diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go index bb57f2cc436..c7339c86116 100644 --- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go +++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go @@ -1157,6 +1157,15 @@ type ManagedFieldsEntry struct { // FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. // +optional FieldsV1 *FieldsV1 `json:"fieldsV1,omitempty" protobuf:"bytes,7,opt,name=fieldsV1"` + + // Subresource is the name of the subresource used to update that object, or + // empty string if the object was updated through the main resource. The + // value of this field is used to distinguish between managers, even if they + // share the same name. For example, a status update will be distinct from a + // regular update using the same manager name. + // Note that the APIVersion field is not related to the Subresource field and + // it always corresponds to the version of the main resource. + Subresource string `json:"subresource,omitempty" protobuf:"bytes,8,opt,name=subresource"` } // ManagedFieldsOperationType is the type of operation which lead to a ManagedFieldsEntry being created. diff --git a/vendor/knative.dev/pkg/controller/stats_reporter.go b/vendor/knative.dev/pkg/controller/stats_reporter.go index 474bab3fc61..dbf74d6007c 100644 --- a/vendor/knative.dev/pkg/controller/stats_reporter.go +++ b/vendor/knative.dev/pkg/controller/stats_reporter.go @@ -197,7 +197,7 @@ func (r *reporter) ReportReconcile(duration time.Duration, success string, key t return err } - metrics.RecordBatch(ctx, reconcileCountStat.M(1), - reconcileLatencyStat.M(duration.Milliseconds())) + // TODO skonto: fix latency histogram + metrics.RecordBatch(ctx, reconcileCountStat.M(1)) return nil } diff --git a/vendor/knative.dev/pkg/webhook/certificates/certificates.go b/vendor/knative.dev/pkg/webhook/certificates/certificates.go index 5239279e526..95a9633b130 100644 --- a/vendor/knative.dev/pkg/webhook/certificates/certificates.go +++ b/vendor/knative.dev/pkg/webhook/certificates/certificates.go @@ -36,7 +36,7 @@ import ( const ( // Time used for updating a certificate before it expires. - oneDay = 24 * time.Hour + oneWeek = 7 * 24 * time.Hour ) type reconciler struct { @@ -89,7 +89,7 @@ func (r *reconciler) reconcileCertificate(ctx context.Context) error { certData, err := x509.ParseCertificate(cert.Certificate[0]) if err != nil { logger.Errorw("Error parsing certificate", zap.Error(err)) - } else if time.Now().Add(oneDay).Before(certData.NotAfter) { + } else if time.Now().Add(oneWeek).Before(certData.NotAfter) { return nil } } diff --git a/vendor/knative.dev/pkg/webhook/certificates/resources/certs.go b/vendor/knative.dev/pkg/webhook/certificates/resources/certs.go index c7ab8f6a3de..3b148646900 100644 --- a/vendor/knative.dev/pkg/webhook/certificates/resources/certs.go +++ b/vendor/knative.dev/pkg/webhook/certificates/resources/certs.go @@ -18,8 +18,8 @@ package resources import ( "context" - "crypto/ed25519" "crypto/rand" + "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/pem" @@ -62,7 +62,7 @@ func createCertTemplate(name, namespace string, notAfter time.Time) (*x509.Certi Organization: []string{organization}, CommonName: commonName, }, - SignatureAlgorithm: x509.PureEd25519, + SignatureAlgorithm: x509.SHA256WithRSA, NotBefore: time.Now(), NotAfter: notAfter, BasicConstraintsValid: true, @@ -112,9 +112,9 @@ func createCert(template, parent *x509.Certificate, pub, parentPriv interface{}) return } -func createCA(ctx context.Context, name, namespace string, notAfter time.Time) (ed25519.PrivateKey, *x509.Certificate, []byte, error) { +func createCA(ctx context.Context, name, namespace string, notAfter time.Time) (*rsa.PrivateKey, *x509.Certificate, []byte, error) { logger := logging.FromContext(ctx) - publicKey, privateKey, err := ed25519.GenerateKey(rand.Reader) + rootKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { logger.Errorw("error generating random key", zap.Error(err)) return nil, nil, nil, err @@ -126,12 +126,12 @@ func createCA(ctx context.Context, name, namespace string, notAfter time.Time) ( return nil, nil, nil, err } - rootCert, rootCertPEM, err := createCert(rootCertTmpl, rootCertTmpl, publicKey, privateKey) + rootCert, rootCertPEM, err := createCert(rootCertTmpl, rootCertTmpl, &rootKey.PublicKey, rootKey) if err != nil { logger.Errorw("error signing the CA cert", zap.Error(err)) return nil, nil, nil, err } - return privateKey, rootCert, rootCertPEM, nil + return rootKey, rootCert, rootCertPEM, nil } // CreateCerts creates and returns a CA certificate and certificate and @@ -148,7 +148,7 @@ func CreateCerts(ctx context.Context, name, namespace string, notAfter time.Time } // Then create the private key for the serving cert - publicKey, privateKey, err := ed25519.GenerateKey(rand.Reader) + servKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { logger.Errorw("error generating random key", zap.Error(err)) return nil, nil, nil, err @@ -160,18 +160,13 @@ func CreateCerts(ctx context.Context, name, namespace string, notAfter time.Time } // create a certificate which wraps the server's public key, sign it with the CA private key - _, servCertPEM, err := createCert(servCertTemplate, caCertificate, publicKey, caKey) + _, servCertPEM, err := createCert(servCertTemplate, caCertificate, &servKey.PublicKey, caKey) if err != nil { logger.Errorw("error signing server certificate template", zap.Error(err)) return nil, nil, nil, err } - privKeyBytes, err := x509.MarshalPKCS8PrivateKey(privateKey) - if err != nil { - logger.Errorw("error marshaling private key", zap.Error(err)) - return nil, nil, nil, err - } servKeyPEM := pem.EncodeToMemory(&pem.Block{ - Type: "PRIVATE KEY", Bytes: privKeyBytes, + Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(servKey), }) return servKeyPEM, servCertPEM, caCertificatePEM, nil } diff --git a/vendor/knative.dev/pkg/webhook/certificates/resources/secret.go b/vendor/knative.dev/pkg/webhook/certificates/resources/secret.go index 6fad6629f14..48e57e87004 100644 --- a/vendor/knative.dev/pkg/webhook/certificates/resources/secret.go +++ b/vendor/knative.dev/pkg/webhook/certificates/resources/secret.go @@ -32,8 +32,6 @@ const ( // CACert is the name of the key associated with the certificate of the CA for // the keypair. CACert = "ca-cert.pem" - - oneWeek = 7 * 24 * time.Hour ) // MakeSecret synthesizes a Kubernetes Secret object with the keys specified by @@ -43,7 +41,7 @@ var MakeSecret = MakeSecretInternal // MakeSecretInternal is only public so MakeSecret can be restored in testing. Use MakeSecret. func MakeSecretInternal(ctx context.Context, name, namespace, serviceName string) (*corev1.Secret, error) { - serverKey, serverCert, caCert, err := CreateCerts(ctx, serviceName, namespace, time.Now().Add(oneWeek)) + serverKey, serverCert, caCert, err := CreateCerts(ctx, serviceName, namespace, time.Now().AddDate(1, 0, 0)) if err != nil { return nil, err } diff --git a/vendor/knative.dev/pkg/webhook/stats_reporter.go b/vendor/knative.dev/pkg/webhook/stats_reporter.go index 9d64634feae..d2845ac9602 100644 --- a/vendor/knative.dev/pkg/webhook/stats_reporter.go +++ b/vendor/knative.dev/pkg/webhook/stats_reporter.go @@ -99,9 +99,8 @@ func (r *reporter) ReportRequest(req *admissionv1.AdmissionRequest, resp *admiss return err } - metrics.RecordBatch(ctx, requestCountM.M(1), - // Convert time.Duration in nanoseconds to milliseconds - responseTimeInMsecM.M(float64(d.Milliseconds()))) + // TODO skonto: fix latency histogram + metrics.Record(ctx, requestCountM.M(1)) return nil }