v1.19.9

v1.19.9

v1.19.8

🚨 Breaking or Notable Changes

We've dropped support for OpenCensus (which has been deprecated for a while) in favour of OpenTelemetry. This is a breaking change and details are documented here in the design document. and the website (https://knative.dev/docs/serving/observability/metrics/collecting-metrics/)

What's Changed

• [release-1.19] Fix Serving Metric Names to match Design Document by @knative-prow-robot in #16292
• [release-1.19] Make autoscaler instrument async so we can remove metric attributes when revisions go away by @knative-prow-robot in #16301

Full Changelog: knative-v1.19.7...knative-v1.19.8

v1.21.0

🚨 Breaking or Notable Changes

Secure Pod Defaults (#16042, @nader-ziada)

We've introduce secure-pod-defaults in an earlier release and included a new setting AllowRootBounded in v1.20 that offers a better security posture for your workloads but balances the compatibility with images that require/expect you to run as root.

For 1.21 release the secure-pod-defaults default will remain disabled but in a future release (most likely v1.22) we will switch this default to AllowRootBounded.

If you're unsure whether your workloads will support this new setting you should explicitly set this option to disabled prior to upgrading to v1.22.

For more information see the documentation and reach out if you foresee issues in your testing.

💫 New Features & Changes

• You can now set the new feature pod-is-always-schedulable to true in the config-deployment ConfigMap. As a result, Knative will not mark revisions as Unschedulable when a Pod is not scheduled. This makes sense if you want to omit this transient state in clusters that have cluster-autoscaling set up, and you can guarantee that all Pods will be eventually scheduled. (#16146, @SaschaSchwarze0)
• Activator probe timeout and frequency are now configurable via PROBE_TIMEOUT and PROBE_FREQUENCY environment variables. (#16250, @bindrad)
• Add terminationGracePeriodSeconds support for user and sidecar container probes (#16255, @flomedja)
• Added support for OpenTelemetry W3C Trace Context (traceparent header) in request logging, while maintaining backward compatibility with Zipkin B3 format. (#16168, @SomilJain0112)
• Allow activator to be out of the request path when system-internal-tls is enabled (#16183, @linkvt)
• Allow adjusting Revision min/max scale annotations (#16186, @dprotaso)
• Allow unreachable revisions with initialScale > 1 to scale to 0 (#16327, @aviralgarg05)
• Include two new activator metrics (kn.activator.stats.conn.reachable, kn.activator.stats.conn.errors) that reflect the stats reporter connection status (#16318, @prashanthjos)

🐞Bug Fixes

• Preserve deployment and template annotations and labels during reconcile (#16199, @linkvt)
• Fall back to HTTP1 on failed HTTP2 health probes (e.g. on connection error or non-readiness) (#16205, @linkvt)
• Fix a rare data race in revision backend manager creating revision watchers during shutdown (#16225, @linkvt)
• Fix flaky HTTPS e2e tests by waiting for HTTPS endpoint to be Ready. (#16230, @linkvt)
• Fix metric names to match the original design document kn.queueproxy.app.duration becomes kn.serving.invocation.duration and kn.queueproxy.depth becomes kn.serving.queue.depth (#16290, @dprotaso)
• Fix request log output corruption when using invalid log templates (#16242, @linkvt)
• Fixed duplicate ACME challenge paths when Services with traffic tags use HTTP-01 challenges for TLS certificates. (#16259, @linkvt)
• Services can no longer route traffic to revisions belonging to different services; attempting to do so will result in Ready=False with reason RevisionNotOwned. (#16294, @linkvt)
• Services with invalid networking.knative.dev/* annotations on the revision template now fail immediately with a clear error instead of getting stuck. (#16296, @linkvt)
• Switch to async metric instrumentation to avoid unbounded memory growth (#16300, @dprotaso)
• fix sub-second precision metric reporting (#16358, @dprotaso)

New Contributors

• @SomilJain0112 made their first contribution in #16168
• @linkvt made their first contribution in #16230
• @bindrad made their first contribution in #16250
• @prashanthjos made their first contribution in #16318
• @aviralgarg05 made their first contribution in #16327

