v2.11.17

Changelog

• Added --no-short-circuit-wait flag (defaults to false) to many app commands which allows commands to terminate without waiting only if they are operating on an app that is in the stopped state.
• Changed increased concurrency of app and route reconcilers to improve performance.

Risks and mitigations

The --no-short-circuit-wait flag is defaulted on and is expected to improve the performance of common kf workflows by automatically skipping unnecessary waiting. If you notice problems, test your commands with --no-short-circuit-wait=false to disable the new behavior.

Increased concurrency of app and route reconcilers is expected to improve performance at the cost of higher load on the Kubernetes control plane as well as Kf's processes. If experiencing performance problems allocate more resources to Kubernetes.

Compatibility

• It's safe to use this version of the Kf CLI with the previous server version; it should start decreasing wait times.
• It's safe to use the previous version of the Kf CLI with this server version.
• It's safe to roll back this server version to the previous version of Kf.

Known issues

• Some commands may show an incorrect text string describing why they're not waiting for the resource to be reconciled on the Kf server e.g. showing "Creating autoscaling rule for App "foo" in Space "bar" asynchronously because app is stopped" when the app is started, but instead the autoscaling isn't enabled yet.

Dependencies

Dependency	Version
Tekton	v0.32.1
ASM	1.15.3-asm.6+config2
Config Connector	1.66.0

v2.11.16

Changelog

• Added controller metrics logging. Each controller will now write statistics to stdout periodically in a format like the following: {"knative.dev/controller": "spaces.kf.dev", "averageMSPerReconciliation": 0.5, "currentQueueDepth": 1, "reconciliationsPerSecond": 0.03333278317074718, "statuses": {"unknown": 0, "success": 2, "failure": 0}, "logger": "controller.spaces.kf.dev", "message": "Controller Statistics"} Fields include:
  • averageMSPerReconciliation - Average time in milliseconds each reconciliation took in the report period.
  • currentQueueDepth - The number of items waiting to be reconciled.
  • reconciliationsPerSecond - Number of reconciliations performed per second.
  • statuses - A map of reported reconciliation statuses.
  • message - always "Controller Statistics"
  • knative.dev/controller The controller the metrics belong to, each Kf type will be reported in its own controller.
• Added new documentation about creating and using offline Java buildpacks.
• Added additional logging to Kf CLI during push and start

Known Issues

• None

Risks and Mitigations

• If the new kf CLI causes failures during waits, it is safe to return to the previous version.

Dependencies

These are the minimum versions Kf is tested against, newer minor versions may be used.

Dependency	Version
Tekton	v0.32.1
ASM	1.15.3-asm.6+config2
Config Connector	1.66.0

v2.11.15

Changelog

• Fixed: Unneeded extra replica-set with respective pods being created and destroyed when starting a stopped application.

Dependency	Version
Tekton	v0.32.1
ASM	1.15.3-asm.6+config2
Config Connector	1.66.0

v2.11.14

Changelog

• Fixed: Segmentation fault with mapfs
• Fixed: SIGTERM propagation to PID 1 when a replica is killed or restarted
• Added: routeHostIgnoringPort flag to ignore ports specified in the host header when routing requests

v2.11.13

Changelog

• Added: Deployment viewer permission to developers and auditors.
• Added: Start commands can be shown for apps.
• Added: Ability to disable VirtualService retries.
• Added: The ability for Tasks to work with NFS.
• Added: Examples of using set-env with arguments that look like flags.
• Added: Documents explaining how to debug Kf resources using kubectl.
• Added: Annotation to Apps that allows kubectl to pick the user container by default for logs, exec, cp, etc.
• Added: Documentation explaining what is tested during Kf releases.
• Added: Command kf fix-orphaned-bindings to fix bindings without owners which dry-runs by default.
• Fixed: Deployment Manager example creating Kubernetes with an unsupported base image.

Risks and mitigations

• kf fix-orphaned-bindings may stop part way through if it encounters an error. If that happens, fix the broken binding or use the dry-run mode (default) and run the kubectl commands it recommends manually.
• If NFS breaks tasks disable the feature.
• If App start command adds too much latency to reconciliation, disable the feature.

Known issues

• Routing retries won't be applied immediately. Instead you'll have to wait for a periodic reconciliation or force one by adding/removing a route or deleting the VirtualService.

v2.11.10

Release Notes

This is a patch of the v2.11.9 release and doesn't include all changes on the main branch.

• Fixed RouteSpec ordering when hostname are the same and path are of same length.
• Changed Route reconcilation to not track the status of VirtualService, which caused too many unnecessary updates to VirtualService.

Risks and Mitigations

This release changes the interaction between VirtualServices and Routes. Route statuses reflect when a VirtualService has been updated, but may indicate they're ready before the VirtualService is ready. Most route changes should take effect nearly instantly, but in rare cases may take longer. This means that Apps may also show ready before their routes are fully propagated.

To return to the old behavior set routeTrackVirtualService to true:

kubectl patch \
    kfsystem kfsystem \
    --type='json' \
    -p="[{'op':'add','path':'/spec/kf/config/routeTrackVirtualService','value':true}]"

This reduces the number of conflicting updates in spaces where hundreds of routes are mapped to the same domain.

v2.11.9

v2.11.9

This is a patch of the v2.11.8 release and doesn't include all changes on the main branch.

Release Notes

• Changed: Reconciliation method has been changed on ClusterRoles for the Kf control plane because it was causing thrashing with the Kf operator.
• Fixed: CPU limits are no longer set if an application defines cpu in the manifest, the behavior is reset to Kf's original behavior where cpu indicates a request rather than a limit.
• Added: A new manifest property cpu-limit which sets an upper bound on CPUs. See: https://kf.dev/docs/v2.11/developer/build-and-deploy/manifest/
• Added: A new document describing resource management and best practices in Kf: https://kf.dev/docs/v2.11/developer/scaling/resource-management/

Risks and Mitigations

• CPU intensive apps will not get an upper bound unless explicitly set in the manifest. Operators should monitor for any intensive applications and inform the teams to set cpu-limit
• App teams should be asked to validate their CPU requirements are correct in Kf, teams that increased CPU to account for bursts necessary during app startup may be able to reduce their requests.

v2.11.8

Changelog

• Changed: Apps now get a startup probe and default liveness and readiness probes that more closely match CF's Diego runtime.
• Added: Developers can set startupProbe, livenessProbe, and readinessProbe mapping to the K8s concepts of the same name in their manifests.
• Added: Kf manifests now support health-check-invocation-timeout which was introduced in CAPIv3.
• Added: New validation for health check fields in manifests to catch errors earlier and provide better messages.
• Breaking: Kf now requires a Kubernetes version that supports startupProbe in Pods (v1.20 or above).
• Changed: Apps pushed with container images now support overriding the entrypoint so they can be used with NFS UID/GID mapping
• Added: Platform operators can now configure default progress deadlines and termination grace periods for apps.
• Added: Platform operators can now pin buildpacks using git tags.
• Added: Platform operators can now configure task retention policies.
• Fixed: Space auditors now get the same set of permissions as developers (except for secrets).
• Fixed: Apps with bindings in their manifest will now delete the bindings when the app is deleted.
• Fixed: kf.dev "edit this page" links now point to GitHub.

v2.11.7

Fix webhook defaulting for probes. (#929)

This ensures probes set won't get a 1 second timeout on the probe
which is causing some applications to crash.