func (s *StatefulSetScheduler) Schedule(vpod scheduler.VPod) ([]duckv1alpha1.Pla func (s *StatefulSetScheduler) scheduleVPod(vpod scheduler.VPod) ([]duckv1alpha1.Placement, error) { logger := s.logger.With("key", vpod.GetKey()) - logger.Debugw("scheduling", zap.Any("pending", toJSONable(s.pending))) - // Get the current placements state // Quite an expensive operation but safe and simple. state, err := s.stateAccessor.State(s.reserved) @@ -237,6 +262,8 @@ func (s *StatefulSetScheduler) scheduleVPod(vpod scheduler.VPod) ([]duckv1alpha1 return nil, err } + logger.Debugw("scheduling", zap.Any("state", state)) + existingPlacements := vpod.GetPlacements() var left int32 @@ -260,7 +287,6 @@ func (s *StatefulSetScheduler) scheduleVPod(vpod scheduler.VPod) ([]duckv1alpha1 tr := scheduler.GetTotalVReplicas(placements) if tr == vpod.GetVReplicas() { logger.Debug("scheduling succeeded (already scheduled)") - delete(s.pending, vpod.GetKey()) // Fully placed. Nothing to do return placements, nil @@ -308,17 +334,14 @@ func (s *StatefulSetScheduler) scheduleVPod(vpod scheduler.VPod) ([]duckv1alpha1 // Give time for the autoscaler to do its job logger.Info("not enough pod replicas to schedule. Awaiting autoscaler", zap.Any("placement", placements), zap.Int32("left", left)) - s.pending[vpod.GetKey()] = left - // Trigger the autoscaler if s.autoscaler != nil { - s.autoscaler.Autoscale(s.ctx, false, s.pendingVReplicas()) + s.autoscaler.Autoscale(s.ctx) } if state.SchedPolicy != nil { logger.Info("reverting to previous placements") s.reservePlacements(vpod, existingPlacements) // rebalancing doesn't care about new placements since all vreps will be re-placed - delete(s.pending, vpod.GetKey()) // rebalancing doesn't care about pending since all vreps will be re-placed return existingPlacements, s.notEnoughPodReplicas(left) // requeue to wait for the autoscaler to do its job } @@ -326,7 +349,6 @@ func (s *StatefulSetScheduler) scheduleVPod(vpod scheduler.VPod) ([]duckv1alpha1 } logger.Infow("scheduling successful", zap.Any("placement", placements)) - delete(s.pending, vpod.GetKey()) return placements, nil } @@ -735,16 +757,6 @@ func (s *StatefulSetScheduler) addReplicas(states *st.State, diff int32, placeme return newPlacements, diff } -// pendingReplicas returns the total number of vreplicas -// that haven't been scheduled yet -func (s *StatefulSetScheduler) pendingVReplicas() int32 { - t := int32(0) - for _, v := range s.pending { - t += v - } - return t -} - func (s *StatefulSetScheduler) updateStatefulset(obj interface{}) { statefulset, ok := obj.(*appsv1.StatefulSet) if !ok { @@ -800,3 +812,18 @@ func (s *StatefulSetScheduler) notEnoughPodReplicas(left int32) error { controller.NewRequeueAfter(5*time.Second), ) } + +func (s *StatefulSetScheduler) Reserved() map[types.NamespacedName]map[string]int32 { + s.reservedMu.Lock() + defer s.reservedMu.Unlock() + + r := make(map[types.NamespacedName]map[string]int32, len(s.reserved)) + for k1, v1 := range s.reserved { + r[k1] = make(map[string]int32, len(v1)) + for k2, v2 := range v1 { + r[k1][k2] = v2 + } + } + + return r +} diff --git a/vendor/knative.dev/eventing/test/rekt/resources/containersource/containersource.yaml b/vendor/knative.dev/eventing/test/rekt/resources/containersource/containersource.yaml index 686435e221..7be3873402 100644 --- a/vendor/knative.dev/eventing/test/rekt/resources/containersource/containersource.yaml +++ b/vendor/knative.dev/eventing/test/rekt/resources/containersource/containersource.yaml @@ -31,7 +31,11 @@ spec: {{ if .sink.ref }} ref: kind: {{ .sink.ref.kind }} + {{ if .sink.ref.namespace }} namespace: {{ .sink.ref.namespace }} + {{ else }} + namespace: {{ .namespace }} + {{ end }} name: {{ .sink.ref.name }} apiVersion: {{ .sink.ref.apiVersion }} {{ end }} diff --git a/vendor/knative.dev/eventing/test/rekt/resources/delivery/delivery.go b/vendor/knative.dev/eventing/test/rekt/resources/delivery/delivery.go index 57ee118876..a66d94cea5 100644 --- a/vendor/knative.dev/eventing/test/rekt/resources/delivery/delivery.go +++ b/vendor/knative.dev/eventing/test/rekt/resources/delivery/delivery.go @@ -44,7 +44,9 @@ func WithDeadLetterSink(ref *duckv1.KReference, uri string) manifest.CfgFn { dref := dls["ref"].(map[string]interface{}) dref["apiVersion"] = ref.APIVersion dref["kind"] = ref.Kind - // Skip namespace. + if ref.Namespace != "" { + dref["namespace"] = ref.Namespace + } dref["name"] = ref.Name } } diff --git a/vendor/knative.dev/eventing/test/rekt/resources/delivery/delivery.yaml b/vendor/knative.dev/eventing/test/rekt/resources/delivery/delivery.yaml index 306746938f..1da57349cb 100644 --- a/vendor/knative.dev/eventing/test/rekt/resources/delivery/delivery.yaml +++ b/vendor/knative.dev/eventing/test/rekt/resources/delivery/delivery.yaml @@ -20,7 +20,11 @@ spec: {{ if .delivery.deadLetterSink.ref }} ref: kind: {{ .delivery.deadLetterSink.ref.kind }} + {{ if .delivery.deadLetterSink.ref.namespace }} + namespace: {{ .delivery.deadLetterSink.ref.namespace }} + {{ else }} namespace: {{ .namespace }} + {{ end }} name: {{ .delivery.deadLetterSink.ref.name }} apiVersion: {{ .delivery.deadLetterSink.ref.apiVersion }} {{ end }} diff --git a/vendor/knative.dev/eventing/test/rekt/resources/pingsource/pingsource.yaml b/vendor/knative.dev/eventing/test/rekt/resources/pingsource/pingsource.yaml index f3157b33df..d6edc23e24 100644 --- a/vendor/knative.dev/eventing/test/rekt/resources/pingsource/pingsource.yaml +++ b/vendor/knative.dev/eventing/test/rekt/resources/pingsource/pingsource.yaml @@ -35,7 +35,11 @@ spec: {{ if .sink.ref }} ref: kind: {{ .sink.ref.kind }} + {{ if .sink.ref.namespace }} + namespace: {{ .sink.ref.namespace }} + {{ else }} namespace: {{ .namespace }} + {{ end }} name: {{ .sink.ref.name }} apiVersion: {{ .sink.ref.apiVersion }} {{ end }} diff --git a/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.go b/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.go index 6cbadbf9de..fa9b8e2298 100644 --- a/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.go +++ b/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.go @@ -71,7 +71,9 @@ func WithSubscriber(ref *duckv1.KReference, uri string) manifest.CfgFn { sref := subscriber["ref"].(map[string]interface{}) sref["apiVersion"] = ref.APIVersion sref["kind"] = ref.Kind - // skip namespace + if ref.Namespace != "" { + sref["namespace"] = ref.Namespace + } sref["name"] = ref.Name } } diff --git a/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.yaml b/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.yaml index 1302d1a532..345a3c8a59 100644 --- a/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.yaml +++ b/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.yaml @@ -42,7 +42,11 @@ spec: {{ if .reply.ref }} ref: kind: {{ .reply.ref.kind }} + {{ if .reply.ref.namespace }} + namespace: {{ .reply.ref.namespace }} + {{ else }} namespace: {{ .namespace }} + {{ end }} name: {{ .reply.ref.name }} apiVersion: {{ .reply.ref.apiVersion }} {{ end }} @@ -57,7 +61,11 @@ spec: {{ if .delivery.deadLetterSink.ref }} ref: kind: {{ .delivery.deadLetterSink.ref.kind }} + {{ if .delivery.deadLetterSink.ref.namespace }} + namespace: {{ .delivery.deadLetterSink.ref.namespace }} + {{ else }} namespace: {{ .namespace }} + {{ end }} name: {{ .delivery.deadLetterSink.ref.name }} apiVersion: {{ .delivery.deadLetterSink.ref.apiVersion }} {{ end }} diff --git a/vendor/modules.txt b/vendor/modules.txt index 352f0d1671..9246045f5d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1267,7 +1267,7 @@ k8s.io/utils/net k8s.io/utils/pointer k8s.io/utils/strings/slices k8s.io/utils/trace -# knative.dev/eventing v0.38.0 +# knative.dev/eventing v0.38.4 ## explicit; go 1.19 knative.dev/eventing/cmd/event_display knative.dev/eventing/cmd/heartbeats From d702f6758dc815b581b12eb7bc3f8e01fd0aa4c1 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Wed, 11 Oct 2023 13:27:40 -0400 Subject: [PATCH 05/24] Upgrade Knative eventing to release-1.11 --- go.mod | 2 +- go.sum | 4 +- .../knative.dev/eventing/test/e2e-common.sh | 12 +- .../eventing/test/e2e-rekt-tests.sh | 6 + .../eventing/test/e2e-upgrade-tests.sh | 3 +- .../features/broker/eventing_tls_feature.go | 105 ++++++++++++++++++ .../features/channel/eventing_tls_feature.go | 98 ++++++++++++++++ .../features/featureflags/featureflags.go | 14 +++ .../rekt/resources/addressable/addressable.go | 10 ++ .../test/rekt/resources/broker/broker.go | 15 +++ .../resources/channel_impl/channel_impl.go | 15 +++ .../resources/subscription/subscription.go | 37 +++++- .../resources/subscription/subscription.yaml | 12 ++ vendor/modules.txt | 2 +- 14 files changed, 325 insertions(+), 10 deletions(-) create mode 100644 vendor/knative.dev/eventing/test/rekt/features/broker/eventing_tls_feature.go create mode 100644 vendor/knative.dev/eventing/test/rekt/features/channel/eventing_tls_feature.go diff --git a/go.mod b/go.mod index 3de189ce94..1e512ffc00 100644 --- a/go.mod +++ b/go.mod @@ -39,7 +39,7 @@ require ( github.com/google/gofuzz v1.2.0 github.com/hashicorp/go-cleanhttp v0.5.2 github.com/kedacore/keda/v2 v2.8.1 - knative.dev/eventing v0.38.4 + knative.dev/eventing v0.38.5-0.20231011150847-46cc775f1ec0 knative.dev/hack v0.0.0-20230712131415-ddae80293c43 knative.dev/pkg v0.0.0-20230718152110-aef227e72ead knative.dev/reconciler-test v0.0.0-20231010075208-03cc77c11831 diff --git a/go.sum b/go.sum index 75835d0ee5..bf7348fbe0 100644 --- a/go.sum +++ b/go.sum @@ -1339,8 +1339,8 @@ k8s.io/utils v0.0.0-20200912215256-4140de9c8800/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8= k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/eventing v0.38.4 h1:eH059bfeLilj2xAN6V7XXOh3wqzz5ssoMS/CIJpJfmk= -knative.dev/eventing v0.38.4/go.mod h1:ct8t+v6nmp1kFCy6ngkDWIEvnjJDNDoKptrfnQVh+z8= +knative.dev/eventing v0.38.5-0.20231011150847-46cc775f1ec0 h1:Hu/8YVdHNrNXUYE20W1fNkfGG9XD9iaph23By7QVtLg= +knative.dev/eventing v0.38.5-0.20231011150847-46cc775f1ec0/go.mod h1:ct8t+v6nmp1kFCy6ngkDWIEvnjJDNDoKptrfnQVh+z8= knative.dev/hack v0.0.0-20230712131415-ddae80293c43 h1:3SE06uNfSFGm/5XS+0trbyCUpgsOaBeyhPQU8FPNFz8= knative.dev/hack v0.0.0-20230712131415-ddae80293c43/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= knative.dev/pkg v0.0.0-20230718152110-aef227e72ead h1:2dDzorpKuVZW3Qp7TbirMMq16FbId8f6bacQFX8jXLw= diff --git a/vendor/knative.dev/eventing/test/e2e-common.sh b/vendor/knative.dev/eventing/test/e2e-common.sh index 3dba143d1b..687b3c1547 100644 --- a/vendor/knative.dev/eventing/test/e2e-common.sh +++ b/vendor/knative.dev/eventing/test/e2e-common.sh @@ -49,7 +49,7 @@ readonly CONFIG_TRACING_CONFIG="test/config/config-tracing.yaml" readonly KNATIVE_EVENTING_MONITORING_YAML="test/config/monitoring.yaml" # The number of controlplane replicas to run. -readonly REPLICAS=3 +readonly REPLICAS=${REPLICAS:-3} # Should deploy a Knative Monitoring as well readonly DEPLOY_KNATIVE_MONITORING="${DEPLOY_KNATIVE_MONITORING:-1}" @@ -76,6 +76,8 @@ UNINSTALL_LIST=() # Setup the Knative environment for running tests. function knative_setup() { + install_cert_manager || fail_test "Could not install Cert Manager" + install_knative_eventing "HEAD" install_mt_broker || fail_test "Could not install MT Channel Based Broker" @@ -83,8 +85,6 @@ function knative_setup() { enable_sugar || fail_test "Could not enable Sugar Controller Injection" unleash_duck || fail_test "Could not unleash the chaos duck" - - install_cert_manager || fail_test "Could not install Cert Manager" } function scale_controlplane() { @@ -147,6 +147,12 @@ function install_knative_eventing() { -f "${EVENTING_CORE_NAME}" || return 1 UNINSTALL_LIST+=( "${EVENTING_CORE_NAME}" ) + local EVENTING_TLS_NAME=${TMP_DIR}/${EVENTING_TLS_YAML##*/} + sed "s/namespace: ${KNATIVE_DEFAULT_NAMESPACE}/namespace: ${SYSTEM_NAMESPACE}/g" ${EVENTING_TLS_YAML} > ${EVENTING_TLS_NAME} + kubectl apply \ + -f "${EVENTING_TLS_NAME}" || return 1 + UNINSTALL_LIST+=( "${EVENTING_TLS_NAME}" ) + kubectl patch horizontalpodautoscalers.autoscaling -n ${SYSTEM_NAMESPACE} eventing-webhook -p '{"spec": {"minReplicas": '${REPLICAS}'}}' || return 1 else diff --git a/vendor/knative.dev/eventing/test/e2e-rekt-tests.sh b/vendor/knative.dev/eventing/test/e2e-rekt-tests.sh index 1826ef4f11..b35b2a7bdd 100644 --- a/vendor/knative.dev/eventing/test/e2e-rekt-tests.sh +++ b/vendor/knative.dev/eventing/test/e2e-rekt-tests.sh @@ -38,4 +38,10 @@ echo "Running E2E Reconciler Tests" go_test_e2e -timeout=1h ./test/rekt || fail_test +echo "Running E2E Reconciler Tests with strict transport encryption" + +kubectl apply -Rf "$(dirname "$0")/config-transport-encryption" + +go_test_e2e -timeout=1h ./test/rekt -run TLS || fail_test + success diff --git a/vendor/knative.dev/eventing/test/e2e-upgrade-tests.sh b/vendor/knative.dev/eventing/test/e2e-upgrade-tests.sh index 8af0a4ad3b..af9fdecbac 100644 --- a/vendor/knative.dev/eventing/test/e2e-upgrade-tests.sh +++ b/vendor/knative.dev/eventing/test/e2e-upgrade-tests.sh @@ -26,8 +26,7 @@ source "$(dirname "${BASH_SOURCE[0]}")/e2e-common.sh" # Overrides function knative_setup { - # Nothing to do at setup - true + install_cert_manager || return $? } function install_test_resources { diff --git a/vendor/knative.dev/eventing/test/rekt/features/broker/eventing_tls_feature.go b/vendor/knative.dev/eventing/test/rekt/features/broker/eventing_tls_feature.go new file mode 100644 index 0000000000..a170055060 --- /dev/null +++ b/vendor/knative.dev/eventing/test/rekt/features/broker/eventing_tls_feature.go @@ -0,0 +1,105 @@ +/* +Copyright 2023 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package broker + +import ( + "context" + "time" + + cetest "github.com/cloudevents/sdk-go/v2/test" + "github.com/google/uuid" + "k8s.io/apimachinery/pkg/types" + "knative.dev/pkg/system" + "knative.dev/reconciler-test/pkg/eventshub" + "knative.dev/reconciler-test/pkg/eventshub/assert" + "knative.dev/reconciler-test/pkg/feature" + "knative.dev/reconciler-test/pkg/resources/service" + "knative.dev/reconciler-test/resources/certificate" + + "knative.dev/eventing/test/rekt/features/featureflags" + "knative.dev/eventing/test/rekt/resources/addressable" + "knative.dev/eventing/test/rekt/resources/broker" + "knative.dev/eventing/test/rekt/resources/trigger" +) + +func RotateMTChannelBrokerTLSCertificates() *feature.Feature { + ingressCertificateName := "mt-broker-ingress-server-tls" + ingressSecretName := "mt-broker-ingress-server-tls" + + filterCertificateName := "mt-broker-filter-server-tls" + + brokerName := feature.MakeRandomK8sName("broker") + triggerName := feature.MakeRandomK8sName("trigger") + sink := feature.MakeRandomK8sName("sink") + source := feature.MakeRandomK8sName("source") + + f := feature.NewFeatureNamed("Rotate MTChannelBroker TLS certificate") + + f.Prerequisite("transport encryption is strict", featureflags.TransportEncryptionStrict()) + f.Prerequisite("should not run when Istio is enabled", featureflags.IstioDisabled()) + + f.Setup("Rotate ingress certificate", certificate.Rotate(certificate.RotateCertificate{ + Certificate: types.NamespacedName{ + Namespace: system.Namespace(), + Name: ingressCertificateName, + }, + })) + // We cannot externally verify this certificate rotation + f.Setup("Rotate filter certificate", certificate.Rotate(certificate.RotateCertificate{ + Certificate: types.NamespacedName{ + Namespace: system.Namespace(), + Name: filterCertificateName, + }, + })) + + f.Setup("install sink", eventshub.Install(sink, eventshub.StartReceiverTLS)) + f.Setup("install broker", broker.Install(brokerName, broker.WithEnvConfig()...)) + f.Setup("Broker is ready", broker.IsReady(brokerName)) + f.Setup("install trigger", func(ctx context.Context, t feature.T) { + d := service.AsDestinationRef(sink) + d.CACerts = eventshub.GetCaCerts(ctx) + trigger.Install(triggerName, brokerName, trigger.WithSubscriberFromDestination(d))(ctx, t) + }) + f.Setup("trigger is ready", trigger.IsReady(triggerName)) + f.Setup("Broker has HTTPS address", broker.ValidateAddress(brokerName, addressable.AssertHTTPSAddress)) + + event := cetest.FullEvent() + event.SetID(uuid.New().String()) + + f.Requirement("install source", eventshub.Install(source, + eventshub.StartSenderToResourceTLS(broker.GVR(), brokerName, nil), + eventshub.InputEvent(event), + // Send multiple events so that we take into account that the certificate rotation might + // be detected by the server after some time. + eventshub.SendMultipleEvents(100, 3*time.Second), + )) + + f.Assert("Event sent", assert.OnStore(source). + MatchSentEvent(cetest.HasId(event.ID())). + AtLeast(1), + ) + f.Assert("Event received", assert.OnStore(sink). + MatchReceivedEvent(cetest.HasId(event.ID())). + AtLeast(1), + ) + f.Assert("Source match updated peer certificate", assert.OnStore(source). + MatchPeerCertificatesReceived(assert.MatchPeerCertificatesFromSecret(system.Namespace(), ingressSecretName, "tls.crt")). + AtLeast(1), + ) + + return f +} diff --git a/vendor/knative.dev/eventing/test/rekt/features/channel/eventing_tls_feature.go b/vendor/knative.dev/eventing/test/rekt/features/channel/eventing_tls_feature.go new file mode 100644 index 0000000000..1f4268c147 --- /dev/null +++ b/vendor/knative.dev/eventing/test/rekt/features/channel/eventing_tls_feature.go @@ -0,0 +1,98 @@ +/* +Copyright 2023 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package channel + +import ( + "context" + "time" + + cetest "github.com/cloudevents/sdk-go/v2/test" + "github.com/google/uuid" + "k8s.io/apimachinery/pkg/types" + "knative.dev/pkg/system" + "knative.dev/reconciler-test/pkg/eventshub" + "knative.dev/reconciler-test/pkg/eventshub/assert" + "knative.dev/reconciler-test/pkg/feature" + "knative.dev/reconciler-test/pkg/resources/service" + "knative.dev/reconciler-test/resources/certificate" + + "knative.dev/eventing/test/rekt/features/featureflags" + "knative.dev/eventing/test/rekt/resources/addressable" + "knative.dev/eventing/test/rekt/resources/channel_impl" + "knative.dev/eventing/test/rekt/resources/subscription" +) + +func RotateDispatcherTLSCertificate() *feature.Feature { + certificateName := "imc-dispatcher-server-tls" + secretName := "imc-dispatcher-server-tls" + + channelName := feature.MakeRandomK8sName("channel") + subscriptionName := feature.MakeRandomK8sName("sub") + sink := feature.MakeRandomK8sName("sink") + source := feature.MakeRandomK8sName("source") + + f := feature.NewFeatureNamed("Rotate " + certificateName + " certificate") + + f.Prerequisite("transport encryption is strict", featureflags.TransportEncryptionStrict()) + f.Prerequisite("should not run when Istio is enabled", featureflags.IstioDisabled()) + + f.Setup("Rotate certificate", certificate.Rotate(certificate.RotateCertificate{ + Certificate: types.NamespacedName{ + Namespace: system.Namespace(), + Name: certificateName, + }, + })) + + f.Setup("install sink", eventshub.Install(sink, eventshub.StartReceiverTLS)) + f.Setup("install channel", channel_impl.Install(channelName)) + f.Setup("channel is ready", channel_impl.IsReady(channelName)) + f.Setup("install subscription", func(ctx context.Context, t feature.T) { + d := service.AsDestinationRef(sink) + d.CACerts = eventshub.GetCaCerts(ctx) + subscription.Install(subscriptionName, + subscription.WithChannel(channel_impl.AsRef(channelName)), + subscription.WithSubscriberFromDestination(d))(ctx, t) + }) + f.Setup("subscription is ready", subscription.IsReady(subscriptionName)) + f.Setup("Channel has HTTPS address", channel_impl.ValidateAddress(channelName, addressable.AssertHTTPSAddress)) + + event := cetest.FullEvent() + event.SetID(uuid.New().String()) + + f.Requirement("install