$ oc delete mutatingwebhookconfiguration kafkabindings.webhook.kafka.sources.knative.dev- Documentation
- OpenShift Container Platform
- Serverless
- Release notes history bug_report picture_as_pdf
- About
- Release notes
- Architecture
-
Installing
- Installation overview
- Selecting an installation method and preparing a cluster
- Mirroring images for a disconnected installation
-
Installing on AWS
- Preparing to install on AWS
- Configuring an AWS account
- Manually creating IAM
- Installing a cluster quickly on AWS
- Installing a cluster on AWS with customizations
- Installing a cluster on AWS with network customizations
- Installing a cluster on AWS in a restricted network
- Installing a cluster on AWS into an existing VPC
- Installing a private cluster on AWS
- Installing a cluster on AWS into a government or secret region
- Installing a cluster on AWS using CloudFormation templates
- Installing a cluster on AWS in a restricted network with user-provisioned infrastructure
- Uninstalling a cluster on AWS
-
Installing on Azure
- Preparing to install on Azure
- Configuring an Azure account
- Manually creating IAM
- Installing a cluster quickly on Azure
- Installing a cluster on Azure with customizations
- Installing a cluster on Azure with network customizations
- Installing a cluster on Azure into an existing VNet
- Installing a private cluster on Azure
- Installing a cluster on Azure into a government region
- Installing a cluster on Azure using ARM templates
- Uninstalling a cluster on Azure
-
Installing on GCP
- Preparing to install on GCP
- Configuring a GCP project
- Manually creating IAM
- Installing a cluster quickly on GCP
- Installing a cluster on GCP with customizations
- Installing a cluster on GCP with network customizations
- Installing a cluster on GCP in a restricted network
- Installing a cluster on GCP into an existing VPC
- Installing a private cluster on GCP
- Installing a cluster on GCP using Deployment Manager templates
- Installing a cluster into a shared VPC on GCP using Deployment Manager templates
- Installing a cluster on GCP in a restricted network with user-provisioned infrastructure
- Uninstalling a cluster on GCP
- Installing on bare metal
- Deploying installer-provisioned clusters on bare metal
- Installing with z/VM on IBM Z and LinuxONE
- Installing with RHEL KVM on IBM Z and LinuxONE
- Installing on IBM Power Systems
-
Installing on OpenStack
- Preparing to install on OpenStack
- Installing a cluster on OpenStack with customizations
- Installing a cluster on OpenStack with Kuryr
- Installing a cluster that supports SR-IOV compute machines on OpenStack
- Installing a cluster on OpenStack on your own infrastructure
- Installing a cluster on OpenStack with Kuryr on your own infrastructure
- Installing a cluster on OpenStack on your own SR-IOV infrastructure
- Installing a cluster on OpenStack in a restricted network
- Uninstalling a cluster on OpenStack
- Uninstalling a cluster on OpenStack from your own infrastructure
- Installing on RHV
-
Installing on vSphere
- Preparing to install on vSphere
- Installing a cluster on vSphere
- Installing a cluster on vSphere with customizations
- Installing a cluster on vSphere with network customizations
- Installing a cluster on vSphere with user-provisioned infrastructure
- Installing a cluster on vSphere with user-provisioned infrastructure and network customizations
- Installing a cluster on vSphere in a restricted network
- Installing a cluster on vSphere in a restricted network with user-provisioned infrastructure
- Uninstalling a cluster on vSphere that uses installer-provisioned infrastructure
- Using the vSphere Problem Detector Operator
-
Installing on VMC
- Preparing to install on VMC
- Installing a cluster on VMC
- Installing a cluster on VMC with customizations
- Installing a cluster on VMC with network customizations
- Installing a cluster on VMC in a restricted network
- Installing a cluster on VMC with user-provisioned infrastructure
- Installing a cluster on VMC with user-provisioned infrastructure and network customizations
- Installing a cluster on VMC in a restricted network with user-provisioned infrastructure
- Uninstalling a cluster on VMC
- Installing on any platform
- Installation configuration
- Validating an installation
- Troubleshooting installation issues
- Support for FIPS cryptography
- Post-installation configuration
-
Updating clusters
- Understanding OpenShift updates
- Updating clusters overview
