Announcing Knative 1.9 Release ΒΆ
Published on: 2023-01-28 , Revised on: 2023-06-01
Announcing Knative 1.9 Release¶
A new version of Knative is now available across multiple components.
Follow the instructions in Installing Knative to install the components you require.
This release brings a number of smaller improvements to the core Knative Serving and Eventing components, and several improvements to specific plugins.
Table of Contents¶
Serving¶
π¨ Breaking or Notable¶
- Knative will now warn (but not error) when creating or updating a PodSpec where containers have additional privilege due to unset SecurityContext values. Explicitly setting these values to any setting, including high-privilege ones, will disable this warning.
These fields are:
- runAsNonRoot
(empty means false
)
- allowPrivilegeEscalation
(empty means true
)
- seccompProfile.type
(empty string means Unconfined
)
- capabilities.drop
(default maintains privileges, use ALL
to drop unneeded linux capabilities) (#13399, @evankanderson)
- All Serving container images are signed with cosign (@upodroid).
π« New Features & Changes¶
- Net-contour respects the
internal-encryption
Knative configuration, and encrypts traffic from Contour controlled Envoy to Activator. Requires Contour 1.24.0 or greater (#819, @KauzClay) - Adds the
secure-pod-defaults
feature, which is defaulted to Disabled in this release. When enabled, containers described by users will have best-practice SecurityContext features enabled unless insecure settings are specifically requested. (#13398, @evankanderson) - Work around for cert-manager not allowing us to create certs for 64+ bytes name ksvc (#13569, @KauzClay and @dprotaso)
- Autoscaler now runs a single leader election go routine (#13585, @dprotaso)
Small Improvements¶
- Add
app
label to Service selector forwebhook
anddomainmapping-webhook
. (#13265, @a7i) - Upgrade tests now stream logs from user and system namespace. The logs are printed on failure. (#13587, @mgencur)
- net-kourier deployments now have Prometheus scraping annotations (#978, @evankanderson)
- net-kourier deployments now have resource requests and limits
Bug Fixes¶
- Changes to Pod or Revision-level defaults during Knative upgrades will no longer be attempted (and failed) when supplying your own Revision name. (#13565, @evankanderson)
- net-contour would erroneously redirect cluster-local endpoints to HTTPS URLs when AutoTLS was enabled and
default-tls-secret
was set. (#856, @jsanin-vmw) - Improved truncation of long generated names, which would sometimes produce invalid kubernetes resource names. (#847, @KauzClay)
Eventing¶
π« New Features & Changes¶
- π ApiServerSource can specify a selector to target one or more namespaces. If the selector is missing, it will default to targeting the namespace in which the source resides (#6665, @gab-satchi)
- All Eventing container images are signed with cosign (@upodroid).
Bug fixes¶
- π Fixes an issue where creating a Trigger before a RabbitMQ Broker could create an invalid Trigger. (#1018, @gab-satchi)
Client¶
π« New Features & Changes¶
quickstart
plugin will now create a local registry. (#376, @ehudyonasi)- All Client container images are signed with cosign (@upodroid).
Small improvements¶
- Updates the quickstart version of Kubernetes to v1.25.3. Also updates the recommended versions of kind and minikube to 0.16 and 1.28, respectively. (#368, @psschwei)
quickstart
will exit quickly if Knative namespace already exist in cluster. (#379, @ehudyonasi)
Functions¶
π« New Features & Changes¶
- The springboot function templates have been updated to use Spring Boot 3.0 and the new Spring 6.0 AOT support. Note: this requires Java 17 when building locally. (#1509, @trisberg)
- Node.js and TypeScript functions now support ESM modules (#1468, @lance)
Small Improvements¶
- Updated
springboot
function templates to use Spring Boot version 2.7.7 (#1502, @trisberg)
Bug or Regression¶
- Fix: envvar parsing for pack tekton task when envvar contains the
=
char (#1512, @matejvasek) - Fixes a bug preventing autoscaling options from being applied (#1482, @zroubalik)
- Fixes a bug where --path was sometimes not evaluated. (#1519, @lkingland)
Other (Cleanup or Flake)¶
- Fixes an issue for developers where code in the test package would not be fully supported by some IDEs (#1503, @lkingland)
- Update the error message when neither the --registry flag nor the FUNC_REGISTRY environment variable are set (#1510, @lance)
Operator¶
- Security-Guard version 0.4 can now be installed using the Knative Operator. This new release of Security-Guard also includes TLS+Token support to secure internal communications between Security-Guard components (#1301, @houshengbo)
- All Operator container images are signed with cosign (@upodroid).
Thank you, contributors¶
Release Leads:¶
Learn more¶
Knative is an open source project that anyone in the community can use, improve, and enjoy. We'd love you to join us!
- Knative docs
- Quickstart tutorial
- Samples
- Knative Working Groups
- Knative User Mailing List
- Knative Development Mailing List
- Knative on Twitter @KnativeProject
- Knative on StackOverflow
#knative
on CNCF Slack- Knative on YouTube