Chapter 1. OpenShift Serverless release notes
For an overview of OpenShift Serverless functionality, see Getting started with OpenShift Serverless.
Knative Eventing is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
For more information about the support scope of Red Hat Technology Preview features, see https://access.redhat.com/support/offerings/techpreview/.
1.1. Release Notes for Red Hat OpenShift Serverless 1.7.2
This release of OpenShift Serverless addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
1.1.1. Fixed issues
In previous versions of OpenShift Serverless, the
KnativeServingcustom resource shows a status of
Ready, even if Kourier does not deploy. This bug is fixed in OpenShift Serverless 1.7.2.
1.2. Release Notes for Red Hat OpenShift Serverless 1.7.1
1.2.1. New features
- OpenShift Serverless now uses Knative Serving 0.13.3.
- OpenShift Serverless now uses Knative Serving Operator 0.13.3.
OpenShift Serverless now uses Knative
- OpenShift Serverless uses Knative Eventing 0.13.0.
- OpenShift Serverless now uses Knative Eventing Operator 0.13.3.
1.2.2. Fixed issues
- In OpenShift Serverless 1.7.0, routes were reconciled continuously when this was not required. This bug is fixed in OpenShift Serverless 1.7.1.
1.3. Release Notes for Red Hat OpenShift Serverless 1.7.0
1.3.1. New features
- OpenShift Serverless 1.7.0 is now Generally Available (GA) on OpenShift Container Platform 4.3 and newer versions. In previous versions, OpenShift Serverless was a Technology Preview.
- OpenShift Serverless now uses Knative Serving 0.13.2.
- OpenShift Serverless now uses Knative Serving Operator 0.13.2.
OpenShift Serverless now uses Knative
knCLI downloads now support disconnected, or restricted network installations.
knCLI libraries are now signed by Red Hat.
- Knative Eventing is now available as a Technology Preview with OpenShift Serverless. OpenShift Serverless uses Knative Eventing 0.13.2.
Before upgrading to the latest Serverless release, you must remove the community Knative Eventing Operator if you have previously installed it. Having the Knative Eventing Operator installed will prevent you from being able to install the latest Technology Preview version of Knative Eventing that is included with OpenShift Serverless 1.7.0.
High availability (HA) is now enabled by default for the
If you have installed a previous version of OpenShift Serverless, after the
KnativeServingcustom resource (CR) is updated, the deployment defaults to a HA configuration with a spec of
KnativeServing.spec.high-availability.replicas = 2.
You can disable HA for these components by completing the procedure in the Configuring high availability components documentation.
OpenShift Serverless now supports the
trustedCAsetting in OpenShift Container Platform’s cluster-wide proxy, and is now fully compatible with OpenShift Container Platform’s proxy settings.
- OpenShift Serverless now supports HTTPS by using the wildcard certificate that is registered for OpenShift Container Platform routes. For more information on HTTP and HTTPS on Knative Serving, see the documentation on Verifying your serverless application deployment.
1.3.2. Fixed issues
In previous versions, requesting
KnativeServingCRs without specifying an API group, for example, by using the command
oc get knativeserving -n knative-serving, occasionally caused errors. This issue is fixed in OpenShift Serverless 1.7.0.
In previous versions, the Knative Serving controller was not notified when a new service CA certificate was generated due to service CA certificate rotation. New revisions created after a service CA certificate rotation were failing with the error:
Revision "foo-1" failed with message: Unable to fetch image "image-registry.openshift-image-registry.svc:5000/eap/eap-app": failed to resolve image to digest: failed to fetch image information: Get https://image-registry.openshift-image-registry.svc:5000/v2/: x509: certificate signed by unknown authority.
The OpenShift Serverless Operator now restarts the Knative Serving controller whenever a new service CA certificate is generated, which ensures that the controller is always configured to use the current service CA certificate. For more information, see the OpenShift Container Platform documentation on Securing service traffic using service serving certificate secrets under Authentication.
1.3.3. Known issues
- When upgrading from OpenShift Serverless 1.6.0 to 1.7.0, support for HTTPS requires a change to the format of routes. Knative services created on OpenShift Serverless 1.6.0 are no longer reachable at the old format URLs. You must retrieve the new URL for each service after upgrading OpenShift Serverless. For more information, see the documentation on Upgrading OpenShift Serverless.
If you are using Knative Eventing on an Azure cluster, it is possible that the
imc-dispatcherpod may not start. This is due to the pod’s default
resourcessettings. As a work-around, you can remove the
If you have 1000 Knative services on a cluster, and then perform a reinstall or upgrade of Knative Serving, there is a delay when you create the first new service after the
KnativeServingCR becomes Ready.
3scale-kourier-controlcontroller reconciles all previous Knative services before processing the creation of a new service, which causes the new service to spend approximately 800 seconds in an
Unknownstate before the state will update to
1.4. Release Notes for Red Hat OpenShift Serverless Technology Preview 1.6.0
1.4.1. New features
- OpenShift Serverless 1.6.0 is available on OpenShift Container Platform 4.3 and newer versions.