- Understanding upgrade channels
- Preparing to perform an EUS-to-EUS update
- Updating a cluster using the web console
- Updating a cluster using the CLI
- Performing update using canary rollout strategy
- Updating a cluster that includes RHEL compute machines
- Updating a restricted network cluster
-
Support
- Support overview
- Managing your cluster resources
- Getting support
- Remote health monitoring with connected clusters
- Gathering data about your cluster
- Summarizing cluster specifications
-
Troubleshooting
- Troubleshooting installations
- Verifying node health
- Troubleshooting CRI-O container runtime issues
- Troubleshooting operating system issues
- Troubleshooting network issues
- Troubleshooting Operator issues
- Investigating pod issues
- Troubleshooting the Source-to-Image process
- Troubleshooting storage issues
- Troubleshooting Windows container workload issues
- Investigating monitoring issues
- Diagnosing OpenShift CLI (oc) issues
- Web console
- CLI tools
-
Security and compliance
- Security and compliance overview
-
Container security
- Understanding container security
- Understanding host and VM security
- Hardening Red Hat Enterprise Linux CoreOS
- Container image signatures
- Understanding compliance
- Securing container content
- Using container registries securely
- Securing the build process
- Deploying containers
- Securing the container platform
- Securing networks
- Securing attached storage
- Monitoring cluster events and logs
- Configuring certificates
-
Certificate types and descriptions
- User-provided certificates for the API server
- Proxy certificates
- Service CA certificates
- Node certificates
- Bootstrap certificates
- etcd certificates
- OLM certificates
- Aggregated API client certificates
- Machine Config Operator certificates
- User-provided certificates for default ingress
- Ingress certificates
- Monitoring and cluster logging Operator component certificates
- Control plane certificates
-
Compliance Operator
- Compliance Operator release notes
- Supported compliance profiles
- Installing the Compliance Operator
- Compliance Operator scans
- Understanding the Compliance Operator
- Managing the Compliance Operator
- Tailoring the Compliance Operator
- Retrieving Compliance Operator raw results
- Managing Compliance Operator remediation
- Performing advanced Compliance Operator tasks
- Troubleshooting the Compliance Operator
- Uninstalling the Compliance Operator
- Using the oc-compliance plug-in
- Understanding the Custom Resource Definitions
- File Integrity Operator
- Viewing audit logs
- Configuring the audit log policy
- Configuring TLS security profiles
- Configuring seccomp profiles
- Allowing JavaScript-based access to the API server from additional hosts
- Encrypting etcd data
- Scanning pods for vulnerabilities
-
Authentication and authorization
- Authentication and authorization overview
- Understanding authentication
- Configuring the internal OAuth server
- Configuring OAuth clients
- Managing user-owned OAuth access tokens
- Understanding identity provider configuration
-
Configuring identity providers
- Configuring an htpasswd identity provider
- Configuring a Keystone identity provider
- Configuring an LDAP identity provider
- Configuring a basic authentication identity provider
- Configuring a request header identity provider
- Configuring a GitHub or GitHub Enterprise identity provider
- Configuring a GitLab identity provider
- Configuring a Google identity provider
- Configuring an OpenID Connect identity provider
- Using RBAC to define and apply permissions
- Removing the kubeadmin user
- Understanding and creating service accounts
- Using service accounts in applications
- Using a service account as an OAuth client
- Scoping tokens
- Using bound service account tokens
- Managing security context constraints
- Impersonating the system:admin user
- Syncing LDAP groups
- Managing cloud provider credentials
-
Networking
- Understanding networking
- Accessing hosts
- Networking Operators overview
- Understanding the Cluster Network Operator
- Understanding the DNS Operator
- Understanding the Ingress Operator
- Verifying connectivity to an endpoint
- Configuring the node port service range
- Configuring IP failover
- Using SCTP
- Configuring PTP hardware
- Network policy
-
Multiple networks
- Understanding multiple networks
- Configuring an additional network
- About virtual routing and forwarding
- Configuring multi-network policy
- Attaching a pod to an additional network
