Kubernetes-based, scale-to-zero, request-driven compute
APACHE-2.0 License
Bot releases are visible (Hide)
Published by knative-prow-releaser-robot over 1 year ago
1.2
. (https://github.com/knative/serving/pull/13963, @dprotaso)
controller
environment variable TAG_TO_DIGEST_TLS_MIN_VERSION
and supports values "1.2"
and "1.3"
Published by knative-prow-releaser-robot over 1 year ago
Published by knative-prow-releaser-robot over 1 year ago
Published by knative-prow-releaser-robot over 1 year ago
Published by knative-prow-releaser-robot over 1 year ago
Rebuilt with go1.19.6 to address CVEs
Published by knative-prow-releaser-robot over 1 year ago
Release Notes
Serving
Bumped dependencies to address CVEs
apiVersion
of the webhook's HorizontalPodAutoscaler to autoscaling/v2
(https://github.com/knative/serving/pull/13521, @psschwei)SeccompProfile
to RunTimeDefault
on the queue-proxy sidecar. This seems to break older OpenShift versions and GKE workloads running on gVisor. We will make this option configurable in the future.
svc.cluster.local
as the default domain. As routes using the cluster domain suffix are not exposed through Ingress, users will need to configure DNS in order to expose their services (most users probably already are). (#13259, @psschwei)seccompProfile
in SecurityContext to allow users to comply with the restricted
Pod Security Standards best-practice (#13401, @evankanderson)revision-response-start-timeout-seconds
now defaults to revision-timeout-seconds
. This should unblock upgrades who set revision-timeout-seconds
lower than the default value of 300 (#13255, @dprotaso)Published by knative-prow-releaser-robot over 1 year ago
Bumped dependencies to address CVEs
Published by knative-prow-releaser-robot over 1 year ago
Release Notes
Serving
Knative will now warn (but not error) when creating or updating a PodSpec
where containers have additional privilege due to unset SecurityContext values.
Explicitly setting these values to any setting, including high-privilege ones,
will disable this warning.
These fields are:
runAsNonRoot
(empty means false
)allowPrivilegeEscalation
(empty means true
)seccompProfile.type
(empty string means Unconfined
)capabilities.drop
(default maintains privileges, use ALL
to drop unneeded linux capabilities) (#13399, @evankanderson)Adds the secure-pod-defaults
feature, which is defaulted to Disabled in
this release.
When enabled, containers described by users will have best-practice
SecurityContext features enabled unless insecure settings are specifically
requested. (#13398, @evankanderson)
Work around for cert-manager not allowing us to create certs for 64+ bytes name ksvc (#13569, @KauzClay)
Autoscaler now runs a single leader election go routine (#13585, @dprotaso)
app
label to Service selector for webhook
and domainmapping-webhook
. (#13265, @a7i)Nothing has changed.
Nothing has changed.
Published by knative-prow-releaser-robot almost 2 years ago
Release Notes
Serving
apiVersion
of the webhook's HorizontalPodAutoscaler to autoscaling/v2
(https://github.com/knative/serving/pull/13521, @psschwei)SeccompProfile
to RunTimeDefault
on the queue-proxy sidecar. This seems to break older OpenShift versions and GKE workloads running on gVisor. We will make this option configurable in the future.
svc.cluster.local
as the default domain. As routes using the cluster domain suffix are not exposed through Ingress, users will need to configure DNS in order to expose their services (most users probably already are). (#13259, @psschwei)seccompProfile
in SecurityContext to allow users to comply with the restricted
Pod Security Standards best-practice (#13401, @evankanderson)revision-response-start-timeout-seconds
now defaults to revision-timeout-seconds
. This should unblock upgrades who set revision-timeout-seconds
lower than the default value of 300 (#13255, @dprotaso)Published by knative-prow-releaser-robot almost 2 years ago
Prior RevisionSpec.TimeoutSeconds
would cause a request to timeout if the user container returned no response in the allotted time. This would allow for apps to return some data and then remain open forever indefinitely. This prior behaviour was not conformant to the Knative Serving API specification.
In this release we've fixed this behaviour and provided additional knobs to allow users greater control of various timings.
TimeoutSeconds
represents the max duration a request can takeResponseStartTimeoutSeconds
is the timeout allowed before a request starts respondingIdleTimeoutSeconds
is the max duration a request can remain open without getting any data.autoscaling.knative.dev/activation-scale
annotation that allows the user to set a minimum number of replicas when not scaled to zero. Note that the initial target scale for a revision is still handled by initial-scale
; activation-scale
will only apply on subsequent scales from zero. (#13161, @psschwei)revision-timeout-seconds
in the ConfigMap config-defaults
is configured below 300
(@dprotaso)go version -m [binary]
to get the same information (#13130, @dprotaso)Nothing has changed.
Nothing has changed.
Published by knative-prow-releaser-robot almost 2 years ago
x-kubernetes-preserve-unknown-fields
is now only specified for attributes behind feature flags (#13095, @dprotaso)Nothing has changed.
