From ceed8e7047bfc70b63ef8d73e646457f4680d1c4 Mon Sep 17 00:00:00 2001
From: Knative Automation <automation@knative.team>
Date: Wed, 13 Mar 2024 01:43:09 +0000
Subject: [PATCH] upgrade to latest dependencies

bumping knative.dev/networking 9417101...3252e63:
  > 3252e63 upgrade to latest dependencies (# 944)
bumping knative.dev/eventing 8a18b16...bbb9051:
  > bbb9051 Fusion Hack  (# 7740)
  > e886832 [main] Upgrade to latest dependencies (# 7781)
bumping knative.dev/serving 3e119d5...a194cb2:
  > a194cb2 Add multi-container probing (# 14853)
  > b635c4c Update net-kourier nightly (# 15004)
  > 79498ab Update net-istio nightly (# 15003)
  > 54254a1 Update net-gateway-api nightly (# 15005)
  > 1c9495a Update net-certmanager nightly (# 15002)
  > 173ab17 upgrade to latest dependencies (# 15001)

Signed-off-by: Knative Automation <automation@knative.team>
---
 go.mod                                        |  6 +-
 go.sum                                        | 12 ++--
 .../serving/pkg/apis/config/features.go       |  3 +
 .../pkg/apis/serving/k8s_validation.go        | 61 +++++++++++++------
 .../pkg/apis/serving/v1/revision_defaults.go  | 15 ++++-
 .../pkg/apis/serving/v1/revision_helpers.go   | 19 ++++++
 vendor/modules.txt                            |  6 +-
 7 files changed, 87 insertions(+), 35 deletions(-)

diff --git a/go.mod b/go.mod
index e9ef549ba..0c131798a 100644
--- a/go.mod
+++ b/go.mod
@@ -15,10 +15,10 @@ require (
 	k8s.io/api v0.29.2
 	k8s.io/apimachinery v0.29.2
 	k8s.io/client-go v0.29.2
-	knative.dev/eventing v0.40.1-0.20240311130728-8a18b168acd5
+	knative.dev/eventing v0.40.1-0.20240312170432-bbb9051e9fd0
 	knative.dev/hack v0.0.0-20240302114326-e6dedc74dc47
 	knative.dev/pkg v0.0.0-20240311204931-2c15a6fd07af
-	knative.dev/serving v0.40.1-0.20240311214815-3e119d571289
+	knative.dev/serving v0.40.1-0.20240312204407-a194cb210d5e
 )
 