Dependencies

Added

• github.com/CloudyKit/fastprinter: 33d98a0
• github.com/CloudyKit/jet/v6: v6.2.0
• github.com/Joker/jade: v1.1.3
• github.com/RaveNoX/go-jsoncommentstrip: v1.0.0
• github.com/Shopify/goreferrer: 8cddb4f
• github.com/andybalholm/brotli: v1.0.5
• github.com/apapsch/go-jsonmerge/v2: v2.0.0
• github.com/aymerick/douceur: v0.2.0
• github.com/bmatcuk/doublestar: v1.1.1
• github.com/bytedance/sonic: v1.10.0-rc3
• github.com/chenzhuoyu/base64x: 296ad89
• github.com/chenzhuoyu/iasm: v0.9.0
• github.com/fatih/structs: v1.1.0
• github.com/flosch/pongo2/v4: v4.0.2
• github.com/gabriel-vasile/mimetype: v1.4.2
• github.com/gin-contrib/sse: v0.1.0
• github.com/gin-gonic/gin: v1.9.1
• github.com/go-playground/locales: v0.14.1
• github.com/go-playground/universal-translator: v0.18.1
• github.com/go-playground/validator/v10: v10.14.1
• github.com/goccy/go-json: v0.10.2
• github.com/gomarkdown/markdown: 531d2d7
• github.com/gorilla/css: v1.0.0
• github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus: v1.0.1
• github.com/grpc-ecosystem/go-grpc-middleware/v2: v2.3.0
• github.com/iris-contrib/schema: v0.0.6
• github.com/juju/gnuflag: 2ce1bb7
• github.com/kataras/blocks: v0.0.7
• github.com/kataras/golog: v0.1.9
• github.com/kataras/iris/v12: v12.2.5
• github.com/kataras/pio: v0.0.12
• github.com/kataras/sitemap: v0.0.6
• github.com/kataras/tunnel: v0.0.4
• github.com/klauspost/cpuid/v2: v2.2.5
• github.com/leodido/go-urn: v1.2.4
• github.com/mailgun/raymond/v2: v2.0.48
• github.com/microcosm-cc/bluemonday: v1.0.25
• github.com/oapi-codegen/runtime: v1.0.0
• github.com/pelletier/go-toml/v2: v2.0.9
• github.com/schollz/closestmatch: v2.1.0+incompatible
• github.com/spkg/bom: 59b7046
• github.com/tdewolff/minify/v2: v2.12.8
• github.com/tdewolff/parse/v2: v2.6.7
• github.com/twitchyliquid64/golang-asm: v0.15.1
• github.com/ugorji/go/codec: v1.2.11
• github.com/vmihailenco/msgpack/v5: v5.3.5
• github.com/vmihailenco/tagparser/v2: v2.0.0
• github.com/yosssi/ace: v0.0.5
• go.etcd.io/raft/v3: v3.6.0
• golang.org/x/arch: v0.4.0
• sigs.k8s.io/structured-merge-diff/v6: v6.3.0

Changed

• cloud.google.com/go/compute/metadata: v0.7.0 → v0.9.0
• github.com/BurntSushi/toml: v0.3.1 → v1.3.2
• github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: v1.29.0 → v1.30.0
• github.com/alecthomas/units: b94a6e3 → 0f3dac3
• github.com/cncf/xds/go: 2ac532f → 0feb691
• github.com/emicklei/go-restful/v3: v3.12.1 → v3.12.2
• github.com/envoyproxy/go-control-plane/envoy: v1.32.4 → v1.35.0
• github.com/envoyproxy/go-control-plane: v0.13.4 → 75eaa19
• github.com/fsnotify/fsnotify: v1.7.0 → v1.9.0...

v1.20.2

v1.20.2

v1.20.1

🚨 Breaking or Notable Changes

Metrics and Tracing

In v1.19 we've dropped support for OpenCensus (which has been deprecated for a while) in favour of OpenTelemetry. This is a breaking change and details are documented here in the design document. and the website (https://knative.dev/docs/serving/observability/metrics/collecting-metrics/)

Secure Pod Defaults (#16042, @nader-ziada)

We've introduce secure-pod-defaults in an earlier release but this release includes a new setting AllowRootBounded that offers a better security posture for your workloads but balances the compatibility with images that require/expect you to run as root.