source", eventshub.Install(source, + eventshub.StartSenderToResourceTLS(channel_impl.GVR(), channelName, nil), + eventshub.InputEvent(event), + // Send multiple events so that we take into account that the certificate rotation might + // be detected by the server after some time. + eventshub.SendMultipleEvents(100, 3*time.Second), + )) + + f.Assert("Event sent", assert.OnStore(source). + MatchSentEvent(cetest.HasId(event.ID())). + AtLeast(1), + ) + f.Assert("Event received", assert.OnStore(sink). + MatchReceivedEvent(cetest.HasId(event.ID())). + AtLeast(1), + ) + f.Assert("Source match updated peer certificate", assert.OnStore(source). + MatchPeerCertificatesReceived(assert.MatchPeerCertificatesFromSecret(system.Namespace(), secretName, "tls.crt")). + AtLeast(1), + ) + + return f +} diff --git a/vendor/knative.dev/eventing/test/rekt/features/featureflags/featureflags.go b/vendor/knative.dev/eventing/test/rekt/features/featureflags/featureflags.go index 0ba4a2c7c8..8d007d96fe 100644 --- a/vendor/knative.dev/eventing/test/rekt/features/featureflags/featureflags.go +++ b/vendor/knative.dev/eventing/test/rekt/features/featureflags/featureflags.go @@ -46,6 +46,20 @@ func TransportEncryptionPermissiveOrStrict() feature.ShouldRun { } } +func TransportEncryptionStrict() feature.ShouldRun { + return func(ctx context.Context, t feature.T) (feature.PrerequisiteResult, error) { + flags, err := getFeatureFlags(ctx, "config-features") + if err != nil { + return feature.PrerequisiteResult{}, err + } + + return feature.PrerequisiteResult{ + ShouldRun: flags.IsStrictTransportEncryption(), + Reason: flags.String(), + }, nil + } +} + func IstioDisabled() feature.ShouldRun { return func(ctx context.Context, t feature.T) (feature.PrerequisiteResult, error) { flags, err := getFeatureFlags(ctx, "config-features") diff --git a/vendor/knative.dev/eventing/test/rekt/resources/addressable/addressable.go b/vendor/knative.dev/eventing/test/rekt/resources/addressable/addressable.go index d8c566186b..df3997e261 100644 --- a/vendor/knative.dev/eventing/test/rekt/resources/addressable/addressable.go +++ b/vendor/knative.dev/eventing/test/rekt/resources/addressable/addressable.go @@ -18,6 +18,7 @@ package addressable import ( "context" + "fmt" "time" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -27,6 +28,8 @@ import ( "knative.dev/reconciler-test/pkg/k8s" ) +type ValidateAddress func(addressable *duckv1.Addressable) error + // Address returns a broker's address. func Address(ctx context.Context, gvr schema.GroupVersionResource, name string, timings ...time.Duration) (*duckv1.Addressable, error) { interval, timeout := k8s.PollTimings(ctx, timings) @@ -51,3 +54,10 @@ func Address(ctx context.Context, gvr schema.GroupVersionResource, name string, }) return addr, err } + +func AssertHTTPSAddress(addr *duckv1.Addressable) error { + if addr.URL.Scheme != "https" { + return fmt.Errorf("address is not HTTPS: %#v", addr) + } + return nil +} diff --git a/vendor/knative.dev/eventing/test/rekt/resources/broker/broker.go b/vendor/knative.dev/eventing/test/rekt/resources/broker/broker.go index cdabc65815..27d7adde92 100644 --- a/vendor/knative.dev/eventing/test/rekt/resources/broker/broker.go +++ b/vendor/knative.dev/eventing/test/rekt/resources/broker/broker.go @@ -158,6 +158,21 @@ func IsAddressable(name string, timings ...time.Duration) feature.StepFn { return k8s.IsAddressable(GVR(), name, timings...) } +// ValidateAddress validates the address retured by Address +func ValidateAddress(name string, validate addressable.ValidateAddress, timings ...time.Duration) feature.StepFn { + return func(ctx context.Context, t feature.T) { + addr, err := Address(ctx, name, timings...) + if err != nil { + t.Error(err) + return + } + if err := validate(addr); err != nil { + t.Error(err) + return + } + } +} + // Address returns a broker's address. func Address(ctx context.Context, name string, timings ...time.Duration) (*duckv1.Addressable, error) { return addressable.Address(ctx, GVR(), name, timings...) diff --git a/vendor/knative.dev/eventing/test/rekt/resources/channel_impl/channel_impl.go b/vendor/knative.dev/eventing/test/rekt/resources/channel_impl/channel_impl.go index 428df32d6a..b7a08d2b9b 100644 --- a/vendor/knative.dev/eventing/test/rekt/resources/channel_impl/channel_impl.go +++ b/vendor/knative.dev/eventing/test/rekt/resources/channel_impl/channel_impl.go @@ -172,3 +172,18 @@ func AsDestinationRef(name string) *duckv1.Destination { // WithDeadLetterSink adds the dead letter sink related config to a Subscription spec. var WithDeadLetterSink = delivery.WithDeadLetterSink + +// ValidateAddress validates the address retured by Address +func ValidateAddress(name string, validate addressable.ValidateAddress, timings ...time.Duration) feature.StepFn { + return func(ctx context.Context, t feature.T) { + addr, err := Address(ctx, name, timings...) + if err != nil { + t.Error(err) + return + } + if err := validate(addr); err != nil { + t.Error(err) + return + } + } +} diff --git a/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.go b/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.go index fa9b8e2298..a2b26c3437 100644 --- a/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.go +++ b/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.go @@ -19,14 +19,16 @@ package subscription import ( "context" "embed" + "strings" "time" "k8s.io/apimachinery/pkg/runtime/schema" - "knative.dev/eventing/test/rekt/resources/delivery" duckv1 "knative.dev/pkg/apis/duck/v1" "knative.dev/reconciler-test/pkg/feature" "knative.dev/reconciler-test/pkg/k8s" "knative.dev/reconciler-test/pkg/manifest" + + "knative.dev/eventing/test/rekt/resources/delivery" ) //go:embed *.yaml @@ -128,3 +130,36 @@ func Install(name string, opts ...manifest.CfgFn) feature.StepFn { func IsReady(name string, timing ...time.Duration) feature.StepFn { return k8s.IsReady(gvr(), name, timing...) } + +// WithSubscriberFromDestination adds the subscriber related config to a Trigger spec. +func WithSubscriberFromDestination(dest *duckv1.Destination) manifest.CfgFn { + return func(cfg map[string]interface{}) { + if _, set := cfg["subscriber"]; !set { + cfg["subscriber"] = map[string]interface{}{} + } + subscriber := cfg["subscriber"].(map[string]interface{}) + + uri := dest.URI + ref := dest.Ref + + if dest.CACerts != nil { + // This is a multi-line string and should be indented accordingly. + // Replace "new line" with "new line + spaces". + subscriber["CACerts"] = strings.ReplaceAll(*dest.CACerts, "\n", "\n ") + } + + if uri != nil { + subscriber["uri"] = uri.String() + } + if ref != nil { + if _, set := subscriber["ref"]; !set { + subscriber["ref"] = map[string]interface{}{} + } + sref := subscriber["ref"].(map[string]interface{}) + sref["apiVersion"] = ref.APIVersion + sref["kind"] = ref.Kind + // skip namespace + sref["name"] = ref.Name + } + } +} diff --git a/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.yaml b/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.yaml index 345a3c8a59..82db40579a 100644 --- a/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.yaml +++ b/vendor/knative.dev/eventing/test/rekt/resources/subscription/subscription.yaml @@ -36,6 +36,10 @@ spec: {{ if .subscriber.uri }} uri: {{ .subscriber.uri }} {{ end }} + {{ if .subscriber.CACerts }} + CACerts: |- + {{ .subscriber.CACerts }} + {{ end }} {{ end }} {{if .reply }} reply: @@ -53,6 +57,10 @@ spec: {{ if .reply.uri }} uri: {{ .reply.uri }} {{ end }} + {{ if .reply.CACerts }} + CACerts: |- + {{ .reply.CACerts }} + {{ end }} {{ end }} {{ if .delivery }} delivery: @@ -72,6 +80,10 @@ spec: {{ if .delivery.deadLetterSink.uri }} uri: {{ .delivery.deadLetterSink.uri }} {{ end }} + {{ if .delivery.deadLetterSink.CACerts }} + CACerts: |- + {{ .delivery.deadLetterSink.CACerts }} + {{ end }} {{ end }} {{ if .delivery.retry }} retry: {{ .delivery.retry}} diff --git a/vendor/modules.txt b/vendor/modules.txt index 9246045f5d..1cb16fcabb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1267,7 +1267,7 @@ k8s.io/utils/net k8s.io/utils/pointer k8s.io/utils/strings/slices k8s.io/utils/trace -# knative.dev/eventing v0.38.4 +# knative.dev/eventing v0.38.5-0.20231011150847-46cc775f1ec0 ## explicit; go 1.19 knative.dev/eventing/cmd/event_display knative.dev/eventing/cmd/heartbeats From dafba5ce5a92f16b9ae9a682f4db08f21edb6131 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Fri, 25 Aug 2023 09:12:58 -0400 Subject: [PATCH 06/24] Expose tls port for broker (#3305) * Expose the port for HTTPS broker Co-authored-by: Calum Murray Co-authored-by: Pierangelo Di Pilato * Change the format Signed-off-by: Leo HC Li <36619969+Leo6Leo@users.noreply.github.com> * Update 500-receiver.yaml Co-authored-by: Pierangelo Di Pilato --------- Signed-off-by: Leo HC Li <36619969+Leo6Leo@users.noreply.github.com> Co-authored-by: Calum Murray Co-authored-by: Pierangelo Di Pilato Co-authored-by: Pierangelo Di Pilato --- data-plane/config/broker/500-receiver.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/data-plane/config/broker/500-receiver.yaml b/data-plane/config/broker/500-receiver.yaml index 97e682d015..fee514b3e6 100644 --- a/data-plane/config/broker/500-receiver.yaml +++ b/data-plane/config/broker/500-receiver.yaml @@ -182,7 +182,6 @@ spec: secretName: kafka-broker-ingress-server-tls optional: true - restartPolicy: Always --- @@ -212,6 +211,10 @@ spec: port: 8080 protocol: TCP targetPort: 8080 + - name: https-container + port: 8443 + protocol: TCP + targetPort: 8443 - name: http-metrics port: 9090 protocol: TCP From 76b3cdda58bbcac0c34a4dc9bbb9e55702ea58ab Mon Sep 17 00:00:00 2001 From: Leo Li Date: Wed, 23 Aug 2023 11:34:55 -0400 Subject: [PATCH 07/24] Change the name of the secretVolumePath (#3303) --- .../kafka/broker/receiver/main/ReceiverVerticleFactory.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/ReceiverVerticleFactory.java b/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/ReceiverVerticleFactory.java index 6c5b14f841..1647694589 100644 --- a/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/ReceiverVerticleFactory.java +++ b/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/ReceiverVerticleFactory.java @@ -36,7 +36,7 @@ class ReceiverVerticleFactory implements Supplier { private final HttpServerOptions httpServerOptions; private final HttpServerOptions httpsServerOptions; - private final String secretVolumePath = "/etc/receiver-secret-volume"; + private final String secretVolumePath = "/etc/receiver-tls-secret"; private final IngressRequestHandler ingressRequestHandler; From 224fb5217e1659546671995c0a63834f78ddb0a9 Mon Sep 17 00:00:00 2001 From: Pierangelo Di Pilato Date: Wed, 11 Oct 2023 16:32:24 +0200 Subject: [PATCH 08/24] Workaround for cert-manager update spec issue (#3390) I'm setting the fields to what cert-manager expects so that we don't run into this issue https://github.com/cert-manager/cert-manager/issues/6408 Signed-off-by: Pierangelo Di Pilato --- .../config/broker-tls/broker-ingress-tls-certificate.yaml | 6 +++--- .../config/channel-tls/channel-ingress-tls-certificate.yaml | 6 +++--- .../config/sink-tls/sink-ingress-tls-certificate.yaml | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/data-plane/config/broker-tls/broker-ingress-tls-certificate.yaml b/data-plane/config/broker-tls/broker-ingress-tls-certificate.yaml index e00754ce9d..8b298cd29e 100644 --- a/data-plane/config/broker-tls/broker-ingress-tls-certificate.yaml +++ b/data-plane/config/broker-tls/broker-ingress-tls-certificate.yaml @@ -26,12 +26,12 @@ spec: app.kubernetes.io/component: kafka-broker-receiver app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d subject: organizations: - local - isCA: false privateKey: algorithm: RSA encoding: PKCS1 diff --git a/data-plane/config/channel-tls/channel-ingress-tls-certificate.yaml b/data-plane/config/channel-tls/channel-ingress-tls-certificate.yaml index 4971a7d34d..0896ca68b7 100644 --- a/data-plane/config/channel-tls/channel-ingress-tls-certificate.yaml +++ b/data-plane/config/channel-tls/channel-ingress-tls-certificate.yaml @@ -26,12 +26,12 @@ spec: app.kubernetes.io/component: kafka-channel-receiver app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d subject: organizations: - local - isCA: false privateKey: algorithm: RSA encoding: PKCS1 diff --git a/data-plane/config/sink-tls/sink-ingress-tls-certificate.yaml b/data-plane/config/sink-tls/sink-ingress-tls-certificate.yaml index baf6a6ec73..ef20921431 100644 --- a/data-plane/config/sink-tls/sink-ingress-tls-certificate.yaml +++ b/data-plane/config/sink-tls/sink-ingress-tls-certificate.yaml @@ -26,12 +26,12 @@ spec: app.kubernetes.io/component: kafka-sink-receiver app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d subject: organizations: - local - isCA: false privateKey: algorithm: RSA encoding: PKCS1 From 6ac49c759416cc59b0d377f7d73ce6627514f056 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Thu, 20 Jul 2023 06:48:12 -0400 Subject: [PATCH 09/24] Cherry pick b30da88ed --- data-plane/THIRD-PARTY.txt | 72 +++++++------- .../kafka/broker/core/file/SecretWatcher.java | 74 ++++++++++++++ data-plane/pom.xml | 6 +- .../receiver/impl/ReceiverVerticle.java | 96 ++++++++----------- .../receiver/impl/ReceiverVerticleTest.java | 81 ++++++++-------- 5 files changed, 192 insertions(+), 137 deletions(-) create mode 100644 data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/file/SecretWatcher.java diff --git a/data-plane/THIRD-PARTY.txt b/data-plane/THIRD-PARTY.txt index 687ce7382e..f6be90965b 100644 --- a/data-plane/THIRD-PARTY.txt +++ b/data-plane/THIRD-PARTY.txt @@ -81,22 +81,22 @@ Lists of 230 third-party dependencies. (The Apache Software License, Version 2.0) micrometer-core (io.micrometer:micrometer-core:1.11.1 - https://github.com/micrometer-metrics/micrometer) (The Apache Software License, Version 2.0) micrometer-observation (io.micrometer:micrometer-observation:1.11.1 - https://github.com/micrometer-metrics/micrometer) (The Apache Software License, Version 2.0) micrometer-registry-prometheus (io.micrometer:micrometer-registry-prometheus:1.11.1 - https://github.com/micrometer-metrics/micrometer) - (Apache License, Version 2.0) Netty/Buffer (io.netty:netty-buffer:4.1.100.Final - https://netty.io/netty-buffer/) - (Apache License, Version 2.0) Netty/Codec (io.netty:netty-codec:4.1.100.Final - https://netty.io/netty-codec/) - (Apache License, Version 2.0) Netty/Codec/DNS (io.netty:netty-codec-dns:4.1.100.Final - https://netty.io/netty-codec-dns/) - (Apache License, Version 2.0) Netty/Codec/HAProxy (io.netty:netty-codec-haproxy:4.1.100.Final - https://netty.io/netty-codec-haproxy/) - (Apache License, Version 2.0) Netty/Codec/HTTP (io.netty:netty-codec-http:4.1.100.Final - https://netty.io/netty-codec-http/) - (Apache License, Version 2.0) Netty/Codec/HTTP2 (io.netty:netty-codec-http2:4.1.100.Final - https://netty.io/netty-codec-http2/) - (Apache License, Version 2.0) Netty/Codec/Socks (io.netty:netty-codec-socks:4.1.100.Final - https://netty.io/netty-codec-socks/) - (Apache License, Version 2.0) Netty/Common (io.netty:netty-common:4.1.100.Final - https://netty.io/netty-common/) - (Apache License, Version 2.0) Netty/Handler (io.netty:netty-handler:4.1.100.Final - https://netty.io/netty-handler/) - (Apache License, Version 2.0) Netty/Handler/Proxy (io.netty:netty-handler-proxy:4.1.100.Final - https://netty.io/netty-handler-proxy/) - (Apache License, Version 2.0) Netty/Resolver (io.netty:netty-resolver:4.1.100.Final - https://netty.io/netty-resolver/) - (Apache License, Version 2.0) Netty/Resolver/DNS (io.netty:netty-resolver-dns:4.1.100.Final - https://netty.io/netty-resolver-dns/) - (Apache License, Version 2.0) Netty/Transport (io.netty:netty-transport:4.1.100.Final - https://netty.io/netty-transport/) - (Apache License, Version 2.0) Netty/Transport/Classes/Epoll (io.netty:netty-transport-classes-epoll:4.1.100.Final - https://netty.io/netty-transport-classes-epoll/) - (Apache License, Version 2.0) Netty/Transport/Native/Epoll (io.netty:netty-transport-native-epoll:4.1.100.Final - https://netty.io/netty-transport-native-epoll/) - (Apache License, Version 2.0) Netty/Transport/Native/Unix/Common (io.netty:netty-transport-native-unix-common:4.1.100.Final - https://netty.io/netty-transport-native-unix-common/) + (Apache License, Version 2.0) Netty/Buffer (io.netty:netty-buffer:4.1.94.Final - https://netty.io/netty-buffer/) + (Apache License, Version 2.0) Netty/Codec (io.netty:netty-codec:4.1.94.Final - https://netty.io/netty-codec/) + (Apache License, Version 2.0) Netty/Codec/DNS (io.netty:netty-codec-dns:4.1.94.Final - https://netty.io/netty-codec-dns/) + (Apache License, Version 2.0) Netty/Codec/HAProxy (io.netty:netty-codec-haproxy:4.1.94.Final - https://netty.io/netty-codec-haproxy/) + (Apache License, Version 2.0) Netty/Codec/HTTP (io.netty:netty-codec-http:4.1.94.Final - https://netty.io/netty-codec-http/) + (Apache License, Version 2.0) Netty/Codec/HTTP2 (io.netty:netty-codec-http2:4.1.94.Final - https://netty.io/netty-codec-http2/) + (Apache License, Version 2.0) Netty/Codec/Socks (io.netty:netty-codec-socks:4.1.94.Final - https://netty.io/netty-codec-socks/) + (Apache License, Version 2.0) Netty/Common (io.netty:netty-common:4.1.94.Final - https://netty.io/netty-common/) + (Apache License, Version 2.0) Netty/Handler (io.netty:netty-handler:4.1.94.Final - https://netty.io/netty-handler/) + (Apache License, Version 2.0) Netty/Handler/Proxy (io.netty:netty-handler-proxy:4.1.94.Final - https://netty.io/netty-handler-proxy/) + (Apache License, Version 2.0) Netty/Resolver (io.netty:netty-resolver:4.1.94.Final - https://netty.io/netty-resolver/) + (Apache License, Version 2.0) Netty/Resolver/DNS (io.netty:netty-resolver-dns:4.1.94.Final - https://netty.io/netty-resolver-dns/) + (Apache License, Version 2.0) Netty/Transport (io.netty:netty-transport:4.1.94.Final - https://netty.io/netty-transport/) + (Apache License, Version 2.0) Netty/Transport/Classes/Epoll (io.netty:netty-transport-classes-epoll:4.1.94.Final - https://netty.io/netty-transport-classes-epoll/) + (Apache License, Version 2.0) Netty/Transport/Native/Epoll (io.netty:netty-transport-native-epoll:4.1.94.Final - https://netty.io/netty-transport-native-epoll/) + (Apache License, Version 2.0) Netty/Transport/Native/Unix/Common (io.netty:netty-transport-native-unix-common:4.1.94.Final - https://netty.io/netty-transport-native-unix-common/) (The Apache License, Version 2.0) OpenTelemetry Java (io.opentelemetry:opentelemetry-api:1.25.0 - https://github.com/open-telemetry/opentelemetry-java) (The Apache License, Version 2.0) OpenTelemetry Java (io.opentelemetry:opentelemetry-api-events:1.25.0-alpha - https://github.com/open-telemetry/opentelemetry-java) (The Apache License, Version 2.0) OpenTelemetry Java (io.opentelemetry:opentelemetry-api-logs:1.25.0-alpha - https://github.com/open-telemetry/opentelemetry-java) @@ -118,22 +118,22 @@ Lists of 230 third-party dependencies. (The Apache Software License, Version 2.0) Prometheus Java Span Context Supplier - Common (io.prometheus:simpleclient_tracer_common:0.16.0 - http://github.com/prometheus/client_java/simpleclient_tracer/simpleclient_tracer_common) (The Apache Software License, Version 2.0) Prometheus Java Span Context Supplier - OpenTelemetry (io.prometheus:simpleclient_tracer_otel:0.16.0 - http://github.com/prometheus/client_java/simpleclient_tracer/simpleclient_tracer_otel) (The Apache Software License, Version 2.0) Prometheus Java Span Context Supplier - OpenTelemetry Agent (io.prometheus:simpleclient_tracer_otel_agent:0.16.0 - http://github.com/prometheus/client_java/simpleclient_tracer/simpleclient_tracer_otel_agent) - (The Apache Software License, Version 2.0) Quarkus - ArC - Runtime (io.quarkus:quarkus-arc:3.2.7.Final - https://github.com/quarkusio/quarkus) - (Apache License, Version 2.0) Quarkus - Bootstrap - Runner (io.quarkus:quarkus-bootstrap-runner:3.2.7.Final - https://github.com/quarkusio/quarkus) - (The Apache Software License, Version 2.0) Quarkus - Core - Runtime (io.quarkus:quarkus-core:3.2.7.Final - https://github.com/quarkusio/quarkus) - (The Apache Software License, Version 2.0) Quarkus - Development mode - SPI (io.quarkus:quarkus-development-mode-spi:3.2.7.