- OpenShift Serverless now uses Knative Serving 0.13.1.
OpenShift Serverless now uses Knative
- OpenShift Serverless now uses Knative Serving Operator 0.13.1.
serving.knative.devAPI group has now been fully deprecated and is replaced by the
You must complete the steps that are described in the OpenShift Serverless 1.4.0 release notes, that replace the
serving.knative.devAPI group with the
operator.knative.devAPI group, before you can upgrade to the latest version of OpenShift Serverless.Important
This change causes commands without a fully qualified API group and kind, such as
oc get knativeserving, to become unreliable and not always work correctly.
After upgrading to OpenShift Serverless 1.6.0, you must remove the old custom resource definition (CRD) to fix this issue. You can remove the old CRD by entering the following command:
$ oc delete crd knativeservings.serving.knative.dev
The Subscription Update Channel in the web console for new OpenShift Serverless releases was updated from
You must update your channel by following the upgrade documentation to use the latest OpenShift Serverless version.
OpenShift Serverless now supports the use of
OpenShift Serverless now supports
HTTP_PROXYsupport does not include using custom certificates.
KnativeServingCRD is now hidden from the Developer Catalog by default so that only users with cluster administrator permissions can view it.
Parts of the
KnativeServingcontrol plane and data plane are now deployed as highly available (HA) by default.
- Kourier is now actively watched and reconciles changes automatically.
- OpenShift Serverless now supports use on OpenShift Container Platform nightly builds.
1.4.2. Fixed issues
In previous versions, the
oc explaincommand did not work correctly. The structural schema of the
KnativeServingCRD was updated in OpenShift Serverless 1.6.0 so that the
oc explaincommand now works correctly.
In previous versions, it was possible to create more than one
KnativeServingcustom resource (CR). Multiple
KnativeServingCRs are now prevented synchronously in OpenShift Serverless 1.6.0. Attempting to create more than one
KnativeServingCR now results in an error.
- In previous versions, OpenShift Serverless was not compatible with OpenShift Container Platform deployments on GCP. This issue was fixed in OpenShift Serverless 1.6.0.
- In previous releases, the Knative Serving webhook crashed with an out of memory error if the cluster had more than 170 namespaces. This issue was fixed in OpenShift Serverless 1.6.0.
- In previous releases, OpenShift Serverless did not automatically fix an OpenShift Container Platform route that it created if the route was changed by another component. This issue was fixed in OpenShift Serverless 1.6.0.
In previous versions, deleting a
KnativeServingCR occasionally caused the system to hang. This issue was fixed in OpenShift Serverless 1.6.0.
- Due to the ingress migration from Service Mesh to Kourier that occured in OpenShift Serverless 1.5.0, orphaned VirtualServices sometimes remained on the system. In OpenShift Serverless 1.6.0, orphaned VirtualServices are automatically removed.
1.4.3. Known issues
In OpenShift Serverless 1.6.0, if a cluster administrator uninstalls OpenShift Serverless by following the uninstall procedure provided in the documentation, the Serverless dropdown is still be visible in the Administrator perspective of the OpenShift Container Platform web console, and the Knative Service resource is still be visible in the Developer perspective of the OpenShift Container Platform web console. Although you can create Knative services by using this option, these Knative services do not work.
To prevent OpenShift Serverless from being visible in the OpenShift Container Platform web console, the cluster administrator must delete additional CRDs from the deployment after removing the Knative Serving CR.
Cluster administrators can remove these CRDs by entering the following command:
$ oc get crd -oname | grep -E '(serving|internal).knative.dev' | xargs oc delete
1.5. Release Notes for Red Hat OpenShift Serverless Technology Preview 1.5.0
1.5.1. New features
- OpenShift Serverless 1.5.0 is available on OpenShift Container Platform 4.3 and newer versions.
- OpenShift Serverless has been updated to use Knative Serving 0.12.1.
OpenShift Serverless has been updated to use Knative
- OpenShift Serverless has been updated to use Knative Serving Operator 0.12.1.
- OpenShift Serverless ingress implementation has been updated to use Kourier in place of Service Mesh. No user intervention is necessary, as this change is automatic when the OpenShift Serverless Operator is upgraded to 1.5.0.
1.5.2. Fixed issues
- In previous releases, OpenShift Container Platform scale from zero latency caused a delay of approximately 10 seconds when creating pods. This issue has been fixed in the OpenShift Container Platform 4.3.5 bug fix update.
1.5.3. Known issues
KnativeServing.operator.knative.devcustom resource definition (CRD) from the
knative-servingnamespace can cause the deletion process to hang. This is due to a race condition between deletion of the CRD and the
knative-openshift-ingressingress removing finalizers.
1.6. Additional resources
OpenShift Serverless is based on the open source Knative project.
- For details about the latest Knative Serving release, see the Knative Serving releases page.
- For details about the latest Knative Serving Operator release, see the Knative Serving Operator releases page.
- For details about the latest Knative CLI release, see the Knative CLI releases page.
- For details about the latest Knative Eventing release, see the Knative Eventing releases page.