Releases: knative/serving
Release list
v1.22.1
What's Changed
- [release-1.22] Upgrade to latest dependencies by @knative-automation in #16627
- bumping knative.dev/networking e9578ef...c8de379:
c8de379 Fix idle connection leak in prober (# 1142)
- bumping knative.dev/pkg ec45287...52dbd5e:
52dbd5e Limit the webhook request body size to 3MiB (# 3363)
2279959 Fix memory leak in expired matchers (# 3360)
- bumping knative.dev/networking e9578ef...c8de379:
Full Changelog: knative-v1.22.0...knative-v1.22.1
v1.21.3
What's Changed
- [release-1.21] Fix non-constant format string error by @knative-prow-robot in #16621
- [release-1.21] Upgrade to latest dependencies by @knative-automation in #16628
- bumping knative.dev/pkg 18c5d58...011b23b:
011b23b Limit the webhook request body size to 3MiB (# 3364)
9b08ba8 fix compilation (# 3361)
39109c9 Fix memory leak in expired matchers (# 3359) - bumping knative.dev/networking a7cdca2...ea8c792:
ea8c792 Fix idle connection leak in prober (# 1141)
- bumping knative.dev/hack bf6758c...c985ed3:
c985ed3 [release-1.21] Add env var to pass extra flag to license check (# 471)
e37ec67 Bump go-licenses to v2.0.1 release (# 468)
- bumping knative.dev/pkg 18c5d58...011b23b:
Full Changelog: knative-v1.21.2...knative-v1.21.3
v1.22.0
✨ Features / Enhancements
- Allow custom ports for the primary container's livenessProbe by @Fedosin - #16572
- add an annotation to the kingress mapping tags to hostnames by @dprotaso - #16455
- only update the deployment if desired labels, annotations or spec changes by @dprotaso - #16554
🔐 Security / TLS / Reliability
- queue-proxy pod statistics security by @sonikaarora - #16366
- feat: use knative.dev/pkg/tls for reconciler TLS configuration by @Fedosin - #16431
- feat: use knative.dev/pkg/tls for activator TLS configuration by @Fedosin - #16424
- feat: use knative.dev/pkg/tls for queue-proxy TLS configuration by @Fedosin - #16425
- Update TLS import path to knative.dev/pkg/network/tls by @Fedosin - #16458
- Shutdown Websocket Connections Gracefully in the queue-proxy by @dprotaso - #16362
- Fix EnsureCleanup to properly skip clean up when requested by @dprotaso - #16372
📊 Metrics / Observability
- Add kn.revision.request.queued and kn.revision.request.active metrics by @prashanthjos - #16367
- minor refactoring of activator request metrics by @dprotaso - #16381
🌐 Networking / EndpointSlices / Scaling
- Migrate autoscaler stat forwarder to use EndpointSlices by @dprotaso - #16448
- Switch e2e testing assertions to use EndpointSlices by @dprotaso - #16454
- Add endpointslices/restricted permission to ClusterRole by @linkvt - #16465
- use the /scale subresource to when updating replica count by @dprotaso - #16540
⚙️ Performance / Stability / Testing
- increase timeout due to test flake by @dprotaso - #16389
- Stabilize performance test SLAs with tolerance thresholds by @aviralgarg05 - #16371
🧪 CI / Build / Tooling
- checkout the repo prior to restoring the cache by @dprotaso - #16373
- drop 1.33 k8s in kind testing by @dprotaso - #16385
- hack: remove deprecated GO111MODULE=on by @Ankitsinghsisodya - #16499
- ci: pin registry image to immutable SHA digest by @Ankitsinghsisodya - #16503
- fix: adding required permissions to top level and jobs in the workflow by @gaganhr94 - #16556
- Address linter warnings now that we've bumped to go1.26 by @dprotaso - #16557
🐛 Bug Fixes
📚 Docs / Cleanup
- docs: update HTTP links to HTTPS in comments and docs by @Ankitsinghsisodya - #16551
- Fix spelling mistakes in comments, docs, and error strings by @Ankitsinghsisodya - #16547
👥 New Contributors
v1.21.2
🚨 Breaking or Notable Changes
Secure Pod Defaults (#16042, @nader-ziada)
We've introduce secure-pod-defaults in an earlier release and included a new setting AllowRootBounded in v1.20 that offers a better security posture for your workloads but balances the compatibility with images that require/expect you to run as root.