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - ArC - Runtime (io.quarkus:quarkus-arc:3.2.0.Final - https://github.com/quarkusio/quarkus) + (Apache License, Version 2.0) Quarkus - Bootstrap - Runner (io.quarkus:quarkus-bootstrap-runner:3.2.0.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - Core - Runtime (io.quarkus:quarkus-core:3.2.0.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - Development mode - SPI (io.quarkus:quarkus-development-mode-spi:3.2.0.Final - https://github.com/quarkusio/quarkus) (Apache License, Version 2.0) Quarkus - FS Util (io.quarkus:quarkus-fs-util:0.0.9 - https://quarkus.io/) - (The Apache Software License, Version 2.0) Quarkus - IDE Launcher (io.quarkus:quarkus-ide-launcher:3.2.7.Final - https://github.com/quarkusio/quarkus) - (The Apache Software License, Version 2.0) Quarkus - Mutiny - Runtime (io.quarkus:quarkus-mutiny:3.2.7.Final - https://github.com/quarkusio/quarkus) - (The Apache Software License, Version 2.0) Quarkus - Netty - Runtime (io.quarkus:quarkus-netty:3.2.7.Final - https://github.com/quarkusio/quarkus) - (The Apache Software License, Version 2.0) Quarkus - SmallRye Context Propagation - Runtime (io.quarkus:quarkus-smallrye-context-propagation:3.2.7.Final - https://github.com/quarkusio/quarkus) - (The Apache Software License, Version 2.0) Quarkus - Vert.x - Runtime (io.quarkus:quarkus-vertx:3.2.7.Final - https://github.com/quarkusio/quarkus) - (The Apache Software License, Version 2.0) Quarkus - Quarkus - Vert.x Late Bound MDC Provider (io.quarkus:quarkus-vertx-latebound-mdc-provider:3.2.7.Final - https://github.com/quarkusio/quarkus) - (Apache License, Version 2.0) ArC - Runtime (io.quarkus.arc:arc:3.2.7.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - IDE Launcher (io.quarkus:quarkus-ide-launcher:3.2.0.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - Mutiny - Runtime (io.quarkus:quarkus-mutiny:3.2.0.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - Netty - Runtime (io.quarkus:quarkus-netty:3.2.0.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - SmallRye Context Propagation - Runtime (io.quarkus:quarkus-smallrye-context-propagation:3.2.0.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - Vert.x - Runtime (io.quarkus:quarkus-vertx:3.2.0.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - Quarkus - Vert.x Late Bound MDC Provider (io.quarkus:quarkus-vertx-latebound-mdc-provider:3.2.0.Final - https://github.com/quarkusio/quarkus) + (Apache License, Version 2.0) ArC - Runtime (io.quarkus.arc:arc:3.2.0.Final - https://github.com/quarkusio/quarkus) (The Apache Software License, Version 2.0) SmallRye Context Propagation: Core (io.smallrye:smallrye-context-propagation:2.1.0 - https://github.com/smallrye/smallrye-context-propagation) (The Apache Software License, Version 2.0) SmallRye Context Propagation: API (io.smallrye:smallrye-context-propagation-api:2.1.0 - https://github.com/smallrye/smallrye-context-propagation) (The Apache Software License, Version 2.0) SmallRye Context Propagation: Storage (io.smallrye:smallrye-context-propagation-storage:2.1.0 - https://github.com/smallrye/smallrye-context-propagation) - (Apache License, Version 2.0) SmallRye Fault Tolerance: Vert.x Integration (io.smallrye:smallrye-fault-tolerance-vertx:6.2.6 - http://smallrye.io) + (Apache License, Version 2.0) SmallRye Fault Tolerance: Vert.x Integration (io.smallrye:smallrye-fault-tolerance-vertx:6.2.4 - http://smallrye.io) (Apache License, Version 2.0) SmallRye Common: Annotations (io.smallrye.common:smallrye-common-annotation:2.1.0 - http://smallrye.io) (Apache License, Version 2.0) SmallRye Common: Classloader (io.smallrye.common:smallrye-common-classloader:2.1.0 - http://smallrye.io) (Apache License, Version 2.0) SmallRye Common: Constraints (io.smallrye.common:smallrye-common-constraint:2.1.0 - http://smallrye.io) @@ -142,9 +142,9 @@ Lists of 230 third-party dependencies. (Apache License, Version 2.0) SmallRye Common: IO (io.smallrye.common:smallrye-common-io:2.1.0 - http://smallrye.io) (Apache License, Version 2.0) SmallRye Common: OS (io.smallrye.common:smallrye-common-os:2.1.0 - http://smallrye.io) (Apache License, Version 2.0) SmallRye Common: Vert.x Context Utilities (io.smallrye.common:smallrye-common-vertx-context:2.1.0 - http://smallrye.io) - (Apache License, Version 2.0) SmallRye Config: CDI (io.smallrye.config:smallrye-config:3.3.2 - https://smallrye.io) - (Apache License, Version 2.0) SmallRye Config: Common (io.smallrye.config:smallrye-config-common:3.3.2 - https://smallrye.io) - (Apache License, Version 2.0) SmallRye Config: Core (io.smallrye.config:smallrye-config-core:3.3.2 - https://smallrye.io) + (Apache License, Version 2.0) SmallRye Config: CDI (io.smallrye.config:smallrye-config:3.3.0 - https://smallrye.io) + (Apache License, Version 2.0) SmallRye Config: Common (io.smallrye.config:smallrye-config-common:3.3.0 - https://smallrye.io) + (Apache License, Version 2.0) SmallRye Config: Core (io.smallrye.config:smallrye-config-core:3.3.0 - https://smallrye.io) (Apache License, Version 2.0) SmallRye Mutiny - Core library (io.smallrye.reactive:mutiny:2.3.1 - https://smallrye.io/smallrye-mutiny) (Apache License, Version 2.0) SmallRye Mutiny - Integration with SmallRye Context Propagation (io.smallrye.reactive:mutiny-smallrye-context-propagation:2.3.1 - https://smallrye.io/smallrye-mutiny) (The Apache Software License, Version 2.0) SmallRye Mutiny - Vert.x Auth Common (io.smallrye.reactive:smallrye-mutiny-vertx-auth-common:3.5.0 - https://smallrye.io/smallrye-mutiny-vertx-bindings) @@ -157,10 +157,10 @@ Lists of 230 third-party dependencies. (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) vertx-auth-common (io.vertx:vertx-auth-common:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-auth-parent/vertx-auth-common) (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) vertx-codegen (io.vertx:vertx-codegen:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-codegen) (Eclipse Public License - v 2.0) (The Apache Software License, Version 2.0) Vert.x Core (io.vertx:vertx-core:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-core) - (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x JUnit 5 support :: Core (io.vertx:vertx-junit5:4.4.3 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-junit5) - (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x Kafka Client (io.vertx:vertx-kafka-client:4.4.3 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-kafka-client) + (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x JUnit 5 support :: Core (io.vertx:vertx-junit5:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-junit5) + (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x Kafka Client (io.vertx:vertx-kafka-client:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-kafka-client) (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x metrics implementation for Micrometer.io (io.vertx:vertx-micrometer-metrics:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-micrometer-metrics) - (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x OpenTelemetry (io.vertx:vertx-opentelemetry:4.4.3 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-tracing-parent/vertx-opentelemetry) + (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x OpenTelemetry (io.vertx:vertx-opentelemetry:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-tracing-parent/vertx-opentelemetry) (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x URI Template (io.vertx:vertx-uri-template:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-uri-template) (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) vertx-web-client (io.vertx:vertx-web-client:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-web-parent/vertx-web-client) (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) vertx-web-common (io.vertx:vertx-web-common:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-web-parent/vertx-web-common) @@ -199,7 +199,7 @@ Lists of 230 third-party dependencies. (The MIT License) Checker Qual (org.checkerframework:checker-qual:3.34.0 - https://checkerframework.org/) (Apache License, Version 2.0) MicroProfile Config API (org.eclipse.microprofile.config:microprofile-config-api:3.0.3 - https://microprofile.io/project/eclipse/microprofile-config/microprofile-config-api) (Apache License, Version 2.0) MicroProfile Context Propagation (org.eclipse.microprofile.context-propagation:microprofile-context-propagation-api:1.3 - http://microprofile.io/microprofile-context-propagation-api) - (Universal Permissive License, Version 1.0) Graal Sdk (org.graalvm.sdk:graal-sdk:23.0.1 - https://github.com/oracle/graal) + (Universal Permissive License, Version 1.0) Graal Sdk (org.graalvm.sdk:graal-sdk:22.3.2 - https://github.com/oracle/graal) (BSD Licence 3) Hamcrest (org.hamcrest:hamcrest:2.1 - http://hamcrest.org/JavaHamcrest/) (New BSD License) Hamcrest Core (org.hamcrest:hamcrest-core:1.3 - https://github.com/hamcrest/JavaHamcrest/hamcrest-core) (BSD-2-Clause) (Public Domain, per Creative Commons CC0) HdrHistogram (org.hdrhistogram:HdrHistogram:2.1.12 - http://hdrhistogram.github.io/HdrHistogram/) @@ -228,5 +228,5 @@ Lists of 230 third-party dependencies. (MIT License) SLF4J NOP Binding (org.slf4j:slf4j-nop:1.7.36 - http://www.slf4j.org) (Apache License, Version 2.0) SnakeYAML Engine (org.snakeyaml:snakeyaml-engine:2.6 - https://bitbucket.org/snakeyaml/snakeyaml-engine) (Apache License 2.0) wildfly-common (org.wildfly.common:wildfly-common:1.5.4.Final-format-001 - http://www.jboss.org/wildfly-common) - (Apache-2.0) snappy-java (org.xerial.snappy:snappy-java:1.1.10.5 - https://github.com/xerial/snappy-java) + (Apache-2.0) snappy-java (org.xerial.snappy:snappy-java:1.1.10.1 - https://github.com/xerial/snappy-java) (Apache License, Version 2.0) SnakeYAML (org.yaml:snakeyaml:2.0 - https://bitbucket.org/snakeyaml/snakeyaml) diff --git a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/file/SecretWatcher.java b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/file/SecretWatcher.java new file mode 100644 index 0000000000..667a46c4c2 --- /dev/null +++ b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/file/SecretWatcher.java @@ -0,0 +1,74 @@ +/* + * Copyright © 2018 Knative Authors (knative-dev@googlegroups.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package dev.knative.eventing.kafka.broker.core.file; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.IOException; +import java.nio.file.*; + +/** Watches a directory for changes to TLS secrets. */ +public class SecretWatcher implements Runnable { + private static final Logger logger = LoggerFactory.getLogger(SecretWatcher.class); + + private final String dir; // directory to watch + private final WatchService watcher; // watch service + private final Runnable updateAction; // action to run when a change is detected + + private static String KEY_FILE = "tls.key"; + private static String CRT_FILE = "tls.crt"; + + public SecretWatcher(String dir, Runnable updateAction) throws IOException { + this.dir = dir; + this.updateAction = updateAction; + this.watcher = FileSystems.getDefault().newWatchService(); + + Path path = Path.of(dir); + path.register(watcher, StandardWatchEventKinds.ENTRY_MODIFY); + } + + @Override + public void run() { + try { + WatchKey key; + while ((key = watcher.take()) != null) { + for (WatchEvent event : key.pollEvents()) { + Path changed = (Path) event.context(); + if (changed.endsWith(KEY_FILE) || changed.endsWith(CRT_FILE)) { + logger.debug("Detected change to secret {}", changed); + updateAction.run(); + } + } + key.reset(); + } + } catch (InterruptedException e) { + Thread.currentThread().interrupt(); + logger.error("Watcher exception", e); + } finally { + this.stop(); + } + } + + // stop the watcher + public void stop() { + try { + watcher.close(); + } catch (IOException e) { + logger.error("Failed to close secret watcher", e); + } + } +} diff --git a/data-plane/pom.xml b/data-plane/pom.xml index 6f268e2313..f76dcf2bd7 100644 --- a/data-plane/pom.xml +++ b/data-plane/pom.xml @@ -42,8 +42,8 @@ 2.37.0 - 4.4.3 - 4.4.3 + 4.4.4 + 4.4.4 2.5.0 1.9.4 1.17.0 @@ -61,7 +61,7 @@ 3.2.3 1.9.6.Final 3.3.2 - 3.2.7.Final + 3.2.0.Final 4.9.2 2.33.0 diff --git a/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java b/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java index 06a4332ff3..11183d3e75 100644 --- a/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java +++ b/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java @@ -15,13 +15,7 @@ */ package dev.knative.eventing.kafka.broker.receiver.impl; -import static dev.knative.eventing.kafka.broker.core.utils.Logging.keyValue; -import static dev.knative.eventing.kafka.broker.receiver.impl.handler.ControlPlaneProbeRequestUtil.PROBE_HASH_HEADER_NAME; -import static dev.knative.eventing.kafka.broker.receiver.impl.handler.ControlPlaneProbeRequestUtil.isControlPlaneProbeRequest; -import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; -import static io.netty.handler.codec.http.HttpResponseStatus.OK; - -import dev.knative.eventing.kafka.broker.core.file.FileWatcher; +import dev.knative.eventing.kafka.broker.core.file.SecretWatcher; import dev.knative.eventing.kafka.broker.core.reconciler.IngressReconcilerListener; import dev.knative.eventing.kafka.broker.core.reconciler.ResourcesReconciler; import dev.knative.eventing.kafka.broker.receiver.IngressProducer; @@ -30,45 +24,43 @@ import dev.knative.eventing.kafka.broker.receiver.impl.handler.MethodNotAllowedHandler; import dev.knative.eventing.kafka.broker.receiver.impl.handler.ProbeHandler; import dev.knative.eventing.kafka.broker.receiver.main.ReceiverEnv; -import io.fabric8.kubernetes.client.*; import io.vertx.core.*; -import io.vertx.core.buffer.*; import io.vertx.core.eventbus.MessageConsumer; import io.vertx.core.http.HttpServer; import io.vertx.core.http.HttpServerOptions; import io.vertx.core.http.HttpServerRequest; import io.vertx.core.net.PemKeyCertOptions; import io.vertx.core.net.SSLOptions; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import java.io.File; import java.io.IOException; import java.util.Objects; import java.util.function.Function; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; + +import static dev.knative.eventing.kafka.broker.core.utils.Logging.keyValue; +import static dev.knative.eventing.kafka.broker.receiver.impl.handler.ControlPlaneProbeRequestUtil.PROBE_HASH_HEADER_NAME; +import static dev.knative.eventing.kafka.broker.receiver.impl.handler.ControlPlaneProbeRequestUtil.isControlPlaneProbeRequest; +import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; +import static io.netty.handler.codec.http.HttpResponseStatus.OK; /** * This verticle is responsible for implementing the logic of the receiver. * - *

- * The receiver is the component responsible for mapping incoming {@link - * io.cloudevents.CloudEvent} requests to specific Kafka topics. In order to do - * so, this component: + *

The receiver is the component responsible for mapping incoming {@link + * io.cloudevents.CloudEvent} requests to specific Kafka topics. In order to do so, this component: * *

    - *
  • Starts two {@link HttpServer}, one with http, and one with https, - * listening for incoming - * events - *
  • Starts a {@link ResourcesReconciler}, listen on the event bus for - * reconciliation events and - * keeps track of the {@link - * dev.knative.eventing.kafka.broker.contract.DataPlaneContract.Ingress} objects - * and their - * {@code path => (topic, producer)} mapping - *
  • Implements a request handler that invokes a series of {@code preHandlers} - * (which are - * assumed to complete synchronously) and then a final - * {@link IngressRequestHandler} to - * publish the record to Kafka + *
  • Starts two {@link HttpServer}, one with http, and one with https, listening for incoming + * events + *
  • Starts a {@link ResourcesReconciler}, listen on the event bus for reconciliation events and + * keeps track of the {@link + * dev.knative.eventing.kafka.broker.contract.DataPlaneContract.Ingress} objects and their + * {@code path => (topic, producer)} mapping + *
  • Implements a request handler that invokes a series of {@code preHandlers} (which are + * assumed to complete synchronously) and then a final {@link IngressRequestHandler} to + * publish the record to Kafka *
