For an overview of OpenShift Serverless functionality, see Getting started with OpenShift Serverless.

OpenShift Serverless is based on the open source Knative project.

For details about the latest Knative component releases, see the Knative releases blog.

About API versions

The OpenShift Serverless Operator automatically upgrades older resources that use deprecated versions of APIs to use the latest version.

For example, if you have created resources on your cluster that use older versions of the ApiServerSource API, such as v1beta1, the OpenShift Serverless Operator automatically updates these resources to use the v1 version of the API when this is available and the v1beta1 version is deprecated.

After they have been deprecated, older versions of APIs might be removed in any upcoming release. Using deprecated versions of APIs does not cause resources to fail. However, if you try to use a version of an API that has been removed, it will cause resources to fail. Ensure that your manifests are updated to use the latest version to avoid issues.

Release Notes for Red Hat OpenShift Serverless 1.17.0

New features

  • OpenShift Serverless now uses Knative Serving 0.23.0.

  • OpenShift Serverless now uses Knative Eventing 0.23.0.

  • OpenShift Serverless now uses Kourier 0.23.0.

  • OpenShift Serverless now uses Knative kn CLI 0.23.0.

  • OpenShift Serverless now uses Knative Kafka 0.23.0.

  • The kn func CLI plug-in now uses func 0.17.0.

  • In the upcoming OpenShift Serverless 1.19.0 release, the URL scheme of external routes will default to HTTPS for enhanced security.

    If you do not want this change to apply for your workloads, you can override the default setting before upgrading to 1.19.0, by adding the following YAML to your KnativeServing custom resource definition (CRD):

    ...
    spec:
      config:
        network:
          defaultExternalScheme: "http"
    ...
  • mTLS functionality is now Generally Available (GA).

  • TypeScript templates are now available when you create a function using kn func.

  • Changes to API versions in Knative Eventing 0.23.0:

    • The v1alpha1 version of the KafkaChannel API, which was deprecated in OpenShift Serverless version 1.14.0, has been removed. If the ChannelTemplateSpec parameters of your config maps contain references to this older version, you must update this part of the spec to use the correct API version.

Known issues

  • If you try to use an older version of the Knative kn CLI with a newer OpenShift Serverless release, the API is not found and an error occurs.

    For example, if you use the 1.16.0 release of the kn CLI, which uses version 0.22.0, with the 1.17.0 OpenShift Serverless release, which uses the 0.23.0 versions of the Knative Serving and Knative Eventing APIs, the CLI does not work because it continues to look for the outdated 0.22.0 API versions.

    Ensure that you are using the latest kn CLI version for your OpenShift Serverless release to avoid issues.

  • Kafka channel metrics are not monitored or shown in the corresponding web console dashboard in this release. This is due to a breaking change in the Kafka dispatcher reconciling process.

  • If you create a new subscription for a Kafka channel, or a new Kafka source, there might be a delay in the Kafka data plane becoming ready to dispatch messages after the newly created subscription or sink reports a ready status.

    As a result, messages that are sent during the time which the data plane is not reporting a ready status might not be delivered to the subscriber or sink.

    For more information about this issue and possible workarounds, see Knowledge Article #6343981.

  • The Camel-K 1.4 release is not compatible with OpenShift Serverless version 1.17.0. This is because Camel-K 1.4 uses APIs that were removed in Knative version 0.23.0. There is currently no workaround available for this issue. If you need to use Camel-K 1.4 with OpenShift Serverless, do not upgrade to OpenShift Serverless version 1.17.0.

Release Notes for Red Hat OpenShift Serverless 1.16.0

New features

  • OpenShift Serverless now uses Knative Serving 0.22.0.

  • OpenShift Serverless now uses Knative Eventing 0.22.0.

  • OpenShift Serverless now uses Kourier 0.22.0.

  • OpenShift Serverless now uses Knative kn CLI 0.22.0.

  • OpenShift Serverless now uses Knative Kafka 0.22.0.

