diff --git a/vendor/knative.dev/pkg/controller/stats_reporter.go b/vendor/knative.dev/pkg/controller/stats_reporter.go index 474bab3fc61..dbf74d6007c 100644 --- a/vendor/knative.dev/pkg/controller/stats_reporter.go +++ b/vendor/knative.dev/pkg/controller/stats_reporter.go @@ -197,7 +197,7 @@ func (r *reporter) ReportReconcile(duration time.Duration, success string, key t return err } - metrics.RecordBatch(ctx, reconcileCountStat.M(1), - reconcileLatencyStat.M(duration.Milliseconds())) + // TODO skonto: fix latency histogram + metrics.RecordBatch(ctx, reconcileCountStat.M(1)) return nil } diff --git a/vendor/knative.dev/pkg/metrics/resource_view.go b/vendor/knative.dev/pkg/metrics/resource_view.go index 7135af70aa8..236fd588baf 100644 --- a/vendor/knative.dev/pkg/metrics/resource_view.go +++ b/vendor/knative.dev/pkg/metrics/resource_view.go @@ -82,10 +82,16 @@ func cleanup() { expiryCutoff := allMeters.clock.Now().Add(-1 * maxMeterExporterAge) allMeters.lock.Lock() defer allMeters.lock.Unlock() + resourceViews.lock.Lock() + defer resourceViews.lock.Unlock() for key, meter := range allMeters.meters { if key != "" && meter.t.Before(expiryCutoff) { flushGivenExporter(meter.e) + // Make a copy of views to avoid data races + viewsCopy := copyViews(resourceViews.views) + meter.m.Unregister(viewsCopy...) delete(allMeters.meters, key) + meter.m.Stop() } } } @@ -139,7 +145,7 @@ func RegisterResourceView(views ...*view.View) error { return nil } -// UnregisterResourceView is similar to view.Unregiste(), except that it will +// UnregisterResourceView is similar to view.Unregister(), except that it will // unregister the view across all Resources tracked byt he system, rather than // simply the default view. func UnregisterResourceView(views ...*view.View) { diff --git a/vendor/knative.dev/pkg/resolver/addressable_resolver.go b/vendor/knative.dev/pkg/resolver/addressable_resolver.go index 4407f80be5e..a5701ea4496 100644 --- a/vendor/knative.dev/pkg/resolver/addressable_resolver.go +++ b/vendor/knative.dev/pkg/resolver/addressable_resolver.go @@ -21,26 +21,27 @@ import ( "errors" "fmt" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/tools/cache" + "knative.dev/pkg/client/injection/ducks/duck/v1/addressable" + "knative.dev/pkg/controller" + corev1 "k8s.io/api/core/v1" apierrs "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/types" - "knative.dev/pkg/apis" pkgapisduck "knative.dev/pkg/apis/duck" duckv1 "knative.dev/pkg/apis/duck/v1" duckv1beta1 "knative.dev/pkg/apis/duck/v1beta1" - "knative.dev/pkg/controller" "knative.dev/pkg/network" "knative.dev/pkg/tracker" - - "knative.dev/pkg/client/injection/ducks/duck/v1/addressable" ) // URIResolver resolves Destinations and ObjectReferences into a URI. type URIResolver struct { - tracker tracker.Interface - informerFactory pkgapisduck.InformerFactory + tracker tracker.Interface + listerFactory func(schema.GroupVersionResource) (cache.GenericLister, error) } // NewURIResolver constructs a new URIResolver with context and a callback @@ -49,13 +50,19 @@ func NewURIResolver(ctx context.Context, callback func(types.NamespacedName)) *U ret := &URIResolver{} ret.tracker = tracker.New(callback, controller.GetTrackerLease(ctx)) - ret.informerFactory = &pkgapisduck.CachedInformerFactory{ + + informerFactory := &pkgapisduck.CachedInformerFactory{ Delegate: &pkgapisduck.EnqueueInformerFactory{ Delegate: addressable.Get(ctx), EventHandler: controller.HandleAll(ret.tracker.OnChanged), }, } + ret.listerFactory = func(gvr schema.GroupVersionResource) (cache.GenericLister, error) { + _, l, err := informerFactory.Get(ctx, gvr) + return l, err + } + return ret } @@ -163,7 +170,7 @@ func (r *URIResolver) URIFromObjectReference(ctx context.Context, ref *corev1.Ob return url, nil } - _, lister, err := r.informerFactory.Get(ctx, gvr) + lister, err := r.listerFactory(gvr) if err != nil { return nil, apierrs.NewNotFound(gvr.GroupResource(), "Lister") } diff --git a/vendor/knative.dev/pkg/webhook/certificates/certificates.go b/vendor/knative.dev/pkg/webhook/certificates/certificates.go index 5239279e526..95a9633b130 100644 --- a/vendor/knative.dev/pkg/webhook/certificates/certificates.go +++ b/vendor/knative.dev/pkg/webhook/certificates/certificates.go @@ -36,7 +36,7 @@ import ( const ( // Time used for updating a certificate before it expires. - oneDay = 24 * time.Hour + oneWeek = 7 * 24 * time.Hour ) type reconciler struct { @@ -89,7 +89,7 @@ func (r *reconciler) reconcileCertificate(ctx context.Context) error { certData, err := x509.ParseCertificate(cert.Certificate[0]) if err != nil { logger.Errorw("Error parsing certificate", zap.Error(err)) - } else if time.Now().Add(oneDay).Before(certData.NotAfter) { + } else if time.Now().Add(oneWeek).Before(certData.NotAfter) { return nil } } diff --git a/vendor/knative.dev/pkg/webhook/certificates/resources/certs.go