Announcing Knative 1.9 Release

A new version of Knative is now available across multiple components.

Follow the instructions in Installing Knative to install the components you require.

This release brings a number of smaller improvements to the core Knative Serving and Eventing components, and several improvements to specific plugins.

Table of Contents

• Serving
• Eventing
• kn CLI
• Functions
• Knative Operator

Serving

Release Notes

🚨 Breaking or Notable

• Knative will now warn (but not error) when creating or updating a PodSpec where containers have additional privilege due to unset SecurityContext values. Explicitly setting these values to any setting, including high-privilege ones, will disable this warning.

These fields are: - runAsNonRoot (empty means false) - allowPrivilegeEscalation (empty means true) - seccompProfile.type (empty string means Unconfined) - capabilities.drop (default maintains privileges, use ALL to drop unneeded linux capabilities) (#13399, @evankanderson) - All Serving container images are signed with cosign (@upodroid).

💫 New Features & Changes

• Net-contour respects the internal-encryption Knative configuration, and encrypts traffic from Contour controlled Envoy to Activator. Requires Contour 1.24.0 or greater (#819, @KauzClay)
• Adds the secure-pod-defaults feature, which is defaulted to Disabled in this release. When enabled, containers described by users will have best-practice SecurityContext features enabled unless insecure settings are specifically requested. (#13398, @evankanderson)
• Work around for cert-manager not allowing us to create certs for 64+ bytes name ksvc (#13569, @KauzClay and @dprotaso)
• Autoscaler now runs a single leader election go routine (#13585, @dprotaso)

Small Improvements

• Add app label to Service selector for webhook and domainmapping-webhook. (#13265, @a7i)
• Upgrade tests now stream logs from user and system namespace. The logs are printed on failure. (#13587, @mgencur)
• net-kourier deployments now have Prometheus scraping annotations (#978, @evankanderson)
• net-kourier deployments now have resource requests and limits

Bug Fixes

• Changes to Pod or Revision-level defaults during Knative upgrades will no longer be attempted (and failed) when supplying your own Revision name. (#13565, @evankanderson)
• net-contour would erroneously redirect cluster-local endpoints to HTTPS URLs when AutoTLS was enabled and default-tls-secret was set. (#856, @jsanin-vmw)
• Improved truncation of long generated names, which would sometimes produce invalid kubernetes resource names. (#847, @KauzClay)

Eventing

Release Notes

💫 New Features & Changes

• 📄 ApiServerSource can specify a selector to target one or more namespaces. If the selector is missing, it will default to targeting the namespace in which the source resides (#6665, @gab-satchi)
• All Eventing container images are signed with cosign (@upodroid).

Bug fixes

• 🐛 Fixes an issue where creating a Trigger before a RabbitMQ Broker could create an invalid Trigger. (#1018, @gab-satchi)

Client

Release Notes

💫 New Features & Changes

• quickstart plugin will now create a local registry. (#376, @ehudyonasi)
• All Client container images are signed with cosign (@upodroid).

Small improvements

• Updates the quickstart version of Kubernetes to v1.25.3. Also updates the recommended versions of kind and minikube to 0.16 and 1.28, respectively. (#368, @psschwei)
• quickstart will exit quickly if Knative namespace already exist in cluster. (#379, @ehudyonasi)

Functions

Release Notes

💫 New Features & Changes

• The springboot function templates have been updated to use Spring Boot 3.0 and the new Spring 6.0 AOT support. Note: this requires Java 17 when building locally. (#1509, @trisberg)
• Node.js and TypeScript functions now support ESM modules (#1468, @lance)

Small Improvements

• Updated springboot function templates to use Spring Boot version 2.7.7 (#1502, @trisberg)

Bug or Regression

• Fix: envvar parsing for pack tekton task when envvar contains the = char (#1512, @matejvasek)
• Fixes a bug preventing autoscaling options from being applied (#1482, @zroubalik)
• Fixes a bug where --path was sometimes not evaluated. (#1519, @lkingland)

Other (Cleanup or Flake)

• Fixes an issue for developers where code in the test package would not be fully supported by some IDEs (#1503, @lkingland)
• Update the error message when neither the --registry flag nor the FUNC_REGISTRY environment variable are set (#1510, @lance)

Operator

Release Notes

• Security-Guard version 0.4 can now be installed using the Knative Operator. This new release of Security-Guard also includes TLS+Token support to secure internal communications between Security-Guard components (#1301, @houshengbo)
• All Operator container images are signed with cosign (@upodroid).

Thank you, contributors

Release Leads:

• @psschwei
• @evankanderson

Learn more

Knative is an open source project that anyone in the community can use, improve, and enjoy. We'd love you to join us!

• Knative docs
• Quickstart tutorial
• Samples
• Knative Working Groups
• Knative User Mailing List
• Knative Development Mailing List
• Knative on Twitter @KnativeProject
• Knative on StackOverflow
• #knative on CNCF Slack
• Knative on YouTube