- Removing a pod from an additional network
- Editing an additional network
- Removing an additional network
- Assigning a secondary network to a VRF
-
Hardware networks
- About Single Root I/O Virtualization (SR-IOV) hardware networks
- Installing the SR-IOV Operator
- Configuring the SR-IOV Operator
- Configuring an SR-IOV network device
- Configuring an SR-IOV Ethernet network attachment
- Configuring an SR-IOV InfiniBand network attachment
- Adding a pod to an SR-IOV network
- Using high performance multicast
- Using DPDK and RDMA
- Uninstalling the SR-IOV Operator
-
OpenShift SDN default CNI network provider
- About the OpenShift SDN default CNI network provider
- Configuring egress IPs for a project
- Configuring an egress firewall for a project
- Viewing an egress firewall for a project
- Editing an egress firewall for a project
- Removing an egress firewall from a project
- Considerations for the use of an egress router pod
- Deploying an egress router pod in redirect mode
- Deploying an egress router pod in HTTP proxy mode
- Deploying an egress router pod in DNS proxy mode
- Configuring an egress router pod destination list from a config map
- Enabling multicast for a project
- Disabling multicast for a project
- Configuring multitenant isolation
- Configuring kube-proxy
-
OVN-Kubernetes default CNI network provider
- About the OVN-Kubernetes network provider
- Migrating from the OpenShift SDN cluster network provider
- Rolling back to the OpenShift SDN cluster network provider
- Converting to IPv4/IPv6 dual stack networking
- IPsec encryption configuration
- Configuring an egress firewall for a project
- Viewing an egress firewall for a project
- Editing an egress firewall for a project
- Removing an egress firewall from a project
- Configuring an egress IP address
- Assigning an egress IP address
- Considerations for the use of an egress router pod
- Deploying an egress router pod in redirect mode
- Enabling multicast for a project
- Disabling multicast for a project
- Tracking network flows
- Configuring hybrid networking
- Configuring Routes
-
Configuring ingress cluster traffic
- Overview
- Configuring ExternalIPs for services
- Configuring ingress cluster traffic using an Ingress Controller
- Configuring ingress cluster traffic using a load balancer
- Configuring ingress cluster traffic on AWS using a Network Load Balancer
- Configuring ingress cluster traffic using a service external IP
- Configuring ingress cluster traffic using a NodePort
- Kubernetes NMState
- Configuring the cluster-wide proxy
- Configuring a custom PKI
- Load balancing on OpenStack
- Associating secondary interfaces metrics to network attachments
-
Storage
- Storage overview
- Understanding ephemeral storage
- Understanding persistent storage
-
Configuring persistent storage
- Persistent storage using AWS Elastic Block Store
- Persistent storage using Azure Disk
- Persistent storage using Azure File
- Persistent storage using Cinder
- Persistent storage using Fibre Channel
- Persistent storage using FlexVolume
- Persistent storage using GCE Persistent Disk
- Persistent storage using hostPath
- Persistent Storage using iSCSI
- Persistent storage using local volumes
- Persistent storage using NFS
- Persistent storage using Red Hat OpenShift Container Storage
- Persistent storage using VMware vSphere
-
Using Container Storage Interface (CSI)
- Configuring CSI volumes
- CSI inline ephemeral volumes
- CSI volume snapshots
- CSI volume cloning
- CSI automatic migration
- AWS Elastic Block Store CSI Driver Operator
- Azure Disk CSI Driver Operator
- GCP PD CSI Driver Operator
- OpenStack Cinder CSI Driver Operator
- OpenStack Manila CSI Driver Operator
- Red Hat Virtualization CSI Driver Operator
- VMware vSphere CSI Driver Operator
- Expanding persistent volumes
- Dynamic provisioning
-
Registry
- Registry overview
- Image Registry Operator in OpenShift Container Platform
-
Setting up and configuring the registry
- Configuring the registry for AWS user-provisioned infrastructure
- Configuring the registry for GCP user-provisioned infrastructure
- Configuring the registry for Azure user-provisioned infrastructure
- Configuring the registry for OpenStack
- Configuring the registry for bare metal
- Configuring the registry for vSphere
- Accessing the registry
- Exposing the registry
-
Operators
- Operators overview
- Understanding Operators
- User tasks
- Administrator tasks
-
Developing Operators
- About the Operator SDK
