[main] Upgrade to latest dependencies (#11)

upgrade to latest dependencies

bumping knative.dev/caching 8551914...54d0758:
  > 54d0758 upgrade to latest dependencies (# 802)
  > 104a7ba upgrade to latest dependencies (# 801)
  > 31d2498 upgrade to latest dependencies (# 800)
  > debd68e Update community files (# 799)
bumping knative.dev/serving 264588a...2659cc3:
  > 2659cc3 upgrade to latest dependencies (# 14555)
  > 2a46d0d upgrade to latest dependencies (# 14546)
  > 268701d Update net-kourier nightly (# 14549)
  > cfd806f Update net-certmanager nightly (# 14550)
  > 6b844de Update net-contour nightly (# 14545)
  > f69766c Bubble up KCertificate Status Message when its not ready (# 14496)
  > 2c0b8dc Rename auto-tls to external-domain-tls (# 14482)
  > 425abcb Update net-gateway-api nightly (# 14531)
  > 52a25fa Add security policy reference in serving (# 14544)
  > 9896079 Fix sec context and resources for performance jobs (# 14529)
  > 707d286 Test istio with system-internal-tls enabled (# 14494)
  > 1940e5a Update net-contour nightly (# 14533)
bumping knative.dev/networking c086340...2a7676e:
  > 2a7676e upgrade to latest dependencies (# 883)
  > b6cd712 upgrade to latest dependencies (# 882)
  > 64434a8 upgrade to latest dependencies (# 881)
  > fa72cb5 Update community files (# 880)

Signed-off-by: Knative Automation <[email protected]>

go.mod

@@ -12,9 +12,9 @@ require (
 	k8s.io/code-generator v0.27.6
 	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f
 	knative.dev/hack v0.0.0-20231016131700-2c938d4918da
-	knative.dev/networking v0.0.0-20231012062439-c0863403c83b
+	knative.dev/networking v0.0.0-20231017124814-2a7676e912b7
 	knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c
-	knative.dev/serving v0.38.1-0.20231017140341-264588a0dc98
+	knative.dev/serving v0.39.0
 )
 
 require (
@@ -130,7 +130,7 @@ require (
 	k8s.io/gengo v0.0.0-20221011193443-fad74ee6edd9 // indirect
 	k8s.io/klog/v2 v2.90.1 // indirect
 	k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect
-	knative.dev/caching v0.0.0-20231012110827-8551914fdf65 // indirect
+	knative.dev/caching v0.0.0-20231017130712-54d0758671ef // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect

go.sum

@@ -807,16 +807,16 @@ k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5F
 k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
 k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY=
 k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/caching v0.0.0-20231012110827-8551914fdf65 h1:Uc8C/3ymQGO/JDLwiWojhfxmKvj0UjlywKDJF/mjq1o=
-knative.dev/caching v0.0.0-20231012110827-8551914fdf65/go.mod h1:93dIqn2QXQP179R+gZKUFF7RaZFxJcL6ioXR04imKy0=
+knative.dev/caching v0.0.0-20231017130712-54d0758671ef h1:92Gn5HUcgMJ78mbSpkCfUxrCTHHZSnvjURk0YRCbUqo=
+knative.dev/caching v0.0.0-20231017130712-54d0758671ef/go.mod h1:plGN+mIBKRtVxZ0vQeZ3Gt02RIaj0niwIMnQNkQHycw=
 knative.dev/hack v0.0.0-20231016131700-2c938d4918da h1:xy+fvuz2LDOMsZ5UwXRaMF70NYUs9fsG+EF5/ierYBg=
 knative.dev/hack v0.0.0-20231016131700-2c938d4918da/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
-knative.dev/networking v0.0.0-20231012062439-c0863403c83b h1:yGtVPNHek3rmKb50k7G9fG/NuuC4FRzESVrWmPFU9AM=
-knative.dev/networking v0.0.0-20231012062439-c0863403c83b/go.mod h1:uEvP4spV82HGB8loxo8nH/LGmwsd9jUGWvDVC+tH4O4=
+knative.dev/networking v0.0.0-20231017124814-2a7676e912b7 h1:6+1icZuxiZO1paFZ4d/ysKWVG2M4WB7OxNJNyLG0P/E=
+knative.dev/networking v0.0.0-20231017124814-2a7676e912b7/go.mod h1:1gcHoIVG47ekQWjkddqRq+/7tWRh+CB9W4k/NAcdRbk=
 knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c h1:xyPoEToTWeBdn6tinhLxXfnhJhTNQt5WzHiTNiFphRw=
 knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c/go.mod h1:HHRXEd7ZlFpthgE+rwAZ6MUVnuJOAeolnaFSthXloUQ=
-knative.dev/serving v0.38.1-0.20231017140341-264588a0dc98 h1:cXsSNACjvxirJX5uKxOHMcFAutlBLCCHt63BkRZ3R4Q=
-knative.dev/serving v0.38.1-0.20231017140341-264588a0dc98/go.mod h1:cuia3pUQNF4sa3g3KsPFgqpLnF1pf9iquDLgk71iLfo=
+knative.dev/serving v0.39.0 h1:NVt8WthHmFFMWZ3qpBblXt47del8qqrbCegqwGBVSwk=
+knative.dev/serving v0.39.0/go.mod h1:0QIp5mvgWa1oUC2MxMf+Q/JWgG8JhAsSdJKc6iTRlvE=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

