Announcing Knative v1.20 Release¶

A new version of Knative is now available across multiple components.

Follow the instructions in Installing Knative to install the components you require.

Table of Contents¶

There have been various changes in core components for this release.

For serving we introduced new value AllowRootBounded for secure-pod-defaults option that balances security with compatibility and is planned to become the default in v1.21 (More info below!).
Eventing introduces a complete Request Reply data plane and adds support for Pod default credentials in AWS Integration resources.
Functions' CLI now provides more clearer errors and hints to users when things go wrong with build, deploy and delete commands. We also include some bug fixes.
Operator recieved a fix for deadlock occurring during KnativeServing creation with system-internal-tls enabled.

Original notes: Knative Serving 1.20

In v1.19 we've dropped support for OpenCensus (which has been deprecated for a while) in favour of OpenTelemetry. This is a breaking change and details are documented here in the design document. and the website (https://knative.dev/docs/serving/observability/metrics/collecting-metrics/)
Secure Pod Defaults (#16042, @nader-ziada)
We've introduced secure-pod-defaults in an earlier release but this release includes a new setting AllowRootBounded that offers a better security posture for your workloads but balances the compatibility with images that require/expect you to run as root. For v1.20 release the secure-pod-defaults default will remain disabled but in a future release (most likely v1.21) we will switch this default to AllowRootBounded.

Create a new value for secure-pod-defaults: AllowRootBounded when AllowRootBounded, defaults SeccompProfile and Capabilities if nil and when enabled sets RunAsNonRoot to true if not already specified (#16042, @nader-ziada)
Made it possible to configure the httputil.ReverseProxy or add http.Handlers to queue-proxy in out-of-tree builds. (#16097, @mbaynton)
Podspec-dryrun feature flag has been removed. Dry run validation will now occur when a user opts into it using kubectl apply --dry-run=server (#16008, @Alexander-Kita)
Add distinct logging for timeout types (#16109, @thiagomedina)
drop unnecessary 'kn.activator.proxy' metric/span attribute (#16045, @dprotaso)
bump Istio to v1.27 and Contour to v1.33 (#16099,@dprotaso)
Keep queue-proxy admin server on HTTP for PreStop hooks (#16163, @Fedosin)

Fix min-scale transition (#16094, @dprotaso)
Add initialize conditions to MakePA to avoid potential race conditions (#16037, @nader-ziada)
For orphaned certificates if we have an issue listing just log the error (#16096, @dprotaso)
Fix queue proxy user metrics port (#16018, @dprotaso)
drop unused metrics domain env var (#16019, @dprotaso)
fix otelhttp setup in activator (#16044, @dprotaso)
Drop probe tracing in queue-proxy (#16048, @dprotaso)
Adjust queue proxy metric attributes (#16049, @dprotaso)
Serving Metric Tweaks (#16062, @dprotaso)
Fix: PodAutoscaler not reconciled due to missing class annotation (#16141, @nader-ziada)

Original notes: Knative Eventing 1.20

Add support for using Pod default credentials in AWS IntegrationSource and IntegrationSink resources by specifying a ServiceAccount. (#8731, @qswinson)
Event files received by Jobsinks will now include the Distributed Tracing extension (#8626, @cobyge)
Eventing Core triggers now support the KN_VERIFY_CORRELATION_ID CESQL function (#8700, @Cali0707)
Feat: Added complete request reply data plane (#8699, @Cali0707)
Feat: the RequestReply resource can now be deployed from eventing core (#8701, @Cali0707)

Fix a bug where the SkipPermissions mode of the ApiServerSource was not restarting the adapter pod properly. (#8736, @rh-hemartin)
Fix: metrics with prometheus use the same default port as before, 9092 (#8669, @Cali0707)
Fixes broken MT channel based broker when TLS is disabled and OIDC enabled (#8727, @twoGiants)

Correct guide on how to install Cert-manager manually in DEVELOPMENT.md (#8741, @twoGiants)

Original notes: Knative Functions 1.20

Func build and deploy commands now provide better error messages and validation (#3058,#3062,#3066, @RayyanSeliya)
Improve error messages and include user hints on failures for various commands (#3016,#3018,#3022,#3025,#3038 @RayyanSeliya)
Improve func delete user experience by creating better error messages (#3054, @RayyanSeliya)
Improve func deploy user experience by showing clear error guidance (#3042, @RayyanSeliya)

Fix: Python pack build/run doesn't pick up code changes (#3079) (#3080, @matejvasek)
Fix: fallback to python3 if python not present (#3082, @matejvasek)
Fix: host builder can push images to cluster internal registries (#3130, @matejvasek)
Fix: host builder uses base-image with correct version of Python (#2965, @matejvasek)

Remove the --container flag - builds are determined via builder itself for func run command (#2987, @gauron99)
Improved function run output to show both host and port when running locally (#2953, @RayyanSeliya)
Fix pod security context fs permissions (#2946, @lkingland)
Fix: backward compatibility for building old Python Functions with newer func (#2962, @matejvasek)

Original notes: Knative Operator 1.20

Fix deadlock during creation of KnativeServing with system-internal-tls enabled (#2179, @linkvt)

Release Leads:

Contributors:

Knative is an open source project that anyone in the community can use, improve, and enjoy. We'd love you to join us!