 require (
@@ -100,7 +100,7 @@ require (
 	k8s.io/klog/v2 v2.120.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
 	k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect
-	knative.dev/networking v0.0.0-20240306063647-941710129f7a // indirect
+	knative.dev/networking v0.0.0-20240311132944-3252e63e3239 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
diff --git a/go.sum b/go.sum
index 3eae31ada..a5f8e9949 100644
--- a/go.sum
+++ b/go.sum
@@ -721,16 +721,16 @@ k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/A
 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ=
 k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/eventing v0.40.1-0.20240311130728-8a18b168acd5 h1:6fomHNpt4YRWtiXUO8Z7TuDsWqhcowoj+pXdTBIAHXk=
-knative.dev/eventing v0.40.1-0.20240311130728-8a18b168acd5/go.mod h1:zDgh6w6YNyF47bPVsMt20Fqtz2pgoFdz11FWiFcvwBw=
+knative.dev/eventing v0.40.1-0.20240312170432-bbb9051e9fd0 h1:uCaJsFiTl06ULwsqY8NjCvnDxqvSNybUU5Qk9eFBPhg=
+knative.dev/eventing v0.40.1-0.20240312170432-bbb9051e9fd0/go.mod h1:cR01SW6iIArmoqN9hSIme8kG1LVwHA7bGltSFvXH9LM=
 knative.dev/hack v0.0.0-20240302114326-e6dedc74dc47 h1:ob3nmyZw8vJbvnHQdnDTG/5RDeUKBj5erjTdef/Mpew=
 knative.dev/hack v0.0.0-20240302114326-e6dedc74dc47/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
-knative.dev/networking v0.0.0-20240306063647-941710129f7a h1:T26doaoObxZrQ5uKHMDnBaXyY/9vmCzphr/9A6yW/UQ=
-knative.dev/networking v0.0.0-20240306063647-941710129f7a/go.mod h1:udigmYdmQh3QVHjBmIadENIk0sVNeLh5PWqw2tBL72I=
+knative.dev/networking v0.0.0-20240311132944-3252e63e3239 h1:vGLIFxVzXKac/X6OaabW8V88VWnY/tdGTY/64/4mQ50=
+knative.dev/networking v0.0.0-20240311132944-3252e63e3239/go.mod h1:WA1iELJea7iqa0jzkoV4JoCanNcFUtvnQNuKkA7/qDw=
 knative.dev/pkg v0.0.0-20240311204931-2c15a6fd07af h1:5Qvq9/U4wfvrqASuGN5C0G+zbpoL5SlmwC/iQaPxt14=
 knative.dev/pkg v0.0.0-20240311204931-2c15a6fd07af/go.mod h1:sY120AxzRnR/Bx39e9o5WyLGgCNVvmTvRK8ic9ca3AY=
-knative.dev/serving v0.40.1-0.20240311214815-3e119d571289 h1:72B505Fqkn2dGJrIYd08RWapkJaW9Uqk/cdoD+baJSE=
-knative.dev/serving v0.40.1-0.20240311214815-3e119d571289/go.mod h1:tbBuvAZLzbtA3IW7Vs97EIMgvbfvcFc/dvz9MXzugKQ=
+knative.dev/serving v0.40.1-0.20240312204407-a194cb210d5e h1:w1S941lOj4pnI3EtuH/Uvz/OTofgTVbm1BuNwH1Ug8g=
+knative.dev/serving v0.40.1-0.20240312204407-a194cb210d5e/go.mod h1:8XlchMQ5/ZyouHPGBCgQGTPxpklw0JuWpL430NjKpF8=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff --git a/vendor/knative.dev/serving/pkg/apis/config/features.go b/vendor/knative.dev/serving/pkg/apis/config/features.go
index 0aec2ebca..63234c30e 100644
--- a/vendor/knative.dev/serving/pkg/apis/config/features.go
+++ b/vendor/knative.dev/serving/pkg/apis/config/features.go
@@ -54,6 +54,7 @@ const (
 func defaultFeaturesConfig() *Features {
 	return &Features{
 		MultiContainer:                   Enabled,
+		MultiContainerProbing:            Disabled,
 		PodSpecAffinity:                  Disabled,
 		PodSpecTopologySpreadConstraints: Disabled,
 		PodSpecDryRun:                    Allowed,
@@ -87,6 +88,7 @@ func NewFeaturesConfigFromMap(data map[string]string) (*Features, error) {
 
 	if err := cm.Parse(data,
 		asFlag("multi-container", &nc.MultiContainer),
+		asFlag("multi-container-probing", &nc.MultiContainerProbing),
 		asFlag("kubernetes.podspec-affinity", &nc.PodSpecAffinity),
 		asFlag("kubernetes.podspec-topologyspreadconstraints", &nc.PodSpecTopologySpreadConstraints),
 		asFlag("kubernetes.podspec-dryrun", &nc.PodSpecDryRun),
@@ -124,6 +126,7 @@ func NewFeaturesConfigFromConfigMap(config *corev1.ConfigMap) (*Features, error)
 // Features specifies which features are allowed by the webhook.
 type Features struct {
 	MultiContainer                   Flag
+	MultiContainerProbing            Flag
 	PodSpecAffinity                  Flag
 	PodSpecTopologySpreadConstraints Flag
 	PodSpecDryRun                    Flag
diff --git a/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go b/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go
index fe2f95f5c..091aafcd0 100644
--- a/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go
+++ b/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go
@@ -387,7 +387,7 @@ func ValidatePodSpec(ctx context.Context, ps corev1.PodSpec) *apis.FieldError {
 	case 0:
 		errs = errs.Also(apis.ErrMissingField("containers"))
 	case 1:
-		errs = errs.Also(ValidateContainer(ctx, ps.Containers[0], volumes, port).
+		errs = errs.Also(ValidateUserContainer(ctx, ps.Containers[0], volumes, port).
 			ViaFieldIndex("containers", 0))
 	default:
 		errs = errs.Also(validateContainers(ctx, ps.Containers, volumes, port))
@@ -447,7 +447,7 @@ func validateContainers(ctx context.Context, containers []corev1.Container, volu
 			// Note, if we allow readiness/liveness checks on sidecars, we should pass in an *empty* port here, not the main container's port.
 			errs = errs.Also(validateSidecarContainer(WithinSidecarContainer(ctx), containers[i], volumes).ViaFieldIndex("containers", i))
 		} else {
-			errs = errs.Also(ValidateContainer(WithinUserContainer(ctx), containers[i], volumes, port).ViaFieldIndex("containers", i))
+			errs = errs.Also(ValidateUserContainer(WithinUserContainer(ctx), containers[i], volumes, port).ViaFieldIndex("containers", i))
 		}
 	}
 	return errs
@@ -503,14 +503,23 @@ func validateContainersPorts(containers []corev1.Container) (corev1.ContainerPor
 
