Skip to content

Announcing Knative 1.9 Release ΒΆ

Published on: 2023-01-28 ,  Revised on: 2023-06-01

Announcing Knative 1.9 Release

A new version of Knative is now available across multiple components.

Follow the instructions in Installing Knative to install the components you require.

This release brings a number of smaller improvements to the core Knative Serving and Eventing components, and several improvements to specific plugins.

Table of Contents


Release Notes

🚨 Breaking or Notable

  • Knative will now warn (but not error) when creating or updating a PodSpec where containers have additional privilege due to unset SecurityContext values. Explicitly setting these values to any setting, including high-privilege ones, will disable this warning.

These fields are: - runAsNonRoot (empty means false) - allowPrivilegeEscalation (empty means true) - seccompProfile.type (empty string means Unconfined) - capabilities.drop (default maintains privileges, use ALL to drop unneeded linux capabilities) (#13399, @evankanderson) - All Serving container images are signed with cosign (@upodroid).

πŸ’« New Features & Changes

  • Net-contour respects the internal-encryption Knative configuration, and encrypts traffic from Contour controlled Envoy to Activator. Requires Contour 1.24.0 or greater (#819, @KauzClay)
  • Adds the secure-pod-defaults feature, which is defaulted to Disabled in this release. When enabled, containers described by users will have best-practice SecurityContext features enabled unless insecure settings are specifically requested. (#13398, @evankanderson)
  • Work around for cert-manager not allowing us to create certs for 64+ bytes name ksvc (#13569, @KauzClay and @dprotaso)
  • Autoscaler now runs a single leader election go routine (#13585, @dprotaso)

Small Improvements

  • Add app label to Service selector for webhook and domainmapping-webhook. (#13265, @a7i)
  • Upgrade tests now stream logs from user and system namespace. The logs are printed on failure. (#13587, @mgencur)
  • net-kourier deployments now have Prometheus scraping annotations (#978, @evankanderson)
  • net-kourier deployments now have resource requests and limits

Bug Fixes

  • Changes to Pod or Revision-level defaults during Knative upgrades will no longer be attempted (and failed) when supplying your own Revision name. (#13565, @evankanderson)
  • net-contour would erroneously redirect cluster-local endpoints to HTTPS URLs when AutoTLS was enabled and default-tls-secret was set. (#856, @jsanin-vmw)
  • Improved truncation of long generated names, which would sometimes produce invalid kubernetes resource names. (#847, @KauzClay)


Release Notes

πŸ’« New Features & Changes

  • πŸ“„ ApiServerSource can specify a selector to target one or more namespaces. If the selector is missing, it will default to targeting the namespace in which the source resides (#6665, @gab-satchi)
  • All Eventing container images are signed with cosign (@upodroid).

Bug fixes

  • πŸ› Fixes an issue where creating a Trigger before a RabbitMQ Broker could create an invalid Trigger. (#1018, @gab-satchi)


Release Notes

πŸ’« New Features & Changes

  • quickstart plugin will now create a local registry. (#376, @ehudyonasi)
  • All Client container images are signed with cosign (@upodroid).

Small improvements

  • Updates the quickstart version of Kubernetes to v1.25.3. Also updates the recommended versions of kind and minikube to 0.16 and 1.28, respectively. (#368, @psschwei)
  • quickstart will exit quickly if Knative namespace already exist in cluster. (#379, @ehudyonasi)


Release Notes

πŸ’« New Features & Changes

  • The springboot function templates have been updated to use Spring Boot 3.0 and the new Spring 6.0 AOT support. Note: this requires Java 17 when building locally. (#1509, @trisberg)
  • Node.js and TypeScript functions now support ESM modules (#1468, @lance)

Small Improvements

  • Updated springboot function templates to use Spring Boot version 2.7.7 (#1502, @trisberg)

Bug or Regression

  • Fix: envvar parsing for pack tekton task when envvar contains the = char (#1512, @matejvasek)
  • Fixes a bug preventing autoscaling options from being applied (#1482, @zroubalik)
  • Fixes a bug where --path was sometimes not evaluated. (#1519, @lkingland)

Other (Cleanup or Flake)

  • Fixes an issue for developers where code in the test package would not be fully supported by some IDEs (#1503, @lkingland)
  • Update the error message when neither the --registry flag nor the FUNC_REGISTRY environment variable are set (#1510, @lance)


Release Notes

  • Security-Guard version 0.4 can now be installed using the Knative Operator. This new release of Security-Guard also includes TLS+Token support to secure internal communications between Security-Guard components (#1301, @houshengbo)
  • All Operator container images are signed with cosign (@upodroid).

Thank you, contributors

Release Leads:

Learn more

Knative is an open source project that anyone in the community can use, improve, and enjoy. We'd love you to join us!

We use analytics and cookies to understand site traffic. Information about your use of our site is shared with Google for that purpose. Learn more.

× OK