  • The kn func CLI plug-in now uses func 0.16.0.

  • The kn func emit command has been added to the functions kn plug-in. You can use this command to send events to test locally deployed functions.

Known issues

  • You must upgrade OpenShift Container Platform to version 4.6.30, 4.7.11, or higher before upgrading to OpenShift Serverless 1.16.0.

  • The AMQ Streams Operator might prevent the installation or upgrade of the OpenShift Serverless Operator. If this happens, the following error is thrown by Operator Lifecycle Manager (OLM):

    WARNING: found multiple channel heads: [amqstreams.v1.7.2 amqstreams.v1.6.2], please check the `replaces`/`skipRange` fields of the operator bundles.

    You can fix this issue by uninstalling the AMQ Streams Operator before installing or upgrading the OpenShift Serverless Operator. You can then reinstall the AMQ Streams Operator.

  • If Service Mesh is enabled with mTLS, metrics for Knative Serving are disabled by default because Service Mesh prevents Prometheus from scraping metrics.

    If you want to enable Knative Serving metrics for use with Service Mesh and mTLS, you must complete the following steps:

    1. Specify prometheus as the metrics.backend-destination in the observability spec of the Knative Serving custom resource (CR):

      apiVersion: operator.knative.dev/v1alpha1
      kind: KnativeServing
      metadata:
        name: knative-serving
      spec:
        config:
          observability:
            metrics.backend-destination: "prometheus"

      This step prevents metrics from being disabled by default.

    2. Apply the following network policy to allow traffic from the Prometheus namespace:

      apiVersion: networking.k8s.io/v1
      kind: NetworkPolicy
      metadata:
        name: allow-from-openshift-monitoring-ns
        namespace: knative-serving
      spec:
        ingress:
        - from:
          - namespaceSelector:
              matchLabels:
                name: "openshift-monitoring"
        podSelector: {}
        policyTypes:
        - Ingress
    3. Modify and reapply the default Service Mesh control plane in the istio-system namespace, so that it includes the following spec:

      spec:
        proxy:
          networking:
            trafficControl:
              inbound:
                excludedPorts:
                - 8444
  • If you deploy Service Mesh CRs with the Istio ingress enabled, you might see the following warning in the istio-ingressgateway pod:

    2021-05-02T12:56:17.700398Z warning envoy config [external/envoy/source/common/config/grpc_subscription_impl.cc:101] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) 0.0.0.0_8081: duplicate listener 0.0.0.0_8081 found

    Your Knative services might also not be accessible.

    You can use the following workaround to fix this issue by recreating the knative-local-gateway service:

    1. Delete the existing knative-local-gateway service in the istio-system namespace:

      $ oc delete services -n istio-system knative-local-gateway
    2. Create and apply a knative-local-gateway service that contains the following YAML:

      apiVersion: v1
      kind: Service
      metadata:
       name: knative-local-gateway
       namespace: istio-system
       labels:
         experimental.istio.io/disable-gateway-port-translation: "true"
      spec:
       type: ClusterIP
       selector:
         istio: ingressgateway
       ports:
         - name: http2
           port: 80
           targetPort: 8081
  • If you have 1000 Knative services on a cluster, and then perform a reinstall or upgrade of Knative Serving, there is a delay when you create the first new service after the KnativeServing custom resource definition (CRD) becomes Ready.

    The 3scale-kourier-control service reconciles all previously existing Knative services before processing the creation of a new service, which causes the new service to spend approximately 800 seconds in an IngressNotConfigured or Unknown state before the state updates to Ready.

  • If you create a new subscription for a Kafka channel, or a new Kafka source, there might be a delay in the Kafka data plane becoming ready to dispatch messages after the newly created subscription or sink reports a ready status.

    As a result, messages that are sent during the time which the data plane is not reporting a ready status might not be delivered to the subscriber or sink.

    For more information about this issue and possible workarounds, see Knowledge Article #6343981.