For 1.21 release the secure-pod-defaults default will remain disabled but in a future release (most likely v1.22) we will switch this default to AllowRootBounded.
If you're unsure whether your workloads will support this new setting you should explicitly set this option to disabled prior to upgrading to v1.22.
For more information see the documentation and reach out if you foresee issues in your testing.
What's Changed
Full Changelog: knative-v1.21.1...knative-v1.21.2
v1.21.1
v1.21.1
🚨 Breaking or Notable Changes
Secure Pod Defaults (#16042, @nader-ziada)
We've introduce secure-pod-defaults in an earlier release and included a new setting AllowRootBounded in v1.20 that offers a better security posture for your workloads but balances the compatibility with images that require/expect you to run as root.
For 1.21 release the secure-pod-defaults default will remain disabled but in a future release (most likely v1.22) we will switch this default to AllowRootBounded.
If you're unsure whether your workloads will support this new setting you should explicitly set this option to disabled prior to upgrading to v1.22.
For more information see the documentation and reach out if you foresee issues in your testing.
What's Changed
- [release-1.21] Rebuilt prior release with v1.25.7 in #16408
Full Changelog: knative-v1.21.0...knative-v1.21.1
v1.20.3
What's Changed
- [release-1.20] rebuilt prior release with go v1.25.7 in #16407
Full Changelog: knative-v1.20.2...knative-v1.20.3
v1.19.9
v1.19.9
🚨 Breaking or Notable Changes
We've dropped support for OpenCensus (which has been deprecated for a while) in favour of OpenTelemetry. This is a breaking change and details are documented here in the design document. and the website (https://knative.dev/docs/serving/observability/metrics/collecting-metrics/)
What's Changed
- [release-1.19] fix sub-second precision metric reporting by @knative-prow-robot in #16360
Full Changelog: knative-v1.19.8...knative-v1.19.9
v1.21.0
🚨 Breaking or Notable Changes
Secure Pod Defaults (#16042, @nader-ziada)
We've introduce secure-pod-defaults in an earlier release and included a new setting AllowRootBounded in v1.20 that offers a better security posture for your workloads but balances the compatibility with images that require/expect you to run as root.
For 1.21 release the secure-pod-defaults default will remain disabled but in a future release (most likely v1.22) we will switch this default to AllowRootBounded.
If you're unsure whether your workloads will support this new setting you should explicitly set this option to disabled prior to upgrading to v1.22.
For more information see the documentation and reach out if you foresee issues in your testing.