- Installing the Operator SDK CLI
- Upgrading projects for newer Operator SDK versions
- Go-based Operators
- Ansible-based Operators
- Helm-based Operators
- Defining cluster service versions (CSVs)
- Working with bundle images
- Validating Operators using the scorecard
- Configuring built-in monitoring with Prometheus
- Configuring leader election
- Migrating package manifest projects to bundle format
- Operator SDK CLI reference
- Cluster Operators reference
-
CI/CD
- CI/CD overview
-
Builds
- Understanding image builds
- Understanding build configurations
- Creating build inputs
- Managing build output
- Using build strategies
- Custom image builds with Buildah
- Performing basic builds
- Triggering and modifying builds
- Performing advanced builds
- Using Red Hat subscriptions in builds
- Securing builds by strategy
- Build configuration resources
- Troubleshooting builds
- Setting up additional trusted certificate authorities for builds
- Migrating from Jenkins to Tekton
-
Pipelines
- OpenShift Pipelines release notes
- Understanding OpenShift Pipelines
- Installing OpenShift Pipelines
- Uninstalling OpenShift Pipelines
- Creating CI/CD solutions for applications using OpenShift Pipelines
- Working with OpenShift Pipelines using the Developer perspective
- Reducing resource consumption of OpenShift Pipelines
- Using pods in a privileged security context
- Securing webhooks with event listeners
- Authenticating pipelines using git secret
- Viewing pipeline logs using the OpenShift Logging Operator
-
GitOps
- OpenShift GitOps release notes
- Understanding OpenShift GitOps
- Installing OpenShift GitOps
- Uninstalling OpenShift GitOps
- Configuring an OpenShift cluster by deploying an application with cluster configurations
- Deploying a Spring Boot application with Argo CD
- Configuring SSO for Argo CD using Dex
- Configuring SSO for Argo CD using Keycloak
- Running Control Plane Workloads on Infra nodes
- Sizing requirements for GitOps Operator
-
Images
- Overview of images
- Configuring the Cluster Samples Operator
- Using the Cluster Samples Operator with an alternate registry
- Creating images
- Managing images
- Managing image streams
- Using image streams with Kubernetes resources
- Triggering updates on image stream changes
- Image configuration resources
- Using templates
- Using Ruby on Rails
- Using images
-
Building Applications
- Building Applications overview
- Projects
- Creating Applications
- Viewing application composition using the Topology view
- Working with Helm charts
- Deployments
- Quotas
- Using config maps with applications
- Monitoring project and application metrics using the Developer perspective
- Monitoring application health
- Editing applications
- Pruning objects to reclaim resources
- Idling applications
- Deleting applications
- Using the Red Hat Marketplace
-
Machine management
- Overview of machine management
- Creating machine sets
- Manually scaling a machine set
- Modifying a machine set
- Deleting a machine
- Applying autoscaling to a cluster
- Creating infrastructure machine sets
- Adding a RHEL compute machine
- Adding more RHEL compute machines
- User-provisioned infrastructure
- Deploying machine health checks
-
Nodes
- Overview of nodes
-
Working with pods
- About pods
- Viewing pods
- Configuring a cluster for pods
- Automatically scaling pods with the horizontal pod autoscaler
- Automatically adjust pod resource levels with the vertical pod autoscaler
- Providing sensitive data to pods
- Creating and using config maps
- Using Device Manager to make devices available to nodes
- Including pod priority in pod scheduling decisions
- Placing pods on specific nodes using node selectors
-
Controlling pod placement onto nodes (scheduling)
- About pod placement using the scheduler
- Configuring the default scheduler to control pod placement
- Scheduling pods using a scheduler profile
- Placing pods relative to other pods using pod affinity and anti-affinity rules
- Controlling pod placement on nodes using node affinity rules
- Placing pods onto overcommited nodes
- Controlling pod placement using node taints
- Placing pods on specific nodes using node selectors
- Controlling pod placement using pod topology spread constraints
- Running a custom scheduler
- Evicting pods using the descheduler
- Using Jobs and DaemonSets
-
Working with nodes
- Viewing and listing the nodes in your cluster
- Working with nodes
- Managing nodes
- Managing the maximum number of pods per node
