From 60d8e0c093063b5d25acd438aef307cb228c8734 Mon Sep 17 00:00:00 2001 From: Akshay Pant Date: Tue, 12 May 2026 17:56:14 +0530 Subject: [PATCH 1/2] chore(deps): bump knative/eventing to v0.49.0 Update knative/eventing to v0.49.0 which includes the pprof server fix (knative/eventing#9008). Also bumps k8s.io to v0.35.4, knative/pkg, and golang.org/x dependencies. Signed-off-by: Akshay Pant --- go.mod | 24 ++++---- go.sum | 56 +++++++++---------- vendor/golang.org/x/crypto/ssh/cipher.go | 2 +- vendor/golang.org/x/crypto/ssh/client_auth.go | 10 +++- vendor/golang.org/x/net/http2/hpack/tables.go | 13 ++++- vendor/golang.org/x/net/http2/transport.go | 9 +-- .../x/sys/cpu/cpu_darwin_arm64_other.go | 2 + .../golang.org/x/sys/cpu/cpu_other_arm64.go | 2 +- .../golang.org/x/sys/cpu/cpu_windows_arm64.go | 42 -------------- .../golang.org/x/sys/windows/dll_windows.go | 37 +----------- .../x/sys/windows/security_windows.go | 6 +- .../apimachinery/pkg/api/validate/union.go | 15 ++++- .../eventing/pkg/adapter/v2/main.go | 10 ++++ .../v1alpha1/eventtransform_lifecycle.go | 22 +++++++- .../eventing/v1alpha1/eventtransform_types.go | 5 ++ .../pkg/apis/eventing/v1alpha1/register.go | 2 +- .../v1alpha1/zz_generated.deepcopy.go | 1 + .../eventing/pkg/apis/sources/register.go | 10 ++-- .../apis/sources/v1/apiserver_lifecycle.go | 8 ++- .../pkg/apis/sources/v1/apiserver_types.go | 2 +- .../pkg/apis/sources/v1/ping_lifecycle.go | 8 ++- .../apis/sources/v1/sinkbinding_lifecycle.go | 44 +++------------ .../knative.dev/eventing/pkg/auth/verifier.go | 9 +++ .../eventing/pkg/eventingtls/eventingtls.go | 39 +++++++++---- .../eventing/pkg/eventingtls/trust_bundle.go | 12 +++- .../eventing/pkg/observability/key.go | 2 +- .../eventing/pkg/observability/newcontext.go | 26 +++++++++ .../knative.dev/eventing/pkg/utils/logging.go | 40 +++++++++++++ vendor/modules.txt | 24 ++++---- 29 files changed, 274 insertions(+), 208 deletions(-) delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go create mode 100644 vendor/knative.dev/eventing/pkg/utils/logging.go diff --git a/go.mod b/go.mod index 8d87e848ae..9a4613c9db 100644 --- a/go.mod +++ b/go.mod @@ -13,6 +13,7 @@ require ( github.com/google/cel-go v0.28.0 github.com/google/go-cmp v0.7.0 github.com/google/go-github/scrape v0.0.0-20260403152401-96a365122246 + github.com/google/go-github/v84 v84.0.0 github.com/google/go-github/v85 v85.0.0 github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b github.com/jenkins-x/go-scm v1.15.17 @@ -37,15 +38,15 @@ require ( golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 golang.org/x/oauth2 v0.36.0 golang.org/x/sync v0.20.0 - golang.org/x/text v0.35.0 + golang.org/x/text v0.36.0 gopkg.in/yaml.v2 v2.4.0 gotest.tools/v3 v3.5.2 - k8s.io/api v0.35.3 - k8s.io/apimachinery v0.35.3 - k8s.io/client-go v0.35.3 + k8s.io/api v0.35.4 + k8s.io/apimachinery v0.35.4 + k8s.io/client-go v0.35.4 k8s.io/utils v0.0.0-20260319190234-28399d86e0b5 - knative.dev/eventing v0.48.2 - knative.dev/pkg v0.0.0-20260406140200-cb58ae50e894 + knative.dev/eventing v0.49.0 + knative.dev/pkg v0.0.0-20260422015212-ec452872dcc1 sigs.k8s.io/yaml v1.6.0 ) @@ -78,7 +79,6 @@ require ( github.com/go-openapi/swag/typeutils v0.25.5 // indirect github.com/go-openapi/swag/yamlutils v0.25.5 // indirect github.com/go-viper/mapstructure/v2 v2.5.0 // indirect - github.com/google/go-github/v84 v84.0.0 // indirect github.com/oklog/ulid/v2 v2.1.1 // indirect github.com/prometheus/otlptranslator v1.0.0 // indirect github.com/rickb777/plural v1.4.10 // indirect @@ -149,10 +149,10 @@ require ( github.com/xlzd/gotp v0.1.0 // indirect go.uber.org/automaxprocs v1.6.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.49.0 // indirect - golang.org/x/net v0.52.0 // indirect - golang.org/x/sys v0.42.0 // indirect - golang.org/x/term v0.41.0 + golang.org/x/crypto v0.50.0 // indirect + golang.org/x/net v0.53.0 // indirect + golang.org/x/sys v0.43.0 // indirect + golang.org/x/term v0.42.0 golang.org/x/time v0.15.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260406210006-6f92a3bedf2d @@ -161,7 +161,7 @@ require ( google.golang.org/protobuf v1.36.11 gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.35.3 // indirect + k8s.io/apiextensions-apiserver v0.35.4 // indirect k8s.io/klog/v2 v2.140.0 sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect ) diff --git a/go.sum b/go.sum index 543beac85e..5fb024ce11 100644 --- a/go.sum +++ b/go.sum @@ -335,8 +335,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= -golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= +golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI= +golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q= golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 h1:jiDhWWeC7jfWqR9c/uplMOqJ0sbNlNWv0UkzE0vX1MA= golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90/go.mod h1:xE1HEv6b+1SCZ5/uscMRjUBKtIxworgEcEi+/n9NQDQ= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -344,8 +344,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= -golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY= +golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM= +golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= @@ -356,8 +356,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= -golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= +golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= +golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs= golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -387,8 +387,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= +golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -398,8 +398,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= -golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= -golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= +golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY= +golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -410,8 +410,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= -golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= +golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= +golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -420,8 +420,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= -golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0= +golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c= +golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= @@ -451,26 +451,26 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= -k8s.io/api v0.35.3 h1:pA2fiBc6+N9PDf7SAiluKGEBuScsTzd2uYBkA5RzNWQ= -k8s.io/api v0.35.3/go.mod h1:9Y9tkBcFwKNq2sxwZTQh1Njh9qHl81D0As56tu42GA4= -k8s.io/apiextensions-apiserver v0.35.3 h1:2fQUhEO7P17sijylbdwt0nBdXP0TvHrHj0KeqHD8FiU= -k8s.io/apiextensions-apiserver v0.35.3/go.mod h1:tK4Kz58ykRpwAEkXUb634HD1ZAegEElktz/B3jgETd8= -k8s.io/apimachinery