Published by knative-prow-releaser-robot almost 2 years ago
Release Notes
Serving
apiVersion
of the webhook's HorizontalPodAutoscaler to autoscaling/v2
(https://github.com/knative/serving/pull/13521, @psschwei)SeccompProfile
to RunTimeDefault
on the queue-proxy sidecar. This seems to break older OpenShift versions and GKE workloads running on gVisor. We will make this option configurable in the future.
svc.cluster.local
as the default domain. As routes using the cluster domain suffix are not exposed through Ingress, users will need to configure DNS in order to expose their services (most users probably already are). (#13259, @psschwei)seccompProfile
in SecurityContext to allow users to comply with the restricted
Pod Security Standards best-practice (#13401, @evankanderson)revision-response-start-timeout-seconds
now defaults to revision-timeout-seconds
. This should unblock upgrades who set revision-timeout-seconds
lower than the default value of 300 (#13255, @dprotaso)Published by knative-prow-releaser-robot almost 2 years ago
x-kubernetes-preserve-unknown-fields
is now only specified for attributes behind feature flags (#13095, @dprotaso)Nothing has changed.
Published by knative-prow-releaser-robot almost 2 years ago
Prior RevisionSpec.TimeoutSeconds
would cause a request to timeout if the user container returned no response in the allotted time. This would allow for apps to return some data and then remain open forever indefinitely. This prior behaviour was not conformant to the Knative Serving API specification.
In this release we've fixed this behaviour and provided additional knobs to allow users greater control of various timings.
TimeoutSeconds
represents the max duration a request can takeResponseStartTimeoutSeconds
is the timeout allowed before a request starts respondingIdleTimeoutSeconds
is the max duration a request can remain open without getting any data.autoscaling.knative.dev/activation-scale
annotation that allows the user to set a minimum number of replicas when not scaled to zero. Note that the initial target scale for a revision is still handled by initial-scale
; activation-scale
will only apply on subsequent scales from zero. (#13161, @psschwei)revision-timeout-seconds
in the ConfigMap config-defaults
is configured below 300
(@dprotaso)go version -m [binary]
to get the same information (#13130, @dprotaso)Nothing has changed.
Nothing has changed.
Published by knative-prow-releaser-robot almost 2 years ago
Release Notes
Serving
SeccompProfile
to RunTimeDefault
on the queue-proxy sidecar. This seems to break older OpenShift versions and GKE workloads running on gVisor. We will make this option configurable in the future.
svc.cluster.local
as the default domain. As routes using the cluster domain suffix are not exposed through Ingress, users will need to configure DNS in order to expose their services (most users probably already are). (#13259, @psschwei)seccompProfile
in SecurityContext to allow users to comply with the restricted
Pod Security Standards best-practice (#13401, @evankanderson)revision-response-start-timeout-seconds
now defaults to revision-timeout-seconds
. This should unblock upgrades who set revision-timeout-seconds
lower than the default value of 300 (#13255, @dprotaso)Published by knative-prow-releaser-robot almost 2 years ago
Published by knative-prow-releaser-robot about 2 years ago
Release Notes
Serving
svc.cluster.local
as the default domain. As routes using the cluster domain suffix are not exposed through Ingress, users will need to configure DNS in order to expose their services (most users probably already are). (#13259, @psschwei)seccompProfile
in SecurityContext to allow users to comply with the restricted
Pod Security Standards best-practice (#13401, @evankanderson)SeccompProfile
to RunTimeDefault
to be able to run under restricted PSP policy by default. (#13376, @skonto)revision-response-start-timeout-seconds
now defaults to revision-timeout-seconds
. This should unblock upgrades who set revision-timeout-seconds
lower than the default value of 300 (#13255, @dprotaso)Published by knative-prow-releaser-robot about 2 years ago
x-kubernetes-preserve-unknown-fields
is now only specified for attributes behind feature flags (#13095, @dprotaso)Nothing has changed.
Published by knative-prow-releaser-robot about 2 years ago
Prior RevisionSpec.TimeoutSeconds
would cause a request to timeout if the user container returned no response in the allotted time. This would allow for apps to return some data and then remain open forever indefinitely. This prior behaviour was not conformant to the Knative Serving API specification.
In this release we've fixed this behaviour and provided additional knobs to allow users greater control of various timings.
TimeoutSeconds
represents the max duration a request can takeResponseStartTimeoutSeconds
is the timeout allowed before a request starts respondingIdleTimeoutSeconds
is the max duration a request can remain open without getting any data.autoscaling.knative.dev/activation-scale
annotation that allows the user to set a minimum number of replicas when not scaled to zero. Note that the initial target scale for a revision is still handled by initial-scale
; activation-scale
will only apply on subsequent scales from zero. (#13161, @psschwei)revision-timeout-seconds
in the ConfigMap config-defaults
is configured below 300
(@dprotaso)go version -m [binary]
to get the same information (#13130, @dprotaso)Nothing has changed.
Nothing has changed.