vendor/knative.dev/serving/pkg/apis/serving/v1/route_lifecycle.go

@@ -174,10 +174,11 @@ func (rs *RouteStatus) MarkCertificateReady(name string) {
 
 // MarkCertificateNotReady marks the RouteConditionCertificateProvisioned
 // condition to indicate that the Certificate is not ready.
-func (rs *RouteStatus) MarkCertificateNotReady(name string) {
+func (rs *RouteStatus) MarkCertificateNotReady(c *v1alpha1.Certificate) {
+	certificateCondition := c.Status.GetCondition("Ready")
 	routeCondSet.Manage(rs).MarkUnknown(RouteConditionCertificateProvisioned,
 		"CertificateNotReady",
-		"Certificate %s is not ready.", name)
+		"Certificate %s is not ready: %s", c.Name, certificateCondition.GetReason())
 }
 
 // MarkCertificateNotOwned changes the RouteConditionCertificateProvisioned
@@ -190,10 +191,10 @@ func (rs *RouteStatus) MarkCertificateNotOwned(name string) {
 }
 
 const (
-	// AutoTLSNotEnabledMessage is the message which is set on the
+	// ExternalDomainTLSNotEnabledMessage is the message which is set on the
 	// RouteConditionCertificateProvisioned condition when it is set to True
-	// because AutoTLS was not enabled.
-	AutoTLSNotEnabledMessage = "auto-tls is not enabled"
+	// because external-domain-tls was not enabled.
+	ExternalDomainTLSNotEnabledMessage = "external-domain-tls is not enabled"
 
 	// TLSNotEnabledForClusterLocalMessage is the message which is set on the
 	// RouteConditionCertificateProvisioned condition when it is set to True
@@ -202,7 +203,7 @@ const (
 )
 
 // MarkTLSNotEnabled sets RouteConditionCertificateProvisioned to true when
-// certificate config such as auto-tls is not enabled or private cluster-local service.
+// certificate config such as external-domain-tls is not enabled or private cluster-local service.
 func (rs *RouteStatus) MarkTLSNotEnabled(msg string) {
 	routeCondSet.Manage(rs).MarkTrueWithReason(RouteConditionCertificateProvisioned,
 		"TLSNotEnabled", msg)

vendor/knative.dev/serving/pkg/apis/serving/v1beta1/domainmapping_lifecycle.go

@@ -59,10 +59,10 @@ func (dms *DomainMappingStatus) InitializeConditions() {
 }
 
 const (
-	// AutoTLSNotEnabledMessage is the message which is set on the
+	// ExternalDomainTLSNotEnabledMessage is the message which is set on the
 	// DomainMappingConditionCertificateProvisioned condition when it is set to True
-	// because AutoTLS was not enabled.
-	AutoTLSNotEnabledMessage = "auto-tls is not enabled"
+	// because external-domain-tls was not enabled.
+	ExternalDomainTLSNotEnabledMessage = "external-domain-tls is not enabled"
 	// TLSCertificateProvidedExternally indicates that a TLS secret won't be created or managed
 	// instead a reference to an existing TLS secret should have been provided in the DomainMapping spec
 	TLSCertificateProvidedExternally = "TLS certificate was provided externally"

vendor/knative.dev/serving/pkg/reconciler/domainmapping/reconciler.go

@@ -171,18 +171,18 @@ func (r *Reconciler) FinalizeKind(ctx context.Context, dm *v1beta1.DomainMapping
 	return r.netclient.NetworkingV1alpha1().ClusterDomainClaims().Delete(ctx, dm.Name, metav1.DeleteOptions{})
 }
 
-func autoTLSEnabled(ctx context.Context, dm *v1beta1.DomainMapping) bool {
-	if !config.FromContext(ctx).Network.AutoTLS {
+func externalDomainTLSEnabled(ctx context.Context, dm *v1beta1.DomainMapping) bool {
+	if !config.FromContext(ctx).Network.ExternalDomainTLS {
 		return false
 	}
-	annotationValue := netapi.GetDisableAutoTLS(dm.Annotations)
+	annotationValue := netapi.GetDisableExternalDomainTLS(dm.Annotations)
 	disabledByAnnotation, err := strconv.ParseBool(annotationValue)
 	if annotationValue != "" && err != nil {
 		logger := logging.FromContext(ctx)
 		// Validation should've caught an invalid value here.
 		// If we have one anyway, assume not disabled and log a warning.
 		logger.Warnf("DM.Annotations[%s] = %q is invalid",
-			netapi.DisableAutoTLSAnnotationKey, annotationValue)
+			netapi.DisableExternalDomainTLSAnnotation, annotationValue)
 	}
 
 	return !disabledByAnnotation
@@ -203,8 +203,8 @@ func (r *Reconciler) tls(ctx context.Context, dm *v1beta1.DomainMapping) ([]netv
 		}}, nil, nil
 	}
 
