diff --git a/go.mod b/go.mod index 6c9cd609..4ccafd90 100644 --- a/go.mod +++ b/go.mod @@ -14,8 +14,8 @@ require ( k8s.io/client-go v0.35.4 k8s.io/code-generator v0.35.4 knative.dev/hack v0.0.0-20260428014158-b2a37f1b6e7b - knative.dev/pkg v0.0.0-20260505204821-021ad709ec68 - knative.dev/serving v0.49.1-0.20260504070613-3d28fb878e74 + knative.dev/pkg v0.0.0-20260507212125-df317a52d112 + knative.dev/serving v0.49.1-0.20260512221929-dbaab46874d2 ) require ( @@ -97,7 +97,7 @@ require ( k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect - knative.dev/networking v0.0.0-20260422140718-e9578ef11562 // indirect + knative.dev/networking v0.0.0-20260428014950-5876dec269ce // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/randfill v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect diff --git a/go.sum b/go.sum index b7cf45b4..0b6e6222 100644 --- a/go.sum +++ b/go.sum @@ -263,12 +263,12 @@ k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzk k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= knative.dev/hack v0.0.0-20260428014158-b2a37f1b6e7b h1:MvbV2F2BdI8qKrYYUhDwbUZbX0BAYRSIpXM2TOtTvs0= knative.dev/hack v0.0.0-20260428014158-b2a37f1b6e7b/go.mod h1:L5RzHgbvam0u8QFHfzCX6MKxu/a/gIGEdaRBqNiVbl0= -knative.dev/networking v0.0.0-20260422140718-e9578ef11562 h1:3roePSDRNthOFDxwTISYPt2IYEXXVramzpHnH0NMGYs= -knative.dev/networking v0.0.0-20260422140718-e9578ef11562/go.mod h1:aQO2gITPzLwMPCV9S57rHrb1Zt2mUAYSGLbb/7nqzW0= -knative.dev/pkg v0.0.0-20260505204821-021ad709ec68 h1:cZz3AkOusfsFBJCOKiCiadBbHjbEiqlsu/55gzRhPZM= -knative.dev/pkg v0.0.0-20260505204821-021ad709ec68/go.mod h1:JM+8ds+MTBtPK2aCp6pGUHQx9gNIL8wuMhqr0sxtDog= -knative.dev/serving v0.49.1-0.20260504070613-3d28fb878e74 h1:rt3Hguyh3lWD1U9p7k1LWl9V9L2egRAnAZf4d0wJkdU= -knative.dev/serving v0.49.1-0.20260504070613-3d28fb878e74/go.mod h1:KXvVnXohxsbE3rCRbr1TZlxeC20qIzhVckDwbsgLWPI= +knative.dev/networking v0.0.0-20260428014950-5876dec269ce h1:Pt5NYScJzJ8CcIogikaTakvehEO9COjzXZ/2gJmc8YA= +knative.dev/networking v0.0.0-20260428014950-5876dec269ce/go.mod h1:aQO2gITPzLwMPCV9S57rHrb1Zt2mUAYSGLbb/7nqzW0= +knative.dev/pkg v0.0.0-20260507212125-df317a52d112 h1:ftdGpzukmrlcTRTCZytQQ+mAMUAFqcq/cwIUwc/Lk2s= +knative.dev/pkg v0.0.0-20260507212125-df317a52d112/go.mod h1:JM+8ds+MTBtPK2aCp6pGUHQx9gNIL8wuMhqr0sxtDog= +knative.dev/serving v0.49.1-0.20260512221929-dbaab46874d2 h1:8zqDL3WhXBqAvePlBnYZDGj5lXS19JnVca3gu+A17j4= +knative.dev/serving v0.49.1-0.20260512221929-dbaab46874d2/go.mod h1:3hXF5IUiZow3USDS0rA5UQeZCP30OwuDalcQS96XmFQ= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= diff --git a/vendor/knative.dev/serving/pkg/apis/config/features.go b/vendor/knative.dev/serving/pkg/apis/config/features.go index ed5eb6ea..74ce0e77 100644 --- a/vendor/knative.dev/serving/pkg/apis/config/features.go +++ b/vendor/knative.dev/serving/pkg/apis/config/features.go @@ -76,6 +76,7 @@ const ( FeaturePodSpecShareProcessNamespace = "kubernetes.podspec-shareprocessnamespace" FeaturePodSpecTolerations = "kubernetes.podspec-tolerations" FeaturePodSpecTopologySpreadConstraints = "kubernetes.podspec-topologyspreadconstraints" + FeaturePodSpecVolumesEphemeral = "kubernetes.podspec-volumes-ephemeral" FeaturePodSpecVolumesImage = "kubernetes.podspec-volumes-image" ) @@ -102,6 +103,7 @@ func defaultFeaturesConfig() *Features { PodSpecVolumesHostPath: Disabled, PodSpecVolumesMountPropagation: Disabled, PodSpecVolumesCSI: Disabled, + PodSpecVolumesEphemeral: Disabled, PodSpecVolumesImage: Disabled, PodSpecPersistentVolumeClaim: Disabled, PodSpecPersistentVolumeWrite: Disabled, @@ -141,6 +143,7 @@ func NewFeaturesConfigFromMap(data map[string]string) (*Features, error) { asFlag(FeaturePodSpecHostPID, &nc.PodSpecHostPID), asFlag(FeaturePodSpecHostPath, &nc.PodSpecVolumesHostPath), asFlag(FeaturePodSpecVolumesCSI, &nc.PodSpecVolumesCSI), + asFlag(FeaturePodSpecVolumesEphemeral, &nc.PodSpecVolumesEphemeral), asFlag(FeaturePodSpecVolumesImage, &nc.PodSpecVolumesImage), asFlag(FeaturePodSpecInitContainers, &nc.PodSpecInitContainers), asFlag(FeaturePodSpecVolumesMountPropagation, &nc.PodSpecVolumesMountPropagation), @@ -187,6 +190,7 @@ type Features struct { PodSpecVolumesHostPath Flag PodSpecVolumesMountPropagation Flag PodSpecVolumesCSI Flag + PodSpecVolumesEphemeral Flag PodSpecVolumesImage Flag PodSpecInitContainers Flag PodSpecPersistentVolumeClaim Flag diff --git a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go index 73c48b1b..43affd8e 100644 --- a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go +++ b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go @@ -76,6 +76,10 @@ func VolumeSourceMask(ctx context.Context, in *corev1.VolumeSource) *corev1.Volu out.CSI = in.CSI } + if cfg.Features.PodSpecVolumesEphemeral != config.Disabled { + out.Ephemeral = in.Ephemeral + } + if cfg.Features.PodSpecVolumesImage != config.Disabled { out.Image = in.Image } diff --git a/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go b/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go index fd90e0f1..5a8cff48 100644 --- a/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go +++ b/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go @@ -138,6 +138,10 @@ func validateVolume(ctx context.Context, volume corev1.Volume) *apis.FieldError errs = errs.Also(&apis.FieldError{Message: fmt.Sprintf("CSI volume support is disabled, "+ "but found CSI volume %s", volume.Name)}) } + if volume.Ephemeral != nil && features.PodSpecVolumesEphemeral != config.Enabled { + errs = errs.Also(&apis.FieldError{Message: fmt.Sprintf("Ephemeral volume support is disabled, "+ + "but found Ephemeral volume %s", volume.Name)}) + } errs = errs.Also(apis.CheckDisallowedFields(volume, *VolumeMask(ctx, &volume))) if volume.Name == "" { errs = apis.ErrMissingField("name") @@ -182,6 +186,10 @@ func validateVolume(ctx context.Context, volume corev1.Volume) *apis.FieldError specified = append(specified, "csi") } + if vs.Ephemeral != nil { + specified = append(specified, "ephemeral") + } + if vs.Image != nil { specified = append(specified, "image") errs = errs.Also(validateImageVolumeSource(vs.Image).ViaField("image")) @@ -202,6 +210,9 @@ func validateVolume(ctx context.Context, volume corev1.Volume) *apis.FieldError if cfg.Features.PodSpecVolumesCSI == config.Enabled { fieldPaths = append(fieldPaths, "csi") } + if cfg.Features.PodSpecVolumesEphemeral == config.Enabled { + fieldPaths = append(fieldPaths, "ephemeral") + } if cfg.Features.PodSpecVolumesImage == config.Enabled { fieldPaths = append(fieldPaths, "image") } @@ -545,11 +556,17 @@ func validateSidecarContainer(ctx context.Context, container corev1.Container, v errs = errs.Also(apis.CheckDisallowedFields(*container.ReadinessProbe, *ProbeMask(&corev1.Probe{})).ViaField("readinessProbe")) } + if container.StartupProbe != nil { + errs = errs.Also(apis.CheckDisallowedFields(*container.StartupProbe, + *ProbeMask(&corev1.Probe{})).ViaField("startupProbe")) + } } else