*/ public class ReceiverVerticle extends AbstractVerticle implements Handler { @@ -89,7 +81,7 @@ public class ReceiverVerticle extends AbstractVerticle implements Handler messageConsumer; private IngressProducerReconcilableStore ingressProducerStore; - private FileWatcher secretWatcher; + private SecretWatcher secretWatcher; public ReceiverVerticle( final ReceiverEnv env, @@ -176,16 +168,15 @@ public void start(final Promise startPromise) { // Set up the secret watcher private void setupSecretWatcher() { try { - File file = new File(secretVolumePath + "/tls.crt"); - this.secretWatcher = new FileWatcher(file, this::updateServerConfig); - this.secretWatcher.start(); + this.secretWatcher = new SecretWatcher(secretVolumePath, this::updateServerConfig); + new Thread(this.secretWatcher).start(); } catch (IOException e) { logger.error("Failed to start SecretWatcher", e); } } @Override - public void stop(Promise stopPromise) throws Exception { + public void stop(Promise stopPromise) { CompositeFuture.all( (this.httpServer != null ? this.httpServer.close().mapEmpty() : Future.succeededFuture()), (this.httpsServer != null ? this.httpsServer.close().mapEmpty() : Future.succeededFuture()), @@ -195,11 +186,7 @@ public void stop(Promise stopPromise) throws Exception { // close the watcher if (this.secretWatcher != null) { - try { - this.secretWatcher.close(); - } catch (IOException e) { - logger.error("Failed to close SecretWatcher", e); - } + this.secretWatcher.stop(); } } @@ -233,29 +220,26 @@ public void handle(HttpServerRequest request) { } public void updateServerConfig() { - // This function will be called when the secret volume is updated File tlsKeyFile = new File(tlsKeyFilePath); File tlsCrtFile = new File(tlsCrtFilePath); // Check whether the tls.key and tls.crt files exist if (tlsKeyFile.exists() && tlsCrtFile.exists() && httpsServerOptions != null) { - try { - // Update SSL configuration by passing the new value of the certificate and key - // Have to use value instead of path here otherwise the changes won't be applied - final var keyCertOptions = new PemKeyCertOptions() - .setCertValue(Buffer.buffer(java.nio.file.Files.readString(tlsCrtFile.toPath()))) - .setKeyValue(Buffer.buffer(java.nio.file.Files.readString(tlsKeyFile.toPath()))); - - httpsServer - .updateSSLOptions(new SSLOptions().setKeyCertOptions(keyCertOptions)) - .onSuccess(v -> logger.info("Succeeded to update TLS key pair")) - .onFailure( - e -> logger.error("Failed to update TLS key pair while executing updateSSLOptions", e)); - - } catch (IOException e) { - logger.error("Failed to read file {}", tlsCrtFilePath, e); - } + + // Update SSL configuration by using updateSSLOptions + PemKeyCertOptions keyCertOptions = + new PemKeyCertOptions().setKeyPath(tlsKeyFile.getPath()).setCertPath(tlsCrtFile.getPath()); + + // result is a Future object + Future result = httpsServer.updateSSLOptions(new SSLOptions().setKeyCertOptions(keyCertOptions)); + + result.onSuccess(v -> { + logger.info("Succeeded to update TLS key pair"); + }) + .onFailure(e -> { + logger.error("Failed to update TLS key pair", e); + }); } } } diff --git a/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java b/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java index eb37cfecca..8e7d245dfd 100644 --- a/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java +++ b/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java @@ -15,15 +15,6 @@ */ package dev.knative.eventing.kafka.broker.receiver.impl; -import static io.netty.handler.codec.http.HttpResponseStatus.ACCEPTED; -import static io.netty.handler.codec.http.HttpResponseStatus.BAD_REQUEST; -import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; -import static io.netty.handler.codec.http.HttpResponseStatus.OK; -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; - import ch.qos.logback.classic.Logger; import ch.qos.logback.classic.spi.ILoggingEvent; import ch.qos.logback.core.read.ListAppender; @@ -63,6 +54,18 @@ import io.vertx.junit5.VertxTestContext; import io.vertx.micrometer.MicrometerMetricsOptions; import io.vertx.micrometer.backends.BackendRegistries; +import org.apache.kafka.clients.producer.MockProducer; +import org.apache.kafka.clients.producer.ProducerRecord; +import org.apache.kafka.common.serialization.StringSerializer; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.MethodSource; +import org.slf4j.LoggerFactory; + import java.io.File; import java.io.FileWriter; import java.io.IOException; @@ -76,17 +79,11 @@ import java.util.function.Function; import java.util.stream.Collectors; import java.util.stream.StreamSupport; -import org.apache.kafka.clients.producer.MockProducer; -import org.apache.kafka.clients.producer.ProducerRecord; -import org.apache.kafka.common.serialization.StringSerializer; -import org.junit.jupiter.api.AfterAll; -import org.junit.jupiter.api.AfterEach; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.MethodSource; -import org.slf4j.LoggerFactory; + +import static io.netty.handler.codec.http.HttpResponseStatus.*; +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; @ExtendWith(VertxExtension.class) public class ReceiverVerticleTest { @@ -256,28 +253,28 @@ public void secretFileUpdated() throws InterruptedException { // Write the new CA cert to the file String new_TLS_Cert = """ ------BEGIN CERTIFICATE----- -MIIDmDCCAoCgAwIBAgIUZx4ztTK7wyEpRYKkKqM9+oFr+PwwDQYJKoZIhvcNAQEL -BQAwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD0V4YW1wbGUtUm9vdC1DQTAeFw0y -MzA3MTcxNDI1MzhaFw0yNjA1MDYxNDI1MzhaMG0xCzAJBgNVBAYTAlVTMRIwEAYD -VQQIDAlZb3VyU3RhdGUxETAPBgNVBAcMCFlvdXJDaXR5MR0wGwYDVQQKDBRFeGFt -cGxlLUNlcnRpZmljYXRlczEYMBYGA1UEAwwPbG9jYWxob3N0LmxvY2FsMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyq0tbWj3zb/lhcykAAXlc8RVVPiZ -898NxNV1od3XvFUFRYkQP9DU/3nE/5DxDQbQmfTlov50WbgSgQxt9GR7iC3lheOm -B3ODaA0p3C7bBg7LeUvtrhvPyHITDI9Aqy8cUO5XHVgbTceW7XOvcmju/DVpm9Id -iSpEEPMT2GsuLQ2rVvNupIccYRe0NhZly7l27AAkf5y1G2Yd9Oklt+gOPNPB+afH -/eFlYRrKokp58Kt1eyDNAwaYV8arEKIapU2AQheZTZQSBOi/tFCc7oKFQOmO9sFf -HEuQfCVd8TZJ2vb7qdiLVlgTDwjVYmUkfkxR7JJ/feDacyfjGkqYd1bngQIDAQAB -o3YwdDAfBgNVHSMEGDAWgBQGanp895VYiwZNv+X+JJ7GWjQtWTAJBgNVHRMEAjAA -MAsGA1UdDwQEAwIE8DAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0O -BBYEFOlfLUC1MJOOjGRWfVzHQYA+Iya4MA0GCSqGSIb3DQEBCwUAA4IBAQACCgdN -Sj+W39W+8JdHpBU/fw1wwNDB4SyIyxAgPXp8TWiOwoo3ozcALP44ab4jP9b+Etlm -yNMNdayOf42SCZUhihO4PKiiqDgolDQfYaZbiIEXJ/xaXtao5SxyBPY77eXtXN/+ -E7/TOWQ5U7qJYd7H5vqhlFk6fn7s6WKkue8ELUrWh8r3THASXUsa8xzxHu0nsp2v -SsbYyR0vyrGE4yvComvl75Igw6jY70cswWdyThGKV6ZLip2BrjLQlFhr3IZN5tbg -rHxaoqIen8NYjNpBdJDInPMFZshZSx1lAzw6uwP4OuM5WQHgYEk7V+TkOU3osqgD -5bOo/SpCokC166Ym ------END CERTIFICATE-----"""; + -----BEGIN CERTIFICATE----- + MIIDmDCCAoCgAwIBAgIUZx4ztTK7wyEpRYKkKqM9+oFr+PwwDQYJKoZIhvcNAQEL + BQAwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD0V4YW1wbGUtUm9vdC1DQTAeFw0y + MzA3MTcxNDI1MzhaFw0yNjA1MDYxNDI1MzhaMG0xCzAJBgNVBAYTAlVTMRIwEAYD + VQQIDAlZb3VyU3RhdGUxETAPBgNVBAcMCFlvdXJDaXR5MR0wGwYDVQQKDBRFeGFt + cGxlLUNlcnRpZmljYXRlczEYMBYGA1UEAwwPbG9jYWxob3N0LmxvY2FsMIIBIjAN + BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyq0tbWj3zb/lhcykAAXlc8RVVPiZ + 898NxNV1od3XvFUFRYkQP9DU/3nE/5DxDQbQmfTlov50WbgSgQxt9GR7iC3lheOm + B3ODaA0p3C7bBg7LeUvtrhvPyHITDI9Aqy8cUO5XHVgbTceW7XOvcmju/DVpm9Id + iSpEEPMT2GsuLQ2rVvNupIccYRe0NhZly7l27AAkf5y1G2Yd9Oklt+gOPNPB+afH + /eFlYRrKokp58Kt1eyDNAwaYV8arEKIapU2AQheZTZQSBOi/tFCc7oKFQOmO9sFf + HEuQfCVd8TZJ2vb7qdiLVlgTDwjVYmUkfkxR7JJ/feDacyfjGkqYd1bngQIDAQAB + o3YwdDAfBgNVHSMEGDAWgBQGanp895VYiwZNv+X+JJ7GWjQtWTAJBgNVHRMEAjAA + MAsGA1UdDwQEAwIE8DAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0O + BBYEFOlfLUC1MJOOjGRWfVzHQYA+Iya4MA0GCSqGSIb3DQEBCwUAA4IBAQACCgdN + Sj+W39W+8JdHpBU/fw1wwNDB4SyIyxAgPXp8TWiOwoo3ozcALP44ab4jP9b+Etlm + yNMNdayOf42SCZUhihO4PKiiqDgolDQfYaZbiIEXJ/xaXtao5SxyBPY77eXtXN/+ + E7/TOWQ5U7qJYd7H5vqhlFk6fn7s6WKkue8ELUrWh8r3THASXUsa8xzxHu0nsp2v + SsbYyR0vyrGE4yvComvl75Igw6jY70cswWdyThGKV6ZLip2BrjLQlFhr3IZN5tbg + rHxaoqIen8NYjNpBdJDInPMFZshZSx1lAzw6uwP4OuM5WQHgYEk7V+TkOU3osqgD + 5bOo/SpCokC166Ym + -----END CERTIFICATE-----"""; String new_TLS_key = """ From e0574cdda030d7c7c685613b8901d07e778b4f1e Mon Sep 17 00:00:00 2001 From: Leo Li Date: Wed, 15 Nov 2023 11:20:52 -0500 Subject: [PATCH 10/24] Update to the latest knative eventing V1.11.6 --- .../eventing-latest/eventing-core.yaml | 271 ++++++++++++------ .../eventing-latest/eventing-crds.yaml | 131 +++++++-- .../eventing-tls-networking.yaml | 21 +- 3 files changed, 304 insertions(+), 119 deletions(-) diff --git a/third_party/eventing-latest/eventing-core.yaml b/third_party/eventing-latest/eventing-core.yaml index cc2a4457a1..15398089a8 100644 --- a/third_party/eventing-latest/eventing-core.yaml +++ b/third_party/eventing-latest/eventing-core.yaml @@ -16,7 +16,7 @@ kind: Namespace metadata: name: knative-eventing labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing --- @@ -40,7 +40,7 @@ metadata: name: eventing-controller namespace: knative-eventing labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -48,7 +48,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -64,7 +64,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-resolver labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -80,7 +80,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-source-observer labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -96,7 +96,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-sources-controller labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -112,7 +112,7 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-manipulator labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -144,7 +144,7 @@ metadata: name: pingsource-mt-adapter namespace: knative-eventing labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -152,7 +152,7 @@ kind: ClusterRoleBinding metadata: name: knative-eventing-pingsource-mt-adapter labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -184,7 +184,7 @@ metadata: name: eventing-webhook namespace: knative-eventing labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 @@ -192,7 +192,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -209,7 +209,7 @@ metadata: namespace: knative-eventing name: eventing-webhook labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -225,7 +225,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook-resolver labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -241,7 +241,7 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook-podspecable-binding labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount @@ -273,7 +273,7 @@ metadata: name: config-br-default-channel namespace: knative-eventing labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing data: channel-template-spec: | @@ -301,7 +301,7 @@ metadata: name: config-br-defaults namespace: knative-eventing labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing data: # Configures the default for any Broker that does not specify a spec.config or Broker class. @@ -338,7 +338,7 @@ metadata: name: default-ch-webhook namespace: knative-eventing labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing data: # Configuration for defaulting channels that do not specify CRD implementations. @@ -374,7 +374,7 @@ metadata: labels: annotations: knative.dev/example-checksum: "9185c153" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing data: _example: | @@ -420,7 +420,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing data: # ALPHA feature: The kreference-group allows you to use the Group field in KReferences. @@ -515,7 +515,7 @@ metadata: name: config-leader-election namespace: knative-eventing labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "f7948630" @@ -578,7 +578,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing data: # Common configuration for all Knative codebase @@ -631,7 +631,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "f46cf09d" @@ -705,7 +705,7 @@ metadata: name: config-sugar namespace: knative-eventing labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "62dfac6f" @@ -764,7 +764,7 @@ metadata: labels: knative.dev/config-propagation: original knative.dev/config-category: eventing - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "0492ceb0" @@ -821,7 +821,7 @@ metadata: labels: knative.dev/high-availability: "true" app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: selector: @@ -832,7 +832,7 @@ spec: labels: app: eventing-controller app.kubernetes.io/component: eventing-controller - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -850,7 +850,7 @@ spec: containers: - name: eventing-controller terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/controller@sha256:2137eae87ac64b385e352c89cde3583447c97c9c107eed23f6f46f25a051e12f + image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:122fc0b583f437aa5a20cb38c0f201dc00bf2300b3ff06ba6d7e4df5ad7cd56e resources: requests: cpu: 100m @@ -868,7 +868,7 @@ spec: value: knative.dev/eventing # APIServerSource - name: APISERVER_RA_IMAGE - value: gcr.io/knative-nightly/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:8634dd4f489dd941604e7bad43933a4a1a75e152a9877a496193fc0b6352f7f4 + value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:0a4e0544667cf729acf82b41b60c0eff1f2e9f420fe5ff4940fe6ca0c0d072b0 - name: POD_NAME valueFrom: fieldRef: @@ -938,7 +938,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: # when set to 0 (and only 0) will be set to 1 when the first PingSource is created. @@ -952,7 +952,7 @@ spec: labels: !!merge <<: *labels app.kubernetes.io/component: pingsource-mt-adapter - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: affinity: @@ -966,7 +966,7 @@ spec: enableServiceLinks: false containers: - name: dispatcher - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/mtping@sha256:826291b1a7c6cf21539b8b8a6b6864c76a46bd7d2a368725fd4fdb2987dbd140 + image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:a48882d58e7b0ecb25185f3a148e271a5808d35c5dbc7a1172da5fda82c7e887 env: - name: SYSTEM_NAMESPACE value: '' @@ -1040,7 +1040,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: @@ -1065,7 +1065,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: minAvailable: 80% @@ -1095,7 +1095,7 @@ metadata: namespace: knative-eventing labels: app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: selector: @@ -1107,7 +1107,7 @@ spec: labels: !!merge <<: *labels app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: # To avoid node becoming SPOF, spread our replicas to different nodes. @@ -1127,7 +1127,7 @@ spec: terminationMessagePolicy: FallbackToLogsOnError # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-nightly/knative.dev/eventing/cmd/webhook@sha256:b2252afe0202a942c6f521ab876354161b6c5050f16cc4397cb9b4ff404f08f5 + image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:4fdaf38d671416f627bee2a0ac1b0f29ca1b2fe2ece86760656ee824e67e614c resources: requests: # taken from serving. @@ -1200,7 +1200,7 @@ metadata: labels: role: eventing-webhook app.kubernetes.io/component: eventing-webhook - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing name: eventing-webhook namespace: knative-eventing @@ -1235,18 +1235,36 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing annotations: - # TODO add schemas and descriptions + # TODO add schemas registry.knative.dev/eventTypes: | [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } + { + "type": "dev.knative.apiserver.resource.add", + "description": "CloudEvent type used for add operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.delete", + "description": "CloudEvent type used for delete operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.update", + "description": "CloudEvent type used for update operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.ref.add", + "description": "CloudEvent type used for add operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.delete", + "description": "CloudEvent type used for delete operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.update", + "description": "CloudEvent type used for update operations when in Reference mode" + } ] name: apiserversources.sources.knative.dev spec: @@ -1485,7 +1503,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -1569,8 +1587,24 @@ spec: description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + addresses: + description: Broker is Addressable. It exposes the endpoints as URIs to get events delivered into the Broker mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -1662,7 +1696,7 @@ metadata: knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -1817,10 +1851,27 @@ spec: type: object properties: address: + description: Channel is Addressable. It exposes the endpoint as an URI to get events delivered into the Channel mesh. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + addresses: + description: Channel is Addressable. It exposes the endpoints as URIs to get events delivered into the Channel mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -1948,7 +1999,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing name: containersources.sources.knative.dev spec: @@ -2105,7 +2156,7 @@ metadata: name: eventtypes.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -2266,7 +2317,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -2372,10 +2423,27 @@ spec: type: object properties: address: + description: Parallel is Addressable. It exposes the endpoint as an URI to get events delivered into the Parallel. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + addresses: + description: Parallel is Addressable. It exposes the endpoints as URIs to get events delivered into the Parallel. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -2524,13 +2592,16 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing annotations: - # TODO add schemas and descriptions + # TODO add schema registry.knative.dev/eventTypes: | [ - { "type": "dev.knative.sources.ping" } + { + "type": "dev.knative.sources.ping", + "description": "CloudEvent type for fixed payloads on a specified cron schedule" + } ] name: pingsources.sources.knative.dev spec: @@ -2719,7 +2790,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -2849,10 +2920,27 @@ spec: type: object properties: address: + description: Sequence is Addressable. It exposes the endpoint as an URI to get events delivered into the Sequence. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + addresses: + description: Sequence is Addressable. It exposes the endpoints as URIs to get events delivered into the Sequence. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -3046,7 +3134,7 @@ metadata: duck.knative.dev/source: "true" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing name: sinkbindings.sources.knative.dev spec: @@ -3240,7 +3328,7 @@ metadata: name: subscriptions.messaging.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -3363,6 +3451,9 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the subscription trusts when sending events to the sink. + type: string status: type: object properties: @@ -3466,7 +3557,7 @@ metadata: name: triggers.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -3662,7 +3753,7 @@ kind: ClusterRole metadata: name: addressable-resolver labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -3676,7 +3767,7 @@ metadata: name: service-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3695,7 +3786,7 @@ metadata: name: serving-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3717,7 +3808,7 @@ metadata: name: channel-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3743,7 +3834,7 @@ metadata: name: broker-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3763,7 +3854,7 @@ metadata: name: flows-addressable-resolver labels: duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: @@ -3799,7 +3890,7 @@ kind: ClusterRole metadata: name: eventing-broker-filter labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -3825,7 +3916,7 @@ kind: ClusterRole metadata: name: eventing-broker-ingress labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -3842,7 +3933,7 @@ kind: ClusterRole metadata: name: eventing-config-reader labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -3875,7 +3966,7 @@ kind: ClusterRole metadata: name: channelable-manipulator labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -3889,7 +3980,7 @@ metadata: name: meta-channelable-manipulator labels: duck.knative.dev/channelable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "channelable-manipulator" role. rules: @@ -3928,7 +4019,7 @@ metadata: name: knative-eventing-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev"] @@ -3941,7 +4032,7 @@ metadata: name: knative-messaging-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["messaging.knative.dev"] @@ -3954,7 +4045,7 @@ metadata: name: knative-flows-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["flows.knative.dev"] @@ -3967,7 +4058,7 @@ metadata: name: knative-sources-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["sources.knative.dev"] @@ -3980,7 +4071,7 @@ metadata: name: knative-bindings-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["bindings.knative.dev"] @@ -3992,8 +4083,8 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-eventing-namespaced-edit labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] @@ -4006,7 +4097,7 @@ metadata: name: knative-eventing-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] @@ -4033,7 +4124,7 @@ kind: ClusterRole metadata: name: knative-eventing-controller labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -4168,7 +4259,7 @@ kind: ClusterRole metadata: name: knative-eventing-pingsource-mt-adapter labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -4235,7 +4326,7 @@ kind: ClusterRole metadata: name: podspecable-binding labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -4249,7 +4340,7 @@ metadata: name: builtin-podspecable-binding labels: duck.knative.dev/podspecable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "podspecable-binding role. rules: @@ -4295,7 +4386,7 @@ kind: ClusterRole metadata: name: source-observer labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: @@ -4309,7 +4400,7 @@ metadata: name: eventing-sources-source-observer labels: duck.knative.dev/source: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing # Do not use this role directly. These rules will be added to the "source-observer" role. rules: @@ -4345,7 +4436,7 @@ kind: ClusterRole metadata: name: knative-eventing-sources-controller labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: - apiGroups: @@ -4431,7 +4522,7 @@ kind: ClusterRole metadata: name: knative-eventing-webhook labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: # For watching logging configuration and getting certs. @@ -4541,7 +4632,7 @@ metadata: namespace: knative-eventing name: knative-eventing-webhook labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing rules: # For manipulating certs into secrets. @@ -4577,7 +4668,7 @@ kind: ValidatingWebhookConfiguration metadata: name: config.webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -4612,7 +4703,7 @@ kind: MutatingWebhookConfiguration metadata: name: webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -4645,7 +4736,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.eventing.knative.dev labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] @@ -4679,7 +4770,7 @@ metadata: name: eventing-webhook-certs namespace: knative-eventing labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing # The data is populated at install time. @@ -4703,7 +4794,7 @@ kind: MutatingWebhookConfiguration metadata: name: sinkbindings.webhook.sources.knative.dev labels: - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] diff --git a/third_party/eventing-latest/eventing-crds.yaml b/third_party/eventing-latest/eventing-crds.yaml index 0594593323..11c247ae8b 100644 --- a/third_party/eventing-latest/eventing-crds.yaml +++ b/third_party/eventing-latest/eventing-crds.yaml @@ -20,18 +20,36 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing annotations: - # TODO add schemas and descriptions + # TODO add schemas registry.knative.dev/eventTypes: | [ - { "type": "dev.knative.apiserver.resource.add" }, - { "type": "dev.knative.apiserver.resource.delete" }, - { "type": "dev.knative.apiserver.resource.update" }, - { "type": "dev.knative.apiserver.ref.add" }, - { "type": "dev.knative.apiserver.ref.delete" }, - { "type": "dev.knative.apiserver.ref.update" } + { + "type": "dev.knative.apiserver.resource.add", + "description": "CloudEvent type used for add operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.delete", + "description": "CloudEvent type used for delete operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.resource.update", + "description": "CloudEvent type used for update operations when in Resource mode" + }, + { + "type": "dev.knative.apiserver.ref.add", + "description": "CloudEvent type used for add operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.delete", + "description": "CloudEvent type used for delete operations when in Reference mode" + }, + { + "type": "dev.knative.apiserver.ref.update", + "description": "CloudEvent type used for update operations when in Reference mode" + } ] name: apiserversources.sources.knative.dev spec: @@ -270,7 +288,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -354,8 +372,24 @@ spec: description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + addresses: + description: Broker is Addressable. It exposes the endpoints as URIs to get events delivered into the Broker mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -447,7 +481,7 @@ metadata: knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -602,10 +636,27 @@ spec: type: object properties: address: + description: Channel is Addressable. It exposes the endpoint as an URI to get events delivered into the Channel mesh. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + addresses: + description: Channel is Addressable. It exposes the endpoints as URIs to get events delivered into the Channel mesh. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -733,7 +784,7 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing name: containersources.sources.knative.dev spec: @@ -890,7 +941,7 @@ metadata: name: eventtypes.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev @@ -1051,7 +1102,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -1157,10 +1208,27 @@ spec: type: object properties: address: + description: Parallel is Addressable. It exposes the endpoint as an URI to get events delivered into the Parallel. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + addresses: + description: Parallel is Addressable. It exposes the endpoints as URIs to get events delivered into the Parallel. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -1309,13 +1377,16 @@ metadata: eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing annotations: - # TODO add schemas and descriptions + # TODO add schema registry.knative.dev/eventTypes: | [ - { "type": "dev.knative.sources.ping" } + { + "type": "dev.knative.sources.ping", + "description": "CloudEvent type for fixed payloads on a specified cron schedule" + } ] name: pingsources.sources.knative.dev spec: @@ -1504,7 +1575,7 @@ metadata: labels: knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: group: flows.knative.dev @@ -1634,10 +1705,27 @@ spec: type: object properties: address: + description: Sequence is Addressable. It exposes the endpoint as an URI to get events delivered into the Sequence. type: object properties: + name: + type: string url: type: string + CACerts: + type: string + addresses: + description: Sequence is Addressable. It exposes the endpoints as URIs to get events delivered into the Sequence. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object @@ -1831,7 +1919,7 @@ metadata: duck.knative.dev/source: "true" duck.knative.dev/binding: "true" knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing name: sinkbindings.sources.knative.dev spec: @@ -2025,7 +2113,7 @@ metadata: name: subscriptions.messaging.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev @@ -2148,6 +2236,9 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + CACerts: + description: Certification Authority (CA) certificates in PEM format that the subscription trusts when sending events to the sink. + type: string status: type: object properties: @@ -2251,7 +2342,7 @@ metadata: name: triggers.eventing.knative.dev labels: knative.dev/crd-install: "true" - app.kubernetes.io/version: "20230726-6bfc2d4ae" + app.kubernetes.io/version: "1.11.6" app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev diff --git a/third_party/eventing-latest/eventing-tls-networking.yaml b/third_party/eventing-latest/eventing-tls-networking.yaml index 5e4c7069f4..223fe89286 100644 --- a/third_party/eventing-latest/eventing-tls-networking.yaml +++ b/third_party/eventing-latest/eventing-tls-networking.yaml @@ -91,12 +91,12 @@ spec: labels: app.kubernetes.io/component: imc-dispatcher app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d subject: organizations: - local - isCA: false privateKey: algorithm: RSA encoding: PKCS1 @@ -104,6 +104,7 @@ spec: rotationPolicy: Always dnsNames: - imc-dispatcher.knative-eventing.svc.cluster.local + - imc-dispatcher.knative-eventing.svc issuerRef: name: selfsigned-ca-issuer kind: Issuer @@ -136,12 +137,12 @@ spec: labels: app.kubernetes.io/component: broker-filter app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d subject: organizations: - local - isCA: false privateKey: algorithm: RSA encoding: PKCS1 @@ -149,6 +150,7 @@ spec: rotationPolicy: Always dnsNames: - broker-filter.knative-eventing.svc.cluster.local + - broker-filter.knative-eventing.svc issuerRef: name: selfsigned-ca-issuer kind: Issuer @@ -181,12 +183,12 @@ spec: labels: app.kubernetes.io/component: broker-ingress app.kubernetes.io/name: knative-eventing - duration: 2160h # 90d - renewBefore: 360h # 15d + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d subject: organizations: - local - isCA: false privateKey: algorithm: RSA encoding: PKCS1 @@ -194,6 +196,7 @@ spec: rotationPolicy: Always dnsNames: - broker-ingress.knative-eventing.svc.cluster.local + - broker-ingress.knative-eventing.svc issuerRef: name: selfsigned-ca-issuer kind: Issuer From 7b27846860ef90ccd7f68cd87dd7028ffea601ab Mon Sep 17 00:00:00 2001 From: Leo Li Date: Wed, 15 Nov 2023 11:21:33 -0500 Subject: [PATCH 11/24] Cherry pick the keypair rotation commit --- .../receiver/impl/ReceiverVerticleTest.java | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java b/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java index 8e7d245dfd..4d3830f255 100644 --- a/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java +++ b/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java @@ -253,28 +253,28 @@ public void secretFileUpdated() throws InterruptedException { // Write the new CA cert to the file String new_TLS_Cert = """ - -----BEGIN CERTIFICATE----- - MIIDmDCCAoCgAwIBAgIUZx4ztTK7wyEpRYKkKqM9+oFr+PwwDQYJKoZIhvcNAQEL - BQAwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD0V4YW1wbGUtUm9vdC1DQTAeFw0y - MzA3MTcxNDI1MzhaFw0yNjA1MDYxNDI1MzhaMG0xCzAJBgNVBAYTAlVTMRIwEAYD - VQQIDAlZb3VyU3RhdGUxETAPBgNVBAcMCFlvdXJDaXR5MR0wGwYDVQQKDBRFeGFt - cGxlLUNlcnRpZmljYXRlczEYMBYGA1UEAwwPbG9jYWxob3N0LmxvY2FsMIIBIjAN - BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyq0tbWj3zb/lhcykAAXlc8RVVPiZ - 898NxNV1od3XvFUFRYkQP9DU/3nE/5DxDQbQmfTlov50WbgSgQxt9GR7iC3lheOm - B3ODaA0p3C7bBg7LeUvtrhvPyHITDI9Aqy8cUO5XHVgbTceW7XOvcmju/DVpm9Id - iSpEEPMT2GsuLQ2rVvNupIccYRe0NhZly7l27AAkf5y1G2Yd9Oklt+gOPNPB+afH - /eFlYRrKokp58Kt1eyDNAwaYV8arEKIapU2AQheZTZQSBOi/tFCc7oKFQOmO9sFf - HEuQfCVd8TZJ2vb7qdiLVlgTDwjVYmUkfkxR7JJ/feDacyfjGkqYd1bngQIDAQAB - o3YwdDAfBgNVHSMEGDAWgBQGanp895VYiwZNv+X+JJ7GWjQtWTAJBgNVHRMEAjAA - MAsGA1UdDwQEAwIE8DAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0O - BBYEFOlfLUC1MJOOjGRWfVzHQYA+Iya4MA0GCSqGSIb3DQEBCwUAA4IBAQACCgdN - Sj+W39W+8JdHpBU/fw1wwNDB4SyIyxAgPXp8TWiOwoo3ozcALP44ab4jP9b+Etlm - yNMNdayOf42SCZUhihO4PKiiqDgolDQfYaZbiIEXJ/xaXtao5SxyBPY77eXtXN/+ - E7/TOWQ5U7qJYd7H5vqhlFk6fn7s6WKkue8ELUrWh8r3THASXUsa8xzxHu0nsp2v - SsbYyR0vyrGE4yvComvl75Igw6jY70cswWdyThGKV6ZLip2BrjLQlFhr3IZN5tbg - rHxaoqIen8NYjNpBdJDInPMFZshZSx1lAzw6uwP4OuM5WQHgYEk7V+TkOU3osqgD - 5bOo/SpCokC166Ym - -----END CERTIFICATE-----"""; +-----BEGIN CERTIFICATE----- +MIIDmDCCAoCgAwIBAgIUZx4ztTK7wyEpRYKkKqM9+oFr+PwwDQYJKoZIhvcNAQEL +BQAwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD0V4YW1wbGUtUm9vdC1DQTAeFw0y +MzA3MTcxNDI1MzhaFw0yNjA1MDYxNDI1MzhaMG0xCzAJBgNVBAYTAlVTMRIwEAYD +VQQIDAlZb3VyU3RhdGUxETAPBgNVBAcMCFlvdXJDaXR5MR0wGwYDVQQKDBRFeGFt +cGxlLUNlcnRpZmljYXRlczEYMBYGA1UEAwwPbG9jYWxob3N0LmxvY2FsMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyq0tbWj3zb/lhcykAAXlc8RVVPiZ +898NxNV1od3XvFUFRYkQP9DU/3nE/5DxDQbQmfTlov50WbgSgQxt9GR7iC3lheOm +B3ODaA0p3C7bBg7LeUvtrhvPyHITDI9Aqy8cUO5XHVgbTceW7XOvcmju/DVpm9Id +iSpEEPMT2GsuLQ2rVvNupIccYRe0NhZly7l27AAkf5y1G2Yd9Oklt+gOPNPB+afH +/eFlYRrKokp58Kt1eyDNAwaYV8arEKIapU2AQheZTZQSBOi/tFCc7oKFQOmO9sFf +HEuQfCVd8TZJ2vb7qdiLVlgTDwjVYmUkfkxR7JJ/feDacyfjGkqYd1bngQIDAQAB +o3YwdDAfBgNVHSMEGDAWgBQGanp895VYiwZNv+X+JJ7GWjQtWTAJBgNVHRMEAjAA +MAsGA1UdDwQEAwIE8DAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0O +BBYEFOlfLUC1MJOOjGRWfVzHQYA+Iya4MA0GCSqGSIb3DQEBCwUAA4IBAQACCgdN +Sj+W39W+8JdHpBU/fw1wwNDB4SyIyxAgPXp8TWiOwoo3ozcALP44ab4jP9b+Etlm +yNMNdayOf42SCZUhihO4PKiiqDgolDQfYaZbiIEXJ/xaXtao5SxyBPY77eXtXN/+ +E7/TOWQ5U7qJYd7H5vqhlFk6fn7s6WKkue8ELUrWh8r3THASXUsa8xzxHu0nsp2v +SsbYyR0vyrGE4yvComvl75Igw6jY70cswWdyThGKV6ZLip2BrjLQlFhr3IZN5tbg +rHxaoqIen8NYjNpBdJDInPMFZshZSx1lAzw6uwP4OuM5WQHgYEk7V+TkOU3osqgD +5bOo/SpCokC166Ym +-----END CERTIFICATE-----"""; String new_TLS_key = """ From 611d0e2fea9f1f9effacf880456b27cae61f3966 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Fri, 29 Sep 2023 10:03:24 -0400 Subject: [PATCH 12/24] Cherry pick 1ddc8235e1 --- .../kafka/broker/core/file/SecretWatcher.java | 74 ------------------ .../receiver/impl/ReceiverVerticle.java | 78 +++++++++++-------- 2 files changed, 47 insertions(+), 105 deletions(-) delete mode 100644 data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/file/SecretWatcher.java diff --git a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/file/SecretWatcher.java b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/file/SecretWatcher.java deleted file mode 100644 index 667a46c4c2..0000000000 --- a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/file/SecretWatcher.java +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright © 2018 Knative Authors (knative-dev@googlegroups.com) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package dev.knative.eventing.kafka.broker.core.file; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.IOException; -import java.nio.file.*; - -/** Watches a directory for changes to TLS secrets. */ -public class SecretWatcher implements Runnable { - private static final Logger logger = LoggerFactory.getLogger(SecretWatcher.class); - - private final String dir; // directory to watch - private final WatchService watcher; // watch service - private final Runnable updateAction; // action to run when a change is detected - - private static String KEY_FILE = "tls.key"; - private static String CRT_FILE = "tls.crt"; - - public SecretWatcher(String dir, Runnable updateAction) throws IOException { - this.dir = dir; - this.updateAction = updateAction; - this.watcher = FileSystems.getDefault().newWatchService(); - - Path path = Path.of(dir); - path.register(watcher, StandardWatchEventKinds.ENTRY_MODIFY); - } - - @Override - public void run() { - try { - WatchKey key; - while ((key = watcher.take()) != null) { - for (WatchEvent event : key.pollEvents()) { - Path changed = (Path) event.context(); - if (changed.endsWith(KEY_FILE) || changed.endsWith(CRT_FILE)) { - logger.debug("Detected change to secret {}", changed); - updateAction.run(); - } - } - key.reset(); - } - } catch (InterruptedException e) { - Thread.currentThread().interrupt(); - logger.error("Watcher exception", e); - } finally { - this.stop(); - } - } - - // stop the watcher - public void stop() { - try { - watcher.close(); - } catch (IOException e) { - logger.error("Failed to close secret watcher", e); - } - } -} diff --git a/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java b/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java index 11183d3e75..777a8a1e96 100644 --- a/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java +++ b/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java @@ -15,7 +15,7 @@ */ package dev.knative.eventing.kafka.broker.receiver.impl; -import dev.knative.eventing.kafka.broker.core.file.SecretWatcher; +import dev.knative.eventing.kafka.broker.core.file.FileWatcher; import dev.knative.eventing.kafka.broker.core.reconciler.IngressReconcilerListener; import dev.knative.eventing.kafka.broker.core.reconciler.ResourcesReconciler; import dev.knative.eventing.kafka.broker.receiver.IngressProducer; @@ -25,6 +25,7 @@ import dev.knative.eventing.kafka.broker.receiver.impl.handler.ProbeHandler; import dev.knative.eventing.kafka.broker.receiver.main.ReceiverEnv; import io.vertx.core.*; +import io.vertx.core.buffer.Buffer; import io.vertx.core.eventbus.MessageConsumer; import io.vertx.core.http.HttpServer; import io.vertx.core.http.HttpServerOptions; @@ -48,19 +49,26 @@ /** * This verticle is responsible for implementing the logic of the receiver. * - *

The receiver is the component responsible for mapping incoming {@link - * io.cloudevents.CloudEvent} requests to specific Kafka topics. In order to do so, this component: + *

+ * The receiver is the component responsible for mapping incoming {@link + * io.cloudevents.CloudEvent} requests to specific Kafka topics. In order to do + * so, this component: * *

    - *
  • Starts two {@link HttpServer}, one with http, and one with https, listening for incoming - * events - *
  • Starts a {@link ResourcesReconciler}, listen on the event bus for reconciliation events and - * keeps track of the {@link - * dev.knative.eventing.kafka.broker.contract.DataPlaneContract.Ingress} objects and their - * {@code path => (topic, producer)} mapping - *
  • Implements a request handler that invokes a series of {@code preHandlers} (which are - * assumed to complete synchronously) and then a final {@link IngressRequestHandler} to - * publish the record to Kafka + *
  • Starts two {@link HttpServer}, one with http, and one with https, + * listening for incoming + * events + *
  • Starts a {@link ResourcesReconciler}, listen on the event bus for + * reconciliation events and + * keeps track of the {@link + * dev.knative.eventing.kafka.broker.contract.DataPlaneContract.Ingress} objects + * and their + * {@code path => (topic, producer)} mapping + *
  • Implements a request handler that invokes a series of {@code preHandlers} + * (which are + * assumed to complete synchronously) and then a final + * {@link IngressRequestHandler} to + * publish the record to Kafka *
