diff --git a/go.mod b/go.mod index 93ec5b4a..480f8cf0 100644 --- a/go.mod +++ b/go.mod @@ -14,10 +14,10 @@ require ( k8s.io/apimachinery v0.31.0-beta.0 k8s.io/client-go v0.30.3 k8s.io/code-generator v0.30.3 - knative.dev/hack v0.0.0-20241128013751-1978b3a02667 - knative.dev/networking v0.0.0-20241213084654-8b69a35edbf3 - knative.dev/pkg v0.0.0-20241218051509-40afb7c5436e - knative.dev/serving v0.43.1-0.20241220114912-06281ebc6d81 + knative.dev/hack v0.0.0-20241227080210-e92a16ae0893 + knative.dev/networking v0.0.0-20241229023211-34f5e09274c8 + knative.dev/pkg v0.0.0-20241223131119-4c901591eb4a + knative.dev/serving v0.43.1-0.20250106182356-0d589da56eb6 ) require ( diff --git a/go.sum b/go.sum index b631f068..409667aa 100644 --- a/go.sum +++ b/go.sum @@ -709,14 +709,14 @@ k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= knative.dev/caching v0.0.0-20241128013742-9f3a58ce332c h1:NND36MXXBff0As80pG1uOrO8iBg9k0jdrKrRWT4NVy0= knative.dev/caching v0.0.0-20241128013742-9f3a58ce332c/go.mod h1:xcxIBx5jKR4HANCbcN4If+uNU1Y76b/tn9eV1byvJKc= -knative.dev/hack v0.0.0-20241128013751-1978b3a02667 h1:cp3GfEBnL0H2OrqdxLZ7nZ2K7U4PMdQhdBogl4Vd5+E= -knative.dev/hack v0.0.0-20241128013751-1978b3a02667/go.mod h1:R0ritgYtjLDO9527h5vb5X6gfvt5LCrJ55BNbVDsWiY= -knative.dev/networking v0.0.0-20241213084654-8b69a35edbf3 h1:nJzte4HE7qkVQ/AEWDgFm+3yOWuRjGcaRacmlD2vu9I= -knative.dev/networking v0.0.0-20241213084654-8b69a35edbf3/go.mod h1:nhaf+dGDhLRg0ez4Bm8aX79LD3ohZlSCgsGdu5TbRHU= -knative.dev/pkg v0.0.0-20241218051509-40afb7c5436e h1:pgdDEZT3R50XHwbHBYUYTb71PQ1oDR/2m3mRyQ57W8w= -knative.dev/pkg v0.0.0-20241218051509-40afb7c5436e/go.mod h1:C2dxK66GlycMOS0SKqv0SMAnWkxsYbG4hkH32Xg1qD0= -knative.dev/serving v0.43.1-0.20241220114912-06281ebc6d81 h1:UCYaiznNE2iUl5JJzfhtDKH6K25u276k4A1ky2I2k48= -knative.dev/serving v0.43.1-0.20241220114912-06281ebc6d81/go.mod h1:t4ry8crQ2u732iZdr6nBcOfx9ulNc1uyfS2TeALLOKM= +knative.dev/hack v0.0.0-20241227080210-e92a16ae0893 h1:zy7LwNJ2S7obPMHVAtxQgZPXxBTZzoxHbtb6uhxOl7Q= +knative.dev/hack v0.0.0-20241227080210-e92a16ae0893/go.mod h1:R0ritgYtjLDO9527h5vb5X6gfvt5LCrJ55BNbVDsWiY= +knative.dev/networking v0.0.0-20241229023211-34f5e09274c8 h1:0280xW/AUcpCa/jIGt4RrG3dJwGlqqI3nPf59fDBGg8= +knative.dev/networking v0.0.0-20241229023211-34f5e09274c8/go.mod h1:EU4KaerdVqxeELmrEiS342GlnXINvYm0mDmNN+D+xew= +knative.dev/pkg v0.0.0-20241223131119-4c901591eb4a h1:31rLKAGHeQEkxMOc/h4XCmHOTiR/1R4NRPvJ3wg05WY= +knative.dev/pkg v0.0.0-20241223131119-4c901591eb4a/go.mod h1:C2dxK66GlycMOS0SKqv0SMAnWkxsYbG4hkH32Xg1qD0= +knative.dev/serving v0.43.1-0.20250106182356-0d589da56eb6 h1:9lCR3NK5IvJI51B88qU7rwQPj7N6RpIS1ESzBfnphG0= +knative.dev/serving v0.43.1-0.20250106182356-0d589da56eb6/go.mod h1:t4ry8crQ2u732iZdr6nBcOfx9ulNc1uyfS2TeALLOKM= pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw= pgregory.net/rapid v1.1.