For v1.20 release the secure-pod-defaults default will remain disabled but in a future release (most likely v1.21) we will switch this default to AllowRootBounded.

If you're unsure whether your workloads will support this new setting you should explicitly set this option to disabled prior to upgrading to v1.21.

What's Changed

• [release-1.20] Fix Serving Metric Names to match Design Document by @knative-prow-robot in #16293
• [release-1.20] Make autoscaler instrument async so we can remove metric attributes when revisions go away by @knative-prow-robot in #16302
• [release-1.20] Preserve deployment and its template labels and annotations by @knative-prow-robot in #16303
• [release-1.20] Suppress 'default value insecure' warning when secure-pod-defaults is enabled. by @knative-prow-robot in #16220
• [release-1.20] Upgrade to latest dependencies by @knative-automation in #16319

Full Changelog: knative-v1.20.0...knative-v1.20.1

v1.20.1

v1.20.1

🚨 Breaking or Notable Changes

Metrics and Tracing

In v1.19 we've dropped support for OpenCensus (which has been deprecated for a while) in favour of OpenTelemetry. This is a breaking change and details are documented here in the design document. and the website (https://knative.dev/docs/serving/observability/metrics/collecting-metrics/)

Secure Pod Defaults (#16042, @nader-ziada)

We've introduce secure-pod-defaults in an earlier release but this release includes a new setting AllowRootBounded that offers a better security posture for your workloads but balances the compatibility with images that require/expect you to run as root.

For v1.20 release the secure-pod-defaults default will remain disabled but in a future release (most likely v1.21) we will switch this default to AllowRootBounded.

If you're unsure whether your workloads will support this new setting you should explicitly set this option to disabled prior to upgrading to v1.21.

What's Changed

• [release-1.20] Fix Serving Metric Names to match Design Document by @knative-prow-robot in #16293
• [release-1.20] Make autoscaler instrument async so we can remove metric attributes when revisions go away by @knative-prow-robot in #16302
• [release-1.20] Preserve deployment and its template labels and annotations by @knative-prow-robot in #16303
• [release-1.20] Suppress 'default value insecure' warning when secure-pod-defaults is enabled. by @knative-prow-robot in #16220
• [release-1.20] Upgrade to latest dependencies by @knative-automation in #16319

Full Changelog: knative-v1.20.0...knative-v1.20.1

v1.19.8

v1.19.8

🚨 Breaking or Notable Changes

We've dropped support for OpenCensus (which has been deprecated for a while) in favour of OpenTelemetry. This is a breaking change and details are documented here in the design document. and the website (https://knative.dev/docs/serving/observability/metrics/collecting-metrics/)

What's Changed

• [release-1.19] Fix Serving Metric Names to match Design Document by @knative-prow-robot in #16292
• [release-1.19] Make autoscaler instrument async so we can remove metric attributes when revisions go away by @knative-prow-robot in #16301

Full Changelog: knative-v1.19.7...knative-v1.19.8

v1.20.0

🚨 Breaking or Notable Changes

Metrics and Tracing

In v1.19 we've dropped support for OpenCensus (which has been deprecated for a while) in favour of OpenTelemetry. This is a breaking change and details are documented here in the design document. and the website (https://knative.dev/docs/serving/observability/metrics/collecting-metrics/)

Secure Pod Defaults (#16042, @nader-ziada)

We've introduce secure-pod-defaults in an earlier release but this release includes a new setting AllowRootBounded that offers a better security posture for your workloads but balances the compatibility with images that require/expect you to run as root.

For v1.20 release the secure-pod-defaults default will remain disabled but in a future release (most likely v1.21) we will switch this default to AllowRootBounded.

If you're unsure whether your workloads will support this new setting you should explicitly set this option to disabled prior to upgrading to v1.21.

For more information see the documentation and reach out if you foresee issues in your testing.

