Skip to content

v1.21 release

Announcing Knative v1.21 Release

A new version of Knative is now available across multiple components.

Follow the instructions in Installing Knative to install the components you require.

Table of Contents

Highlights

Minimal supported version of k8s is now bumped to 1.33.

Serving prepares for the upcoming secure-pod-defaults change in v1.22 where AllowRootBounded will become the default. Request logging now supports OpenTelemetry W3C Trace Context while maintaining Zipkin B3 compatibility. A new pod-is-always-schedulable feature helps clusters with autoscaling skip the transient Unschedulable state.

Eventing had a light release focused on stability improvements and dependency updates.

Functions can now be deployed as standard Kubernetes Deployments without Knative Serving using --deployer=raw. The func config ci command gains GitHub Actions workflow generation, Tekton remote builds, and configurable registry authentication. Error handling is improved across the board with better validation and clearer messages.

Serving

Release notes: Knative Serving 1.21

Breaking or Notable Changes

Secure Pod Defaults (#16042, @nader-ziada)

We've introduced secure-pod-defaults in an earlier release and included a new setting AllowRootBounded in v1.20 that offers a better security posture for your workloads but balances the compatibility with images that require/expect you to run as root.

For the 1.21 release the secure-pod-defaults default will remain disabled but in a future release (most likely v1.22) we will switch this default to AllowRootBounded.

If you're unsure whether your workloads will support this new setting you should explicitly set this option to disabled prior to upgrading to v1.22.

For more information see the documentation.

New Features & Changes

  • You can now set the new feature pod-is-always-schedulable to true in the config-deployment ConfigMap. As a result, Knative will not mark revisions as Unschedulable when a Pod is not scheduled. This makes sense if you want to omit this transient state in clusters that have cluster-autoscaling set up, and you can guarantee that all Pods will be eventually scheduled. (#16146, @SaschaSchwarze0)
  • Activator probe timeout and frequency are now configurable via PROBE_TIMEOUT and PROBE_FREQUENCY environment variables. (#16250, @bindrad)
  • Add terminationGracePeriodSeconds support for user and sidecar container probes (#16255, @flomedja)
  • Added support for OpenTelemetry W3C Trace Context (traceparent header) in request logging, while maintaining backward compatibility with Zipkin B3 format. (#16168, @SomilJain0112)
  • Allow activator to be out of the request path when system-internal-tls is enabled (#16183, @linkvt)
  • Allow adjusting Revision min/max scale annotations (#16186, @dprotaso)
  • Allow unreachable revisions with initialScale > 1 to scale to 0 (#16327, @aviralgarg05)
  • Include two new activator metrics (kn.activator.stats.conn.reachable, kn.activator.stats.conn.errors) that reflect the stats reporter connection status (#16318, @prashanthjos)

Bug Fixes

  • Preserve deployment and template annotations and labels during reconcile (#16199, @linkvt)
  • Fall back to HTTP1 on failed HTTP2 health probes (e.g. on connection error or non-readiness) (#16205, @linkvt)
  • Fix a rare data race in revision backend manager creating revision watchers during shutdown (#16225, @linkvt)
  • Fix metric names to match the original design document: kn.queueproxy.app.duration becomes kn.serving.invocation.duration and kn.queueproxy.depth becomes kn.serving.queue.depth (#16290, @dprotaso)
  • Fix request log output corruption when using invalid log templates (#16242, @linkvt)
  • Fixed duplicate ACME challenge paths when Services with traffic tags use HTTP-01 challenges for TLS certificates. (#16259, @linkvt)
  • Services can no longer route traffic to revisions belonging to different services; attempting to do so will result in Ready=False with reason RevisionNotOwned. (#16294, @linkvt)
  • Services with invalid networking.knative.dev/* annotations on the revision template now fail immediately with a clear error instead of getting stuck. (#16296, @linkvt)
  • Switch to async metric instrumentation to avoid unbounded memory growth (#16300, @dprotaso)
  • Fix sub-second precision metric reporting (#16358, @dprotaso)

Eventing

Release notes: Knative Eventing 1.21

This release includes minor improvements and bug fixes:

Functions

Release notes: Knative Functions 1.21

Enhancements

  • Add --platform flag to func config ci command allowing users to specify which CI/CD platform to generate manifests for. Currently supports "github" (default). (#3379, @twoGiants)
  • Add --remote flag to func config ci to build functions on a Tekton enabled cluster and --workflow-dispatch to trigger workflows manually via the GitHub CLI or UI. (#3128, @twoGiants)
  • Add the --registry-authfile build parameter to specify a custom registry auth file location (#3208, @creydr)
  • Add the possibility to deploy a function as raw Kubernetes deployment via the --deployer=raw argument (#3075, @creydr)
  • Added env as a short alias for the environment command. Users can now use func env as a convenient shorthand for func environment. (#3219, @RayyanSeliya)
  • Allow to print the output from func version as json or yaml too (#3280, @creydr)
  • Event subscriptions now work with raw Kubernetes deployer (--deployer raw). (#3335, @24aysh)
  • Pull secrets pre-check before deployment (#3333, @matejvasek)
  • Implement GitHub Actions workflow generation in func config ci command. The command now creates a complete deployment workflow with Kubernetes context setup, func CLI installation, and automated deployment. (#3295, @twoGiants)
  • Improve error message when func describe is run outside function directory to be more beginner-friendly. (#3027, @RayyanSeliya)
  • Invalid domain names are now caught immediately with helpful error messages, preventing wasted build time (#3152, @RayyanSeliya)
  • Invalid namespace names are now caught immediately with helpful error messages, preventing wasted build time (#3133, @RayyanSeliya)
  • Provide used middleware version as a function label (#3270, @creydr)
  • The func config ci command now resolves --path and --branch flags intelligently, defaulting to the current directory and git branch. (#3371, @twoGiants)
  • The func config ci command now supports configurable registry authentication and runner options. (#3297, @twoGiants)

Bug Fixes

  • Add latest middleware versions in func version output (#3281, @creydr)
  • Fix on-cluster-build freeze caused by co-scheduling/affinity issues (#3350, @matejvasek)
  • Fix populate image field in func describe (#3220, @creydr)
  • Fix push permission check with GitLab image registry (#3263, @matejvasek)
  • func run --builder=host now fails fast with helpful guidance when explicit ports are invalid, privileged, or already in use instead of silently choosing a random port (#3176, @RayyanSeliya)
  • Function names starting with hyphens now show helpful DNS-1035 naming guidance instead of confusing flag parsing errors (#3167, @RayyanSeliya)
  • func deploy now validates cluster connectivity before building, providing immediate feedback with clear error messages instead of wasting time on builds that will fail deployment. (#3117, @RayyanSeliya)
  • Better error for s2i build -- show inner cause of the error (#3185, @matejvasek)
  • Hidden flags --username/--password (and affiliated envvars) now work also for s2i and pack builder (#3298, @matejvasek)

Knative Operator

Release notes: Knative Operator 1.21

This release contains dependency updates only.

Thank you, contributors

Release Leads:

Contributors:

Learn more

Knative is an open source project that anyone in the community can use, improve, and enjoy. We'd love you to join us!

We use analytics and cookies to understand site traffic. Information about your use of our site is shared with Google for that purpose. Learn more.

× OK