*/ public class ReceiverVerticle extends AbstractVerticle implements Handler { @@ -81,7 +89,7 @@ public class ReceiverVerticle extends AbstractVerticle implements Handler messageConsumer; private IngressProducerReconcilableStore ingressProducerStore; - private SecretWatcher secretWatcher; + private FileWatcher secretWatcher; public ReceiverVerticle( final ReceiverEnv env, @@ -168,15 +176,16 @@ public void start(final Promise startPromise) { // Set up the secret watcher private void setupSecretWatcher() { try { - this.secretWatcher = new SecretWatcher(secretVolumePath, this::updateServerConfig); - new Thread(this.secretWatcher).start(); + File file = new File(secretVolumePath + "/tls.crt"); + this.secretWatcher = new FileWatcher(file, this::updateServerConfig); + this.secretWatcher.start(); } catch (IOException e) { logger.error("Failed to start SecretWatcher", e); } } @Override - public void stop(Promise stopPromise) { + public void stop(Promise stopPromise) throws Exception { CompositeFuture.all( (this.httpServer != null ? this.httpServer.close().mapEmpty() : Future.succeededFuture()), (this.httpsServer != null ? this.httpsServer.close().mapEmpty() : Future.succeededFuture()), @@ -186,7 +195,11 @@ public void stop(Promise stopPromise) { // close the watcher if (this.secretWatcher != null) { - this.secretWatcher.stop(); + try { + this.secretWatcher.close(); + } catch (IOException e) { + logger.error("Failed to close SecretWatcher", e); + } } } @@ -220,26 +233,29 @@ public void handle(HttpServerRequest request) { } public void updateServerConfig() { + // This function will be called when the secret volume is updated File tlsKeyFile = new File(tlsKeyFilePath); File tlsCrtFile = new File(tlsCrtFilePath); // Check whether the tls.key and tls.crt files exist if (tlsKeyFile.exists() && tlsCrtFile.exists() && httpsServerOptions != null) { - - // Update SSL configuration by using updateSSLOptions - PemKeyCertOptions keyCertOptions = - new PemKeyCertOptions().setKeyPath(tlsKeyFile.getPath()).setCertPath(tlsCrtFile.getPath()); - - // result is a Future object - Future result = httpsServer.updateSSLOptions(new SSLOptions().setKeyCertOptions(keyCertOptions)); - - result.onSuccess(v -> { - logger.info("Succeeded to update TLS key pair"); - }) - .onFailure(e -> { - logger.error("Failed to update TLS key pair", e); - }); + try { + // Update SSL configuration by passing the new value of the certificate and key + // Have to use value instead of path here otherwise the changes won't be applied + final var keyCertOptions = new PemKeyCertOptions() + .setCertValue(Buffer.buffer(java.nio.file.Files.readString(tlsCrtFile.toPath()))) + .setKeyValue(Buffer.buffer(java.nio.file.Files.readString(tlsKeyFile.toPath()))); + + httpsServer + .updateSSLOptions(new SSLOptions().setKeyCertOptions(keyCertOptions)) + .onSuccess(v -> logger.info("Succeeded to update TLS key pair")) + .onFailure( + e -> logger.error("Failed to update TLS key pair while executing updateSSLOptions", e)); + + } catch (IOException e) { + logger.error("Failed to read file {}", tlsCrtFilePath, e); + } } } } From d7db54f46b8b3abe1a185ceec5252227b3320be7 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Wed, 15 Nov 2023 11:58:33 -0500 Subject: [PATCH 13/24] Run update-codegen --- vendor/knative.dev/eventing/hack/update-cert-manager.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 vendor/knative.dev/eventing/hack/update-cert-manager.sh diff --git a/vendor/knative.dev/eventing/hack/update-cert-manager.sh b/vendor/knative.dev/eventing/hack/update-cert-manager.sh old mode 100644 new mode 100755 From 7d0158408235ee84b1dcfeebe521392a2587d9c2 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Wed, 15 Nov 2023 12:06:49 -0500 Subject: [PATCH 14/24] Update the receiververticle import --- .../receiver/impl/ReceiverVerticleTest.java | 39 ++++++++++--------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java b/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java index 4d3830f255..a2a052e74b 100644 --- a/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java +++ b/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java @@ -15,6 +15,15 @@ */ package dev.knative.eventing.kafka.broker.receiver.impl; +import static io.netty.handler.codec.http.HttpResponseStatus.ACCEPTED; +import static io.netty.handler.codec.http.HttpResponseStatus.BAD_REQUEST; +import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; +import static io.netty.handler.codec.http.HttpResponseStatus.OK; +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + import ch.qos.logback.classic.Logger; import ch.qos.logback.classic.spi.ILoggingEvent; import ch.qos.logback.core.read.ListAppender; @@ -54,18 +63,6 @@ import io.vertx.junit5.VertxTestContext; import io.vertx.micrometer.MicrometerMetricsOptions; import io.vertx.micrometer.backends.BackendRegistries; -import org.apache.kafka.clients.producer.MockProducer; -import org.apache.kafka.clients.producer.ProducerRecord; -import org.apache.kafka.common.serialization.StringSerializer; -import org.junit.jupiter.api.AfterAll; -import org.junit.jupiter.api.AfterEach; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.MethodSource; -import org.slf4j.LoggerFactory; - import java.io.File; import java.io.FileWriter; import java.io.IOException; @@ -79,11 +76,17 @@ import java.util.function.Function; import java.util.stream.Collectors; import java.util.stream.StreamSupport; - -import static io.netty.handler.codec.http.HttpResponseStatus.*; -import static org.assertj.core.api.Assertions.assertThat; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; +import org.apache.kafka.clients.producer.MockProducer; +import org.apache.kafka.clients.producer.ProducerRecord; +import org.apache.kafka.common.serialization.StringSerializer; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.MethodSource; +import org.slf4j.LoggerFactory; @ExtendWith(VertxExtension.class) public class ReceiverVerticleTest { @@ -585,4 +588,4 @@ public String toString() { return "TestCase{" + "path='" + path + '\'' + ", responseStatusCode=" + responseStatusCode + '}'; } } -} +} \ No newline at end of file From 08bd0d25125e7182609050f7f2913d9815ab3f18 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Wed, 15 Nov 2023 13:27:54 -0500 Subject: [PATCH 15/24] Run update-codegen --- .../receiver/impl/ReceiverVerticleTest.java | 40 +++++++++---------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java b/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java index a2a052e74b..1d3207bde9 100644 --- a/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java +++ b/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java @@ -15,15 +15,6 @@ */ package dev.knative.eventing.kafka.broker.receiver.impl; -import static io.netty.handler.codec.http.HttpResponseStatus.ACCEPTED; -import static io.netty.handler.codec.http.HttpResponseStatus.BAD_REQUEST; -import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; -import static io.netty.handler.codec.http.HttpResponseStatus.OK; -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; - import ch.qos.logback.classic.Logger; import ch.qos.logback.classic.spi.ILoggingEvent; import ch.qos.logback.core.read.ListAppender; @@ -63,6 +54,18 @@ import io.vertx.junit5.VertxTestContext; import io.vertx.micrometer.MicrometerMetricsOptions; import io.vertx.micrometer.backends.BackendRegistries; +import org.apache.kafka.clients.producer.MockProducer; +import org.apache.kafka.clients.producer.ProducerRecord; +import org.apache.kafka.common.serialization.StringSerializer; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.MethodSource; +import org.slf4j.LoggerFactory; + import java.io.File; import java.io.FileWriter; import java.io.IOException; @@ -76,17 +79,12 @@ import java.util.function.Function; import java.util.stream.Collectors; import java.util.stream.StreamSupport; -import org.apache.kafka.clients.producer.MockProducer; -import org.apache.kafka.clients.producer.ProducerRecord; -import org.apache.kafka.common.serialization.StringSerializer; -import org.junit.jupiter.api.AfterAll; -import org.junit.jupiter.api.AfterEach; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.MethodSource; -import org.slf4j.LoggerFactory; + +import static io.netty.handler.codec.http.HttpResponseStatus.*; +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; @ExtendWith(VertxExtension.class) public class ReceiverVerticleTest { @@ -588,4 +586,4 @@ public String toString() { return "TestCase{" + "path='" + path + '\'' + ", responseStatusCode=" + responseStatusCode + '}'; } } -} \ No newline at end of file +} From 76d2a0362f24e45e5cd3bc9335a4f7c58f6abaca Mon Sep 17 00:00:00 2001 From: Leo Li Date: Wed, 15 Nov 2023 13:41:59 -0500 Subject: [PATCH 16/24] Run spotless --- .../receiver/impl/ReceiverVerticle.java | 17 +++++---- .../receiver/impl/ReceiverVerticleTest.java | 35 +++++++++---------- 2 files changed, 25 insertions(+), 27 deletions(-) diff --git a/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java b/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java index 777a8a1e96..021cda2c6a 100644 --- a/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java +++ b/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java @@ -15,6 +15,12 @@ */ package dev.knative.eventing.kafka.broker.receiver.impl; +import static dev.knative.eventing.kafka.broker.core.utils.Logging.keyValue; +import static dev.knative.eventing.kafka.broker.receiver.impl.handler.ControlPlaneProbeRequestUtil.PROBE_HASH_HEADER_NAME; +import static dev.knative.eventing.kafka.broker.receiver.impl.handler.ControlPlaneProbeRequestUtil.isControlPlaneProbeRequest; +import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; +import static io.netty.handler.codec.http.HttpResponseStatus.OK; + import dev.knative.eventing.kafka.broker.core.file.FileWatcher; import dev.knative.eventing.kafka.broker.core.reconciler.IngressReconcilerListener; import dev.knative.eventing.kafka.broker.core.reconciler.ResourcesReconciler; @@ -32,19 +38,12 @@ import io.vertx.core.http.HttpServerRequest; import io.vertx.core.net.PemKeyCertOptions; import io.vertx.core.net.SSLOptions; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - import java.io.File; import java.io.IOException; import java.util.Objects; import java.util.function.Function; - -import static dev.knative.eventing.kafka.broker.core.utils.Logging.keyValue; -import static dev.knative.eventing.kafka.broker.receiver.impl.handler.ControlPlaneProbeRequestUtil.PROBE_HASH_HEADER_NAME; -import static dev.knative.eventing.kafka.broker.receiver.impl.handler.ControlPlaneProbeRequestUtil.isControlPlaneProbeRequest; -import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND; -import static io.netty.handler.codec.http.HttpResponseStatus.OK; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * This verticle is responsible for implementing the logic of the receiver. diff --git a/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java b/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java index 1d3207bde9..ba7c1580a7 100644 --- a/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java +++ b/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java @@ -15,6 +15,12 @@ */ package dev.knative.eventing.kafka.broker.receiver.impl; +import static io.netty.handler.codec.http.HttpResponseStatus.*; +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + import ch.qos.logback.classic.Logger; import ch.qos.logback.classic.spi.ILoggingEvent; import ch.qos.logback.core.read.ListAppender; @@ -54,18 +60,6 @@ import io.vertx.junit5.VertxTestContext; import io.vertx.micrometer.MicrometerMetricsOptions; import io.vertx.micrometer.backends.BackendRegistries; -import org.apache.kafka.clients.producer.MockProducer; -import org.apache.kafka.clients.producer.ProducerRecord; -import org.apache.kafka.common.serialization.StringSerializer; -import org.junit.jupiter.api.AfterAll; -import org.junit.jupiter.api.AfterEach; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.MethodSource; -import org.slf4j.LoggerFactory; - import java.io.File; import java.io.FileWriter; import java.io.IOException; @@ -79,12 +73,17 @@ import java.util.function.Function; import java.util.stream.Collectors; import java.util.stream.StreamSupport; - -import static io.netty.handler.codec.http.HttpResponseStatus.*; -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; +import org.apache.kafka.clients.producer.MockProducer; +import org.apache.kafka.clients.producer.ProducerRecord; +import org.apache.kafka.common.serialization.StringSerializer; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.MethodSource; +import org.slf4j.LoggerFactory; @ExtendWith(VertxExtension.class) public class ReceiverVerticleTest { From 28c9af40faa0d9254aa5dd864ff57c9a37bfc0fd Mon Sep 17 00:00:00 2001 From: Leo Li Date: Fri, 17 Nov 2023 16:00:18 -0500 Subject: [PATCH 17/24] Modify the CI test, it seems like prow is using the wrong config to run the tests --- test/e2e-common.sh | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/test/e2e-common.sh b/test/e2e-common.sh index 51aef170a1..b196e3743d 100644 --- a/test/e2e-common.sh +++ b/test/e2e-common.sh @@ -96,9 +96,21 @@ function knative_eventing() { kubectl apply -f "${EVENTING_CONFIG}/eventing-crds.yaml" kubectl apply -f "${EVENTING_CONFIG}/eventing-core.yaml" kubectl apply -f "${EVENTING_CONFIG}/eventing-tls-networking.yaml" - else - echo ">> Install Knative Eventing from ${KNATIVE_EVENTING_RELEASE}" - kubectl apply -f "${KNATIVE_EVENTING_RELEASE}" + + echo ">> Adding the debugging log" + kubectl get secrets --all-namespaces + kubectl get certificates --all-namespaces + kubectl get certificaterequests --all-namespaces + kubectl get issuers --all-namespaces + kubectl describe issuers selfsigned-ca-issuer -n=knative-eventing + kubectl get issuers selfsigned-ca-issuer -n=knative-eventing -o yaml + + + +# +# else +# echo ">> Install Knative Eventing from ${KNATIVE_EVENTING_RELEASE}" +# kubectl apply -f "${KNATIVE_EVENTING_RELEASE}" fi ! kubectl patch horizontalpodautoscalers.autoscaling -n knative-eventing eventing-webhook -p '{"spec": {"minReplicas": '${REPLICAS}'}}' From aadbd5fe2d18d7dd2661f5a73839fd3dcace10c4 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Fri, 17 Nov 2023 16:29:15 -0500 Subject: [PATCH 18/24] Modify the CI test, it seems like prow is using the wrong config to run the tests --- test/e2e-common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/e2e-common.sh b/test/e2e-common.sh index b196e3743d..bc7f709628 100644 --- a/test/e2e-common.sh +++ b/test/e2e-common.sh @@ -91,7 +91,7 @@ function knative_eventing() { wait_until_pods_running cert-manager || fail_test "Failed to setup cert-manager pods" - if ! is_release_branch; then +# if ! is_release_branch; then echo ">> Install Knative Eventing from latest - ${EVENTING_CONFIG}" kubectl apply -f "${EVENTING_CONFIG}/eventing-crds.yaml" kubectl apply -f "${EVENTING_CONFIG}/eventing-core.yaml" @@ -111,7 +111,7 @@ function knative_eventing() { # else # echo ">> Install Knative Eventing from ${KNATIVE_EVENTING_RELEASE}" # kubectl apply -f "${KNATIVE_EVENTING_RELEASE}" - fi +# fi ! kubectl patch horizontalpodautoscalers.autoscaling -n knative-eventing eventing-webhook -p '{"spec": {"minReplicas": '${REPLICAS}'}}' From 0c3736bae5659e17a0e7bec967c8e06b8d49181a Mon Sep 17 00:00:00 2001 From: Leo Li Date: Fri, 17 Nov 2023 17:42:39 -0500 Subject: [PATCH 19/24] Modify the CI test, it seems like prow is using the wrong config to run the tests --- test/e2e-common.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/e2e-common.sh b/test/e2e-common.sh index bc7f709628..694ce2575c 100644 --- a/test/e2e-common.sh +++ b/test/e2e-common.sh @@ -124,6 +124,14 @@ function knative_eventing() { ./test/upload-test-images.sh "test/test_images" e2e || fail_test "Error uploading test images" kafka_setup + + echo ">> haha final check" + kubectl get secrets --all-namespaces + kubectl get certificates --all-namespaces + kubectl get certificaterequests --all-namespaces + kubectl get issuers --all-namespaces + kubectl describe issuers selfsigned-ca-issuer -n=knative-eventing + kubectl get issuers selfsigned-ca-issuer -n=knative-eventing -o yaml } function kafka_setup() { From 4e24d657266406254e8cdabf623f367635263e1f Mon Sep 17 00:00:00 2001 From: Leo Li Date: Wed, 22 Nov 2023 16:42:47 -0500 Subject: [PATCH 20/24] Install the knative TLS eventing component --- test/e2e-common.sh | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/test/e2e-common.sh b/test/e2e-common.sh index 694ce2575c..ab34608385 100644 --- a/test/e2e-common.sh +++ b/test/e2e-common.sh @@ -91,27 +91,19 @@ function knative_eventing() { wait_until_pods_running cert-manager || fail_test "Failed to setup cert-manager pods" -# if ! is_release_branch; then + if ! is_release_branch; then echo ">> Install Knative Eventing from latest - ${EVENTING_CONFIG}" kubectl apply -f "${EVENTING_CONFIG}/eventing-crds.yaml" kubectl apply -f "${EVENTING_CONFIG}/eventing-core.yaml" kubectl apply -f "${EVENTING_CONFIG}/eventing-tls-networking.yaml" - echo ">> Adding the debugging log" - kubectl get secrets --all-namespaces - kubectl get certificates --all-namespaces - kubectl get certificaterequests --all-namespaces - kubectl get issuers --all-namespaces - kubectl describe issuers selfsigned-ca-issuer -n=knative-eventing - kubectl get issuers selfsigned-ca-issuer -n=knative-eventing -o yaml - - + else + echo ">> Install Knative Eventing from ${KNATIVE_EVENTING_RELEASE}" + kubectl apply -f "${KNATIVE_EVENTING_RELEASE}" -# -# else -# echo ">> Install Knative Eventing from ${KNATIVE_EVENTING_RELEASE}" -# kubectl apply -f "${KNATIVE_EVENTING_RELEASE}" -# fi + echo ">> Intall Knative Eventing TLS from ${KNATIVE_EVENTING_RELEASE_TLS}" + kubectl apply -f "${KNATIVE_EVENTING_RELEASE_TLS}" + fi ! kubectl patch horizontalpodautoscalers.autoscaling -n knative-eventing eventing-webhook -p '{"spec": {"minReplicas": '${REPLICAS}'}}' @@ -124,14 +116,6 @@ function knative_eventing() { ./test/upload-test-images.sh "test/test_images" e2e || fail_test "Error uploading test images" kafka_setup - - echo ">> haha final check" - kubectl get secrets --all-namespaces - kubectl get certificates --all-namespaces - kubectl get certificaterequests --all-namespaces - kubectl get issuers --all-namespaces - kubectl describe issuers selfsigned-ca-issuer -n=knative-eventing - kubectl get issuers selfsigned-ca-issuer -n=knative-eventing -o yaml } function kafka_setup() { From 0f6cfd94c267eae293ee4e69deb7677c0b0d01fd Mon Sep 17 00:00:00 2001 From: Leo Li Date: Thu, 23 Nov 2023 14:35:43 -0500 Subject: [PATCH 21/24] Install the knative TLS eventing component --- go.mod | 8 +++--- go.sum | 16 +++++------ .../eventing/hack/update-cert-manager.sh | 0 .../eventing/pkg/apis/feature/features.go | 25 ++++++++++++++--- vendor/knative.dev/hack/library.sh | 1 + vendor/knative.dev/hack/release.sh | 27 +++++++++++++++++++ .../generators/fake_filtered_factory.go | 5 ++-- .../generators/filtered_factory.go | 5 ++-- .../reconciler-test/pkg/environment/flags.go | 8 +++++- .../reconciler-test/pkg/environment/magic.go | 1 + .../pkg/environment/timings.go | 27 ++++++------------- .../reconciler-test/pkg/feature/feature.go | 5 ++-- vendor/modules.txt | 8 +++--- 13 files changed, 89 insertions(+), 47 deletions(-) mode change 100755 => 100644 vendor/knative.dev/eventing/hack/update-cert-manager.sh diff --git a/go.mod b/go.mod index 51371d39f7..948863fe85 100644 --- a/go.mod +++ b/go.mod @@ -39,10 +39,10 @@ require ( github.com/google/gofuzz v1.2.0 github.com/hashicorp/go-cleanhttp v0.5.2 github.com/kedacore/keda/v2 v2.8.1 - knative.dev/eventing v0.38.5 - knative.dev/hack v0.0.0-20230712131415-ddae80293c43 - knative.dev/pkg v0.0.0-20231023150739-56bfe0dd9626 - knative.dev/reconciler-test v0.0.0-20231023114057-785e0bd2d9a2 + knative.dev/eventing v0.38.7-0.20231114105650-05b92c7f910a + knative.dev/hack v0.0.0-20231123073118-c0f04e812cfe + knative.dev/pkg v0.0.0-20231103161548-f5b42e8dea44 + knative.dev/reconciler-test v0.0.0-20231121134246-52a86c40f40c sigs.k8s.io/controller-runtime v0.12.3 ) diff --git a/go.sum b/go.sum index 140351effc..f0b881391c 100644 --- a/go.sum +++ b/go.sum @@ -1339,14 +1339,14 @@ k8s.io/utils v0.0.0-20200912215256-4140de9c8800/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8= k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/eventing v0.38.5 h1:NvSy3lek9IbLLWEot36NyAfNv7VkJNl38F1ItVL0D6s= -knative.dev/eventing v0.38.5/go.mod h1:g+iAS+KBRSKULEPqoVnseMkObDeq3SJhqefbuIu8zY8= -knative.dev/hack v0.0.0-20230712131415-ddae80293c43 h1:3SE06uNfSFGm/5XS+0trbyCUpgsOaBeyhPQU8FPNFz8= -knative.dev/hack v0.0.0-20230712131415-ddae80293c43/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= -knative.dev/pkg v0.0.0-20231023150739-56bfe0dd9626 h1:qFE+UDBRg6cpF5LbA0sv1XK4XZ36Z7aTRCa+HcuxnNQ= -knative.dev/pkg v0.0.0-20231023150739-56bfe0dd9626/go.mod h1:g+UCgSKQ2f15kHYu/V3CPtoKo5F1x/2Y1ot0NSK7gA0= -knative.dev/reconciler-test v0.0.0-20231023114057-785e0bd2d9a2 h1:Lenj/sGhPYZoCdl4bvoeZzA4Y1VS4LNEIWH1/HTU+6I= -knative.dev/reconciler-test v0.0.0-20231023114057-785e0bd2d9a2/go.mod h1:HgugJUOhHZ3F6Tbhte92ecL0sBqJtCeJtd7K8jX+IJk= +knative.dev/eventing v0.38.7-0.20231114105650-05b92c7f910a h1:gSGU4/w3NwVSmmcBG8B6H8AT647dMPLyqwn6LLpdp+I= +knative.dev/eventing v0.38.7-0.20231114105650-05b92c7f910a/go.mod h1:a6XMiX0CEaQi9z698LZ9wVzseFK+4wgTExWhyKXzYqc= +knative.dev/hack v0.0.0-20231123073118-c0f04e812cfe h1:8MMQg9UvxCLiOqWnWm6+kiYyV81Are8ocj7fX6qpgrk= +knative.dev/hack v0.0.0-20231123073118-c0f04e812cfe/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= +knative.dev/pkg v0.0.0-20231103161548-f5b42e8dea44 h1:2gjHbqg8K9k1KJtLgxsTvzxovXOhozcrk3AzzJmjsA0= +knative.dev/pkg v0.0.0-20231103161548-f5b42e8dea44/go.mod h1:g+UCgSKQ2f15kHYu/V3CPtoKo5F1x/2Y1ot0NSK7gA0= +knative.dev/reconciler-test v0.0.0-20231121134246-52a86c40f40c h1:MDmiP3HYihbl5gkNJJOC/adSup3y8nHZlmSMwHZ9heU= +knative.dev/reconciler-test v0.0.0-20231121134246-52a86c40f40c/go.mod h1:Yw7Jkv+7PjDitG6CUkakWc/5SZa8Tm/sgXfaFy305Ng= pgregory.net/rapid v0.3.3 h1:jCjBsY4ln4Atz78QoBWxUEvAHaFyNDQg9+WU62aCn1U= pgregory.net/rapid v0.3.3/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/vendor/knative.dev/eventing/hack/update-cert-manager.sh b/vendor/knative.dev/eventing/hack/update-cert-manager.sh old mode 100755 new mode 100644 diff --git a/vendor/knative.dev/eventing/pkg/apis/feature/features.go