- Using the Node Tuning Operator
- Remediating nodes with the Poison Pill Operator
- Understanding node rebooting
- Freeing node resources using garbage collection
- Allocating resources for nodes
- Allocating specific CPUs for nodes in a cluster
- Configuring the TLS security profile for the kubelet
- Machine Config Daemon metrics
- Creating infrastructure nodes
-
Working with containers
- Using containers
- Using Init Containers to perform tasks before a pod is deployed
- Using volumes to persist container data
- Mapping volumes using projected volumes
- Allowing containers to consume API objects
- Copying files to or from a container
- Executing remote commands in a container
- Using port forwarding to access applications in a container
- Using sysctls in containers
- Working with clusters
- Remote worker nodes on the network edge
-
Windows Container Support for OpenShift
- Red Hat OpenShift support for Windows Containers overview
- Red Hat OpenShift support for Windows Containers release notes
- Understanding Windows container workloads
- Enabling Windows container workloads
- Creating Windows MachineSet objects
- Scheduling Windows container workloads
- Windows node upgrades
- Using Bring-Your-Own-Host Windows instances as nodes
- Removing Windows nodes
- Disabling Windows container workloads
- Sandboxed Containers Support for OpenShift
-
Logging
- Release notes
- About Logging
- Installing Logging
-
Configuring your Logging deployment
- About the Cluster Logging custom resource
- Configuring the logging collector
- Configuring the log store
- Configuring the log visualizer
- Configuring Logging storage
- Configuring CPU and memory limits for Logging components
- Using tolerations to control Logging pod placement
- Moving the Logging resources with node selectors
- Configuring systemd-journald for Logging
- Maintenance and support
- Viewing logs for a specific resource
- Viewing cluster logs in Kibana
- Forwarding logs to third party systems
- Enabling JSON logging
- Collecting and storing Kubernetes events
- Updating Logging
- Viewing cluster dashboards
- Troubleshooting Logging
- Uninstalling Logging
- Exported fields
- Monitoring
- Metering
-
Scalability and performance
- Recommended host practices
- Recommended host practices for IBM Z & LinuxONE environments
- Recommended cluster scaling practices
- Using the Node Tuning Operator
- Using Cluster Loader
- Using CPU Manager
- Using Topology Manager
- Scaling the Cluster Monitoring Operator
- The Node Feature Discovery Operator
- The Driver Toolkit
- Planning your environment according to object maximums
- Optimizing storage
- Optimizing routing
- Optimizing networking
- Managing bare metal hosts
- What huge pages do and how they are consumed by apps
- Performance Addon Operator for low latency nodes
- Performing latency tests for platform verification
- Creating a performance profile
- Backup and restore
-
Migrating from version 3 to 4
- Migrating from version 3 to 4 overview
- About migrating from OpenShift Container Platform 3 to 4
- Differences between OpenShift Container Platform 3 and 4
- Network considerations
- About MTC
- Installing MTC
- Installing MTC in a restricted network environment
- Upgrading MTC
- Premigration checklists
- Migrating your applications
- Advanced migration options
- Troubleshooting
- Migration Toolkit for Containers
-
API reference
- Understanding API tiers
- API compatibility guidelines
- Editing kubelet log level verbosity and gathering logs
- API list
- Common object reference
-
Authorization APIs
- About Authorization APIs
- LocalResourceAccessReview [authorization.openshift.io/v1]
- LocalSubjectAccessReview [authorization.openshift.io/v1]
- ResourceAccessReview [authorization.openshift.io/v1]
- SelfSubjectRulesReview [authorization.openshift.io/v1]
- SubjectAccessReview [authorization.openshift.io/v1]
- SubjectRulesReview [authorization.openshift.io/v1]
- TokenReview [authentication.k8s.io/v1]
- LocalSubjectAccessReview [authorization.k8s.io/v1]
- SelfSubjectAccessReview [authorization.k8s.io/v1]
- SelfSubjectRulesReview [authorization.k8s.io/v1]
- SubjectAccessReview [authorization.k8s.io/v1]
- Autoscale APIs
-
Config APIs
- About Config APIs
- APIServer [config.openshift.io/v1]
- Authentication [config.openshift.io/v1]
- Build [config.openshift.io/v1]
- ClusterOperator [config.openshift.io/v1]
- ClusterVersion [config.openshift.io/v1]
- Console [config.openshift.io/v1]
- DNS [config.openshift.io/v1]
- FeatureGate [config.openshift.io/v1]