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/vendor/knative.dev/hack/infra-library.sh b/vendor/knative.dev/hack/infra-library.sh index 83eacfa6..ba5b1818 100644 --- a/vendor/knative.dev/hack/infra-library.sh +++ b/vendor/knative.dev/hack/infra-library.sh @@ -21,7 +21,7 @@ source "$(dirname "${BASH_SOURCE[0]:-$0}")/library.sh" # Default Kubernetes version to use for GKE, if not overridden with # the `--cluster-version` parameter. -readonly GKE_DEFAULT_CLUSTER_VERSION="1.28" +readonly GKE_DEFAULT_CLUSTER_VERSION="1.30" # Dumps the k8s api server metrics. Spins up a proxy, waits a little bit and # dumps the metrics to ${ARTIFACTS}/k8s.metrics.txt diff --git a/vendor/knative.dev/serving/pkg/apis/config/features.go b/vendor/knative.dev/serving/pkg/apis/config/features.go index 57b0bbe4..79f381d4 100644 --- a/vendor/knative.dev/serving/pkg/apis/config/features.go +++ b/vendor/knative.dev/serving/pkg/apis/config/features.go @@ -72,6 +72,7 @@ func defaultFeaturesConfig() *Features { ContainerSpecAddCapabilities: Disabled, PodSpecTolerations: Disabled, PodSpecVolumesEmptyDir: Enabled, + PodSpecVolumesHostPath: Disabled, PodSpecPersistentVolumeClaim: Disabled, PodSpecPersistentVolumeWrite: Disabled, QueueProxyMountPodInfo: Disabled, @@ -107,6 +108,7 @@ func NewFeaturesConfigFromMap(data map[string]string) (*Features, error) { asFlag("kubernetes.containerspec-addcapabilities", &nc.ContainerSpecAddCapabilities), asFlag("kubernetes.podspec-tolerations", &nc.PodSpecTolerations), asFlag("kubernetes.podspec-volumes-emptydir", &nc.PodSpecVolumesEmptyDir), + asFlag("kubernetes.podspec-volumes-hostpath", &nc.PodSpecVolumesHostPath), asFlag("kubernetes.podspec-hostipc", &nc.PodSpecHostIPC), asFlag("kubernetes.podspec-hostpid", &nc.PodSpecHostPID), asFlag("kubernetes.podspec-hostnetwork", &nc.PodSpecHostNetwork), @@ -151,6 +153,7 @@ type Features struct { ContainerSpecAddCapabilities Flag PodSpecTolerations Flag PodSpecVolumesEmptyDir Flag + PodSpecVolumesHostPath Flag PodSpecInitContainers Flag PodSpecPersistentVolumeClaim Flag PodSpecPersistentVolumeWrite Flag diff --git a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go index faff5dba..142d42d3 100644 --- a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go +++ b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go @@ -66,6 +66,10 @@ func VolumeSourceMask(ctx context.Context, in *corev1.VolumeSource) *corev1.Volu out.PersistentVolumeClaim = in.PersistentVolumeClaim } + if cfg.Features.PodSpecVolumesHostPath != config.Disabled { + out.HostPath = in.HostPath + } + // Too many disallowed fields to list return out @@ -710,10 +714,12 @@ func SecurityContextMask(ctx context.Context, in *corev1.SecurityContext) *corev // SeccompProfile defaults to "unconstrained", but the safe values are // "RuntimeDefault" or "Localhost" (with localhost path set) out.SeccompProfile = in.SeccompProfile - + // Only allow setting Privileged to false + if in.Privileged != nil && !