-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release-1.8] Don't set seccomp profile in the queue proxy #13508
[release-1.8] Don't set seccomp profile in the queue proxy #13508
Conversation
This is breaking OpenShift and likewise people using gVisor
Codecov ReportBase: 86.44% // Head: 86.43% // Decreases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## release-1.8 #13508 +/- ##
===============================================
- Coverage 86.44% 86.43% -0.02%
===============================================
Files 196 196
Lines 14560 14560
===============================================
- Hits 12587 12585 -2
- Misses 1674 1676 +2
Partials 299 299
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dprotaso, knative-prow-robot The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This is breaking OpenShift and likewise people using gVisor Co-authored-by: dprotaso <[email protected]>
* [release-1.8] ran codegen with go1.19 & fix linter warnings (knative#13492) * ran codegen * address linter * fix nolint comment Co-authored-by: dprotaso <[email protected]> * [release-1.8] ran codegen with go1.19 & fix linter warnings (knative#13492) * ran codegen * address linter * fix nolint comment Co-authored-by: dprotaso <[email protected]> * bump knative.dev/pkg to pull in nil pointer fixes (knative#13500) * Ensure probes from the autoscaler are not passed to the user-container (knative#13503) The autoscaler sends a probe to detect the activator is in the data path. This probe was inadvertently passed to the user container which was preventing scale to 0. Co-authored-by: dprotaso <[email protected]> * Don't set seccomp profile in the queue proxy (knative#13508) This is breaking OpenShift and likewise people using gVisor Co-authored-by: dprotaso <[email protected]> * updates HPA webhook api version (knative#13521) Signed-off-by: Paul S. Schweigert <[email protected]> Signed-off-by: Paul S. Schweigert <[email protected]> Co-authored-by: Paul S. Schweigert <[email protected]> * [release-1.8] Use ubuntu 20.04 for kind e2e tests (knative#13540) * use ubuntu 20.04 for kind e2e tests Signed-off-by: Paul S. Schweigert <[email protected]> Github recently made the `ubuntu-latest` runner label refer to Ubuntu 22.04 (before it had been 20.04). 22.04 uses cgroups v2 by default, whereas 20.04 was still using cgroups v1. It seems that our cgroups conformance tests were written for cgroups v1, as they fail when using cgroups v2 (tested on both Ubuntu 22.04 and Fedora 36). As a short-term solution, this patch will keep running the e2e tests on Ubuntu 20.04, until we have a chance to rewrite the conformance tests to work with cgroups v2. * check cgroup version Signed-off-by: Paul S. Schweigert <[email protected]> * actually run the tests on 20.04 with go 1.19 Signed-off-by: Paul S. Schweigert <[email protected]> Signed-off-by: Paul S. Schweigert <[email protected]> Co-authored-by: Paul S. Schweigert <[email protected]> * Leave a comment which will trigger a new dot release (knative#13539) * [release-1.8] Upgrade to latest dependencies (knative#13738) * upgrade to latest dependencies bumping golang.org/x/term 03fcf44...d974fe8: > d974fe8 go.mod: update golang.org/x dependencies > 1efcd90 go.mod: update golang.org/x dependencies > 97ca0e3 go.mod: update golang.org/x dependencies > f72a2d8 go.mod: update golang.org/x dependencies > f6f2839 term: remove unused variable > 8365914 go.mod: update golang.org/x dependencies > 7a66f97 term_test.go: replace io/ioutil with io and os package > a9ba230 A+C: delete AUTHORS and CONTRIBUTORS > 065cf7b x/term: prevent invalid indexing into stRingBuffer > e5f449a all: gofmt bumping golang.org/x/text 383b2e7...71a9c9a: > 71a9c9a all: fix some comments > ec5565b README.md: update documentation of module versioning > c8236a6 unicode/bidi: remove unused global > ada7473 all: remove redundant type conversion > 1bdb400 language: remove compatibility with go < 1.2 > 252bee0 go.mod: ignore cyclic dependency for tagging > ecab6e5 go.mod: ignore cyclic dependency for tagging > 369c86b all: fix a few function names on comments > 434eadc language: reject excessively large Accept-Language strings > 23407e7 go.mod: ignore cyclic dependency for tagging > b18d3dd secure/precis: replace bytes.Compare with