Skip to content

Knative Serving release v0.24.2

Pre-release
Pre-release
Compare
Choose a tag to compare
@knative-prow-releaser-robot knative-prow-releaser-robot released this 22 Nov 19:57
6e023a8

Changes by Kind

🚨 Breaking or Notable

1. Renaming of some net-* components

Related issue: knative/networking#448

As part of our efforts to GA/1.0 we've standardized on the naming of our networking plugins that are installed along side Serving. If you're managing your Knative deployment manually with kubectl this will require a two-phase upgrade process. Please see the below sections:

Upgrade of net-http01 to v0.24.0
# Apply the new release
$ kubectl apply -f net-http01.yaml

# Once the deployment is ready delete the old resources
$ kubectl delete deployment http01-controller -n knative-serving
$ kubectl delete service challenger -n knative-serving
Upgrade of net-certmanager to v0.24.0
# Apply the new release
$ kubectl apply -f net-certmanager.yaml

# Once the deployment is ready apply the same file but 
# prune the old resources
$ kubectl apply -f net-certmanager.yaml \
  --prune -l networking.knative.dev/certificate-provider=cert-manager
Upgrade net-istio to v0.24.0
# Apply the new release
$ kubectl apply -f net-istio.yaml

# Once the deployment is ready apply the same file but 
# prune the old resources
$ kubectl apply -f net-istio.yaml \
  --prune -l networking.knative.dev/ingress-provider=istio
Upgrade of net-contour to v0.24.0
# Apply the new release
$ kubectl apply -f net-contour.yaml

# Once the deployment is ready apply the same file but 
# prune the old resources
$ kubectl apply -f net-contour.yaml -f contour.yaml \
  --prune -l networking.knative.dev/ingress-provider=contour
Upgrade of namespace certificate controller to v0.24.0
# Apply the new release
$ kubectl apply -f serving-nscert.yaml

# Once the deployment is ready apply the same file but 
# prune the old resources
$ kubectl apply -f serving-nscert.yaml \
  --prune -l networking.knative.dev/wildcard-certificate-provider=nscert
Upgrade of net-kourier to v0.24.0

At this point we've defered the renaming to net-kourier until the next release. We're looking to ensure there is no traffic disruption as part of the upgrade. Thus upgrading to v0.24.0 requires no special instructions.

2. Kubernetes 1.19 is now required

As part of our Kubernetes Minimum Version Principle we now have a hard requirement on Kubernetes Version 1.19.

3. Webhook/Controller RBAC changes

The recommended way to delete a Knative installation is to run kubectl delete -f serving-core.yaml and other release YAMLs you may have applied. There's been a misconception that deleting the knative-serving namespace will perform a similar cleanup but this does not remove cluster scoped resources. In prior releases the cluster state would have prevented the reinstall of Knative Serving. We've addressed this problem but it will require some RBAC permissions on namespaces & finalizers.

Please see the relevant issues & PRs:

4. DomainMapping feature is now BETA

This means it is built in to the main serving-core yaml by default. It is still possible to opt out of the feature by setting replica count of the domainmapping-controller to zero.

As part of this transition the default value for autocreateClusterDomainClaims in the config-network config map has been changed to false meaning cluster-wide permissions are required to delegate the ability to create particular DomainMappings to namespaces.Single tenant clusters may wish to allow arbitrary users to create Domain Mappings by changing this value back to true. (#11573, @julz)

💫 New Features & Changes

  • Allow dropping capabilities from a container's security context (#11344, @psschwei)
  • Domainmapping can now specify a tls secret to be used as the https certificate (#11250, @shinigambit)
  • Provides a feature gate that, when enabled, allows adding capabilities from a container's security context (#11410, @psschwei)
  • defaultExternalScheme can now be used to default routes to surface a URL scheme of your choice rather than the default "http". (#11480, @markusthoemmes)
  • Optimized generated routes to minimize Envoy configuration size (net-istio#632, @howardjohn)
  • Rename Contonr's ClusterRole and ClusterRoleBinding to differ from existing contour installation (net-contour#500, @izabelacg)
  • Add a new ConfigMap config-kourier, with the initial enable-service-access-logging setting (net-kourier#523, @markusthoemmes)

🐞 Bug Fixes

  • Fixed a bug where traffic would briefly be routed 'wrong', leading to errors due to exceeded queues in deployments with a large activator count and a low service pod count. (#11375, @markusthoemmes)
  • Traffic status in Route is updated whenever traffic configuration was wrong. (#11477, @nak3)
  • Validates, consistently with other configmaps, that the _example section of the features configmap is not accidentally modified. (#11391, @julz)