b/vendor/knative.dev/eventing/pkg/apis/feature/features.go index b80542945e..33d3405f8a 100644 --- a/vendor/knative.dev/eventing/pkg/apis/feature/features.go +++ b/vendor/knative.dev/eventing/pkg/apis/feature/features.go @@ -51,11 +51,28 @@ const ( // Missing entry in the map means feature is equal to feature not enabled. type Flags map[string]Flag +func newDefaults() Flags { + return map[string]Flag{ + KReferenceGroup: Disabled, + DeliveryRetryAfter: Disabled, + DeliveryTimeout: Enabled, + KReferenceMapping: Disabled, + NewTriggerFilters: Enabled, + TransportEncryption: Disabled, + EvenTypeAutoCreate: Disabled, + } +} + // IsEnabled returns true if the feature is enabled func (e Flags) IsEnabled(featureName string) bool { return e != nil && e[featureName] == Enabled } +// IsDisabled returns true if the feature is disabled +func (e Flags) IsDisabled(featureName string) bool { + return e != nil && e[featureName] == Disabled +} + // IsAllowed returns true if the feature is enabled or allowed func (e Flags) IsAllowed(featureName string) bool { return e.IsEnabled(featureName) || (e != nil && e[featureName] == Allowed) @@ -82,7 +99,7 @@ func (e Flags) String() string { // NewFlagsConfigFromMap creates a Flags from the supplied Map func NewFlagsConfigFromMap(data map[string]string) (Flags, error) { - flags := Flags{} + flags := newDefaults() for k, v := range data { if strings.HasPrefix(k, "_") { @@ -96,12 +113,12 @@ func NewFlagsConfigFromMap(data map[string]string) (Flags, error) { flags[sanitizedKey] = Disabled } else if strings.EqualFold(v, string(Enabled)) { flags[sanitizedKey] = Enabled - } else if strings.EqualFold(v, string(Permissive)) { + } else if k == TransportEncryption && strings.EqualFold(v, string(Permissive)) { flags[sanitizedKey] = Permissive - } else if strings.EqualFold(v, string(Strict)) { + } else if k == TransportEncryption && strings.EqualFold(v, string(Strict)) { flags[sanitizedKey] = Strict } else { - return Flags{}, fmt.Errorf("cannot parse the boolean flag '%s' = '%s'. Allowed values: [true, false]", k, v) + return flags, fmt.Errorf("cannot parse the feature flag '%s' = '%s'", k, v) } } diff --git a/vendor/knative.dev/hack/library.sh b/vendor/knative.dev/hack/library.sh index 889de55a55..0fcd831936 100644 --- a/vendor/knative.dev/hack/library.sh +++ b/vendor/knative.dev/hack/library.sh @@ -1007,3 +1007,4 @@ readonly KNATIVE_SERVING_RELEASE_CRDS="$(get_latest_knative_yaml_source "serving readonly KNATIVE_SERVING_RELEASE_CORE="$(get_latest_knative_yaml_source "serving" "serving-core")" readonly KNATIVE_NET_ISTIO_RELEASE="$(get_latest_knative_yaml_source "net-istio" "net-istio")" readonly KNATIVE_EVENTING_RELEASE="$(get_latest_knative_yaml_source "eventing" "eventing")" +readonly KNATIVE_EVENTING_RELEASE_TLS="$(get_latest_knative_yaml_source "eventing" "eventing-tls-networking")" diff --git a/vendor/knative.dev/hack/release.sh b/vendor/knative.dev/hack/release.sh index 5d4f09a890..256ae40d0e 100644 --- a/vendor/knative.dev/hack/release.sh +++ b/vendor/knative.dev/hack/release.sh @@ -652,9 +652,34 @@ function publish_artifacts() { fi [[ -n "${RELEASE_GCS_BUCKET}" ]] && publish_to_gcs "${ARTIFACTS_TO_PUBLISH}" publish_to_github "${ARTIFACTS_TO_PUBLISH}" + set_latest_to_highest_semver banner "New release published successfully" } +# Sets the github release with the highest semver to 'latest' +function set_latest_to_highest_semver() { + if ! (( PUBLISH_TO_GITHUB )); then + return 0 + fi + echo "Setting latest release to highest semver" + + local last_version release_id # don't combine with assignment else $? will be 0 + + last_version="$(hub_tool -p release | cut -d'-' -f2 | grep '^v[0-9]\+\.[0-9]\+\.[0-9]\+$'| sort -r -V | head -1)" + if ! [[ $? -eq 0 ]]; then + abort "cannot list releases" + fi + + release_id="$(hub_tool api "/repos/${ORG_NAME}/${REPO_NAME}/releases/tags/knative-${last_version}" | jq .id)" + if [[ $? -ne 0 ]]; then + abort "cannot get relase id from github" + fi + + hub_tool api --method PATCH "/repos/knative/serving/releases/$release_id" \ + -F make_latest=true > /dev/null || abort "error settomg $last_version to 'latest'" + echo "Github release ${last_version} set as 'latest'" +} + # Entry point for a release script. function main() { parse_flags "$@" @@ -681,6 +706,8 @@ function main() { function_exists build_release || abort "function 'build_release()' not defined" [[ -x ${VALIDATION_TESTS} ]] || abort "test script '${VALIDATION_TESTS}' doesn't exist" + banner "Environment variables" + env # Log what will be done and where. banner "Release configuration" if which gcloud &>/dev/null ; then diff --git a/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/fake_filtered_factory.go b/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/fake_filtered_factory.go index c5a9f97286..1d099f2daf 100644 --- a/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/fake_filtered_factory.go +++ b/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/fake_filtered_factory.go @@ -116,14 +116,15 @@ func withInformerFactory(ctx {{.contextContext|raw}}) {{.contextContext|raw}} { } labelSelectors := untyped.([]string) for _, selector := range labelSelectors { + selectorVal := selector opts := []{{.informersSharedInformerOption|raw}}{} if {{.injectionHasNamespace|raw}}(ctx) { opts = append(opts, {{.informersWithNamespace|raw}}({{.injectionGetNamespace|raw}}(ctx))) } opts = append(opts, {{.informersWithTweakListOptions|raw}}(func(l *{{.metav1ListOptions|raw}}) { - l.LabelSelector = selector + l.LabelSelector = selectorVal })) - ctx = context.WithValue(ctx, {{.factoryKey|raw}}{Selector: selector}, + ctx = context.WithValue(ctx, {{.factoryKey|raw}}{Selector: selectorVal}, {{.informersNewSharedInformerFactoryWithOptions|raw}}(c, {{.controllerGetResyncPeriod|raw}}(ctx), opts...)) } return ctx diff --git a/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/filtered_factory.go b/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/filtered_factory.go index f829230622..d26fa16d65 100644 --- a/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/filtered_factory.go +++ b/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/filtered_factory.go @@ -117,14 +117,15 @@ func withInformerFactory(ctx {{.contextContext|raw}}) {{.contextContext|raw}} { } labelSelectors := untyped.([]string) for _, selector := range labelSelectors { + selectorVal := selector opts := []{{.informersSharedInformerOption|raw}}{} if {{.injectionHasNamespace|raw}}(ctx) { opts = append(opts, {{.informersWithNamespace|raw}}({{.injectionGetNamespace|raw}}(ctx))) } opts = append(opts, {{.informersWithTweakListOptions|raw}}(func(l *{{.metav1ListOptions|raw}}) { - l.LabelSelector = selector + l.LabelSelector = selectorVal })) - ctx = context.WithValue(ctx, Key{Selector: selector}, + ctx = context.WithValue(ctx, Key{Selector: selectorVal}, {{.informersNewSharedInformerFactoryWithOptions|raw}}(c, {{.controllerGetResyncPeriod|raw}}(ctx), opts...)) } return ctx diff --git a/vendor/knative.dev/reconciler-test/pkg/environment/flags.go b/vendor/knative.dev/reconciler-test/pkg/environment/flags.go index 59efc52e9a..80fda98629 100644 --- a/vendor/knative.dev/reconciler-test/pkg/environment/flags.go +++ b/vendor/knative.dev/reconciler-test/pkg/environment/flags.go @@ -21,8 +21,10 @@ import ( "fmt" "strconv" "strings" + "time" "knative.dev/reconciler-test/pkg/feature" + "knative.dev/reconciler-test/pkg/state" ) var ( @@ -34,6 +36,9 @@ var ( ipFilePath = new(string) teardownOnFail = new(bool) + + pollTimeout = new(time.Duration) + pollInterval = new(time.Duration) ) // InitFlags registers the requirement and state filter flags supported by the @@ -62,7 +67,8 @@ func InitFlags(fs *flag.FlagSet) { fs.StringVar(ipFilePath, "images.producer.file", "", "file path for file-based image producer") fs.StringVar(testNamespace, "environment.namespace", "", "Test namespace") - + fs.DurationVar(pollTimeout, "poll.timeout", state.DefaultPollTimeout, "Poll timeout") + fs.DurationVar(pollInterval, "poll.interval", state.DefaultPollInterval, "Poll interval") fs.BoolVar(teardownOnFail, "teardown.on.fail", false, "Set this flag to do teardown even if test fails.") } diff --git a/vendor/knative.dev/reconciler-test/pkg/environment/magic.go b/vendor/knative.dev/reconciler-test/pkg/environment/magic.go index a1808d8560..a0400bcb22 100644 --- a/vendor/knative.dev/reconciler-test/pkg/environment/magic.go +++ b/vendor/knative.dev/reconciler-test/pkg/environment/magic.go @@ -198,6 +198,7 @@ func (mr *MagicGlobalEnvironment) Environment(opts ...EnvOpts) (context.Context, } ctx := ContextWith(mr.c, env) + ctx = ContextWithPollTimings(ctx, *pollInterval, *pollTimeout) for _, opt := range opts { if nctx, err := opt(ctx, env); err != nil { diff --git a/vendor/knative.dev/reconciler-test/pkg/environment/timings.go b/vendor/knative.dev/reconciler-test/pkg/environment/timings.go index aac96e8281..bf4409b06c 100644 --- a/vendor/knative.dev/reconciler-test/pkg/environment/timings.go +++ b/vendor/knative.dev/reconciler-test/pkg/environment/timings.go @@ -19,37 +19,26 @@ package environment import ( "context" "time" + + "knative.dev/reconciler-test/pkg/state" ) +// this has been moved to state pkg to break cycle between environment and feature package, +// keeping the consts here for backwards API compatibility const ( DefaultPollInterval = 3 * time.Second DefaultPollTimeout = 2 * time.Minute ) -type timingsKey struct{} -type timingsType struct { - interval time.Duration - timeout time.Duration -} - -// PollTimingsFromContext will get the previously set poll timing from context, -// or return the defaults if not found. -// - values from from context. -// - defaults. +// ContextWithPollTimings returns a context with poll timings set func ContextWithPollTimings(ctx context.Context, interval, timeout time.Duration) context.Context { - return context.WithValue(ctx, timingsKey{}, timingsType{ - interval: interval, - timeout: timeout, - }) + return state.ContextWithPollTimings(ctx, interval, timeout) } // PollTimingsFromContext will get the previously set poll timing from context, // or return the defaults if not found. -// - values from from context. +// - values from context. // - defaults. func PollTimingsFromContext(ctx context.Context) (time.Duration, time.Duration) { - if t, ok := ctx.Value(timingsKey{}).(timingsType); ok { - return t.interval, t.timeout - } - return DefaultPollInterval, DefaultPollTimeout + return state.PollTimingsFromContext(ctx) } diff --git a/vendor/knative.dev/reconciler-test/pkg/feature/feature.go b/vendor/knative.dev/reconciler-test/pkg/feature/feature.go index 4113bc3d0d..0d454c5172 100644 --- a/vendor/knative.dev/reconciler-test/pkg/feature/feature.go +++ b/vendor/knative.dev/reconciler-test/pkg/feature/feature.go @@ -23,7 +23,6 @@ import ( "runtime" "strings" "sync" - "time" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -32,7 +31,6 @@ import ( "k8s.io/apimachinery/pkg/util/wait" "knative.dev/pkg/apis" "knative.dev/pkg/injection/clients/dynamicclient" - "knative.dev/reconciler-test/pkg/state" ) @@ -229,7 +227,8 @@ func DeleteResources(ctx context.Context, t T, refs []corev1.ObjectReference) er var lastResource corev1.ObjectReference // One still present resource - err := wait.Poll(time.Second, 4*time.Minute, func() (bool, error) { + interval, timeout := state.PollTimingsFromContext(ctx) + err := wait.Poll(interval, timeout, func() (bool, error) { for _, ref := range refs { gv, err := schema.ParseGroupVersion(ref.APIVersion) if err != nil { diff --git a/vendor/modules.txt b/vendor/modules.txt index 8d2255ea99..51661e3759 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1266,7 +1266,7 @@ k8s.io/utils/net k8s.io/utils/pointer k8s.io/utils/strings/slices k8s.io/utils/trace -# knative.dev/eventing v0.38.5 +# knative.dev/eventing v0.38.7-0.20231114105650-05b92c7f910a ## explicit; go 1.19 knative.dev/eventing/cmd/event_display knative.dev/eventing/cmd/heartbeats @@ -1422,11 +1422,11 @@ knative.dev/eventing/test/upgrade/prober/wathola/fetcher knative.dev/eventing/test/upgrade/prober/wathola/forwarder knative.dev/eventing/test/upgrade/prober/wathola/receiver knative.dev/eventing/test/upgrade/prober/wathola/sender -# knative.dev/hack v0.0.0-20230712131415-ddae80293c43 +# knative.dev/hack v0.0.0-20231123073118-c0f04e812cfe ## explicit; go 1.18 knative.dev/hack knative.dev/hack/shell -# knative.dev/pkg v0.0.0-20231023150739-56bfe0dd9626 +# knative.dev/pkg v0.0.0-20231103161548-f5b42e8dea44 ## explicit; go 1.18 knative.dev/pkg/apiextensions/storageversion knative.dev/pkg/apiextensions/storageversion/cmd/migrate @@ -1540,7 +1540,7 @@ knative.dev/pkg/webhook/json knative.dev/pkg/webhook/resourcesemantics knative.dev/pkg/webhook/resourcesemantics/defaulting knative.dev/pkg/webhook/resourcesemantics/validation -# knative.dev/reconciler-test v0.0.0-20231023114057-785e0bd2d9a2 +# knative.dev/reconciler-test v0.0.0-20231121134246-52a86c40f40c ## explicit; go 1.18 knative.dev/reconciler-test/cmd/eventshub knative.dev/reconciler-test/pkg/environment From 85887261f331fb2501b2db1db549e8bb86185773 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Thu, 23 Nov 2023 14:41:24 -0500 Subject: [PATCH 22/24] Update missed dependencies --- .../reconciler-test/pkg/state/timings.go | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 vendor/knative.dev/reconciler-test/pkg/state/timings.go diff --git a/vendor/knative.dev/reconciler-test/pkg/state/timings.go b/vendor/knative.dev/reconciler-test/pkg/state/timings.go new file mode 100644 index 0000000000..5a79de9e10 --- /dev/null +++ b/vendor/knative.dev/reconciler-test/pkg/state/timings.go @@ -0,0 +1,52 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package state + +import ( + "context" + "time" +) + +const ( + DefaultPollInterval = 3 * time.Second + DefaultPollTimeout = 2 * time.Minute +) + +type timingsKey struct{} +type timingsType struct { + interval time.Duration + timeout time.Duration +} + +// ContextWithPollTimings returns a context with poll timings set +func ContextWithPollTimings(ctx context.Context, interval, timeout time.Duration) context.Context { + return context.WithValue(ctx, timingsKey{}, timingsType{ + interval: interval, + timeout: timeout, + }) +} + +// PollTimingsFromContext will get the previously set poll timing from context, +// or return the defaults if not found. +// - values from context. +// - defaults. +func PollTimingsFromContext(ctx context.Context) (time.Duration, time.Duration) { + if t, ok := ctx.Value(timingsKey{}).(timingsType); ok { + return t.interval, t.timeout + } + panic("no poll timings found in context") +} From f9fae51757ce45df459aedd48558a93fa01c9446 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Thu, 23 Nov 2023 15:00:28 -0500 Subject: [PATCH 23/24] Update codegen --- .../informers/factory/filtered/fake/fake_filtered_factory.go | 5 +++-- .../injection/informers/factory/filtered/filtered_factory.go | 5 +++-- .../informers/factory/filtered/fake/fake_filtered_factory.go | 5 +++-- .../injection/informers/factory/filtered/filtered_factory.go | 5 +++-- .../informers/factory/filtered/fake/fake_filtered_factory.go | 5 +++-- .../injection/informers/factory/filtered/filtered_factory.go | 5 +++-- vendor/knative.dev/eventing/hack/update-cert-manager.sh | 0 7 files changed, 18 insertions(+), 12 deletions(-) mode change 100644 => 100755 vendor/knative.dev/eventing/hack/update-cert-manager.sh diff --git a/control-plane/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go b/control-plane/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go index 9c4aa1e1a9..6132824a1f 100644 --- a/control-plane/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go +++ b/control-plane/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go @@ -45,14 +45,15 @@ func withInformerFactory(ctx context.Context) context.Context { } labelSelectors := untyped.([]string) for _, selector := range labelSelectors { + selectorVal := selector opts := []externalversions.SharedInformerOption{} if injection.HasNamespaceScope(ctx) { opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx))) } opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) { - l.LabelSelector = selector + l.LabelSelector = selectorVal })) - ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, + ctx = context.WithValue(ctx, filtered.Key{Selector: selectorVal}, externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...)) } return ctx diff --git a/control-plane/pkg/client/injection/informers/factory/filtered/filtered_factory.go b/control-plane/pkg/client/injection/informers/factory/filtered/filtered_factory.go index 033c30f5b1..14b05c6eb1 100644 --- a/control-plane/pkg/client/injection/informers/factory/filtered/filtered_factory.go +++ b/control-plane/pkg/client/injection/informers/factory/filtered/filtered_factory.go @@ -53,14 +53,15 @@ func withInformerFactory(ctx context.Context) context.Context { } labelSelectors := untyped.([]string) for _, selector := range labelSelectors { + selectorVal := selector opts := []externalversions.SharedInformerOption{} if injection.HasNamespaceScope(ctx) { opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx))) } opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) { - l.LabelSelector = selector + l.LabelSelector = selectorVal })) - ctx = context.WithValue(ctx, Key{Selector: selector}, + ctx = context.WithValue(ctx, Key{Selector: selectorVal}, externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...)) } return ctx diff --git a/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/fake/fake_filtered_factory.go b/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/fake/fake_filtered_factory.go index 4da6d665ca..f983b32423 100644 --- a/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/fake/fake_filtered_factory.go +++ b/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/fake/fake_filtered_factory.go @@ -45,14 +45,15 @@ func withInformerFactory(ctx context.Context) context.Context { } labelSelectors := untyped.([]string) for _, selector := range labelSelectors { + selectorVal := selector opts := []externalversions.SharedInformerOption{} if injection.HasNamespaceScope(ctx) { opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx))) } opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) { - l.LabelSelector = selector + l.LabelSelector = selectorVal })) - ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, + ctx = context.WithValue(ctx, filtered.Key{Selector: selectorVal}, externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...)) } return ctx diff --git a/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/filtered_factory.go b/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/filtered_factory.go index 560e5ee10c..08a31c010b 100644 --- a/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/filtered_factory.go +++ b/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/filtered_factory.go @@ -53,14 +53,15 @@ func withInformerFactory(ctx context.Context) context.Context { } labelSelectors := untyped.([]string) for _, selector := range labelSelectors { + selectorVal := selector opts := []externalversions.SharedInformerOption{} if injection.HasNamespaceScope(ctx) { opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx))) } opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) { - l.LabelSelector = selector + l.LabelSelector = selectorVal })) - ctx = context.WithValue(ctx, Key{Selector: selector}, + ctx = context.WithValue(ctx, Key{Selector: selectorVal}, externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...)) } return ctx diff --git a/third_party/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go b/third_party/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go index e876e133e6..afec97540f 100644 --- a/third_party/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go +++ b/third_party/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go @@ -45,14 +45,15 @@ func withInformerFactory(ctx context.Context) context.Context { } labelSelectors := untyped.