knative/serving knative-v1.21.0

v1.21.0

on GitHub

🚨 Breaking or Notable Changes

Secure Pod Defaults (#16042, @nader-ziada)

We've introduce secure-pod-defaults in an earlier release and included a new setting AllowRootBounded in v1.20 that offers a better security posture for your workloads but balances the compatibility with images that require/expect you to run as root.

For 1.21 release the secure-pod-defaults default will remain disabled but in a future release (most likely v1.22) we will switch this default to AllowRootBounded.

If you're unsure whether your workloads will support this new setting you should explicitly set this option to disabled prior to upgrading to v1.22.

For more information see the documentation and reach out if you foresee issues in your testing.

💫 New Features & Changes

• You can now set the new feature pod-is-always-schedulable to true in the config-deployment ConfigMap. As a result, Knative will not mark revisions as Unschedulable when a Pod is not scheduled. This makes sense if you want to omit this transient state in clusters that have cluster-autoscaling set up, and you can guarantee that all Pods will be eventually scheduled. (#16146, @SaschaSchwarze0)
• Activator probe timeout and frequency are now configurable via PROBE_TIMEOUT and PROBE_FREQUENCY environment variables. (#16250, @bindrad)
• Add terminationGracePeriodSeconds support for user and sidecar container probes (#16255, @flomedja)
• Added support for OpenTelemetry W3C Trace Context (traceparent header) in request logging, while maintaining backward compatibility with Zipkin B3 format. (#16168, @SomilJain0112)
• Allow activator to be out of the request path when system-internal-tls is enabled (#16183, @linkvt)
• Allow adjusting Revision min/max scale annotations (#16186, @dprotaso)
• Allow unreachable revisions with initialScale > 1 to scale to 0 (#16327, @aviralgarg05)
• Include two new activator metrics (kn.activator.stats.conn.reachable, kn.activator.stats.conn.errors) that reflect the stats reporter connection status (#16318, @prashanthjos)

🐞Bug Fixes

• Preserve deployment and template annotations and labels during reconcile (#16199, @linkvt)
• Fall back to HTTP1 on failed HTTP2 health probes (e.g. on connection error or non-readiness) (#16205, @linkvt)
• Fix a rare data race in revision backend manager creating revision watchers during shutdown (#16225, @linkvt)
• Fix flaky HTTPS e2e tests by waiting for HTTPS endpoint to be Ready. (#16230, @linkvt)
• Fix metric names to match the original design document kn.queueproxy.app.duration becomes kn.serving.invocation.duration and kn.queueproxy.depth becomes kn.serving.queue.depth (#16290, @dprotaso)
• Fix request log output corruption when using invalid log templates (#16242, @linkvt)
• Fixed duplicate ACME challenge paths when Services with traffic tags use HTTP-01 challenges for TLS certificates. (#16259, @linkvt)
• Services can no longer route traffic to revisions belonging to different services; attempting to do so will result in Ready=False with reason RevisionNotOwned. (#16294, @linkvt)
• Services with invalid networking.knative.dev/* annotations on the revision template now fail immediately with a clear error instead of getting stuck. (#16296, @linkvt)
• Switch to async metric instrumentation to avoid unbounded memory growth (#16300, @dprotaso)
• fix sub-second precision metric reporting (#16358, @dprotaso)

New Contributors

• @SomilJain0112 made their first contribution in #16168
• @linkvt made their first contribution in #16230
• @bindrad made their first contribution in #16250
• @prashanthjos made their first contribution in #16318
• @aviralgarg05 made their first contribution in #16327

Dependencies

Full Changelog: knative-v1.20.0...knative-v1.21.0