💫 New Features & Changes
- You can now set the new feature
pod-is-always-schedulabletotruein the config-deployment ConfigMap. As a result, Knative will not mark revisions as Unschedulable when a Pod is not scheduled. This makes sense if you want to omit this transient state in clusters that have cluster-autoscaling set up, and you can guarantee that all Pods will be eventually scheduled. (#16146, @SaschaSchwarze0) - Activator probe timeout and frequency are now configurable via PROBE_TIMEOUT and PROBE_FREQUENCY environment variables. (#16250, @bindrad)
- Add
terminationGracePeriodSecondssupport for user and sidecar container probes (#16255, @flomedja) - Added support for OpenTelemetry W3C Trace Context (traceparent header) in request logging, while maintaining backward compatibility with Zipkin B3 format. (#16168, @SomilJain0112)
- Allow activator to be out of the request path when system-internal-tls is enabled (#16183, @linkvt)
- Allow adjusting Revision min/max scale annotations (#16186, @dprotaso)
- Allow unreachable revisions with initialScale > 1 to scale to 0 (#16327, @aviralgarg05)
- Include two new activator metrics (
kn.activator.stats.conn.reachable,kn.activator.stats.conn.errors) that reflect the stats reporter connection status (#16318, @prashanthjos)
🐞Bug Fixes
- Preserve deployment and template annotations and labels during reconcile (#16199, @linkvt)
- Fall back to HTTP1 on failed HTTP2 health probes (e.g. on connection error or non-readiness) (#16205, @linkvt)
- Fix a rare data race in revision backend manager creating revision watchers during shutdown (#16225, @linkvt)
- Fix flaky HTTPS e2e tests by waiting for HTTPS endpoint to be Ready. (#16230, @linkvt)
- Fix metric names to match the original design document
kn.queueproxy.app.durationbecomeskn.serving.invocation.durationandkn.queueproxy.depthbecomeskn.serving.queue.depth(#16290, @dprotaso) - Fix request log output corruption when using invalid log templates (#16242, @linkvt)
- Fixed duplicate ACME challenge paths when Services with traffic tags use HTTP-01 challenges for TLS certificates. (#16259, @linkvt)
- Services can no longer route traffic to revisions belonging to different services; attempting to do so will result in Ready=False with reason RevisionNotOwned. (#16294, @linkvt)
- Services with invalid networking.knative.dev/* annotations on the revision template now fail immediately with a clear error instead of getting stuck. (#16296, @linkvt)
- Switch to async metric instrumentation to avoid unbounded memory growth (#16300, @dprotaso)
- fix sub-second precision metric reporting (#16358, @dprotaso)
New Contributors
- @SomilJain0112 made their first contribution in #16168
- @linkvt made their first contribution in #16230
- @bindrad made their first contribution in #16250
- @prashanthjos made their first contribution in #16318
- @aviralgarg05 made their first contribution in #16327
Dependencies
Added
- github.com/CloudyKit/fastprinter: 33d98a0
- github.com/CloudyKit/jet/v6: v6.2.0
- github.com/Joker/jade: v1.1.3
- github.com/RaveNoX/go-jsoncommentstrip: v1.0.0
- github.com/Shopify/goreferrer: 8cddb4f
- github.com/andybalholm/brotli: v1.0.5
- github.com/apapsch/go-jsonmerge/v2: v2.0.0
- github.com/aymerick/douceur: v0.2.0
- github.com/bmatcuk/doublestar: v1.1.1
- github.com/bytedance/sonic: v1.10.0-rc3
- github.com/chenzhuoyu/base64x: 296ad89
- github.com/chenzhuoyu/iasm: v0.9.0
- github.com/fatih/structs: v1.1.0
- github.com/flosch/pongo2/v4: v4.0.2
- github.com/gabriel-vasile/mimetype: v1.4.2
- github.com/gin-contrib/sse: v0.1.0
- github.com/gin-gonic/gin: v1.9.1
- github.com/go-playground/locales: v0.14.1
- github.com/go-playground/universal-translator: v0.18.1
- github.com/go-playground/validator/v10: v10.14.1
- github.com/goccy/go-json: v0.10.2
- github.com/gomarkdown/markdown: 531d2d7
- github.com/gorilla/css: v1.0.0
- github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus: v1.0.1
- github.com/grpc-ecosystem/go-grpc-middleware/v2: v2.3.0
- github.com/iris-contrib/schema: v0.0.6
- github.com/juju/gnuflag: 2ce1bb7
- github.com/kataras/blocks: v0.0.7