([]string) for _, selector := range labelSelectors { + selectorVal := selector opts := []externalversions.SharedInformerOption{} if injection.HasNamespaceScope(ctx) { opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx))) } opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) { - l.LabelSelector = selector + l.LabelSelector = selectorVal })) - ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, + ctx = context.WithValue(ctx, filtered.Key{Selector: selectorVal}, externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...)) } return ctx diff --git a/third_party/pkg/client/injection/informers/factory/filtered/filtered_factory.go b/third_party/pkg/client/injection/informers/factory/filtered/filtered_factory.go index 3417bd55eb..863d940ff8 100644 --- a/third_party/pkg/client/injection/informers/factory/filtered/filtered_factory.go +++ b/third_party/pkg/client/injection/informers/factory/filtered/filtered_factory.go @@ -53,14 +53,15 @@ func withInformerFactory(ctx context.Context) context.Context { } labelSelectors := untyped.([]string) for _, selector := range labelSelectors { + selectorVal := selector opts := []externalversions.SharedInformerOption{} if injection.HasNamespaceScope(ctx) { opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx))) } opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) { - l.LabelSelector = selector + l.LabelSelector = selectorVal })) - ctx = context.WithValue(ctx, Key{Selector: selector}, + ctx = context.WithValue(ctx, Key{Selector: selectorVal}, externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...)) } return ctx diff --git a/vendor/knative.dev/eventing/hack/update-cert-manager.sh b/vendor/knative.dev/eventing/hack/update-cert-manager.sh old mode 100644 new mode 100755 From 9322c67290aca89c36a65858af733865696db7f4 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Tue, 28 Nov 2023 13:28:06 -0500 Subject: [PATCH 24/24] Revert the dependency version to the latest --- data-plane/THIRD-PARTY.txt | 72 +++++++++++++++++++------------------- data-plane/pom.xml | 6 ++-- 2 files changed, 39 insertions(+), 39 deletions(-) diff --git a/data-plane/THIRD-PARTY.txt b/data-plane/THIRD-PARTY.txt index f6be90965b..687ce7382e 100644 --- a/data-plane/THIRD-PARTY.txt +++ b/data-plane/THIRD-PARTY.txt @@ -81,22 +81,22 @@ Lists of 230 third-party dependencies. (The Apache Software License, Version 2.0) micrometer-core (io.micrometer:micrometer-core:1.11.1 - https://github.com/micrometer-metrics/micrometer) (The Apache Software License, Version 2.0) micrometer-observation (io.micrometer:micrometer-observation:1.11.1 - https://github.com/micrometer-metrics/micrometer) (The Apache Software License, Version 2.0) micrometer-registry-prometheus (io.micrometer:micrometer-registry-prometheus:1.11.1 - https://github.com/micrometer-metrics/micrometer) - (Apache License, Version 2.0) Netty/Buffer (io.netty:netty-buffer:4.1.94.Final - https://netty.io/netty-buffer/) - (Apache License, Version 2.0) Netty/Codec (io.netty:netty-codec:4.1.94.Final - https://netty.io/netty-codec/) - (Apache License, Version 2.0) Netty/Codec/DNS (io.netty:netty-codec-dns:4.1.94.Final - https://netty.io/netty-codec-dns/) - (Apache License, Version 2.0) Netty/Codec/HAProxy (io.netty:netty-codec-haproxy:4.1.94.Final - https://netty.io/netty-codec-haproxy/) - (Apache License, Version 2.0) Netty/Codec/HTTP (io.netty:netty-codec-http:4.1.94.Final - https://netty.io/netty-codec-http/) - (Apache License, Version 2.0) Netty/Codec/HTTP2 (io.netty:netty-codec-http2:4.1.94.Final - https://netty.io/netty-codec-http2/) - (Apache License, Version 2.0) Netty/Codec/Socks (io.netty:netty-codec-socks:4.1.94.Final - https://netty.io/netty-codec-socks/) - (Apache License, Version 2.0) Netty/Common (io.netty:netty-common:4.1.94.Final - https://netty.io/netty-common/) - (Apache License, Version 2.0) Netty/Handler (io.netty:netty-handler:4.1.94.Final - https://netty.io/netty-handler/) - (Apache License, Version 2.0) Netty/Handler/Proxy (io.netty:netty-handler-proxy:4.1.94.Final - https://netty.io/netty-handler-proxy/) - (Apache License, Version 2.0) Netty/Resolver (io.netty:netty-resolver:4.1.94.Final - https://netty.io/netty-resolver/) - (Apache License, Version 2.0) Netty/Resolver/DNS (io.netty:netty-resolver-dns:4.1.94.Final - https://netty.io/netty-resolver-dns/) - (Apache License, Version 2.0) Netty/Transport (io.netty:netty-transport:4.1.94.Final - https://netty.io/netty-transport/) - (Apache License, Version 2.0) Netty/Transport/Classes/Epoll (io.netty:netty-transport-classes-epoll:4.1.94.Final - https://netty.io/netty-transport-classes-epoll/) - (Apache License, Version 2.0) Netty/Transport/Native/Epoll (io.netty:netty-transport-native-epoll:4.1.94.Final - https://netty.io/netty-transport-native-epoll/) - (Apache License, Version 2.0) Netty/Transport/Native/Unix/Common (io.netty:netty-transport-native-unix-common:4.1.94.Final - https://netty.io/netty-transport-native-unix-common/) + (Apache License, Version 2.0) Netty/Buffer (io.netty:netty-buffer:4.1.100.Final - https://netty.io/netty-buffer/) + (Apache License, Version 2.0) Netty/Codec (io.netty:netty-codec:4.1.100.Final - https://netty.io/netty-codec/) + (Apache License, Version 2.0) Netty/Codec/DNS (io.netty:netty-codec-dns:4.1.100.Final - https://netty.io/netty-codec-dns/) + (Apache License, Version 2.0) Netty/Codec/HAProxy (io.netty:netty-codec-haproxy:4.1.100.Final - https://netty.io/netty-codec-haproxy/) + (Apache License, Version 2.0) Netty/Codec/HTTP (io.netty:netty-codec-http:4.1.100.Final - https://netty.io/netty-codec-http/) + (Apache License, Version 2.0) Netty/Codec/HTTP2 (io.netty:netty-codec-http2:4.1.100.Final - https://netty.io/netty-codec-http2/) + (Apache License, Version 2.0) Netty/Codec/Socks (io.netty:netty-codec-socks:4.1.100.Final - https://netty.io/netty-codec-socks/) + (Apache License, Version 2.0) Netty/Common (io.netty:netty-common:4.1.100.Final - https://netty.io/netty-common/) + (Apache License, Version 2.0) Netty/Handler (io.netty:netty-handler:4.1.100.Final - https://netty.io/netty-handler/) + (Apache License, Version 2.0) Netty/Handler/Proxy (io.netty:netty-handler-proxy:4.1.100.Final - https://netty.io/netty-handler-proxy/) + (Apache License, Version 2.0) Netty/Resolver (io.netty:netty-resolver:4.1.100.Final - https://netty.io/netty-resolver/) + (Apache License, Version 2.0) Netty/Resolver/DNS (io.netty:netty-resolver-dns:4.1.100.Final - https://netty.io/netty-resolver-dns/) + (Apache License, Version 2.0) Netty/Transport (io.netty:netty-transport:4.1.100.Final - https://netty.io/netty-transport/) + (Apache License, Version 2.0) Netty/Transport/Classes/Epoll (io.netty:netty-transport-classes-epoll:4.1.100.Final - https://netty.io/netty-transport-classes-epoll/) + (Apache License, Version 2.0) Netty/Transport/Native/Epoll (io.netty:netty-transport-native-epoll:4.1.100.Final - https://netty.io/netty-transport-native-epoll/) + (Apache License, Version 2.0) Netty/Transport/Native/Unix/Common (io.netty:netty-transport-native-unix-common:4.1.100.Final - https://netty.io/netty-transport-native-unix-common/) (The Apache License, Version 2.0) OpenTelemetry Java (io.opentelemetry:opentelemetry-api:1.25.0 - https://github.com/open-telemetry/opentelemetry-java) (The Apache License, Version 2.0) OpenTelemetry Java (io.opentelemetry:opentelemetry-api-events:1.25.0-alpha - https://github.com/open-telemetry/opentelemetry-java) (The Apache License, Version 2.0) OpenTelemetry Java (io.opentelemetry:opentelemetry-api-logs:1.25.0-alpha - https://github.com/open-telemetry/opentelemetry-java) @@ -118,22 +118,22 @@ Lists of 230 third-party dependencies. (The Apache Software License, Version 2.0) Prometheus Java Span Context Supplier - Common (io.prometheus:simpleclient_tracer_common:0.16.0 - http://github.com/prometheus/client_java/simpleclient_tracer/simpleclient_tracer_common) (The Apache Software License, Version 2.0) Prometheus Java Span Context Supplier - OpenTelemetry (io.prometheus:simpleclient_tracer_otel:0.16.0 - http://github.com/prometheus/client_java/simpleclient_tracer/simpleclient_tracer_otel) (The Apache Software License, Version 2.0) Prometheus Java Span Context Supplier - OpenTelemetry Agent (io.prometheus:simpleclient_tracer_otel_agent:0.16.0 - http://github.com/prometheus/client_java/simpleclient_tracer/simpleclient_tracer_otel_agent) - (The Apache Software License, Version 2.0) Quarkus - ArC - Runtime (io.quarkus:quarkus-arc:3.2.0.Final - https://github.com/quarkusio/quarkus) - (Apache License, Version 2.0) Quarkus - Bootstrap - Runner (io.quarkus:quarkus-bootstrap-runner:3.2.0.Final - https://github.com/quarkusio/quarkus) - (The Apache Software License, Version 2.0) Quarkus - Core - Runtime (io.quarkus:quarkus-core:3.2.0.Final - https://github.com/quarkusio/quarkus) - (The Apache Software License, Version 2.0) Quarkus - Development mode - SPI (io.quarkus:quarkus-development-mode-spi:3.2.0.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - ArC - Runtime (io.quarkus:quarkus-arc:3.2.7.Final - https://github.com/quarkusio/quarkus) + (Apache License, Version 2.0) Quarkus - Bootstrap - Runner (io.quarkus:quarkus-bootstrap-runner:3.2.7.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - Core - Runtime (io.quarkus:quarkus-core:3.2.7.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - Development mode - SPI (io.quarkus:quarkus-development-mode-spi:3.2.7.Final - https://github.com/quarkusio/quarkus) (Apache License, Version 2.0) Quarkus - FS Util (io.quarkus:quarkus-fs-util:0.0.9 - https://quarkus.io/) - (The Apache Software License, Version 2.0) Quarkus - IDE Launcher (io.quarkus:quarkus-ide-launcher:3.2.0.Final - https://github.com/quarkusio/quarkus) - (The Apache Software License, Version 2.0) Quarkus - Mutiny - Runtime (io.quarkus:quarkus-mutiny:3.2.0.Final - https://github.com/quarkusio/quarkus) - (The Apache Software License, Version 2.0) Quarkus - Netty - Runtime (io.quarkus:quarkus-netty:3.2.0.Final - https://github.com/quarkusio/quarkus) - (The Apache Software License, Version 2.0) Quarkus - SmallRye Context Propagation - Runtime (io.quarkus:quarkus-smallrye-context-propagation:3.2.0.Final - https://github.com/quarkusio/quarkus) - (The Apache Software License, Version 2.0) Quarkus - Vert.x - Runtime (io.quarkus:quarkus-vertx:3.2.0.Final - https://github.com/quarkusio/quarkus) - (The Apache Software License, Version 2.0) Quarkus - Quarkus - Vert.x Late Bound MDC Provider (io.quarkus:quarkus-vertx-latebound-mdc-provider:3.2.0.Final - https://github.com/quarkusio/quarkus) - (Apache License, Version 2.0) ArC - Runtime (io.quarkus.arc:arc:3.2.0.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - IDE Launcher (io.quarkus:quarkus-ide-launcher:3.2.7.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - Mutiny - Runtime (io.quarkus:quarkus-mutiny:3.2.7.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - Netty - Runtime (io.quarkus:quarkus-netty:3.2.7.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - SmallRye Context Propagation - Runtime (io.quarkus:quarkus-smallrye-context-propagation:3.2.7.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - Vert.x - Runtime (io.quarkus:quarkus-vertx:3.2.7.Final - https://github.com/quarkusio/quarkus) + (The Apache Software License, Version 2.0) Quarkus - Quarkus - Vert.x Late Bound MDC Provider (io.quarkus:quarkus-vertx-latebound-mdc-provider:3.2.7.Final - https://github.com/quarkusio/quarkus) + (Apache License, Version 2.0) ArC - Runtime (io.quarkus.arc:arc:3.2.7.Final - https://github.com/quarkusio/quarkus) (The Apache Software License, Version 2.0) SmallRye Context Propagation: Core (io.smallrye:smallrye-context-propagation:2.1.0 - https://github.com/smallrye/smallrye-context-propagation) (The Apache Software License, Version 2.0) SmallRye Context Propagation: API (io.smallrye:smallrye-context-propagation-api:2.1.0 - https://github.com/smallrye/smallrye-context-propagation) (The Apache Software License, Version 2.0) SmallRye Context Propagation: Storage (io.smallrye:smallrye-context-propagation-storage:2.1.0 - https://github.com/smallrye/smallrye-context-propagation) - (Apache License, Version 2.0) SmallRye Fault Tolerance: Vert.x Integration (io.smallrye:smallrye-fault-tolerance-vertx:6.2.4 - http://smallrye.io) + (Apache License, Version 2.0) SmallRye Fault Tolerance: Vert.x Integration (io.smallrye:smallrye-fault-tolerance-vertx:6.2.6 - http://smallrye.io) (Apache License, Version 2.0) SmallRye Common: Annotations (io.smallrye.common:smallrye-common-annotation:2.1.0 - http://smallrye.io) (Apache License, Version 2.0) SmallRye Common: Classloader (io.smallrye.common:smallrye-common-classloader:2.1.0 - http://smallrye.io) (Apache License, Version 2.0) SmallRye Common: Constraints (io.smallrye.common:smallrye-common-constraint:2.1.0 - http://smallrye.io) @@ -142,9 +142,9 @@ Lists of 230 third-party dependencies. (Apache License, Version 2.0) SmallRye Common: IO (io.smallrye.common:smallrye-common-io:2.1.0 - http://smallrye.io) (Apache License, Version 2.0) SmallRye Common: OS (io.smallrye.common:smallrye-common-os:2.1.0 - http://smallrye.io) (Apache License, Version 2.0) SmallRye Common: Vert.x Context Utilities (io.smallrye.common:smallrye-common-vertx-context:2.1.0 - http://smallrye.io) - (Apache License, Version 2.0) SmallRye Config: CDI (io.smallrye.config:smallrye-config:3.3.0 - https://smallrye.io) - (Apache License, Version 2.0) SmallRye Config: Common (io.smallrye.config:smallrye-config-common:3.3.0 - https://smallrye.io) - (Apache License, Version 2.0) SmallRye Config: Core (io.smallrye.config:smallrye-config-core:3.3.0 - https://smallrye.io) + (Apache License, Version 2.0) SmallRye Config: CDI (io.smallrye.config:smallrye-config:3.3.2 - https://smallrye.io) + (Apache License, Version 2.0) SmallRye Config: Common (io.smallrye.config:smallrye-config-common:3.3.2 - https://smallrye.io) + (Apache License, Version 2.0) SmallRye Config: Core (io.smallrye.config:smallrye-config-core:3.3.2 - https://smallrye.io) (Apache License, Version 2.0) SmallRye Mutiny - Core library (io.smallrye.reactive:mutiny:2.3.1 - https://smallrye.io/smallrye-mutiny) (Apache License, Version 2.0) SmallRye Mutiny - Integration with SmallRye Context Propagation (io.smallrye.reactive:mutiny-smallrye-context-propagation:2.3.1 - https://smallrye.io/smallrye-mutiny) (The Apache Software License, Version 2.0) SmallRye Mutiny - Vert.x Auth Common (io.smallrye.reactive:smallrye-mutiny-vertx-auth-common:3.5.0 - https://smallrye.io/smallrye-mutiny-vertx-bindings) @@ -157,10 +157,10 @@ Lists of 230 third-party dependencies. (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) vertx-auth-common (io.vertx:vertx-auth-common:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-auth-parent/vertx-auth-common) (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) vertx-codegen (io.vertx:vertx-codegen:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-codegen) (Eclipse Public License - v 2.0) (The Apache Software License, Version 2.0) Vert.x Core (io.vertx:vertx-core:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-core) - (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x JUnit 5 support :: Core (io.vertx:vertx-junit5:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-junit5) - (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x Kafka Client (io.vertx:vertx-kafka-client:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-kafka-client) + (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x JUnit 5 support :: Core (io.vertx:vertx-junit5:4.4.3 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-junit5) + (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x Kafka Client (io.vertx:vertx-kafka-client:4.4.3 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-kafka-client) (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x metrics implementation for Micrometer.io (io.vertx:vertx-micrometer-metrics:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-micrometer-metrics) - (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x OpenTelemetry (io.vertx:vertx-opentelemetry:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-tracing-parent/vertx-opentelemetry) + (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x OpenTelemetry (io.vertx:vertx-opentelemetry:4.4.3 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-tracing-parent/vertx-opentelemetry) (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) Vert.x URI Template (io.vertx:vertx-uri-template:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-uri-template) (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) vertx-web-client (io.vertx:vertx-web-client:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-web-parent/vertx-web-client) (Eclipse Public License - v 1.0) (The Apache Software License, Version 2.0) vertx-web-common (io.vertx:vertx-web-common:4.4.4 - http://nexus.sonatype.org/oss-repository-hosting.html/vertx-parent/vertx-ext/vertx-ext-parent/vertx-web-parent/vertx-web-common) @@ -199,7 +199,7 @@ Lists of 230 third-party dependencies. (The MIT License) Checker Qual (org.checkerframework:checker-qual:3.34.0 - https://checkerframework.org/) (Apache License, Version 2.0) MicroProfile Config API (org.eclipse.microprofile.config:microprofile-config-api:3.0.3 - https://microprofile.io/project/eclipse/microprofile-config/microprofile-config-api) (Apache License, Version 2.0) MicroProfile Context Propagation (org.eclipse.microprofile.context-propagation:microprofile-context-propagation-api:1.3 - http://microprofile.io/microprofile-context-propagation-api) - (Universal Permissive License, Version 1.0) Graal Sdk (org.graalvm.sdk:graal-sdk:22.3.2 - https://github.com/oracle/graal) + (Universal Permissive License, Version 1.0) Graal Sdk (org.graalvm.sdk:graal-sdk:23.0.1 - https://github.com/oracle/graal) (BSD Licence 3) Hamcrest (org.hamcrest:hamcrest:2.1 - http://hamcrest.org/JavaHamcrest/) (New BSD License) Hamcrest Core (org.hamcrest:hamcrest-core:1.3 - https://github.com/hamcrest/JavaHamcrest/hamcrest-core) (BSD-2-Clause) (Public Domain, per Creative Commons CC0) HdrHistogram (org.hdrhistogram:HdrHistogram:2.1.12 - http://hdrhistogram.github.io/HdrHistogram/) @@ -228,5 +228,5 @@ Lists of 230 third-party dependencies. (MIT License) SLF4J NOP Binding (org.slf4j:slf4j-nop:1.7.36 - http://www.slf4j.org) (Apache License, Version 2.0) SnakeYAML Engine (org.snakeyaml:snakeyaml-engine:2.6 - https://bitbucket.org/snakeyaml/snakeyaml-engine) (Apache License 2.0) wildfly-common (org.wildfly.common:wildfly-common:1.5.4.Final-format-001 - http://www.jboss.org/wildfly-common) - (Apache-2.0) snappy-java (org.xerial.snappy:snappy-java:1.1.10.1 - https://github.com/xerial/snappy-java) + (Apache-2.0) snappy-java (org.xerial.snappy:snappy-java:1.1.10.5 - https://github.com/xerial/snappy-java) (Apache License, Version 2.0) SnakeYAML (org.yaml:snakeyaml:2.0 - https://bitbucket.org/snakeyaml/snakeyaml) diff --git a/data-plane/pom.xml b/data-plane/pom.xml index f76dcf2bd7..6f268e2313 100644 --- a/data-plane/pom.xml +++ b/data-plane/pom.xml @@ -42,8 +42,8 @@ 2.37.0 - 4.4.4 - 4.4.4 + 4.4.3 + 4.4.3 2.5.0 1.9.4 1.17.0 @@ -61,7 +61,7 @@ 3.2.3 1.9.6.Final 3.3.2 - 3.2.0.Final + 3.2.7.Final 4.9.2 2.33.0