 // validateSidecarContainer validate fields for non serving containers
 func validateSidecarContainer(ctx context.Context, container corev1.Container, volumes map[string]corev1.Volume) (errs *apis.FieldError) {
-	if container.LivenessProbe != nil {
-		errs = errs.Also(apis.CheckDisallowedFields(*container.LivenessProbe,
-			*ProbeMask(&corev1.Probe{})).ViaField("livenessProbe"))
-	}
-	if container.ReadinessProbe != nil {
-		errs = errs.Also(apis.CheckDisallowedFields(*container.ReadinessProbe,
-			*ProbeMask(&corev1.Probe{})).ViaField("readinessProbe"))
+	cfg := config.FromContextOrDefaults(ctx)
+	if cfg.Features.MultiContainerProbing != config.Enabled {
+		if container.LivenessProbe != nil {
+			errs = errs.Also(apis.CheckDisallowedFields(*container.LivenessProbe,
+				*ProbeMask(&corev1.Probe{})).ViaField("livenessProbe"))
+		}
+		if container.ReadinessProbe != nil {
+			errs = errs.Also(apis.CheckDisallowedFields(*container.ReadinessProbe,
+				*ProbeMask(&corev1.Probe{})).ViaField("readinessProbe"))
+		}
+	} else if cfg.Features.MultiContainerProbing == config.Enabled {
+		// Liveness Probes
+		errs = errs.Also(validateProbe(container.LivenessProbe, nil, false).ViaField("livenessProbe"))
+		// Readiness Probes
+		errs = errs.Also(validateReadinessProbe(container.ReadinessProbe, nil, false).ViaField("readinessProbe"))
 	}
+
 	return errs.Also(validate(ctx, container, volumes))
 }
 
@@ -544,12 +553,12 @@ func validateInitContainer(ctx context.Context, container corev1.Container, volu
 	return errs.Also(validate(WithinInitContainer(ctx), container, volumes))
 }
 
-// ValidateContainer validate fields for serving containers
-func ValidateContainer(ctx context.Context, container corev1.Container, volumes map[string]corev1.Volume, port corev1.ContainerPort) (errs *apis.FieldError) {
+// ValidateUserContainer validate fields for serving containers
+func ValidateUserContainer(ctx context.Context, container corev1.Container, volumes map[string]corev1.Volume, port corev1.ContainerPort) (errs *apis.FieldError) {
 	// Liveness Probes
-	errs = errs.Also(validateProbe(container.LivenessProbe, port).ViaField("livenessProbe"))
+	errs = errs.Also(validateProbe(container.LivenessProbe, &port, true).ViaField("livenessProbe"))
 	// Readiness Probes
-	errs = errs.Also(validateReadinessProbe(container.ReadinessProbe, port).ViaField("readinessProbe"))
+	errs = errs.Also(validateReadinessProbe(container.ReadinessProbe, &port, true).ViaField("readinessProbe"))
 	return errs.Also(validate(ctx, container, volumes))
 }
 
@@ -751,12 +760,12 @@ func validateContainerPortBasic(port corev1.ContainerPort) *apis.FieldError {
 	return errs
 }
 
-func validateReadinessProbe(p *corev1.Probe, port corev1.ContainerPort) *apis.FieldError {
+func validateReadinessProbe(p *corev1.Probe, port *corev1.ContainerPort, isUserContainer bool) *apis.FieldError {
 	if p == nil {
 		return nil
 	}
 