- HelmChartRepository [helm.openshift.io/v1beta1]
- Image [config.openshift.io/v1]
- Infrastructure [config.openshift.io/v1]
- Ingress [config.openshift.io/v1]
- Network [config.openshift.io/v1]
- OAuth [config.openshift.io/v1]
- OperatorHub [config.openshift.io/v1]
- Project [config.openshift.io/v1]
- Proxy [config.openshift.io/v1]
- Scheduler [config.openshift.io/v1]
-
Console APIs
- About Console APIs
- ConsoleCLIDownload [console.openshift.io/v1]
- ConsoleExternalLogLink [console.openshift.io/v1]
- ConsoleLink [console.openshift.io/v1]
- ConsoleNotification [console.openshift.io/v1]
- ConsolePlugin [console.openshift.io/v1alpha1]
- ConsoleQuickStart [console.openshift.io/v1]
- ConsoleYAMLSample [console.openshift.io/v1]
- Extension APIs
-
Image APIs
- About Image APIs
- Image [image.openshift.io/v1]
- ImageSignature [image.openshift.io/v1]
- ImageStreamImage [image.openshift.io/v1]
- ImageStreamImport [image.openshift.io/v1]
- ImageStreamMapping [image.openshift.io/v1]
- ImageStream [image.openshift.io/v1]
- ImageStreamTag [image.openshift.io/v1]
- ImageTag [image.openshift.io/v1]
-
Machine APIs
- About Machine APIs
- ContainerRuntimeConfig [machineconfiguration.openshift.io/v1]
- ControllerConfig [machineconfiguration.openshift.io/v1]
- KubeletConfig [machineconfiguration.openshift.io/v1]
- MachineConfigPool [machineconfiguration.openshift.io/v1]
- MachineConfig [machineconfiguration.openshift.io/v1]
- MachineHealthCheck [machine.openshift.io/v1beta1]
- Machine [machine.openshift.io/v1beta1]
- MachineSet [machine.openshift.io/v1beta1]
- Metadata APIs
-
Monitoring APIs
- About Monitoring APIs
- Alertmanager [monitoring.coreos.com/v1]
- AlertmanagerConfig [monitoring.coreos.com/v1alpha1]
- PodMonitor [monitoring.coreos.com/v1]
- Probe [monitoring.coreos.com/v1]
- Prometheus [monitoring.coreos.com/v1]
- PrometheusRule [monitoring.coreos.com/v1]
- ServiceMonitor [monitoring.coreos.com/v1]
- ThanosRuler [monitoring.coreos.com/v1]
-
Network APIs
- About Network APIs
- ClusterNetwork [network.openshift.io/v1]
- Endpoints [core/v1]
- EndpointSlice [discovery.k8s.io/v1]
- EgressNetworkPolicy [network.openshift.io/v1]
- EgressRouter [network.operator.openshift.io/v1]
- HostSubnet [network.openshift.io/v1]
- Ingress [networking.k8s.io/v1]
- IngressClass [networking.k8s.io/v1]
- IPPool [whereabouts.cni.cncf.io/v1alpha1]
- NetNamespace [network.openshift.io/v1]
- NetworkAttachmentDefinition [k8s.cni.cncf.io/v1]
- NetworkPolicy [networking.k8s.io/v1]
- PodNetworkConnectivityCheck [controlplane.operator.openshift.io/v1alpha1]
- Route [route.openshift.io/v1]
- Service [core/v1]
- Node APIs
- OAuth APIs
-
Operator APIs
- About Operator APIs
- Authentication [operator.openshift.io/v1]
- CloudCredential [operator.openshift.io/v1]
- ClusterCSIDriver [operator.openshift.io/v1]
- Console [operator.openshift.io/v1]
- Config [operator.openshift.io/v1]
- Config [imageregistry.operator.openshift.io/v1]
- Config [samples.operator.openshift.io/v1]
- CSISnapshotController [operator.openshift.io/v1]
- DNS [operator.openshift.io/v1]
- DNSRecord [ingress.operator.openshift.io/v1]
- Etcd [operator.openshift.io/v1]
- ImageContentSourcePolicy [operator.openshift.io/v1alpha1]
- ImagePruner [imageregistry.operator.openshift.io/v1]
- IngressController [operator.openshift.io/v1]
- KubeAPIServer [operator.openshift.io/v1]
- KubeControllerManager [operator.openshift.io/v1]
- KubeScheduler [operator.openshift.io/v1]
- KubeStorageVersionMigrator [operator.openshift.io/v1]
- Network [operator.openshift.io/v1]
- OpenShiftAPIServer [operator.openshift.io/v1]
- OpenShiftControllerManager [operator.openshift.io/v1]
- OperatorPKI [network.operator.openshift.io/v1]
- ServiceCA [operator.openshift.io/v1]
- Storage [operator.openshift.io/v1]
-
OperatorHub APIs
- About OperatorHub APIs
- CatalogSource [operators.coreos.com/v1alpha1]
- ClusterServiceVersion [operators.coreos.com/v1alpha1]
- InstallPlan [operators.coreos.com/v1alpha1]
- Operator [operators.coreos.com/v1]
- OperatorCondition [operators.coreos.com/v1]
- OperatorGroup [operators.coreos.com/v1]
- PackageManifest [packages.operators.coreos.com/v1]
- Subscription [operators.coreos.com/v1alpha1]
- Policy APIs
- Project APIs
- Provisioning APIs
- RBAC APIs
- Role APIs
-
Schedule and quota APIs
- About Schedule and quota APIs
- AppliedClusterResourceQuota [quota.openshift.io/v1]
- ClusterResourceQuota [quota.openshift.io/v1]
- FlowSchema [flowcontrol.apiserver.k8s.io/v1beta1]
- LimitRange [core/v1]