bytes.Equal > 795e854 all: replace io/ioutil with io and os package > b0ca10f internal/language: bump script types to uint16 and update registry > ba9b0e1 go.mod: update x/tools to HEAD > d03b418 A+C: delete AUTHORS and CONTRIBUTORS > b4bca84 language/display: fix Tag method comment > ea49e3e go.mod: update x/tools to HEAD > 78819d0 go.mod: update to golang.org/x/text v0.1.10 > 8db23f8 all: gofmt > d1c84af message/pipeline: skip TestFullCycle on plan9-arm > 18b340f language: fix typo in update docs > 7d87486 text/unicod/bidi: remove duplicate assignment > 310d592 cmd/gotext: only match files ending with pattern > 459fa28 text/currency: format currency amount according to the locale > 85a1c56 text/collate: add testable examples > 8da7c0f gen.go: copy all tablesXX.X.X.go versions to golang.org/x/net > 835dae6 internal/export/idna: use nontransitional processing in Go 1.18 > 593da8d internal/export/idna: avoid strconv.Unquote errors on surrogate halves > 86e65b8 internal/export/idna: fix int32 overflows > bb1c798 internal/export/idna: make Transitional an actual toggle > 5bd84dd encoding/simplifiedchinese: Fixes € encoding in GB18030 > 1b99300 all: upgrade x/tools to latest > 22bfdb6 language: fix ExampleMatcher output > 29bf010 Revert "number: match input example to be Dutch as in the output" > 2ca5a52 internal/language: fix canonicalization of extlang bumping golang.org/x/net a158d28...8e2b117: > 8e2b117 http2/hpack: avoid quadratic complexity in hpack decoding > 547e7ed http2: avoid referencing ResponseWrite.Write parameter after returning > 39940ad html: parse comments per HTML spec > 87ce33e go.mod: update golang.org/x dependencies > 415cb6d all: fix some comments > 7e3c19c all: correct typos in comments > 296f09a http2: case insensitive handling for 100-continue > f8411da nettest: fix tests on dragonfly and js/wasm > 8e0e7d8 go.mod: update golang.org/x dependencies > 7805fdc http2: rewrite inbound flow control tracking > 2aa8215 nettest: use RoutedInterface for probing network stack capability > ad92d3d websocket: don't recommend Gorilla > e1ec361 http2: fix race in TestCanonicalHeaderCacheGrowth > 1e63c2f http2: limit canonical header cache by bytes, not entries > 3247b5b go.mod: update golang.org/x dependencies > ecf7fda http2: deflake TestTransportMaxFrameReadSize > 0833b63 publicsuffix: embed table data > ecf091a publicsuffix: update table to latest list from publicsuffix.org > 2f8c3d1 http2: add Transport.MaxReadFrameSize configuration setting > 0e478a2 http2: add SETTINGS_HEADER_TABLE_SIZE support > a2d827a go.mod: update golang.org/x dependencies > 15e1b25 http2: speed up TestTransportRetryHasLimit > 93ec86b http2: support SetReadDeadline, SetWriteDeadline, FlushError > efda1ce http2: return os.ErrDeadlineExceeded from timed-out response body writes > a870f35 http2: support Server.ReadTimeout > d7f77dc Revert "http2: Send WindowUpdates when remaining bytes are below a threshold" > 702349b http2/h2c: handle errors when reading HTTP/1 request body > 7a67682 x/net/http2: gzipReader will reset zr to nil after closing body > a1278a7 http2: add common header caching to Transport to reduce allocations > c877839 http2: add a few other common headers to the shared headermap cache > c630100 http2: discard more frames after GOAWAY > 0c1aede http2: calculate a correct window increment size for a stream > 84c13af http2/hpack: build static table with go generate > 430a433 html: properly handle exclamation marks in comments > da05058 net/http: remove unnecessary slicing > 1568cf9 go.mod: update golang.org/x dependencies > cb67ada internal/socket: add support for openbsd/ppc64 > 311fa19 internal/socket: add support for openbsd/riscv64 > f25eb7e all: update golang.org/x/sys > f15817d webdav: ignore path and perm errors in PROPFIND > 0b7e1fb all: fix a few function names on comments > 8021a29 publicsuffix: change node table entry size to 40 bits > bcab684 all: use time.Since instead of time.Now().Sub > 107f3e3 http2: don't return from RoundTrip until request body is closed > f486391 http2: improved Request.Body.Close not to hold lock on connection > aa73b25 http2: handle MaxUploadBufferPerConnection of 65535 > 02166a9 internal/socket: properly reset Iov and Control on the msghdr > 8be6392 webdav: replace os.SEEK_XXX