diff --git a/go.mod b/go.mod index 44b725332..faf886d02 100644 --- a/go.mod +++ b/go.mod @@ -21,8 +21,8 @@ require ( k8s.io/code-generator v0.30.3 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 knative.dev/hack v0.0.0-20240909014011-fc6a8452af6d - knative.dev/networking v0.0.0-20240923151441-ea902459c96d - knative.dev/pkg v0.0.0-20240924202102-28b58b842f1a + knative.dev/networking v0.0.0-20240925061159-939600981bda + knative.dev/pkg v0.0.0-20240926013127-c4843b746d24 sigs.k8s.io/gateway-api v1.1.0 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index 6b4c34229..8b5db2dc3 100644 --- a/go.sum +++ b/go.sum @@ -680,10 +680,10 @@ k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= knative.dev/hack v0.0.0-20240909014011-fc6a8452af6d h1:mgROhGJG3+g0SBkaG4Y2HxrIOLN3ZZcN4+IFZla+Zqs= knative.dev/hack v0.0.0-20240909014011-fc6a8452af6d/go.mod h1:R0ritgYtjLDO9527h5vb5X6gfvt5LCrJ55BNbVDsWiY= -knative.dev/networking v0.0.0-20240923151441-ea902459c96d h1:eYfqMHN1H989+kxAoVPJAP2U6JUPaHjcjdRCv/YhiR4= -knative.dev/networking v0.0.0-20240923151441-ea902459c96d/go.mod h1:wcoRzE0hEX8Rn9xjQIxQnreMyq+mOnnGbxHrVeoAo9A= -knative.dev/pkg v0.0.0-20240924202102-28b58b842f1a h1:AFR8PmM3le4Uf58XRJzj0Z/ajyCUriqebCk6hyc0M6g= -knative.dev/pkg v0.0.0-20240924202102-28b58b842f1a/go.mod h1:IQi7fVFvQa6UpNnSpzlAiNPMtTvIj4MHj4vSD/PulCE= +knative.dev/networking v0.0.0-20240925061159-939600981bda h1:ImNzczDMEJmzJMWUu0XjoevdTmsl+crAdJVAD1RSPpM= +knative.dev/networking v0.0.0-20240925061159-939600981bda/go.mod h1:8NkRp5YvKc1z3UO5sLG6nfRSzIXsDZ1R5oURqW8oP9w= +knative.dev/pkg v0.0.0-20240926013127-c4843b746d24 h1:NJLvfA38IlzdSxNi5//yEpKeZBPezyQZA4SCcoMjC9o= +knative.dev/pkg v0.0.0-20240926013127-c4843b746d24/go.mod h1:IQi7fVFvQa6UpNnSpzlAiNPMtTvIj4MHj4vSD/PulCE= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/vendor/knative.dev/pkg/webhook/configmaps/configmaps.go b/vendor/knative.dev/pkg/webhook/configmaps/configmaps.go index d7d37b8ec..aa4787922 100644 --- a/vendor/knative.dev/pkg/webhook/configmaps/configmaps.go +++ b/vendor/knative.dev/pkg/webhook/configmaps/configmaps.go @@ -58,7 +58,8 @@ type reconciler struct { vwhlister admissionlisters.ValidatingWebhookConfigurationLister secretlister corelisters.SecretLister - secretName string + secretName string + disableNamespaceOwnership bool } var ( @@ -138,13 +139,15 @@ func (ac *reconciler) reconcileValidatingWebhook(ctx context.Context, caCert []b webhook := configuredWebhook.DeepCopy() - // Set the owner to namespace. - ns, err := ac.client.CoreV1().Namespaces().Get(ctx, system.Namespace(), metav1.GetOptions{}) - if err != nil { - return fmt.Errorf("failed to fetch namespace: %w", err) + if !ac.disableNamespaceOwnership { + // Set the owner to namespace. + ns, err := ac.client.CoreV1().Namespaces().Get(ctx, system.Namespace(), metav1.GetOptions{}) + if err != nil { + return fmt.Errorf("failed to fetch namespace: %w", err) + } + nsRef := *metav1.NewControllerRef(ns, corev1.SchemeGroupVersion.WithKind("Namespace")) + webhook.OwnerReferences = []metav1.OwnerReference{nsRef} } - nsRef := *metav1.NewControllerRef(ns, corev1.SchemeGroupVersion.WithKind("Namespace")) - webhook.OwnerReferences = []metav1.OwnerReference{nsRef} for i, wh := range webhook.Webhooks { if wh.Name != webhook.Name { diff --git a/vendor/knative.dev/pkg/webhook/configmaps/controller.go b/vendor/knative.dev/pkg/webhook/configmaps/controller.go index 9c2aae495..80ab3cab1 100644 --- a/vendor/knative.dev/pkg/webhook/configmaps/controller.go +++ b/vendor/knative.dev/pkg/webhook/configmaps/controller.go @@ -60,8 +60,9 @@ func NewAdmissionController( key: key, path: path, - constructors: make(map[string]reflect.Value), - secretName: options.SecretName, + constructors: make(map[string]reflect.Value), + secretName: options.SecretName, + disableNamespaceOwnership: options.DisableNamespaceOwnership, client: client, vwhlister: vwhInformer.Lister(), diff --git a/vendor/knative.dev/pkg/webhook/webhook.go b/vendor/knative.dev/pkg/webhook/webhook.go index e05c6f041..1b90e75fc 100644 --- a/vendor/knative.dev/pkg/webhook/webhook.go +++ b/vendor/knative.dev/pkg/webhook/webhook.go @@ -81,6 +81,10 @@ type Options struct { // before shutting down. GracePeriod time.Duration + // DisableNamespaceOwnership configures whether the webhook adds an owner reference for the SYSTEM_NAMESPACE + // Disabling this is useful when you expect the webhook configuration to be managed by something other than knative + DisableNamespaceOwnership bool + // ControllerOptions encapsulates options for creating a new controller, // including throttling and stats behavior. ControllerOptions *controller.ControllerOptions diff --git a/vendor/modules.txt b/vendor/modules.txt index 02a2c8f44..6e8d841f4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -909,7 +909,7 @@ k8s.io/utils/trace # knative.dev/hack v0.0.0-20240909014011-fc6a8452af6d ## explicit; go 1.21 knative.dev/hack -# knative.dev/networking v0.0.0-20240923151441-ea902459c96d +# knative.dev/networking v0.0.0-20240925061159-939600981bda ## explicit; go 1.22.0 knative.dev/networking/config knative.dev/networking/pkg @@ -953,7 +953,7 @@ knative.dev/networking/test/test_images/runtime/handlers knative.dev/networking/test/test_images/timeout knative.dev/networking/test/test_images/wsserver knative.dev/networking/test/types -# knative.dev/pkg v0.0.0-20240924202102-28b58b842f1a +# knative.dev/pkg v0.0.0-20240926013127-c4843b746d24 ## explicit; go 1.22.0 knative.dev/pkg/apis knative.dev/pkg/apis/duck