💫 New Features & Changes

• Create a new value for secure-pod-defaults: AllowRootBounded
  • when AllowRootBounded, defaults SeccompProfile and Capabilities if nil
  • when enabled sets RunAsNonRoot to true if not already specified (#16042, @nader-ziada)
• Made it possible to configure the httputil.ReverseProxy or add http.Handlers to queue-proxy in out-of-tree builds. (#16097, @mbaynton)
• Podspec-dryrun feature flag has been removed. Dry run validation will now occur when a user opts into it using kubectl apply --dry-run=server (#16008, @Alexander-Kita)
• Add distinct logging for timeout types by @thiagomedina in #16109
• drop unnecessary 'kn.activator.proxy' metric/span attribute by @dprotaso in #16045
• bump Istio to v1.27 and Contour to v1.33 by @dprotaso in #16099
• Keep queue-proxy admin server on HTTP for PreStop hooks by @Fedosin in #16163

🐞Bug Fixes

• Fix min-scale transition by @dprotaso in #16094
• Add initialize conditions to MakePA to avoid potential race conditions by @nader-ziada in #16037
• For orphaned certificates if we have an issue listing just log the error by @dprotaso in #16096
• Fix queue proxy user metrics port by @dprotaso in #16018
• drop unused metrics domain env var by @dprotaso in #16019
• fix otelhttp setup in activator by @dprotaso in #16044
• Drop probe tracing in queue-proxy by @dprotaso in #16048
• Adjust queue proxy metric attributes by @dprotaso in #16049
• Serving Metric Tweaks by @dprotaso in #16062
• Fix: PodAutoscaler not reconciled due to missing class annotation by @nader-ziada in #16141

New Contributors

• @Alexander-Kita made their first contribution in #16008
• @mbaynton made their first contribution in #16097
• @thiagomedina made their first contribution in #16109
• @ali-a-a made their first contribution in #16201

Dependencies

Added

• github.com/prometheus/otlptranslator: v1.0.0
• golang.org/x/tools/go/expect: v0.1.1-deprecated
• golang.org/x/tools/go/packages/packagestest: v0.1.1-deprecated

Changed

• cel.dev/expr: v0.23.0 → v0.24.0
• cloud.google.com/go/compute/metadata: v0.6.0 → v0.7.0
• github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: v1.27.0 → v1.29.0
• github.com/cenkalti/backoff/v5: v5.0.2 → v5.0.3
• github.com/census-instrumentation/opencensus-proto: v0.4.1 → v0.2.1
• github.com/cncf/xds/go: ae57f3c → 2ac532f
• github.com/go-jose/go-jose/v4: v4.0.5 → v4.1.1
• github.com/golang/glog: v1.2.4 → v1.2.5
• github.com/grpc-ecosystem/grpc-gateway/v2: v2.27.1 → v2.27.2
• github.com/prometheus/client_golang: v1.22.0 → v1.23.2
• github.com/prometheus/common: v0.65.0 → v0.66.1
• github.com/prometheus/procfs: v0.16.1 → v0.17.0
• github.com/spf13/pflag: v1.0.6 → v1.0.10
• github.com/stretchr/testify: v1.10.0 → v1.11.1
• go.opentelemetry.io/contrib/detectors/gcp: v1.35.0 → v1.36.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.62.0 → v0.63.0
• go.opentelemetry.io/contrib/instrumentation/runtime: v0.62.0 → v0.63.0
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc: v1.37.0 → v1.38.0
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp: v1.37.0 → v1.38.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.37.0 → v1.38.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp: v1.37.0 → v1.38.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.37.0 → v1.38.0
• go.opentelemetry.io/otel/exporters/prometheus: v0.59.0 → v0.60.0
• go.opentelemetry.io/otel/exporters/stdout/stdouttrace: v1.37.0 → v1.38.0
• go.opentelemetry.io/otel/metric: v1.37.0 → v1.38.0
• go.opentelemetry.io/otel/sdk/metric: v1.37.0 → v1.38.0
• go.opentelemetry.io/otel/sdk: v1.37.0 → v1.38.0
• go.opentelemetry.io/otel/trace: v1.37.0 → v1.38.0
• go.opentelemetry.io/otel: v1.37.0 → v1.38.0
• go.opentelemetry.io/proto/otlp: v1.7.0 → v1.7.1
• go.yaml.in/yaml/v3: v3.0.3 → v3.0.4
• golang.org/x/crypto: v0.39.0 → v0.43.0
• golang.org/x/mod: v0.25.0 → v0.29.0
• golang.org/x/net: v0.41.0 → v0.46.0
• golang.org/x/sync: v0.15.0 → v0.17.0
• golang.org/x/sys: v0.33.0 → v0.37.0
• golang.org/x/telemetry: bda5523 → 078029d
• golang.org/x/term: v0.32.0 → v0.36.0
• golang.org/x/text: v0.26.0 → v0.30.0
• golang.org/x/tools: v0.34.0 → v0.38.0
• gonum.org/v1/gonum: 3f7ecaa → v0.16.0
• google.golang.org/genproto/googleapis/api: 513f239 → c5933d9
• google.golang.org/genproto/googleapis/rpc: 513f239 → c5933d9
• google.golang.org/grpc: v1.73.0 → v1.75.0
• google.golang.org/protobuf: v1.36.6 → v1.36.8
• k8s.io/api: v0.33.1 → v0.33.5
• k8s.io/apiextensions-apiserver: v0.33.1 → v0.33.5
• k8s.io/apimachinery: v0.33.1 → v0.33.5
• k8s.io/apiserver: v0.33.1 → v0.33.5
• k8s.io/client-go: v0.33.1 → v0.33.5
• k8s.io/code-generator: v0.33.1 → v0.33.5
• k8s.io/component-base: v0.33.1 → v0.33.5
• k8s.io/kms: v0.33.1 → v0.33.5
• knative.dev/caching: fd36b19 → 09d3ca0
• knative.dev/hack: 70d4b00 → 4fae780
• knative.dev/networking: edb1a4a → 0bde191
• knative.dev/pkg: 19d3cc2 → 7bf6feb
• sigs.k8s.io/yaml: v1.5.0 → v1.6.0