with io.SeekXXX > d300de1 http2: don't rely on double-close of a net.Conn failing > db77216 http2: remove race from TestTransportCancelDataResponseRace > d0c6ba3 http2: close client connections after receiving GOAWAY > 2e0b12c http2: Send WindowUpdates when remaining bytes are below a threshold > bf014ff http2: send undeclared trailers when body is not written > 4a395b0 Revert "http2: Send WindowUpdates when remaining bytes are below a threshold" > f2f64eb http2: Send WindowUpdates when remaining bytes are below a threshold > ca03788 dns/dnsmessage: remove unnecessary []byte conversions > 0081b4b http2/h2c: propagate HTTP/1 server configuration to HTTP/2 > f8f703f http2: accept HEAD requests with a body > bea034e all: remove redundant type conversion > 1e95f45 http/httpproxy: remove comment on https proxy precedance > f3363e0 http2: handle server errors after sending GOAWAY > 83b083e internal/socket: add missing import to zos-s390x file > b0a4917 dns/dnsmessage: use exported MustNewName in example > 3211cb9 nettest: fix Unix socket test on macOS > 4c34ddd http2: delete multipart form tempfiles after ServeHTTP returns > 1d4ff48 http2: add DialTLSContext to Transport > 13a9a73 http2: fix conn flow control when stream closes on bad content-length > 07c6da5 dns/dnsmessage: add AD and CD bits support > f428fae all: add FreeBSD riscv64 support > a33c5aa route: import syscall rather than golang.org/x/sys/unix > 7431dee lif: import syscall rather than golang.org/x/sys/unix > 0bcc04d http2: fix spec document links > c7608f3 ipv4, ipv6: enable additional tests on darwin and ios > f92ba40 route: remove RTM_LOCK on openbsd > 1f511ac internal/socket: delete darwin/{386,arm} code > 41545e8 route: drops const that x/unix has > 993b7b1 net: update to new x/sys version > 0699458 html: escape comment and doctype tokens' data > 46097bf internal/socket: support building with gccgo bumping knative.dev/pkg b78020c...67fb5f6: > 67fb5f6 [release-1.8] bump net and text packages (# 2693) > 2d84369 fix: `reconcilerImpl.updateStatus` calculates state difference in debug mode only (# 2687) bumping golang.org/x/sys 8c9f86f...90c8f94: > 90c8f94 unix: avoid converting non-pointers to unsafe.Pointer in PtraceIO > 4e121b1 unix: add missing address operator in initxattrdest > 68f9dcb windows/debug/svc: buffer channel passed to signal.Notify > 0e1262c unix: add ptrace(PT_DENY_ATTACH) wrapper for darwin > 6938dae unix: add missing constants used with struct Timex on Linux > 01b330b unix: improve flaky solaris test logging > e7d7f63 all: fix some comments > 7a75290 unix/linux: update to glibc 2.36 > 4112509 windows/mkwinsyscall: write source to temp file if formatting fails > 71da690 windows/mkwinsyscall: support "." and "-" in DLL name > b829a39 unix/linux: update to gcc 13.0.0, qemu 7.1.0 for loong64 > c3037ed unix: add support for clock_adjtime on Linux > 13fe000 cpu: add IsBigEndian > 17fce3a unix: avoid false positive in vet shift check > a6f4650 windows: use UTF16FromString and UTF16ToString from syscall > 6e4d1c5 unix/linux: update to Linux kernel 6.1 and Go 1.20-rc2 > b8be2fd cpu: add //go:build line to cpu_gccgo_x86.c > 1e9f341 unix: add //go:build line to gccgo_c.c > b60007c unix: add Uvmexp and SysctlUvmexp for NetBSD > b751db5 unix: gofmt hurd files after CL 459895 > b360406 unix: support TIOCGETA on GNU/Hurd > 3086868 unix: regen on OpenBSD 7.2 > 2b11e6b unix: remove Mclpool from openbsd types > 7c6badc unix: convert openbsd/mips64 to direct libc calls > 3b1fc93 unix: avoid allocations for common uses of Readv, Writev, etc. > 2204b66 cpu: parse /proc/cpuinfo on linux/arm64 on old kernels when needed > 72f772c unix: offs2lohi should shift by bits, not bytes > cffae8e unix: add ClockGettime on *bsd and solaris > 96e75de unix: improve Sendmsg and Recvmsg documentation > 127c0dd unix/linux: use Go 1.20rc1 to generate files > 3ca3b18 windows: add GetLargePageMinimum > d684c6f execabs: isGo119ErrDot: use errors.Is instead of string-matching > fc697a3 unix: add ParseOneSocketControlMessage to parse control messages without allocating > 5726498 unix: in Linux sendmsgN actually send one normal byte > 95e765b x/sys/unix: make ReadDirent available on zOS > 090e330 unix: add support for openbsd/ppc64 > 3938a4f cpu: add support for ppc64 