- PriorityClass [scheduling.k8s.io/v1]
- PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1beta1]
- ResourceQuota [core/v1]
-
Security APIs
- About Security APIs
- CertificateSigningRequest [certificates.k8s.io/v1]
- CredentialsRequest [cloudcredential.openshift.io/v1]
- PodSecurityPolicyReview [security.openshift.io/v1]
- PodSecurityPolicySelfSubjectReview [security.openshift.io/v1]
- PodSecurityPolicySubjectReview [security.openshift.io/v1]
- RangeAllocation [security.openshift.io/v1]
- Secret [core/v1]
- SecurityContextConstraints [security.openshift.io/v1]
- ServiceAccount [core/v1]
-
Storage APIs
- About Storage APIs
- CSIDriver [storage.k8s.io/v1]
- CSINode [storage.k8s.io/v1]
- CSIStorageCapacity [storage.k8s.io/v1beta1]
- PersistentVolumeClaim [core/v1]
- StorageClass [storage.k8s.io/v1]
- StorageState [migration.k8s.io/v1alpha1]
- StorageVersionMigration [migration.k8s.io/v1alpha1]
- VolumeAttachment [storage.k8s.io/v1]
- VolumeSnapshot [snapshot.storage.k8s.io/v1]
- VolumeSnapshotClass [snapshot.storage.k8s.io/v1]
- VolumeSnapshotContent [snapshot.storage.k8s.io/v1]
- Template APIs
- User and group APIs
-
Workloads APIs
- About Workloads APIs
- BuildConfig [build.openshift.io/v1]
- Build [build.openshift.io/v1]
- CronJob [batch/v1]
- DaemonSet [apps/v1]
- Deployment [apps/v1]
- DeploymentConfig [apps.openshift.io/v1]
- Job [batch/v1]
- Pod [core/v1]
- ReplicationController [core/v1]
- PersistentVolume [core/v1]
- ReplicaSet [apps/v1]
- StatefulSet [apps/v1]
-
Service Mesh
-
Service Mesh 2.x
- About OpenShift Service Mesh
- Service Mesh 2.x release notes
- Service Mesh architecture
- Service Mesh deployment models
- Service Mesh and Istio differences
- Preparing to install Service Mesh
- Installing the Operators
- Creating the ServiceMeshControlPlane
- Adding workloads to a service mesh
- Enabling sidecar injection
- Upgrading Service Mesh
- Managing users and profiles
- Security
- Traffic management
- Metrics, logs, and traces
- Performance and scalability
- Deploying to production
- Federation
- Extensions
- 3scale WebAssembly for 2.1
- 3scale Istio adapter for 2.0
- Troubleshooting Service Mesh
- Control plane configuration reference
- Kiali configuration reference
- Jaeger configuration reference
- Uninstalling Service Mesh
-
Service Mesh 1.x
- Service Mesh 1.x release notes
- Service Mesh architecture
- Service Mesh and Istio differences
- Preparing to install Service Mesh
- Installing Service Mesh
- Security
- Traffic management
- Deploying applications on Service Mesh
- Data visualization and observability
- Custom resources
- 3scale Istio adapter for 1.x
- Removing Service Mesh
-
Service Mesh 2.x
- Distributed tracing
-
OpenShift Virtualization
- About OpenShift Virtualization
- Start here with OpenShift Virtualization
- OpenShift Virtualization release notes
-
Installing OpenShift Virtualization
- Preparing your cluster for OpenShift Virtualization
- Specifying nodes for OpenShift Virtualization components
- Installing OpenShift Virtualization using the web console
- Installing OpenShift Virtualization using the CLI
- Installing the virtctl client
- Uninstalling OpenShift Virtualization using the web console
- Uninstalling OpenShift Virtualization using the CLI
- Upgrading OpenShift Virtualization
- Additional security privileges granted for kubevirt-controller and virt-launcher
- Using the CLI tools
-
Virtual machines
- Creating virtual machines
- Editing virtual machines
- Editing boot order
- Deleting virtual machines
- Managing virtual machine instances
- Controlling virtual machine states
- Accessing virtual machine consoles
- Triggering virtual machine failover by resolving a failed node
- Installing the QEMU guest agent on virtual machines
- Viewing the QEMU guest agent information for virtual machines
- Managing config maps, secrets, and service accounts in virtual machines
- Installing VirtIO driver on an existing Windows virtual machine
- Installing VirtIO driver on a new Windows virtual machine
-
Advanced virtual machine management
- Working with resource quotas for virtual machines
- Specifying nodes for virtual machines
- Configuring certificate rotation
- Automating management tasks
- EFI mode for virtual machines
- Configuring PXE booting for virtual machines
- Managing guest memory
- Using huge pages with virtual machines
- Enabling dedicated resources for a virtual machine
- Scheduling virtual machines
- Configuring PCI passthrough
- Configuring a watchdog device
- Importing virtual machines