-	if !autoTLSEnabled(ctx, dm) {
-		dm.Status.MarkTLSNotEnabled(v1.AutoTLSNotEnabledMessage)
+	if !externalDomainTLSEnabled(ctx, dm) {
+		dm.Status.MarkTLSNotEnabled(v1.ExternalDomainTLSNotEnabledMessage)
 		return nil, nil, nil
 	}
 

vendor/knative.dev/serving/pkg/reconciler/route/route.go

@@ -184,8 +184,8 @@ func (c *Reconciler) tls(ctx context.Context, host string, r *v1.Route, traffic
 	logger := logging.FromContext(ctx)
 
 	tls := []netv1alpha1.IngressTLS{}
-	if !autoTLSEnabled(ctx, r) {
-		r.Status.MarkTLSNotEnabled(v1.AutoTLSNotEnabledMessage)
+	if !externalDomainTLSEnabled(ctx, r) {
+		r.Status.MarkTLSNotEnabled(v1.ExternalDomainTLSNotEnabledMessage)
 		return tls, nil, nil
 	}
 
@@ -265,10 +265,10 @@ func (c *Reconciler) tls(ctx context.Context, host string, r *v1.Route, traffic
 			tls = append(tls, resources.MakeIngressTLS(cert, dnsNames.List()))
 		} else {
 			acmeChallenges = append(acmeChallenges, cert.Status.HTTP01Challenges...)
-			r.Status.MarkCertificateNotReady(cert.Name)
+			r.Status.MarkCertificateNotReady(cert)
 			// When httpProtocol is enabled, downgrade http scheme.
 			// Explicitly not using the override settings here as to not to muck with
-			// AutoTLS semantics.
+			// external-domain-tls semantics.
 			if config.FromContext(ctx).Network.HTTPProtocol == netcfg.HTTPEnabled {
 				if dnsNames.Has(host) {
 					r.Status.URL = &apis.URL{
@@ -491,20 +491,20 @@ func setTargetsScheme(rs *v1.RouteStatus, dnsNames []string, scheme string) {
 	}
 }
 
-func autoTLSEnabled(ctx context.Context, r *v1.Route) bool {
-	if !config.FromContext(ctx).Network.AutoTLS {
+func externalDomainTLSEnabled(ctx context.Context, r *v1.Route) bool {
+	if !config.FromContext(ctx).Network.ExternalDomainTLS {
 		return false
 	}
 
 	logger := logging.FromContext(ctx)
-	annotationValue := networking.GetDisableAutoTLS(r.Annotations)
+	annotationValue := networking.GetDisableExternalDomainTLS(r.Annotations)
 
 	disabledByAnnotation, err := strconv.ParseBool(annotationValue)
 	if annotationValue != "" && err != nil {
 		// validation should've caught an invalid value here.
-		// if we have one anyways, assume not disabled and log a warning.
+		// if we have one anyway, assume not disabled and log a warning.
 		logger.Warnf("Invalid annotation value for %q. Value: %q",
-			networking.DisableAutoTLSAnnotationKey, annotationValue)
+			networking.DisableExternalDomainTLSAnnotationKey, annotationValue)
 	}
 
 	return !disabledByAnnotation

vendor/modules.txt

@@ -1059,7 +1059,7 @@ k8s.io/utils/net
 k8s.io/utils/pointer
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/caching v0.0.0-20231012110827-8551914fdf65
+# knative.dev/caching v0.0.0-20231017130712-54d0758671ef
 ## explicit; go 1.18
 knative.dev/caching/pkg/apis/caching
 knative.dev/caching/pkg/apis/caching/v1alpha1
@@ -1077,7 +1077,7 @@ knative.dev/caching/pkg/client/listers/caching/v1alpha1
 # knative.dev/hack v0.0.0-20231016131700-2c938d4918da
 ## explicit; go 1.18
 knative.dev/hack
-# knative.dev/networking v0.0.0-20231012062439-c0863403c83b
+# knative.dev/networking v0.0.0-20231017124814-2a7676e912b7
 ## explicit; go 1.18
 knative.dev/networking/pkg
 knative.dev/networking/pkg/apis/networking
@@ -1163,7 +1163,7 @@ knative.dev/pkg/version
 knative.dev/pkg/webhook
 knative.dev/pkg/webhook/certificates/resources
 knative.dev/pkg/websocket
-# knative.dev/serving v0.38.1-0.20231017140341-264588a0dc98
+# knative.dev/serving v0.39.0
 ## explicit; go 1.18
 knative.dev/serving/pkg/activator
 knative.dev/serving/pkg/apis/autoscaling