diff --git a/go.mod b/go.mod index 4a9a3ccdd..0f1a3c596 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( k8s.io/client-go v0.30.3 knative.dev/hack v0.0.0-20241010131451-05b2fb30cb4d knative.dev/networking v0.0.0-20241015085032-a3d46633cfb3 - knative.dev/pkg v0.0.0-20241015082832-95b4b97567b5 + knative.dev/pkg v0.0.0-20241021053726-4af9a0d3f8b5 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index e139184ec..0787fc98e 100644 --- a/go.sum +++ b/go.sum @@ -688,8 +688,8 @@ knative.dev/hack v0.0.0-20241010131451-05b2fb30cb4d h1:aCfX7kwkvgGxXXGbso5tLqdwQ knative.dev/hack v0.0.0-20241010131451-05b2fb30cb4d/go.mod h1:R0ritgYtjLDO9527h5vb5X6gfvt5LCrJ55BNbVDsWiY= knative.dev/networking v0.0.0-20241015085032-a3d46633cfb3 h1:pnCWTaxtOdiqtjJC0kGw+4qC7ChH3DkchReSSSBtLQ8= knative.dev/networking v0.0.0-20241015085032-a3d46633cfb3/go.mod h1:xaOhZH277o5f7VTWOBeDQNrGGXeNV2B9dxMn3bp26Ow= -knative.dev/pkg v0.0.0-20241015082832-95b4b97567b5 h1:0ZKQVzST2Y3nSud1hNzTYM+UhTHKOJLjSfmZmzjwpN4= -knative.dev/pkg v0.0.0-20241015082832-95b4b97567b5/go.mod h1:StJI72GWcm/iErmk4RqFJiOo8RLbVqPbHxUqeVwAzeo= +knative.dev/pkg v0.0.0-20241021053726-4af9a0d3f8b5 h1:T+40/2nEh78mT31zYUMjL3ENrZSM6jNApGgz+tcDqwc= +knative.dev/pkg v0.0.0-20241021053726-4af9a0d3f8b5/go.mod h1:StJI72GWcm/iErmk4RqFJiOo8RLbVqPbHxUqeVwAzeo= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/vendor/knative.dev/pkg/webhook/env.go b/vendor/knative.dev/pkg/webhook/env.go index ffb757011..e622f5f97 100644 --- a/vendor/knative.dev/pkg/webhook/env.go +++ b/vendor/knative.dev/pkg/webhook/env.go @@ -32,6 +32,8 @@ const ( secretNameEnvKey = "WEBHOOK_SECRET_NAME" //nolint:gosec // This is not a hardcoded credential tlsMinVersionEnvKey = "WEBHOOK_TLS_MIN_VERSION" + + disableNamespaceOwnershipEnvKey = "WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP" ) // PortFromEnv returns the webhook port set by portEnvKey, or default port if env var is not set. @@ -82,3 +84,15 @@ func TLSMinVersionFromEnv(defaultTLSMinVersion uint16) uint16 { panic(fmt.Sprintf("the environment variable %q has to be either '1.2' or '1.3'", tlsMinVersionEnvKey)) } } + +func DisableNamespaceOwnershipFromEnv() *bool { + disableNamespaceOwnership := os.Getenv(disableNamespaceOwnershipEnvKey) + if disableNamespaceOwnership == "" { + return nil + } + disableNamespaceOwnershipBool, err := strconv.ParseBool(disableNamespaceOwnership) + if err != nil { + panic(fmt.Sprintf("failed to convert the environment variable %q : %v", disableNamespaceOwnershipEnvKey, err)) + } + return &disableNamespaceOwnershipBool +} diff --git a/vendor/knative.dev/pkg/webhook/webhook.go b/vendor/knative.dev/pkg/webhook/webhook.go index 1b90e75fc..dc1981796 100644 --- a/vendor/knative.dev/pkg/webhook/webhook.go +++ b/vendor/knative.dev/pkg/webhook/webhook.go @@ -81,8 +81,10 @@ type Options struct { // before shutting down. GracePeriod time.Duration - // DisableNamespaceOwnership configures whether the webhook adds an owner reference for the SYSTEM_NAMESPACE - // Disabling this is useful when you expect the webhook configuration to be managed by something other than knative + // DisableNamespaceOwnership configures if the SYSTEM_NAMESPACE is added as an owner reference to the + // webhook configuration resources. Overridden by the WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP environment variable. + // Disabling can be useful to avoid breaking systems that expect ownership to indicate a true controller + // relationship: https://github.com/knative/serving/issues/15483 DisableNamespaceOwnership bool // ControllerOptions encapsulates options for creating a new controller, @@ -164,6 +166,12 @@ func New( return nil, fmt.Errorf("unsupported TLS version: %d", opts.TLSMinVersion) } + // if the environment variable is set, it overrides the value in the Options + disableNamespaceOwnership := DisableNamespaceOwnershipFromEnv() + if disableNamespaceOwnership != nil { + opts.DisableNamespaceOwnership = *disableNamespaceOwnership + } + syncCtx, cancel := context.WithCancel(context.Background()) webhook = &Webhook{ diff --git a/vendor/modules.txt b/vendor/modules.txt index 7de81de1f..3b21b969f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -978,7 +978,7 @@ knative.dev/networking/test/test_images/runtime/handlers knative.dev/networking/test/test_images/timeout knative.dev/networking/test/test_images/wsserver knative.dev/networking/test/types -# knative.dev/pkg v0.0.0-20241015082832-95b4b97567b5 +# knative.dev/pkg v0.0.0-20241021053726-4af9a0d3f8b5 ## explicit; go 1.22.0 knative.dev/pkg/apis knative.dev/pkg/apis/duck