*in.Privileged { + out.Privileged = in.Privileged + } // Disallowed // This list is unnecessary, but added here for clarity - out.Privileged = nil out.SELinuxOptions = nil out.ProcMount = nil diff --git a/vendor/knative.dev/serving/test/e2e-external-domain-tls-tests.sh b/vendor/knative.dev/serving/test/e2e-external-domain-tls-tests.sh index 33c86a08..71ff537b 100644 --- a/vendor/knative.dev/serving/test/e2e-external-domain-tls-tests.sh +++ b/vendor/knative.dev/serving/test/e2e-external-domain-tls-tests.sh @@ -162,7 +162,7 @@ function delete_dns_record() { } # Script entry point. -initialize "$@" --num-nodes=4 --enable-ha --cluster-version=1.28 +initialize "$@" --num-nodes=4 --enable-ha --cluster-version=1.30 # Run the tests header "Running tests" diff --git a/vendor/knative.dev/serving/test/e2e-tests.sh b/vendor/knative.dev/serving/test/e2e-tests.sh index 109e71e0..eae5c5c7 100644 --- a/vendor/knative.dev/serving/test/e2e-tests.sh +++ b/vendor/knative.dev/serving/test/e2e-tests.sh @@ -28,7 +28,7 @@ source $(dirname "$0")/e2e-common.sh # Script entry point. -initialize --num-nodes=4 --enable-ha --cluster-version=1.28 "$@" +initialize --num-nodes=4 --enable-ha --cluster-version=1.30 "$@" # Run the tests header "Running tests" diff --git a/vendor/knative.dev/serving/test/e2e-upgrade-tests.sh b/vendor/knative.dev/serving/test/e2e-upgrade-tests.sh index e15ea761..6c31fab1 100644 --- a/vendor/knative.dev/serving/test/e2e-upgrade-tests.sh +++ b/vendor/knative.dev/serving/test/e2e-upgrade-tests.sh @@ -42,7 +42,7 @@ function stage_test_resources() { # Skip installing istio as an add-on. # Skip installing a pvc as it is not used in upgrade tests # Skip installing a resource quota as it is not used in upgrade tests -PVC=0 QUOTA=0 initialize "$@" --num-nodes=4 --cluster-version=1.28 \ +PVC=0 QUOTA=0 initialize "$@" --num-nodes=4 --cluster-version=1.30 \ --install-latest-release # TODO(#2656): Reduce the timeout after we get this test to consistently passing. diff --git a/vendor/modules.txt b/vendor/modules.txt index b1fe600b..7cdd0c6b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -969,10 +969,10 @@ knative.dev/caching/pkg/client/clientset/versioned/typed/caching/v1alpha1/fake knative.dev/caching/pkg/client/injection/client knative.dev/caching/pkg/client/injection/client/fake knative.dev/caching/pkg/client/listers/caching/v1alpha1 -# knative.dev/hack v0.0.0-20241128013751-1978b3a02667 +# knative.dev/hack v0.0.0-20241227080210-e92a16ae0893 ## explicit; go 1.21 knative.dev/hack -# knative.dev/networking v0.0.0-20241213084654-8b69a35edbf3 +# knative.dev/networking v0.0.0-20241229023211-34f5e09274c8 ## explicit; go 1.22.7 knative.dev/networking/pkg knative.dev/networking/pkg/apis/networking @@ -1002,7 +1002,7 @@ knative.dev/networking/pkg/http/proxy knative.dev/networking/pkg/http/stats knative.dev/networking/pkg/ingress knative.dev/networking/pkg/k8s -# knative.dev/pkg v0.0.0-20241218051509-40afb7c5436e +# knative.dev/pkg v0.0.0-20241223131119-4c901591eb4a ## explicit; go 1.22.7 knative.dev/pkg/apis knative.dev/pkg/apis/duck @@ -1068,7 +1068,7 @@ knative.dev/pkg/tracker knative.dev/pkg/version knative.dev/pkg/webhook knative.dev/pkg/webhook/certificates/resources -# knative.dev/serving v0.43.1-0.20241220114912-06281ebc6d81 +# knative.dev/serving v0.43.1-0.20250106182356-0d589da56eb6 ## explicit; go 1.22.7 knative.dev/serving/pkg/apis/autoscaling knative.dev/serving/pkg/apis/autoscaling/v1alpha1