v0.35.3 h1:MeaUwQCV3tjKP4bcwWGgZ/cp/vpsRnQzqO6J6tJyoF8= -k8s.io/apimachinery v0.35.3/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= -k8s.io/apiserver v0.35.3 h1:D2eIcfJ05hEAEewoSDg+05e0aSRwx8Y4Agvd/wiomUI= -k8s.io/apiserver v0.35.3/go.mod h1:JI0n9bHYzSgIxgIrfe21dbduJ9NHzKJ6RchcsmIKWKY= -k8s.io/client-go v0.35.3 h1:s1lZbpN4uI6IxeTM2cpdtrwHcSOBML1ODNTCCfsP1pg= -k8s.io/client-go v0.35.3/go.mod h1:RzoXkc0mzpWIDvBrRnD+VlfXP+lRzqQjCmKtiwZ8Q9c= +k8s.io/api v0.35.4 h1:P7nFYKl5vo9AGUp1Z+Pmd3p2tA7bX2wbFWCvDeRv988= +k8s.io/api v0.35.4/go.mod h1:yl4lqySWOgYJJf9RERXKUwE9g2y+CkuwG+xmcOK8wXU= +k8s.io/apiextensions-apiserver v0.35.4 h1:HeP+Upp7ItdvnyGmub0yoix+2z5+ev4M5cE5TCgtOUU= +k8s.io/apiextensions-apiserver v0.35.4/go.mod h1:ogQlk+stIE8mnoRthSYCwlOS12fVqgWFiErMwPaXA7c= +k8s.io/apimachinery v0.35.4 h1:xtdom9RG7e+yDp71uoXoJDWEE2eOiHgeO4GdBzwWpds= +k8s.io/apimachinery v0.35.4/go.mod h1:NNi1taPOpep0jOj+oRha3mBJPqvi0hGdaV8TCqGQ+cc= +k8s.io/apiserver v0.35.4 h1:vtuFqNFmF9bPRdHDL2lpK6qCTPWDreZJL4LRPwVM6ho= +k8s.io/apiserver v0.35.4/go.mod h1:JnBcb+J8kFXKpZkgcbcUnPBBHi4qgBii1I7dLxFY/oo= +k8s.io/client-go v0.35.4 h1:DN6fyaGuzK64UvnKO5fOA6ymSjvfGAnCAHAR0C66kD8= +k8s.io/client-go v0.35.4/go.mod h1:2Pg9WpsS4NeOpoYTfHHfMxBG8zFMSAUi4O/qoiJC3nY= k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc= k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0= k8s.io/kube-openapi v0.0.0-20260330154417-16be699c7b31 h1:V+sn9a/1fEYDGwnllCmqXBk8x7obZ+hl869Q3Abumkg= k8s.io/kube-openapi v0.0.0-20260330154417-16be699c7b31/go.mod h1:uGBT7iTA6c6MvqUvSXIaYZo9ukscABYi2btjhvgKGZ0= k8s.io/utils v0.0.0-20260319190234-28399d86e0b5 h1:kBawHLSnx/mYHmRnNUf9d4CpjREbeZuxoSGOX/J+aYM= k8s.io/utils v0.0.0-20260319190234-28399d86e0b5/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= -knative.dev/eventing v0.48.2 h1:+9oi64QI1U8T1b7Hz6UFla1HA/SKoln/MPdEI2QeUJc= -knative.dev/eventing v0.48.2/go.mod h1:NOSy8GPDTkGZvN0Kj3aNaP75CbEMW6BbXHfL+Hf/LYc= -knative.dev/pkg v0.0.0-20260406140200-cb58ae50e894 h1:Zabll+2HVz/YH9JLIIL/o7FH8tQP7m2neAgUNSJUjGk= -knative.dev/pkg v0.0.0-20260406140200-cb58ae50e894/go.mod h1:pqHAkUWsa/DsOKJvubQ7JjesfbA+W7ph3nOXt7DCiAw= +knative.dev/eventing v0.49.0 h1:Gole9D1AXnZVBCzoqO00/5n8MApy8rRJpTHYXvUFfQc= +knative.dev/eventing v0.49.0/go.mod h1:5lsUu0xHPLQpfVW7kmYXB7uRCUOnGGPsE87rx3hrRsM= +knative.dev/pkg v0.0.0-20260422015212-ec452872dcc1 h1:bO5X2bugzMqoVltm2n16mHpAdpSR0HRWeAKzHUL2Cgk= +knative.dev/pkg v0.0.0-20260422015212-ec452872dcc1/go.mod h1:EZeB2nBW4QcpZuCPB5a/UnoVIH2N+5z5fwNw1PUeqMg= sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= sigs.k8s.io/gateway-api v1.5.1/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= diff --git a/vendor/golang.org/x/crypto/ssh/cipher.go b/vendor/golang.org/x/crypto/ssh/cipher.go index 7554ed57a9..ad2b370578 100644 --- a/vendor/golang.org/x/crypto/ssh/cipher.go +++ b/vendor/golang.org/x/crypto/ssh/cipher.go @@ -586,7 +586,7 @@ func (c *cbcCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader // Length of encrypted portion of the packet (header, payload, padding). // Enforce minimum padding and packet size. - encLength := maxUInt32(prefixLen+len(packet)+cbcMinPaddingSize, cbcMinPaddingSize) + encLength := maxUInt32(prefixLen+len(packet)+cbcMinPaddingSize, cbcMinPacketSize) // Enforce block size. encLength = (encLength + effectiveBlockSize - 1) / effectiveBlockSize * effectiveBlockSize diff --git a/vendor/golang.org/x/crypto/ssh/client_auth.go b/vendor/golang.org/x/crypto/ssh/client_auth.go index 3127e49903..4f2f75c367 100644 --- a/vendor/golang.org/x/crypto/ssh/client_auth.go +++ b/vendor/golang.org/x/crypto/ssh/client_auth.go @@ -274,10 +274,14 @@ func pickSignatureAlgorithm(signer Signer, extensions map[string][]byte) (MultiA } // Filter algorithms based on those supported by MultiAlgorithmSigner. + // Iterate over the signer's algorithms first to preserve its preference order. + supportedKeyAlgos := algorithmsForKeyFormat(keyFormat) var keyAlgos []string - for _, algo := range algorithmsForKeyFormat(keyFormat) { - if slices.Contains(as.Algorithms(), underlyingAlgo(algo)) { - keyAlgos = append(keyAlgos, algo) + for _, signerAlgo := range as.Algorithms() { + if idx := slices.IndexFunc(supportedKeyAlgos, func(algo string) bool { + return underlyingAlgo(algo) == signerAlgo + }); idx >= 0 { + keyAlgos = append(keyAlgos, supportedKeyAlgos[idx]) } } diff --git a/vendor/golang.org/x/net/http2/hpack/tables.go b/vendor/golang.org/x/net/http2/hpack/tables.go index 8cbdf3f019..803fe5178c 100644 --- a/vendor/golang.org/x/net/http2/hpack/tables.go +++ b/vendor/golang.org/x/net/http2/hpack/tables.go @@ -6,6 +6,7 @@ package hpack import ( "fmt" + "strings" ) // headerFieldTable implements a list of HeaderFields. @@ -54,10 +55,16 @@ func (t *headerFieldTable) len() int { // addEntry adds a new entry. func (t *headerFieldTable) addEntry(f HeaderField) { + // Prevent f from escaping to the heap. + f2 := HeaderField{ + Name: strings.Clone(f.Name), + Value: strings.Clone(f.Value), + Sensitive: f.Sensitive, + } id := uint64(t.len()) + t.evictCount + 1 - t.byName[f.Name] = id - t.byNameValue[pairNameValue{f.Name, f.Value}] = id - t.ents = append(t.ents, f) + t.byName[f2.Name] = id + t.byNameValue[pairNameValue{f2.Name, f2.Value}] = id + t.ents = append(t.ents, f2) } // evictOldest evicts the n oldest entries in the table. diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index 2e9c2f6a52..19553f10c8 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -718,9 +718,6 @@ func canRetryError(err error) bool { } func (t *Transport) dialClientConn(ctx context.Context, addr string, singleUse bool) (*ClientConn, error) { - if t.transportTestHooks != nil { - return t.newClientConn(nil, singleUse, nil) - } host, _, err := net.SplitHostPort(addr) if err != nil { return nil, err @@ -2861,6 +2858,9 @@ func (rl *clientConnReadLoop) processSettingsNoWrite(f *SettingsFrame) error { var seenMaxConcurrentStreams bool err := f.ForeachSetting(func(s Setting) error { + if err := s.Valid(); err != nil { + return err + } switch s.ID { case SettingMaxFrameSize: cc.maxFrameSize = s.Val @@ -2892,9 +2892,6 @@ func (rl *clientConnReadLoop) processSettingsNoWrite(f *SettingsFrame) error { cc.henc.SetMaxDynamicTableSize(s.Val) cc.peerMaxHeaderTableSize = s.Val case SettingEnableConnectProtocol: - if err := s.Valid(); err != nil { - return err - } // If the peer wants to send us SETTINGS_ENABLE_CONNECT_PROTOCOL, // we require that it do so in the first SETTINGS frame. // diff --git a/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go b/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go index 4ee68e38d9..37ecc66440 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go +++ b/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go @@ -6,6 +6,8 @@ package cpu +import "runtime" + func doinit() { setMinimalFeatures() diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go index 6c7c5bfd53..53f814d7a6 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build !darwin && !linux && !netbsd && !openbsd && !windows && arm64 +//go:build !darwin && !linux && !netbsd && !openbsd && arm64 package cpu diff --git a/vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go deleted file mode 100644 index d09e85a361..0000000000 --- a/vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go +++ /dev/null @@ -1,42 +0,0 @@ -// Copyright 2026 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -import ( - "golang.org/x/sys/windows" -) - -func doinit() { - // set HasASIMD and HasFP to true as per - // https://learn.microsoft.com/en-us/cpp/build/arm64-windows-abi-conventions?view=msvc-170#base-requirements - // - // The ARM64 version of Windows always presupposes that it's running on an ARMv8 or later architecture. - // Both floating-point and NEON support are presumed to be present in hardware. - // - ARM64.HasASIMD = true - ARM64.HasFP = true - - if windows.IsProcessorFeaturePresent(windows.PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE) { - ARM64.HasAES = true - ARM64.HasPMULL = true - ARM64.HasSHA1 = true - ARM64.HasSHA2 = true - } - ARM64.HasSHA3 = windows.IsProcessorFeaturePresent(windows.PF_ARM_SHA3_INSTRUCTIONS_AVAILABLE) - ARM64.HasCRC32 = windows.IsProcessorFeaturePresent(windows.PF_ARM_V8_CRC32_INSTRUCTIONS_AVAILABLE) - ARM64.HasSHA512 = windows.IsProcessorFeaturePresent(windows.PF_ARM_SHA512_INSTRUCTIONS_AVAILABLE) - ARM64.HasATOMICS = windows.IsProcessorFeaturePresent(windows.PF_ARM_V81_ATOMIC_INSTRUCTIONS_AVAILABLE) - if windows.IsProcessorFeaturePresent(windows.PF_ARM_V82_DP_INSTRUCTIONS_AVAILABLE) { - ARM64.HasASIMDDP = true - ARM64.HasASIMDRDM = true - } - if windows.IsProcessorFeaturePresent(windows.PF_ARM_V83_LRCPC_INSTRUCTIONS_AVAILABLE) { - ARM64.HasLRCPC = true - ARM64.HasSM3 = true - } - ARM64.HasSVE = windows.IsProcessorFeaturePresent(windows.PF_ARM_SVE_INSTRUCTIONS_AVAILABLE) - ARM64.HasSVE2 = windows.IsProcessorFeaturePresent(windows.PF_ARM_SVE2_INSTRUCTIONS_AVAILABLE) - ARM64.HasJSCVT = windows.IsProcessorFeaturePresent(windows.PF_ARM_V83_JSCVT_INSTRUCTIONS_AVAILABLE) -} diff --git a/vendor/golang.org/x/sys/windows/dll_windows.go b/vendor/golang.org/x/sys/windows/dll_windows.go index 3ca814f54d..1157b06d87 100644 --- a/vendor/golang.org/x/sys/windows/dll_windows.go +++ b/vendor/golang.org/x/sys/windows/dll_windows.go @@ -163,42 +163,7 @@ func (p *Proc) Addr() uintptr { // (according to the semantics of the specific function being called) before consulting // the error. The error will be guaranteed to contain windows.Errno. func (p *Proc) Call(a ...uintptr) (r1, r2 uintptr, lastErr error) { - switch len(a) { - case 0: - return syscall.Syscall(p.Addr(), uintptr(len(a)), 0, 0, 0) - case 1: - return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], 0, 0) - case 2: - return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], a[1], 0) - case 3: - return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], a[1], a[2]) - case 4: - return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], 0, 0) - case 5: - return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], 0) - case 6: - return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5]) - case 7: - return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], 0, 0) - case 8: - return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], 0) - case 9: - return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8]) - case 10: - return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], 0, 0) - case 11: - return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], 0) - case 12: - return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11]) - case 13: - return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], 0, 0) - case 14: - return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], 0) - case 15: - return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], a[14]) - default: - panic("Call " + p.Name + " with too many arguments " + itoa(len(a)) + ".") - } + return syscall.SyscallN(p.Addr(), a...) } // A LazyDLL implements access to a single DLL. diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go index a8b0364c7c..6c955cea15 100644 --- a/vendor/golang.org/x/sys/windows/security_windows.go +++ b/vendor/golang.org/x/sys/windows/security_windows.go @@ -1438,13 +1438,17 @@ func GetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformati } // GetNamedSecurityInfo queries the security information for a given named object and returns the self-relative security -// descriptor result on the Go heap. +// descriptor result on the Go heap. The security descriptor might be nil, even when err is nil, if the object exists +// but has no security descriptor. func GetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION) (sd *SECURITY_DESCRIPTOR, err error) { var winHeapSD *SECURITY_DESCRIPTOR err = getNamedSecurityInfo(objectName, objectType, securityInformation, nil, nil, nil, nil, &winHeapSD) if err != nil { return } + if winHeapSD == nil { + return nil, nil + } defer LocalFree(Handle(unsafe.Pointer(winHeapSD))) return winHeapSD.copySelfRelativeSecurityDescriptor(), nil } diff --git a/vendor/k8s.io/apimachinery/pkg/api/validate/union.go b/vendor/k8s.io/apimachinery/pkg/api/validate/union.go index 03f45f8661..32a2671f8d 100644 --- a/vendor/k8s.io/apimachinery/pkg/api/validate/union.go +++ b/vendor/k8s.io/apimachinery/pkg/api/validate/union.go @@ -19,6 +19,7 @@ package validate import ( "context" "fmt" + "reflect" "strings" "k8s.io/apimachinery/pkg/api/operation" @@ -60,6 +61,10 @@ type UnionValidationOptions struct { // )...) // return errs // } +// +// Note that T is "any", rather than "comparable", because union-members can be +// slices, meaning T might be a struct with a slice, meaning it is not +// comparable. func Union[T any](_ context.Context, op operation.Operation, fldPath *field.Path, obj, oldObj T, union *UnionMembership, isSetFns ...ExtractorFn[T, bool]) field.ErrorList { options := UnionValidationOptions{ ErrorForEmpty: func(fldPath *field.Path, allFields []string) *field.Error { @@ -98,6 +103,10 @@ func Union[T any](_ context.Context, op operation.Operation, fldPath *field.Path // // It is not an error for the discriminatorValue to be unknown. That must be // validated on its own. +// +// Note that T is "any", rather than "comparable", because union-members can be +// slices, meaning T might be a struct with a slice, meaning it is not +// comparable. func DiscriminatedUnion[T any, D ~string](_ context.Context, op operation.Operation, fldPath *field.Path, obj, oldObj T, union *UnionMembership, discriminatorExtractor