Dependencies Changes

Added
  • bazil.org/fuse: 371fbbd
  • cloud.google.com/go/firestore: v1.1.0
  • github.com/Microsoft/hcsshim/test: 43a75bb
  • github.com/Microsoft/hcsshim: v0.8.16
  • github.com/Shopify/logrus-bugsnag: 577dee2
  • github.com/alexflint/go-filemutex: 72bdc8e
  • github.com/bitly/go-simplejson: v0.5.0
  • github.com/bketelsen/crypt: 5cbc8cc
  • github.com/bmizerany/assert: b7ed37b
  • github.com/bshuster-repo/logrus-logstash-hook: v0.4.1
  • github.com/buger/jsonparser: f4dd9f5
  • github.com/bugsnag/bugsnag-go: b1d1530
  • github.com/bugsnag/osext: 0dd3f91
  • github.com/bugsnag/panicwrap: e2c2850
  • github.com/checkpoint-restore/go-criu/v4: v4.1.0
  • github.com/cilium/ebpf: v0.4.0
  • github.com/containerd/aufs: v1.0.0
  • github.com/containerd/btrfs: v1.0.0
  • github.com/containerd/cgroups: v1.0.1
  • github.com/containerd/console: v1.0.2
  • github.com/containerd/continuity: v0.1.0
  • github.com/containerd/fifo: v1.0.0
  • github.com/containerd/go-cni: v1.0.2
  • github.com/containerd/go-runc: v1.0.0
  • github.com/containerd/imgcrypt: v1.1.1
  • github.com/containerd/nri: v0.1.0
  • github.com/containerd/ttrpc: v1.0.2
  • github.com/containerd/typeurl: v1.0.2
  • github.com/containerd/zfs: v1.0.0
  • github.com/containernetworking/cni: v0.8.1
  • github.com/containernetworking/plugins: v0.9.1
  • github.com/containers/ocicrypt: v1.1.1
  • github.com/coreos/go-iptables: v0.5.0
  • github.com/coreos/go-systemd/v22: v22.1.0
  • github.com/cyphar/filepath-securejoin: v0.2.2
  • github.com/d2g/dhcp4: a1d1b6c
  • github.com/d2g/dhcp4client: v1.0.0
  • github.com/d2g/dhcp4server: 7d4a0a7
  • github.com/d2g/hardwareaddr: e7d9fbe
  • github.com/denverdino/aliyungo: a747050
  • github.com/docker/go-events: e31b211
  • github.com/docker/go-metrics: v0.0.1
  • github.com/docker/libtrust: fa56704
  • github.com/evanphx/json-patch/v5: v5.5.0
  • github.com/frankban/quicktest: v1.11.3
  • github.com/fullsailor/pkcs7: d7302db
  • github.com/garyburd/redigo: 535138d
  • github.com/go-ini/ini: v1.25.4
  • github.com/go-kit/log: v0.1.0
  • github.com/godbus/dbus/v5: v5.0.3
  • github.com/godbus/dbus: ade71ed
  • github.com/gorilla/handlers: 60c7bfd
  • github.com/j-keck/arping: 2cf9dc6
  • github.com/jessevdk/go-flags: v1.4.0
  • github.com/klauspost/compress: v1.13.0
  • github.com/marstr/guid: v1.1.0
  • github.com/mattn/go-shellwords: v1.0.3
  • github.com/miekg/pkcs11: v1.0.3
  • github.com/mistifyio/go-zfs: f784269
  • github.com/mitchellh/osext: 5e2d6d4
  • github.com/moby/locker: v1.0.1
  • github.com/moby/sys/mountinfo: v0.4.1
  • github.com/moby/sys/symlink: v0.1.0
  • github.com/mrunalp/fileutils: v0.5.0
  • github.com/ncw/swift: v1.0.47
  • github.com/opencontainers/runc: v1.0.0-rc93
  • github.com/opencontainers/runtime-spec: e6143ca
  • github.com/opencontainers/runtime-tools: 1d69bd0
  • github.com/opencontainers/selinux: v1.8.0
  • github.com/safchain/ethtool: 42ed695
  • github.com/seccomp/libseccomp-golang: v0.9.1
  • github.com/stefanberger/go-pkcs11uri: 78d3cae
  • github.com/subosito/gotenv: v1.2.0
  • github.com/syndtr/gocapability: 42c35b4
  • github.com/tchap/go-patricia: v2.2.6+incompatible
  • github.com/vishvananda/netlink: d40f988
  • github.com/vishvananda/netns: db3c7e5
  • github.com/willf/bitset: v1.1.11
  • github.com/xeipuuv/gojsonpointer: 4e3ac27
  • github.com/xeipuuv/gojsonreference: bd5ef7b
  • github.com/xeipuuv/gojsonschema: 1d52303
  • github.com/yvasiyarov/go-metrics: 57bccd1
  • github.com/yvasiyarov/gorelic: a9bba5b
  • github.com/yvasiyarov/newrelic_platform_go: b21fdbd
  • go.mozilla.org/pkcs7: 432b235
  • google.golang.org/cloud: 975617b
  • google.golang.org/grpc/cmd/protoc-gen-go-grpc: v1.1.0
  • gopkg.in/airbrake/gobrake.v2: v2.0.9
  • gopkg.in/gemnasium/logrus-airbrake-hook.v2: v2.1.2
  • gopkg.in/ini.v1: v1.51.0
  • k8s.io/cri-api: v0.20.6
  • k8s.io/kubernetes: v1.13.0
Changed
Removed
  • github.com/agnivade/levenshtein: v1.0.1
  • github.com/andreyvit/diff: c7f18ee
  • github.com/globalsign/mgo: eeefdec
  • github.com/go-openapi/analysis: v0.19.5
  • github.com/go-openapi/errors: v0.19.2
  • github.com/go-openapi/loads: v0.19.4
  • github.com/go-openapi/runtime: v0.19.4
  • github.com/go-openapi/strfmt: v0.19.3
  • github.com/go-openapi/validate: v0.19.5
  • github.com/joefitzgerald/rainbow-reporter: v0.1.0
  • github.com/maxbrunsfeld/counterfeiter/v6: v6.2.2
  • github.com/sclevine/spec: v1.2.0
  • github.com/tidwall/pretty: v1.0.0
  • github.com/vektah/gqlparser: v1.1.2
  • go.mongodb.org/mongo-driver: v1.1.2
  • gopkg.in/evanphx/json-patch.v4: v4.9.0