-	errs := validateProbe(p, port)
+	errs := validateProbe(p, port, isUserContainer)
 
 	if p.PeriodSeconds < 0 {
 		errs = errs.Also(apis.ErrOutOfBoundsValue(p.PeriodSeconds, 0, math.MaxInt32, "periodSeconds"))
@@ -798,7 +807,7 @@ func validateReadinessProbe(p *corev1.Probe, port corev1.ContainerPort) *apis.Fi
 	return errs
 }
 
-func validateProbe(p *corev1.Probe, port corev1.ContainerPort) *apis.FieldError {
+func validateProbe(p *corev1.Probe, port *corev1.ContainerPort, isUserContainer bool) *apis.FieldError {
 	if p == nil {
 		return nil
 	}
@@ -813,16 +822,28 @@ func validateProbe(p *corev1.Probe, port corev1.ContainerPort) *apis.FieldError
 		handlers = append(handlers, "httpGet")
 		errs = errs.Also(apis.CheckDisallowedFields(*h.HTTPGet, *HTTPGetActionMask(h.HTTPGet))).ViaField("httpGet")
 		getPort := h.HTTPGet.Port
-		if getPort.StrVal != "" && getPort.StrVal != port.Name {
-			errs = errs.Also(apis.ErrInvalidValue(getPort.String(), "httpGet.port", "Probe port must match container port"))
+		if isUserContainer {
+			if getPort.StrVal != "" && getPort.StrVal != port.Name {
+				errs = errs.Also(apis.ErrInvalidValue(getPort.String(), "httpGet.port", "Probe port must match container port"))
+			}
+		} else {
+			if getPort.StrVal == "" && getPort.IntVal == 0 {
+				errs = errs.Also(apis.ErrInvalidValue(getPort.String(), "httpGet.port", "Probe port must be specified"))
+			}
 		}
 	}
 	if h.TCPSocket != nil {
 		handlers = append(handlers, "tcpSocket")
 		errs = errs.Also(apis.CheckDisallowedFields(*h.TCPSocket, *TCPSocketActionMask(h.TCPSocket))).ViaField("tcpSocket")
 		tcpPort := h.TCPSocket.Port
-		if tcpPort.StrVal != "" && tcpPort.StrVal != port.Name {
-			errs = errs.Also(apis.ErrInvalidValue(tcpPort.String(), "tcpSocket.port", "Probe port must match container port"))
+		if isUserContainer {
+			if tcpPort.StrVal != "" && tcpPort.StrVal != port.Name {
+				errs = errs.Also(apis.ErrInvalidValue(tcpPort.String(), "tcpSocket.port", "Probe port must match container port"))
+			}
+		} else {
+			if tcpPort.StrVal == "" && tcpPort.IntVal == 0 {
+				errs = errs.Also(apis.ErrInvalidValue(tcpPort.String(), "tcpSocket.port", "Probe port must be specified"))
+			}
 		}
 	}
 	if h.Exec != nil {
diff --git a/vendor/knative.dev/serving/pkg/apis/serving/v1/revision_defaults.go b/vendor/knative.dev/serving/pkg/apis/serving/v1/revision_defaults.go
index 5e5fecec0..3c40f4f6c 100644
--- a/vendor/knative.dev/serving/pkg/apis/serving/v1/revision_defaults.go
+++ b/vendor/knative.dev/serving/pkg/apis/serving/v1/revision_defaults.go
@@ -132,9 +132,10 @@ func (rs *RevisionSpec) applyDefault(ctx context.Context, container *corev1.Cont
 	// If there are multiple containers then default probes will be applied to the container where user specified PORT
 	// default probes will not be applied for non serving containers
 	if len(rs.PodSpec.Containers) == 1 || len(container.Ports) != 0 {
-		rs.applyProbesWithDefaults(container)
-		rs.applyGRPCProbeDefaults(container)
+		rs.applyUserContainerDefaultReadinessProbe(container)
 	}
+	rs.applyReadinessProbeDefaults(container)
+	rs.applyGRPCProbeDefaults(container)
 
 	if rs.PodSpec.EnableServiceLinks == nil && apis.IsInCreate(ctx) {
 		rs.PodSpec.EnableServiceLinks = cfg.Defaults.EnableServiceLinks
@@ -154,7 +155,7 @@ func (rs *RevisionSpec) applyDefault(ctx context.Context, container *corev1.Cont
 	}
 }
 