on platforms other than aix and linux > a970992 unix: add support for openbsd/riscv64 > e2bdbfe unix: flip openbsd libc build tags > abe0a0a windows: replace uses of Close() with CloseHandle() > 68d869b unix: migrate some illumos definitions to solaris > 84dc82d all: use grep -E/-F instead of fgrep/egrep > f11e5e4 unix: use unsafe.Slice in (*FileHandle).Bytes > 6fa7a7c windows: allow calling WSASendto with nil Sockaddr > c57c793 unix: add SIG_BLOCK and friends for Linux > d9d178b unix: add PthreadSigmask for Linux > 8cfa568 unix: allow calling Sendto with nil Sockaddr > fb04ddd windows: add DWM window attribute related syscalls > 7b5979e unix: remove Go 1.12 compatibility on darwin > 63ea559 unix: add namespaced versions of Listxattr/Flistxattr/Llistxattr on *BSD > 76c7481 all: simplify unsafe.Slice usage in {Byte,UTF16}PtrToString > 3275c40 windows: add window handle related system calls > aba9fc2 unix: use unsafe.Slice instead of unsafeheader package > 2771309 unix: fix event port panic after close > 7ac13a9 unix: don't call t.Fatal from goroutine in TestSendmsgBuffers > 87db552 plan9: use unsafe.Slice instead of unsafeheader package > d0df966 unix: support all Setuid/Setgid and related syscalls on Linux > 9e1f761 x/sys/unix: use uintptr for tracee addresses on FreeBSD > d48e67d unix: use strconv.Itoa instead of local implementation > 2c41d75 unix: add IoctlLoop{Get,Set}Status64 on linux > c680a09 unix: improve solaris event port panic message > 20c2bfd cpu: fix cpu cacheLineSize for arm64 darwin(a.k.a. M1) > 2296e01 windows: remove duplicate words from comments > 5a39038 unix: convert openbsd/arm to direct libc calls > fbc7d0a unix: convert openbsd/386 to direct libc calls > 5f8f020 unix: convert openbsd/amd64 to direct libc calls > 74508da unix: convert openbsd/arm64 to direct libc calls > 1c4a2a7 unix: make mkasm_darwin.go usable with other operating systems > 3d627bb cpu: implement CPU feature detection for openbsd/arm64 > e9af53b unix: improve and simplify mkasm_darwin.go > 8e32c04 unix: add missing IFLA_* consts on linux > e052cef unix/linux: run each mkall.go target in a seperate goroutine > 6e608f9 unix: update perf_event_attr_go > a90be44 unix: fix sendmsgN return value for empty iovecs and non-empty oob > 66a0560 windows: support Windows SOCKADDR_BTH structure > 1609e55 windows: add QueryWorkingSetEx > 3c1f352 unix: implement recvmsgRaw and sendmsgN on aix > e65921a unix/linux: use Go 1.19rc2 instead of building gotip bumping knative.dev/control-protocol 3e2f878...ed20895: > ed20895 [release-1.8] Certificate controller to only watch secrets with a label (# 253) Signed-off-by: Knative Automation <[email protected]> * fix controller start --------- Signed-off-by: Knative Automation <[email protected]> Co-authored-by: dprotaso <[email protected]> * upgrade to latest dependencies (knative#13740) bumping knative.dev/networking 58f3e62...2382b69: > 2382b69 Assert all the expected DNSNames are part of the HTTP01 challenge (# 772) > 1e3388a fix downstream tests (# 773) > 028cb2c upgrade to latest dependencies (# 770) > bf44f33 [release-1.8] Updates style/lint checks for go1.19 (# 771) bumping knative.dev/caching ce26e92...1a465b3: > 1a465b3 [release-1.8] Update linting/style for go1.19 (# 728) > c8bcfe7 upgrade to latest dependencies (# 726) bumping knative.dev/control-protocol ed20895...521031c: > 521031c upgrade to latest dependencies (# 260) Signed-off-by: Knative Automation <[email protected]> * trigger release so we build with go1.19.6 (knative#13748) * [release-1.8] pull in e2e fixes (knative#13751) * use GITHUB_TOKEN when querying net-istio releases (knative#13681) * use GITHUB_TOKEN when querying net-istio releases * don't error out if GITHUB_TOKEN is unbound * fix curl invocation (knative#13683) Building up bash args as strings with quotes was problematic * Run openshift/release/generate-release.sh * Bump manifests in artifacts --------- Signed-off-by: Paul S. Schweigert <[email protected]> Signed-off-by: Knative Automation <[email protected]> Co-authored-by: Knative Prow Robot <[email protected]> Co-authored-by: dprotaso <[email protected]> Co-authored-by: Paul S. Schweigert <[email protected]> Co-authored-by: knative-automation <[email protected]>
This is an automated cherry-pick of #13507