Removed

• contrib.go.opencensus.io/exporter/ocagent: 05415f1
• contrib.go.opencensus.io/exporter/prometheus: v0.4.2
• contrib.go.opencensus.io/exporter/zipkin: v0.1.2
• github.com/go-kit/log: v0.2.1
• github.com/go-logfmt/logfmt: v0.5.1
• github.com/openzipkin/zipkin-go: v0.4.3
• github.com/prometheus/statsd_exporter: v0.22.7

Full Changelog: knative-v1.19.0...knative-v1.20.0

v1.19.7

🚨 Breaking or Notable Changes

We've dropped support for OpenCensus (which has been deprecated for a while) in favour of OpenTelemetry. This is a breaking change and details are documented here in the design document. and the website (https://knative.dev/docs/serving/observability/metrics/collecting-metrics/)

What's Changed

• [release-1.19] Fix min-scale transition by @knative-prow-robot in #16101
• [release-1.19] Upgrade to latest dependencies by @knative-automation in #16192
• [release-1.19] Fix: PodAutoscaler not reconciled due to missing class annotation by @knative-prow-robot in #16191
• [release-1.19] Fix: controller crash due to metric panic

Full Changelog: knative-v1.19.6...knative-v1.19.7

v1.18.2

What's Changed

• [release-1.18] Fix min-scale transition by @knative-prow-robot in #16100
• [release-1.18] Fix: PodAutoscaler not reconciled due to missing class annotation by @knative-prow-robot in #16190

Full Changelog: knative-v1.18.1...knative-v1.18.2

v1.19.6

v1.19.6

🚨 Breaking or Notable Changes

We've dropped support for OpenCensus (which has been deprecated for a while) in favour of OpenTelemetry. This is a breaking change and details are documented here in the design document. and the website (https://knative.dev/docs/serving/observability/metrics/collecting-metrics/)

What's Changed

• [release-1.19] Serving Metric Tweaks by @knative-prow-robot in #16063
• [release-1.19] Fix work queue depth metric calculation in #16084

Full Changelog: knative-v1.19.5...knative-v1.19.6

v1.19.5

🚨 Breaking or Notable Changes

We've dropped support for OpenCensus (which has been deprecated for a while) in favour of OpenTelemetry. This is a breaking change and details are documented here in the design document. Website updates are currently in progress.

What's Changed

What's Changed

• [release-1.19] Fix release script @dprotaso

Full Changelog: knative-v1.19.4...knative-v1.19.5