if cfg.Features.MultiContainerProbing == config.Enabled { // Liveness Probes errs = errs.Also(validateProbe(container.LivenessProbe, nil, false).ViaField("livenessProbe")) // Readiness Probes errs = errs.Also(validateReadinessProbe(container.ReadinessProbe, nil, false).ViaField("readinessProbe")) + // Startup Probes + errs = errs.Also(validateProbe(container.StartupProbe, nil, false).ViaField("startupProbe")) } return errs.Also(validate(ctx, container, volumes)) @@ -591,6 +608,8 @@ func ValidateUserContainer(ctx context.Context, container corev1.Container, volu errs = errs.Also(validateProbe(container.LivenessProbe, &port, true).ViaField("livenessProbe")) // Readiness Probes errs = errs.Also(validateReadinessProbe(container.ReadinessProbe, &port, true).ViaField("readinessProbe")) + // Startup Probes + errs = errs.Also(validateProbe(container.StartupProbe, &port, true).ViaField("startupProbe")) return errs.Also(validate(ctx, container, volumes)) } @@ -717,7 +736,7 @@ func validateVolumeMounts(ctx context.Context, mounts []corev1.VolumeMount, volu } seenMountPath.Insert(path.Clean(vm.MountPath)) - shouldCheckReadOnlyVolume := volumes[vm.Name].EmptyDir == nil && volumes[vm.Name].PersistentVolumeClaim == nil + shouldCheckReadOnlyVolume := volumes[vm.Name].EmptyDir == nil && volumes[vm.Name].PersistentVolumeClaim == nil && volumes[vm.Name].Ephemeral == nil if shouldCheckReadOnlyVolume && !vm.ReadOnly { errs = errs.Also((&apis.FieldError{ Message: "volume mount should be readOnly for this type of volume", diff --git a/vendor/knative.dev/serving/pkg/apis/serving/v1/revision_defaults.go b/vendor/knative.dev/serving/pkg/apis/serving/v1/revision_defaults.go index be8c8123..f2014724 100644 --- a/vendor/knative.dev/serving/pkg/apis/serving/v1/revision_defaults.go +++ b/vendor/knative.dev/serving/pkg/apis/serving/v1/revision_defaults.go @@ -145,7 +145,7 @@ func (rs *RevisionSpec) applyDefault(ctx context.Context, container *corev1.Cont vNames := make(sets.Set[string]) for _, v := range rs.PodSpec.Volumes { - if v.EmptyDir != nil || v.PersistentVolumeClaim != nil { + if v.EmptyDir != nil || v.PersistentVolumeClaim != nil || v.Ephemeral != nil { vNames.Insert(v.Name) } } diff --git a/vendor/modules.txt b/vendor/modules.txt index acc2f6c5..51df050f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -912,7 +912,7 @@ k8s.io/utils/trace # knative.dev/hack v0.0.0-20260428014158-b2a37f1b6e7b ## explicit; go 1.24 knative.dev/hack -# knative.dev/networking v0.0.0-20260422140718-e9578ef11562 +# knative.dev/networking v0.0.0-20260428014950-5876dec269ce ## explicit; go 1.25.0 knative.dev/networking/pkg/apis/networking knative.dev/networking/pkg/apis/networking/v1alpha1 @@ -922,7 +922,7 @@ knative.dev/networking/pkg/http knative.dev/networking/pkg/http/header knative.dev/networking/pkg/http/proxy knative.dev/networking/pkg/http/stats -# knative.dev/pkg v0.0.0-20260505204821-021ad709ec68 +# knative.dev/pkg v0.0.0-20260507212125-df317a52d112 ## explicit; go 1.25.0 knative.dev/pkg/apis knative.dev/pkg/apis/duck @@ -962,7 +962,7 @@ knative.dev/pkg/signals knative.dev/pkg/system knative.dev/pkg/tracker knative.dev/pkg/websocket -# knative.dev/serving v0.49.1-0.20260504070613-3d28fb878e74 +# knative.dev/serving v0.49.1-0.20260512221929-dbaab46874d2 ## explicit; go 1.25.0 knative.dev/serving/pkg/activator knative.dev/serving/pkg/apis/autoscaling