-func (*RevisionSpec) applyProbesWithDefaults(container *corev1.Container) {
+func (*RevisionSpec) applyUserContainerDefaultReadinessProbe(container *corev1.Container) {
 	if container.ReadinessProbe == nil {
 		container.ReadinessProbe = &corev1.Probe{}
 	}
@@ -164,6 +165,14 @@ func (*RevisionSpec) applyProbesWithDefaults(container *corev1.Container) {
 		container.ReadinessProbe.GRPC == nil {
 		container.ReadinessProbe.TCPSocket = &corev1.TCPSocketAction{}
 	}
+}
+
+func (*RevisionSpec) applyReadinessProbeDefaults(container *corev1.Container) {
+	if container.ReadinessProbe == nil {
+		// Sidecars are allowed to not have a readiness-probe
+		// we do not want the defaults in that case.
+		return
+	}
 
 	if container.ReadinessProbe.SuccessThreshold == 0 {
 		container.ReadinessProbe.SuccessThreshold = 1
diff --git a/vendor/knative.dev/serving/pkg/apis/serving/v1/revision_helpers.go b/vendor/knative.dev/serving/pkg/apis/serving/v1/revision_helpers.go
index e561c7ae6..ade03840e 100644
--- a/vendor/knative.dev/serving/pkg/apis/serving/v1/revision_helpers.go
+++ b/vendor/knative.dev/serving/pkg/apis/serving/v1/revision_helpers.go
@@ -71,6 +71,7 @@ const (
 // It is never nil and should be exactly the specified container if len(containers) == 1 or
 // if there are multiple containers it returns the container which has Ports
 // as guaranteed by validation.
+// Note: If you change this function, also update GetSidecarContainers.
 func (rs *RevisionSpec) GetContainer() *corev1.Container {
 	switch {
 	case len(rs.Containers) == 1:
@@ -86,6 +87,24 @@ func (rs *RevisionSpec) GetContainer() *corev1.Container {
 	return &corev1.Container{}
 }
 
+// GetSidecarContainers returns a slice of pointers to all sidecar containers.
+// If len(containers) == 1 OR only one container with a user-port exists, it will return an empty slice.
+// It is the "rest" of GetContainer.
+func (rs *RevisionSpec) GetSidecarContainers() []*corev1.Container {
+	sidecars := []*corev1.Container{}
+	if len(rs.Containers) == 1 {
+		return sidecars
+	}
+
+	for i, c := range rs.Containers {
+		if len(c.Ports) == 0 {
+			sidecars = append(sidecars, &rs.Containers[i])
+		}
+	}
+
+	return sidecars
+}
+
 // SetRoutingState sets the routingState label on this Revision and updates the
 // routingStateModified annotation.
 func (r *Revision) SetRoutingState(state RoutingState, tm time.Time) {
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 712b433cb..943ac2b93 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -953,7 +953,7 @@ k8s.io/utils/pointer
 k8s.io/utils/ptr
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/eventing v0.40.1-0.20240311130728-8a18b168acd5
+# knative.dev/eventing v0.40.1-0.20240312170432-bbb9051e9fd0
 ## explicit; go 1.21
 knative.dev/eventing/pkg/adapter/v2
 knative.dev/eventing/pkg/adapter/v2/test
@@ -970,7 +970,7 @@ knative.dev/eventing/pkg/reconciler/source
 # knative.dev/hack v0.0.0-20240302114326-e6dedc74dc47
 ## explicit; go 1.18
 knative.dev/hack
-# knative.dev/networking v0.0.0-20240306063647-941710129f7a
+# knative.dev/networking v0.0.0-20240311132944-3252e63e3239
 ## explicit; go 1.21
 knative.dev/networking/pkg/apis/networking
 knative.dev/networking/pkg/apis/networking/v1alpha1
@@ -1038,7 +1038,7 @@ knative.dev/pkg/webhook/psbinding
 knative.dev/pkg/webhook/resourcesemantics
 knative.dev/pkg/webhook/resourcesemantics/defaulting
 knative.dev/pkg/webhook/resourcesemantics/validation
-# knative.dev/serving v0.40.1-0.20240311214815-3e119d571289
+# knative.dev/serving v0.40.1-0.20240312204407-a194cb210d5e
 ## explicit; go 1.21
 knative.dev/serving/pkg/apis/autoscaling
 knative.dev/serving/pkg/apis/autoscaling/v1alpha1