b/vendor/knative.dev/pkg/webhook/certificates/resources/certs.go index c7ab8f6a3de..3b148646900 100644 --- a/vendor/knative.dev/pkg/webhook/certificates/resources/certs.go +++ b/vendor/knative.dev/pkg/webhook/certificates/resources/certs.go @@ -18,8 +18,8 @@ package resources import ( "context" - "crypto/ed25519" "crypto/rand" + "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/pem" @@ -62,7 +62,7 @@ func createCertTemplate(name, namespace string, notAfter time.Time) (*x509.Certi Organization: []string{organization}, CommonName: commonName, }, - SignatureAlgorithm: x509.PureEd25519, + SignatureAlgorithm: x509.SHA256WithRSA, NotBefore: time.Now(), NotAfter: notAfter, BasicConstraintsValid: true, @@ -112,9 +112,9 @@ func createCert(template, parent *x509.Certificate, pub, parentPriv interface{}) return } -func createCA(ctx context.Context, name, namespace string, notAfter time.Time) (ed25519.PrivateKey, *x509.Certificate, []byte, error) { +func createCA(ctx context.Context, name, namespace string, notAfter time.Time) (*rsa.PrivateKey, *x509.Certificate, []byte, error) { logger := logging.FromContext(ctx) - publicKey, privateKey, err := ed25519.GenerateKey(rand.Reader) + rootKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { logger.Errorw("error generating random key", zap.Error(err)) return nil, nil, nil, err @@ -126,12 +126,12 @@ func createCA(ctx context.Context, name, namespace string, notAfter time.Time) ( return nil, nil, nil, err } - rootCert, rootCertPEM, err := createCert(rootCertTmpl, rootCertTmpl, publicKey, privateKey) + rootCert, rootCertPEM, err := createCert(rootCertTmpl, rootCertTmpl, &rootKey.PublicKey, rootKey) if err != nil { logger.Errorw("error signing the CA cert", zap.Error(err)) return nil, nil, nil, err } - return privateKey, rootCert, rootCertPEM, nil + return rootKey, rootCert, rootCertPEM, nil } // CreateCerts creates and returns a CA certificate and certificate and @@ -148,7 +148,7 @@ func CreateCerts(ctx context.Context, name, namespace string, notAfter time.Time } // Then create the private key for the serving cert - publicKey, privateKey, err := ed25519.GenerateKey(rand.Reader) + servKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { logger.Errorw("error generating random key", zap.Error(err)) return nil, nil, nil, err @@ -160,18 +160,13 @@ func CreateCerts(ctx context.Context, name, namespace string, notAfter time.Time } // create a certificate which wraps the server's public key, sign it with the CA private key - _, servCertPEM, err := createCert(servCertTemplate, caCertificate, publicKey, caKey) + _, servCertPEM, err := createCert(servCertTemplate, caCertificate, &servKey.PublicKey, caKey) if err != nil { logger.Errorw("error signing server certificate template", zap.Error(err)) return nil, nil, nil, err } - privKeyBytes, err := x509.MarshalPKCS8PrivateKey(privateKey) - if err != nil { - logger.Errorw("error marshaling private key", zap.Error(err)) - return nil, nil, nil, err - } servKeyPEM := pem.EncodeToMemory(&pem.Block{ - Type: "PRIVATE KEY", Bytes: privKeyBytes, + Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(servKey), }) return servKeyPEM, servCertPEM, caCertificatePEM, nil } diff --git a/vendor/knative.dev/pkg/webhook/certificates/resources/secret.go b/vendor/knative.dev/pkg/webhook/certificates/resources/secret.go index 6fad6629f14..48e57e87004 100644 --- a/vendor/knative.dev/pkg/webhook/certificates/resources/secret.go +++ b/vendor/knative.dev/pkg/webhook/certificates/resources/secret.go @@ -32,8 +32,6 @@ const ( // CACert is the name of the key associated with the certificate of the CA for // the keypair. CACert = "ca-cert.pem" - - oneWeek = 7 * 24 * time.Hour ) // MakeSecret synthesizes a Kubernetes Secret object with the keys specified by @@ -43,7 +41,7 @@ var MakeSecret = MakeSecretInternal // MakeSecretInternal is only public so MakeSecret can be restored in testing. Use MakeSecret. func MakeSecretInternal(ctx context.Context, name, namespace, serviceName string) (*corev1.Secret, error) { - serverKey, serverCert, caCert, err := CreateCerts(ctx, serviceName, namespace, time.Now().Add(oneWeek)) + serverKey, serverCert, caCert, err := CreateCerts(ctx, serviceName, namespace, time.Now().AddDate(1, 0, 0)) if err != nil { return nil, err } diff --git a/vendor/knative.dev/pkg/webhook/stats_reporter.go b/vendor/knative.dev/pkg/webhook/stats_reporter.go index 9d64634feae..d2845ac9602 100644 --- a/vendor/knative.dev/pkg/webhook/stats_reporter.go +++ b/vendor/knative.dev/pkg/webhook/stats_reporter.go @@ -99,9 +99,8 @@ func (r *reporter) ReportRequest(req *admissionv1.AdmissionRequest, resp *admiss return err } - metrics.RecordBatch(ctx, requestCountM.M(1), - // Convert time.Duration in nanoseconds to milliseconds - responseTimeInMsecM.M(float64(d.Milliseconds()))) + // TODO skonto: fix latency histogram + metrics.Record(ctx, requestCountM.M(1)) return nil }