ExtractorFn[T, D], isSetFns ...ExtractorFn[T, bool]) (errs field.ErrorList) { if len(union.members) != len(isSetFns) { return field.ErrorList{ @@ -106,6 +115,7 @@ func DiscriminatedUnion[T any, D ~string](_ context.Context, op operation.Operat len(isSetFns), len(union.members))), } } + hasOldValue := !reflect.ValueOf(oldObj).IsZero() // because T is any, rather than comparable var changed bool discriminatorValue := discriminatorExtractor(obj) if op.Type == operation.Update { @@ -131,7 +141,7 @@ func DiscriminatedUnion[T any, D ~string](_ context.Context, op operation.Operat } // If the union discriminator and membership is unchanged, we don't need to // re-validate. - if op.Type == operation.Update && !changed { + if op.Type == operation.Update && hasOldValue && !changed { return nil } return errs @@ -195,6 +205,7 @@ func unionValidate[T any](op operation.Operation, fldPath *field.Path, } } + hasOldValue := !reflect.ValueOf(oldObj).IsZero() // because T is any, rather than comparable var specifiedFields []string var changed bool for i, fieldIsSet := range isSetFns { @@ -209,7 +220,7 @@ func unionValidate[T any](op operation.Operation, fldPath *field.Path, } // If the union membership is unchanged, we don't need to re-validate. - if op.Type == operation.Update && !changed { + if op.Type == operation.Update && hasOldValue && !changed { return nil } diff --git a/vendor/knative.dev/eventing/pkg/adapter/v2/main.go b/vendor/knative.dev/eventing/pkg/adapter/v2/main.go index 0c0ceee85e..abaf58a8f7 100644 --- a/vendor/knative.dev/eventing/pkg/adapter/v2/main.go +++ b/vendor/knative.dev/eventing/pkg/adapter/v2/main.go @@ -18,6 +18,7 @@ package adapter import ( "context" + "errors" "flag" "fmt" "log" @@ -284,11 +285,20 @@ func MainWithInformers(ctx context.Context, component string, env EnvConfigAcces }() } + wg.Add(1) + go func() { + defer wg.Done() + if err := pprof.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) { + logger.Warnw("Profiling server shut down", zap.Error(err)) + } + }() + // Finally start the adapter (blocking) if err := adapter.Start(ctx); err != nil { logger.Fatalw("Start returned an error", zap.Error(err)) } + _ = pprof.Shutdown(context.Background()) wg.Wait() } diff --git a/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/eventtransform_lifecycle.go b/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/eventtransform_lifecycle.go index f87fa8919e..5caf1e105b 100644 --- a/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/eventtransform_lifecycle.go +++ b/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/eventtransform_lifecycle.go @@ -27,8 +27,9 @@ import ( ) const ( - TransformConditionAddressable apis.ConditionType = "Addressable" - TransformationConditionReady apis.ConditionType = "TransformationReady" + TransformConditionAddressable apis.ConditionType = "Addressable" + TransformationConditionReady apis.ConditionType = "TransformationReady" + TransformationEventPoliciesReady apis.ConditionType = "EventPoliciesReady" TransformationAddressableEmptyURL string = "NoURL" TransformationAddressableWaitingForServiceEndpoints string = "WaitingForServiceEndpoints" @@ -48,6 +49,7 @@ const ( var TransformCondSet = apis.NewLivingConditionSet( TransformationConditionReady, TransformConditionAddressable, + TransformationEventPoliciesReady, ) // transformJsonataConditionSet is the subset of conditions for the Jsonata transformation @@ -211,3 +213,19 @@ func (ts *EventTransformStatus) SetAddresses(addresses ...duckv1.Addressable) { } ts.GetConditionSet().Manage(ts).MarkTrue(TransformConditionAddressable) } + +func (ts *EventTransformStatus) MarkEventPoliciesFailed(reason, messageFormat string, messageA ...interface{}) { + TransformCondSet.Manage(ts).MarkFalse(TransformationEventPoliciesReady, reason, messageFormat, messageA...) +} + +func (ts *EventTransformStatus) MarkEventPoliciesUnknown(reason, messageFormat string, messageA ...interface{}) { + TransformCondSet.Manage(ts).MarkUnknown(TransformationEventPoliciesReady, reason, messageFormat, messageA...) +} + +func (ts *EventTransformStatus) MarkEventPoliciesTrue() { + TransformCondSet.Manage(ts).MarkTrue(TransformationEventPoliciesReady) +} + +func (ts *EventTransformStatus) MarkEventPoliciesTrueWithReason(reason, messageFormat string, messageA ...interface{}) { + TransformCondSet.Manage(ts).MarkTrueWithReason(TransformationEventPoliciesReady, reason, messageFormat, messageA...) +} diff --git a/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/eventtransform_types.go b/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/eventtransform_types.go index 1680737bfd..4025344516 100644 --- a/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/eventtransform_types.go +++ b/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/eventtransform_types.go @@ -22,6 +22,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" + eventingduckv1 "knative.dev/eventing/pkg/apis/duck/v1" "knative.dev/pkg/apis" duckv1 "knative.dev/pkg/apis/duck/v1" "knative.dev/pkg/kmeta" @@ -130,6 +131,10 @@ type EventTransformStatus struct { // +optional duckv1.AddressStatus `json:",inline"` + // AppliedEventPoliciesStatus contains the list of EventPolicies which apply to this EventTransform. + // +optional + eventingduckv1.AppliedEventPoliciesStatus `json:",inline"` + // JsonataTransformationStatus is the status associated with JsonataEventTransformationSpec. // +optional JsonataTransformationStatus *JsonataEventTransformationStatus `json:"jsonata,omitempty"` diff --git a/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/register.go b/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/register.go index 20d52b0e8d..3f20655b08 100644 --- a/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/register.go +++ b/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/register.go @@ -36,7 +36,7 @@ const ( RequestReplyBrokerCACertsStatusAnnotationKey = "knative.dev/brokerCACerts" // RequestReplyBrokerAudienceStatusAnnotationKey is the RequestReply status - // anotation key used to specify the broker's OIDC audience + // annotation key used to specify the broker's OIDC audience RequestReplyBrokerAudienceStatusAnnotationKey = "knative.dev/brokerAudience" ) diff --git a/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/zz_generated.deepcopy.go b/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/zz_generated.deepcopy.go index 0cfffa2db5..6299041de7 100644 --- a/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/zz_generated.deepcopy.go @@ -352,6 +352,7 @@ func (in *EventTransformStatus) DeepCopyInto(out *EventTransformStatus) { *out = *in in.SourceStatus.DeepCopyInto(&out.SourceStatus) in.AddressStatus.DeepCopyInto(&out.AddressStatus) + in.AppliedEventPoliciesStatus.DeepCopyInto(&out.AppliedEventPoliciesStatus) if in.JsonataTransformationStatus != nil { in, out := &in.JsonataTransformationStatus, &out.JsonataTransformationStatus *out = new(JsonataEventTransformationStatus) diff --git a/vendor/knative.dev/eventing/pkg/apis/sources/register.go b/vendor/knative.dev/eventing/pkg/apis/sources/register.go index 9f3966f6fd..63d01690a8 100644 --- a/vendor/knative.dev/eventing/pkg/apis/sources/register.go +++ b/vendor/knative.dev/eventing/pkg/apis/sources/register.go @@ -35,30 +35,30 @@ const ( ) var ( - // ApiServerSourceResource respresents a Knative Eventing Sources ApiServerSource + // ApiServerSourceResource represents a Knative Eventing Sources ApiServerSource //nolint:staticcheck // Not capitalizing "API" ApiServerSourceResource = schema.GroupResource{ Group: GroupName, Resource: "apiserversources", } - // PingSourceResource respresents a Knative Eventing Sources PingSource + // PingSourceResource represents a Knative Eventing Sources PingSource PingSourceResource = schema.GroupResource{ Group: GroupName, Resource: "pingsources", } - // SinkBindingResource respresents a Knative Eventing Sources SinkBinding + // SinkBindingResource represents a Knative Eventing Sources SinkBinding SinkBindingResource = schema.GroupResource{ Group: GroupName, Resource: "sinkbindings", } - // ContainerSourceResource respresents a Knative Eventing Sources ContainerSource + // ContainerSourceResource represents a Knative Eventing Sources ContainerSource ContainerSourceResource = schema.GroupResource{ Group: GroupName, Resource: "containersources", } - // IntegrationSourceResource respresents a Knative Eventing Sources IntegrationSource + // IntegrationSourceResource represents a Knative Eventing Sources IntegrationSource IntegrationSourceResource = schema.GroupResource{ Group: GroupName, Resource: "integrationsources", diff --git a/vendor/knative.dev/eventing/pkg/apis/sources/v1/apiserver_lifecycle.go b/vendor/knative.dev/eventing/pkg/apis/sources/v1/apiserver_lifecycle.go index 42e4df840e..67aac5b69c 100644 --- a/vendor/knative.dev/eventing/pkg/apis/sources/v1/apiserver_lifecycle.go +++ b/vendor/knative.dev/eventing/pkg/apis/sources/v1/apiserver_lifecycle.go @@ -104,7 +104,13 @@ func (s *ApiServerSourceStatus) PropagateDeploymentAvailability(d *appsv1.Deploy if cond.Type == appsv1.DeploymentAvailable { deploymentAvailableFound = true if cond.Status == corev1.ConditionTrue { - apiserverCondSet.Manage(s).MarkTrue(ApiServerConditionDeployed) + // Also check that there are no unavailable replicas to ensure the deployment + // is fully ready (not in the middle of a rolling update) + if d.Status.UnavailableReplicas == 0 { + apiserverCondSet.Manage(s).MarkTrue(ApiServerConditionDeployed) + } else { + apiserverCondSet.Manage(s).MarkUnknown(ApiServerConditionDeployed, "DeploymentUpdating", "Deployment has %d unavailable replica(s).", d.Status.UnavailableReplicas) + } } else if cond.Status == corev1.ConditionFalse { apiserverCondSet.Manage(s).MarkFalse(ApiServerConditionDeployed, cond.Reason, cond.Message) } else if cond.Status == corev1.ConditionUnknown { diff --git a/vendor/knative.dev/eventing/pkg/apis/sources/v1/apiserver_types.go b/vendor/knative.dev/eventing/pkg/apis/sources/v1/apiserver_types.go index e3d30765e8..7510771f04 100644 --- a/vendor/knative.dev/eventing/pkg/apis/sources/v1/apiserver_types.go +++ b/vendor/knative.dev/eventing/pkg/apis/sources/v1/apiserver_types.go @@ -134,7 +134,7 @@ type APIVersionKindSelector struct { // LabelSelector filters this source to objects to those resources pass the // label selector. - // More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors // +optional LabelSelector *metav1.LabelSelector `json:"selector,omitempty"` } diff --git a/vendor/knative.dev/eventing/pkg/apis/sources/v1/ping_lifecycle.go b/vendor/knative.dev/eventing/pkg/apis/sources/v1/ping_lifecycle.go index 5f7dd54709..7518c80118 100644 --- a/vendor/knative.dev/eventing/pkg/apis/sources/v1/ping_lifecycle.go +++ b/vendor/knative.dev/eventing/pkg/apis/sources/v1/ping_lifecycle.go @@ -115,7 +115,13 @@ func (s *PingSourceStatus) PropagateDeploymentAvailability(d *appsv1.Deployment) if cond.Type == appsv1.DeploymentAvailable { deploymentAvailableFound = true if cond.Status == corev1.ConditionTrue { - PingSourceCondSet.Manage(s).MarkTrue(PingSourceConditionDeployed) + // Also check that there are no unavailable replicas to ensure the deployment + // is fully ready (not in the middle of a rolling update) + if d.Status.UnavailableReplicas == 0 { + PingSourceCondSet.Manage(s).MarkTrue(PingSourceConditionDeployed) + } else { + PingSourceCondSet.Manage(s).MarkUnknown(PingSourceConditionDeployed, "DeploymentUpdating", "Deployment has %d unavailable replica(s).", d.Status.UnavailableReplicas) + } } else if cond.Status == corev1.ConditionFalse { PingSourceCondSet.Manage(s).MarkFalse(PingSourceConditionDeployed, cond.Reason, cond.Message) } else if cond.Status == corev1.ConditionUnknown { diff --git a/vendor/knative.dev/eventing/pkg/apis/sources/v1/sinkbinding_lifecycle.go b/vendor/knative.dev/eventing/pkg/apis/sources/v1/sinkbinding_lifecycle.go index 9b7101bbcc..746e7ddcdc 100644 --- a/vendor/knative.dev/eventing/pkg/apis/sources/v1/sinkbinding_lifecycle.go +++ b/vendor/knative.dev/eventing/pkg/apis/sources/v1/sinkbinding_lifecycle.go @@ -23,7 +23,6 @@ import ( "strings" "go.uber.org/zap" - "k8s.io/client-go/kubernetes" corev1listers "k8s.io/client-go/listers/core/v1" corev1 "k8s.io/api/core/v1" @@ -215,30 +214,13 @@ func (sb *SinkBinding) Do(ctx context.Context, ps *duckv1.WithPod) { Value: ceOverrides, }) } - gvk := schema.GroupVersionKind{ - Group: SchemeGroupVersion.Group, - Version: SchemeGroupVersion.Version, - Kind: "SinkBinding", - } - bundles, err := eventingtls.PropagateTrustBundles(ctx, getKubeClient(ctx), GetTrustBundleConfigMapLister(ctx), gvk, sb) + + pss, err := eventingtls.AddTrustBundleVolumes(GetTrustBundleConfigMapLister(ctx), sb, &ps.Spec.Template.Spec) if err != nil { - logging.FromContext(ctx).Errorw("Failed to propagate trust bundles", zap.Error(err)) - } - if len(bundles) > 0 { - pss, err := eventingtls.AddTrustBundleVolumesFromConfigMaps(bundles, &ps.Spec.Template.Spec) - if err != nil { - logging.FromContext(ctx).Errorw("Failed to add trust bundle volumes from configmaps %s/%s: %+v", zap.Error(err)) - return - } - ps.Spec.Template.Spec = *pss - } else { - pss, err := eventingtls.AddTrustBundleVolumes(GetTrustBundleConfigMapLister(ctx), sb, &ps.Spec.Template.Spec) - if err != nil { - logging.FromContext(ctx).Errorw("Failed to add trust bundle volumes %s/%s: %+v", zap.Error(err)) - return - } - ps.Spec.Template.Spec = *pss + logging.FromContext(ctx).Errorw("Failed to add trust bundle volumes %s/%s: %+v", zap.Error(err)) + return } + ps.Spec.Template.Spec = *pss if sb.Status.OIDCTokenSecretName != nil { ps.Spec.Template.Spec.Volumes = append(ps.Spec.Template.Spec.Volumes, corev1.Volume{ @@ -262,12 +244,14 @@ func (sb *SinkBinding) Do(ctx context.Context, ps *duckv1.WithPod) { ps.Spec.Template.Spec.Containers[i].VolumeMounts = append(ps.Spec.Template.Spec.Containers[i].VolumeMounts, corev1.VolumeMount{ Name: oidcTokenVolumeName, MountPath: "/oidc", + ReadOnly: true, }) } for i := range ps.Spec.Template.Spec.InitContainers { ps.Spec.Template.Spec.InitContainers[i].VolumeMounts = append(ps.Spec.Template.Spec.InitContainers[i].VolumeMounts, corev1.VolumeMount{ Name: oidcTokenVolumeName, MountPath: "/oidc", + ReadOnly: true, }) } } @@ -346,20 +330,6 @@ func (sb *SinkBinding) Undo(ctx context.Context, ps *duckv1.WithPod) { } } -type kubeClientKey struct{} - -func WithKubeClient(ctx context.Context, k kubernetes.Interface) context.Context { - return context.WithValue(ctx, kubeClientKey{}, k) -} - -func getKubeClient(ctx context.Context) kubernetes.Interface { - k := ctx.Value(kubeClientKey{}) - if k == nil { - panic("No Kube client found in context.") - } - return k.(kubernetes.Interface) -} - type configMapListerKey struct{} func WithTrustBundleConfigMapLister(ctx context.Context, lister corev1listers.ConfigMapLister) context.Context { diff --git a/vendor/knative.dev/eventing/pkg/auth/verifier.go b/vendor/knative.dev/eventing/pkg/auth/verifier.go index 17231fbe8f..ff21f02a9a 100644 --- a/vendor/knative.dev/eventing/pkg/auth/verifier.go +++ b/vendor/knative.dev/eventing/pkg/auth/verifier.go @@ -298,6 +298,15 @@ func (v *Verifier) initOIDCProvider(ctx context.Context, features feature.Flags) return nil } +// IsReady returns true if the OIDC provider has been initialized and the verifier +// is ready to validate tokens. This is used by health checks to ensure the auth-proxy +// doesn't receive traffic before it can properly validate authentication. +func (v *Verifier) IsReady() bool { + v.m.RLock() + defer v.m.RUnlock() + return v.provider != nil +} + func (v *Verifier) getHTTPClientForKubeAPIServer() (*http.Client, error) { client, err := rest.HTTPClientFor(v.restConfig) if err != nil { diff --git a/vendor/knative.dev/eventing/pkg/eventingtls/eventingtls.go b/vendor/knative.dev/eventing/pkg/eventingtls/eventingtls.go index 6e5cd4de16..bb7006372e 100644 --- a/vendor/knative.dev/eventing/pkg/eventingtls/eventingtls.go +++ b/vendor/knative.dev/eventing/pkg/eventingtls/eventingtls.go @@ -39,6 +39,7 @@ import ( duckv1 "knative.dev/pkg/apis/duck/v1" "knative.dev/pkg/controller" "knative.dev/pkg/logging" + pkgtls "knative.dev/pkg/network/tls" ) const ( @@ -46,8 +47,6 @@ const ( TLSKey = "tls.key" // TLSCrt is the key in the TLS secret for the public key of TLS servers TLSCrt = "tls.crt" - // DefaultMinTLSVersion is the default minimum TLS version for servers and clients. - DefaultMinTLSVersion = tls.VersionTLS12 // SecretCACrt is the name of the CA Cert in the secret SecretCACert = "ca.crt" // IMCDispatcherServerTLSSecretName is the name of the tls secret for the imc dispatcher server @@ -58,6 +57,8 @@ const ( BrokerFilterServerTLSSecretName = "mt-broker-filter-server-tls" //nolint:gosec // This is not a hardcoded credential // BrokerIngressServerTLSSecretName is the name of the tls secret for the broker ingress server BrokerIngressServerTLSSecretName = "mt-broker-ingress-server-tls" //nolint:gosec // This is not a hardcoded credential + // RequestReplyServerTLSSecretName is the name of the tls secret for the request reply server + RequestReplyServerTLSSecretName = "request-reply-server-tls" //nolint:gosec // This is not a hardcoded credential ) type ClientConfig struct { @@ -170,10 +171,13 @@ func GetTLSClientConfig(config ClientConfig) (*tls.Config, error) { return nil, err } - return &tls.Config{ - RootCAs: pool, - MinVersion: DefaultMinTLSVersion, - }, nil + cfg, err := defaultTLSConfigFromEnv() + if err != nil { + return nil, err + } + + cfg.RootCAs = pool + return cfg, nil } func NewDefaultServerConfig() ServerConfig { @@ -181,10 +185,25 @@ func NewDefaultServerConfig() ServerConfig { } func GetTLSServerConfig(config ServerConfig) (*tls.Config, error) { - return &tls.Config{ - MinVersion: DefaultMinTLSVersion, - GetCertificate: config.GetCertificate, - }, nil + cfg, err := defaultTLSConfigFromEnv() + if err != nil { + return nil, err + } + + cfg.GetCertificate = config.GetCertificate + return cfg, nil +} + +// defaultTLSConfigFromEnv loads TLS configuration from environment variables +// using the shared knative/pkg/tls utility. DefaultConfigFromEnv defaults to +// TLS 1.3. +func defaultTLSConfigFromEnv() (*tls.Config, error) { + cfg, err := pkgtls.DefaultConfigFromEnv("") + if err != nil { + return nil, fmt.Errorf("failed to load TLS config from env: %w", err) + } + + return cfg, nil } // IsHttpsSink returns true if the sink has scheme equal to https. diff --git a/vendor/knative.dev/eventing/pkg/eventingtls/trust_bundle.go b/vendor/knative.dev/eventing/pkg/eventingtls/trust_bundle.go index 2be29447c8..5b6643194e 100644 --- a/vendor/knative.dev/eventing/pkg/eventingtls/trust_bundle.go +++ b/vendor/knative.dev/eventing/pkg/eventingtls/trust_bundle.go @@ -190,7 +190,8 @@ func PropagateTrustBundles(ctx context.Context, k8s kubernetes.Interface, trustB if !equality.Semantic.DeepDerivative(expected.Data, p.userCm.Data) || !equality.Semantic.DeepDerivative(expected.BinaryData, p.userCm.BinaryData) || - !equality.Semantic.DeepDerivative(expected.Labels, p.userCm.Labels) { + !equality.Semantic.DeepDerivative(expected.Labels, p.userCm.Labels) || + !equality.Semantic.DeepDerivative(expected.OwnerReferences, p.userCm.OwnerReferences) { if err := updateConfigMap(ctx, k8s, expected); err != nil { return nil, err } @@ -309,7 +310,14 @@ func AddTrustBundleVolumesFromConfigMaps(cms []*corev1.ConfigMap, pt *corev1.Pod } func combineValidTrustBundles(configMaps []*corev1.ConfigMap, combinedBundle *bytes.Buffer) error { - for _, cm := range configMaps { + // Create a sorted copy of configMaps to ensure consistent ordering without modifying the input slice + sortedCMs := make([]*corev1.ConfigMap, len(configMaps)) + copy(sortedCMs, configMaps) + sort.SliceStable(sortedCMs, func(i, j int) bool { + return sortedCMs[i].Name < sortedCMs[j].Name + }) + + for _, cm := range sortedCMs { // Ensure the combined bundle is always composed in the same order. keys := make([]string, 0, len(cm.Data)) diff --git a/vendor/knative.dev/eventing/pkg/observability/key.go b/vendor/knative.dev/eventing/pkg/observability/key.go index 793c29a741..ad1d00ca6e 100644 --- a/vendor/knative.dev/eventing/pkg/observability/key.go +++ b/vendor/knative.dev/eventing/pkg/observability/key.go @@ -30,7 +30,7 @@ var ( MessagingSystem = attributekey.String("messaging.system") MessagingOperationName = attributekey.String("messaging.operation.name") MessagingDestinationName = attributekey.String("messaging.destination.name") - MessagingDestinationTemplate = attributekey.String("messaging.destination.tempate") + MessagingDestinationTemplate = attributekey.String("messaging.destination.template") // attributes relating to the source SourceName = attributekey.String("kn.source.name") diff --git a/vendor/knative.dev/eventing/pkg/observability/newcontext.go b/vendor/knative.dev/eventing/pkg/observability/newcontext.go index 97729fcc0e..9731d44ea1 100644 --- a/vendor/knative.dev/eventing/pkg/observability/newcontext.go +++ b/vendor/knative.dev/eventing/pkg/observability/newcontext.go @@ -23,6 +23,7 @@ import ( cloudevents "github.com/cloudevents/sdk-go/v2" "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp" "go.opentelemetry.io/otel/attribute" + semconv "go.opentelemetry.io/otel/semconv/v1.37.0" "k8s.io/apimachinery/pkg/types" ) @@ -166,3 +167,28 @@ func WithSinkLabels(ctx context.Context, sink types.NamespacedName, kind string) return ctx } + +func WithSourceLabels(ctx context.Context, source types.NamespacedName) context.Context { + labeler, ok := otelhttp.LabelerFromContext(ctx) + if !ok { + ctx = otelhttp.ContextWithLabeler(ctx, labeler) + } + + labeler.Add( + SourceName.With(source.Name), + SourceNamespace.With(source.Namespace), + ) + + return ctx +} + +func WithHTTPStatusCodeLabel(ctx context.Context, statusCode int) context.Context { + labeler, ok := otelhttp.LabelerFromContext(ctx) + if !ok { + ctx = otelhttp.ContextWithLabeler(ctx, labeler) + } + + labeler.Add(semconv.HTTPResponseStatusCode(statusCode)) + + return ctx +} diff --git a/vendor/knative.dev/eventing/pkg/utils/logging.go b/vendor/knative.dev/eventing/pkg/utils/logging.go new file mode 100644 index 0000000000..06b8f8e9af --- /dev/null +++ b/vendor/knative.dev/eventing/pkg/utils/logging.go @@ -0,0 +1,40 @@ +/* +Copyright 2019 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package utils + +import ( + "context" + + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + kubeclient "knative.dev/pkg/client/injection/kube/client" + "knative.dev/pkg/logging" +) + +// GetLoggingConfig fetches the logging ConfigMap from the given namespace and +// parses it into a *logging.Config. If the ConfigMap is not found, it returns +// the default logging config. +func GetLoggingConfig(ctx context.Context, namespace, loggingConfigMapName string) (*logging.Config, error) { + loggingConfigMap, err := kubeclient.Get(ctx).CoreV1().ConfigMaps(namespace).Get(ctx, loggingConfigMapName, metav1.GetOptions{}) + if apierrors.IsNotFound(err) { + return logging.NewConfigFromMap(nil) + } else if err != nil { + return nil, err + } + return logging.NewConfigFromConfigMap(loggingConfigMap) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 31182fc037..6ded792e28 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -601,7 +601,7 @@ go.yaml.in/yaml/v2 # go.yaml.in/yaml/v3 v3.0.4 ## explicit; go 1.16 go.yaml.in/yaml/v3 -# golang.org/x/crypto v0.49.0 +# golang.org/x/crypto v0.50.0 ## explicit; go 1.25.0 golang.org/x/crypto/blake2b golang.org/x/crypto/blake2s @@ -621,7 +621,7 @@ golang.org/x/crypto/ssh/internal/bcrypt_pbkdf ## explicit; go 1.25.0 golang.org/x/exp/maps golang.org/x/exp/slices -# golang.org/x/net v0.52.0 +# golang.org/x/net v0.53.0 ## explicit; go 1.25.0 golang.org/x/net/context golang.org/x/net/html @@ -646,17 +646,17 @@ golang.org/x/oauth2/internal ## explicit; go 1.25.0 golang.org/x/sync/errgroup golang.org/x/sync/semaphore -# golang.org/x/sys v0.42.0 +# golang.org/x/sys v0.43.0 ## explicit; go 1.25.0 golang.org/x/sys/cpu golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows golang.org/x/sys/windows/registry -# golang.org/x/term v0.41.0 +# golang.org/x/term v0.42.0 ## explicit; go 1.25.0 golang.org/x/term -# golang.org/x/text v0.35.0 +# golang.org/x/text v0.36.0 ## explicit; go 1.25.0 golang.org/x/text/cases golang.org/x/text/internal @@ -818,7 +818,7 @@ gotest.tools/v3/internal/cleanup gotest.tools/v3/internal/difflib gotest.tools/v3/internal/format gotest.tools/v3/internal/source -# k8s.io/api v0.35.3 +# k8s.io/api v0.35.4 ## explicit; go 1.25.0 k8s.io/api/admission/v1 k8s.io/api/admissionregistration/v1 @@ -879,11 +879,11 @@ k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 k8s.io/api/storagemigration/v1beta1 -# k8s.io/apiextensions-apiserver v0.35.3 +# k8s.io/apiextensions-apiserver v0.35.4 ## explicit; go 1.25.0 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 -# k8s.io/apimachinery v0.35.3 +# k8s.io/apimachinery v0.35.4 ## explicit; go 1.25.0 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -945,7 +945,7 @@ k8s.io/apimachinery/pkg/version k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/client-go v0.35.3 +# k8s.io/client-go v0.35.4 ## explicit; go 1.25.0 k8s.io/client-go/applyconfigurations k8s.io/client-go/applyconfigurations/admissionregistration/v1 @@ -1316,8 +1316,8 @@ k8s.io/utils/pointer k8s.io/utils/ptr k8s.io/utils/strings/slices k8s.io/utils/trace -# knative.dev/eventing v0.48.2 -## explicit; go 1.24.0 +# knative.dev/eventing v0.49.0 +## explicit; go 1.25.0 knative.dev/eventing/pkg/adapter/v2 knative.dev/eventing/pkg/adapter/v2/util/crstatusevent knative.dev/eventing/pkg/apis @@ -1346,7 +1346,7 @@ knative.dev/eventing/pkg/observability knative.dev/eventing/pkg/observability/configmap knative.dev/eventing/pkg/observability/otel knative.dev/eventing/pkg/utils -# knative.dev/pkg v0.0.0-20260406140200-cb58ae50e894 +# knative.dev/pkg v0.0.0-20260422015212-ec452872dcc1 ## explicit; go 1.25.0 knative.dev/pkg/apis knative.dev/pkg/apis/duck From bc23ca64b3698383758e0cda184df50df346dd55 Mon Sep 17 00:00:00 2001 From: Akshay Pant Date: Tue, 12 May 2026 17:58:59 +0530 Subject: [PATCH 2/2] docs(profiling): update guide for OTel migration Replace the obsolete profiling.enable ConfigMap key with runtime-profiling (enabled/disabled). Remove the K_METRICS_CONFIG controller section since the controller now uses ConfigMap-based observability via the eventing adapter. Document that controller profiling requires a pod restart as the adapter reads config once at startup. Add CONFIG_OBSERVABILITY_NAME prerequisite for the webhook. Fixes #2633 Signed-off-by: Akshay Pant Co-authored-by: Claude Opus 4.6 --- docs/content/docs/operations/profiling.md | 104 +++++++--------------- 1 file changed, 31 insertions(+), 73 deletions(-) diff --git a/docs/content/docs/operations/profiling.md b/docs/content/docs/operations/profiling.md index b7271f6459..eaf1ad345e 100644 --- a/docs/content/docs/operations/profiling.md +++ b/docs/content/docs/operations/profiling.md @@ -31,98 +31,69 @@ When profiling is disabled the server still listens but returns `404` for every ## Enabling Profiling -### Watcher - -The **watcher** (`pipelines-as-code-watcher`) uses Knative's `sharedmain` framework, -which watches the `config-observability` ConfigMap and toggles profiling **without a -restart**. - -**`PAC_DISABLE_HEALTH_PROBE=true` must be set on the watcher, otherwise a port conflict -on 8080 will cause the profiling server to shut down:** - -```bash -kubectl set env deployment/pipelines-as-code-watcher \ - -n pipelines-as-code \ - PAC_DISABLE_HEALTH_PROBE=true -``` - -Then enable profiling via the ConfigMap: +All components read profiling configuration from the same ConfigMap: ```bash +# Enable kubectl patch configmap pipelines-as-code-config-observability \ -n pipelines-as-code \ --type merge \ - -p '{"data":{"profiling.enable":"true"}}' -``` + -p '{"data":{"runtime-profiling":"enabled"}}' -To disable profiling: - -```bash +# Disable kubectl patch configmap pipelines-as-code-config-observability \ -n pipelines-as-code \ --type merge \ - -p '{"data":{"profiling.enable":"false"}}' + -p '{"data":{"runtime-profiling":"disabled"}}' ``` -The watcher picks up the ConfigMap change immediately without a restart. - -### Webhook +### Component-specific prerequisites -The **webhook** (`pipelines-as-code-webhook`) also uses `sharedmain` and supports -dynamic toggling via the same ConfigMap. Unlike the watcher, the webhook does not run -its own health probe server, so `PAC_DISABLE_HEALTH_PROBE` is not required. +| Component | Extra step required | +| --- | --- | +| **watcher** | Set `PAC_DISABLE_HEALTH_PROBE=true` — otherwise a port conflict on 8080 causes the profiling server to shut down (see below). Picks up ConfigMap changes without a restart. | +| **controller** | Profiling must be enabled in the ConfigMap **before** the pod starts — a pod restart is required after any change. The eventing adapter framework reads the profiling config once at startup and does not watch for ConfigMap updates. | +| **webhook** | Set `CONFIG_OBSERVABILITY_NAME=pipelines-as-code-config-observability` — the webhook Deployment does not set this by default and falls back to `config-observability`, which does not exist in the PAC namespace. Picks up ConfigMap changes without a restart. | -The webhook deployment does not set `CONFIG_OBSERVABILITY_NAME` by default, so it -falls back to looking for a ConfigMap named `config-observability`, which does not -exist in the PAC namespace. Set the environment variable first: +For the watcher: ```bash -kubectl set env deployment/pipelines-as-code-webhook \ +kubectl set env deployment/pipelines-as-code-watcher \ -n pipelines-as-code \ - CONFIG_OBSERVABILITY_NAME=pipelines-as-code-config-observability + PAC_DISABLE_HEALTH_PROBE=true ``` -Then use the same `kubectl patch` on the ConfigMap above to enable or disable profiling. - -### Controller - -The **controller** (`pipelines-as-code-controller`) uses the Knative eventing adapter -framework. Profiling is configured at startup from the `K_METRICS_CONFIG` environment -variable and is **not** dynamically reloaded; a pod restart is required after any change. - -The `K_METRICS_CONFIG` variable contains a JSON object whose `ConfigMap` field holds -inline key/value configuration data. To enable profiling, add `"profiling.enable":"true"` -inside that `ConfigMap` object: +For the webhook: ```bash -# Read the current value first -kubectl get deployment pipelines-as-code-controller \ +kubectl set env deployment/pipelines-as-code-webhook \ -n pipelines-as-code \ - -o jsonpath='{.spec.template.spec.containers[0].env[?(@.name=="K_METRICS_CONFIG")].value}' + CONFIG_OBSERVABILITY_NAME=pipelines-as-code-config-observability ``` -Then patch the Deployment with `profiling.enable` added to the `ConfigMap` field, for example: +## Accessing Profiles + +The profiling server listens on port **8008** by default. If that conflicts with another +service, set `PROFILING_PORT` on the relevant Deployment(s) before proceeding: ```bash -kubectl set env deployment/pipelines-as-code-controller \ +kubectl set env deployment/pipelines-as-code-watcher \ + deployment/pipelines-as-code-controller \ + deployment/pipelines-as-code-webhook \ -n pipelines-as-code \ - 'K_METRICS_CONFIG={"Domain":"pipelinesascode.tekton.dev/controller","Component":"pac_controller","PrometheusPort":9090,"ConfigMap":{"name":"pipelines-as-code-config-observability","profiling.enable":"true"}}' + PROFILING_PORT=8090 ``` -This triggers a rolling restart of the controller pod. Remove `"profiling.enable":"true"` -(or set it to `"false"`) and re-apply to disable. - -## Accessing Profiles - -Port 8008 is not declared in the container spec by default. To make it reachable, patch -the target Deployment(s) to add the port: +Port 8008 (or your chosen port) is not declared in the container spec by default. Patch +the target Deployment(s) to expose it — substituting the port number if you changed it: ```bash +PROFILING_PORT=8008 # change if you set a custom port above for deploy in pipelines-as-code-watcher pipelines-as-code-controller pipelines-as-code-webhook; do kubectl patch deployment "$deploy" \ -n pipelines-as-code \ --type json \ - -p '[{"op":"add","path":"/spec/template/spec/containers/0/ports/-","value":{"name":"profiling","containerPort":8008,"protocol":"TCP"}}]' + -p "[{\"op\":\"add\",\"path\":\"/spec/template/spec/containers/0/ports/-\",\"value\":{\"name\":\"profiling\",\"containerPort\":${PROFILING_PORT},\"protocol\":\"TCP\"}}]" done ``` @@ -155,7 +126,7 @@ export POD_NAME=$(kubectl get pods -n pipelines-as-code \ -o jsonpath='{.items[0].metadata.name}') ``` -Then, forward a local port to the pod's profiling port: +Then, forward a local port to the pod's profiling port (adjust if you changed `PROFILING_PORT`): ```bash kubectl port-forward -n pipelines-as-code $POD_NAME 8008:8008 @@ -163,19 +134,6 @@ kubectl port-forward -n pipelines-as-code $POD_NAME 8008:8008 The pprof index is now available at `http://localhost:8008/debug/pprof/`. -### Changing the profiling port - -If port 8008 conflicts with another service, set the `PROFILING_PORT` environment -variable on the Deployment to use a different port: - -```bash -kubectl set env deployment/pipelines-as-code-watcher \ - -n pipelines-as-code \ - PROFILING_PORT=8090 -``` - -Update the `containerPort` in the patch above and your port-forward command to match. - ### Capturing profiles with `go tool pprof` With `kubectl port-forward` running, use `go tool pprof` to analyze profiles directly: @@ -214,4 +172,4 @@ in the container spec by default, access requires an explicit Deployment patch, it to users with `deployments/patch` permission in the `pipelines-as-code` namespace. Do not expose port 8008 via a Service or Ingress in production environments. Disable -profiling (`profiling.enable: "false"`) when not actively investigating an issue. +profiling (`runtime-profiling: "disabled"`) when not actively investigating an issue.