- github.com/kataras/golog: v0.1.9
- github.com/kataras/iris/v12: v12.2.5
- github.com/kataras/pio: v0.0.12
- github.com/kataras/sitemap: v0.0.6
- github.com/kataras/tunnel: v0.0.4
- github.com/klauspost/cpuid/v2: v2.2.5
- github.com/leodido/go-urn: v1.2.4
- github.com/mailgun/raymond/v2: v2.0.48
- github.com/microcosm-cc/bluemonday: v1.0.25
- github.com/oapi-codegen/runtime: v1.0.0
- github.com/pelletier/go-toml/v2: v2.0.9
- github.com/schollz/closestmatch: v2.1.0+incompatible
- github.com/spkg/bom: 59b7046
- github.com/tdewolff/minify/v2: v2.12.8
- github.com/tdewolff/parse/v2: v2.6.7
- github.com/twitchyliquid64/golang-asm: v0.15.1
- github.com/ugorji/go/codec: v1.2.11
- github.com/vmihailenco/msgpack/v5: v5.3.5
- github.com/vmihailenco/tagparser/v2: v2.0.0
- github.com/yosssi/ace: v0.0.5
- go.etcd.io/raft/v3: v3.6.0
- golang.org/x/arch: v0.4.0
- sigs.k8s.io/structured-merge-diff/v6: v6.3.0
Changed
- cloud.google.com/go/compute/metadata: v0.7.0 → v0.9.0
- github.com/BurntSushi/toml: v0.3.1 → v1.3.2
- github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: v1.29.0 → v1.30.0
- github.com/alecthomas/units: b94a6e3 → 0f3dac3
- github.com/cncf/xds/go: 2ac532f → 0feb691
- github.com/emicklei/go-restful/v3: v3.12.1 → v3.12.2
- github.com/envoyproxy/go-control-plane/envoy: v1.32.4 → v1.35.0
- github.com/envoyproxy/go-control-plane: v0.13.4 → 75eaa19
- github.com/fsnotify/fsnotify: v1.7.0 → v1.9.0...
v1.20.2
🚨 Breaking or Notable Changes
Metrics and Tracing
In v1.19 we've dropped support for OpenCensus (which has been deprecated for a while) in favour of OpenTelemetry. This is a breaking change and details are documented here in the design document. and the website (https://knative.dev/docs/serving/observability/metrics/collecting-metrics/)
Secure Pod Defaults (#16042, @nader-ziada)
We've introduce secure-pod-defaults in an earlier release but this release includes a new setting AllowRootBounded that offers a better security posture for your workloads but balances the compatibility with images that require/expect you to run as root.
For v1.20 release the secure-pod-defaults default will remain disabled but in a future release (most likely v1.21) we will switch this default to AllowRootBounded.
If you're unsure whether your workloads will support this new setting you should explicitly set this option to disabled prior to upgrading to v1.21.
What's Changed
- [release-1.20] fix sub-second precision metric reporting by @knative-prow-robot in #16359
Full Changelog: knative-v1.20.1...knative-v1.20.2
v1.20.1
v1.20.1
🚨 Breaking or Notable Changes
Metrics and Tracing
In v1.19 we've dropped support for OpenCensus (which has been deprecated for a while) in favour of OpenTelemetry. This is a breaking change and details are documented here in the design document. and the website (https://knative.dev/docs/serving/observability/metrics/collecting-metrics/)
Secure Pod Defaults (#16042, @nader-ziada)
We've introduce secure-pod-defaults in an earlier release but this release includes a new setting AllowRootBounded that offers a better security posture for your workloads but balances the compatibility with images that require/expect you to run as root.
For v1.20 release the secure-pod-defaults default will remain disabled but in a future release (most likely v1.21) we will switch this default to AllowRootBounded.
If you're unsure whether your workloads will support this new setting you should explicitly set this option to disabled prior to upgrading to v1.21.
What's Changed
- [release-1.20] Fix Serving Metric Names to match Design Document by @knative-prow-robot in #16293
- [release-1.20] Make autoscaler instrument async so we can remove metric attributes when revisions go away by @knative-prow-robot in #16302
- [release-1.20] Preserve deployment and its template labels and annotations by @knative-prow-robot in #16303
- [release-1.20] Suppress 'default value insecure' warning when secure-pod-defaults is enabled. by @knative-prow-robot in #16220
- [release-1.20] Upgrade to latest dependencies by @knative-automation in #16319
Full Changelog: knative-v1.20.0...knative-v1.20.1