- Cloning virtual machines
-
Virtual machine networking
- Configuring the virtual machine for the default pod network
- Creating a service to expose a virtual machine
- Attaching a virtual machine to a Linux bridge network
- Configuring IP addresses for virtual machines
- Configuring an SR-IOV network device for virtual machines
- Defining an SR-IOV network
- Attaching a virtual machine to an SR-IOV network
- Viewing the IP address of NICs on a virtual machine
- Using a MAC address pool for virtual machines
-
Virtual machine disks
- Features for storage
- Configuring local storage for virtual machines
- Creating data volumes
- Reserving PVC space for file system overhead
- Configuring CDI to work with namespaces that have a compute resource quota
- Managing data volume annotations
- Using preallocation for data volumes
- Uploading local disk images by using the web console
- Uploading local disk images by using the virtctl tool
- Uploading a local disk image to a block storage data volume
- Managing offline virtual machine snapshots
- Moving a local virtual machine disk to a different node
- Expanding virtual storage by adding blank disk images
- Cloning a data volume using smart-cloning
- Creating and using boot sources
- Hot-plugging virtual disks
- Using container disks with virtual machines
- Preparing CDI scratch space
- Re-using statically provisioned persistent volumes
- Deleting data volumes
- Virtual machine templates
- Live migration
- Node maintenance
- Node networking
-
Logging, events, and monitoring
- Viewing logs
- Viewing events
- Diagnosing data volumes using events and conditions
- Viewing information about virtual machine workloads
- Monitoring virtual machine health
- Viewing cluster information
- OpenShift cluster monitoring, logging, and Telemetry
- Prometheus queries for virtual resources
- Collecting data for Red Hat Support
-
Serverless
- Release notes
- Discover
- Install
- Knative CLI
-
Develop
- Serverless applications
- Autoscaling
- Traffic management
- Routing
- Event sinks
- Event delivery
- Listing event sources and event source types
- Creating an API server source
- Creating a ping source
- Custom event sources
- Creating channels
- Creating and managing subscriptions
- Creating brokers
- Triggers
- Using Knative Kafka
- Administer
- Monitor
- Tracing
- Support
- Security
-
Functions
- Setting up OpenShift Serverless Functions
- Getting started with functions
- On-cluster function building and deploying
- Developing Node.js functions
- Developing TypeScript functions
- Developing Go functions
- Developing Python functions
- Developing Quarkus functions
- Using functions with Knative Eventing
- Function project configuration in func.yaml
- Accessing secrets and config maps from functions
- Adding annotations to functions
- Functions development reference guide
- Integrations
×
Release notes
- About API versions
- Generally Available and Technology Preview features
- Deprecated and removed features
- Release notes for Red Hat OpenShift Serverless 1.25.0
- Release notes for Red Hat OpenShift Serverless 1.24.0
- Release notes for Red Hat OpenShift Serverless 1.23.0
- Release notes for Red Hat OpenShift Serverless 1.22.0
- Release notes for Red Hat OpenShift Serverless 1.21.0
- Release notes for Red Hat OpenShift Serverless 1.20.0
- Release notes for Red Hat OpenShift Serverless 1.19.0
- Release notes for Red Hat OpenShift Serverless 1.18.0
- Release Notes for Red Hat OpenShift Serverless 1.17.0
- Release Notes for Red Hat OpenShift Serverless 1.16.0
Release notes contain information about new and deprecated features, breaking changes, and known issues. The following release notes apply for the most recent OpenShift Serverless releases on OpenShift Container Platform.
For an overview of OpenShift Serverless functionality, see About OpenShift Serverless.
|
OpenShift Serverless is based on the open source Knative project. For details about the latest Knative component releases, see the Knative blog. |
About API versions
API versions are an important measure of the development status of certain features and custom resources in OpenShift Serverless. Creating resources on your cluster that do not use the correct API version can cause issues in your deployment.
The OpenShift Serverless Operator automatically upgrades older resources that use deprecated versions of APIs to use the latest version. For example, if you have created resources on your cluster that use older versions of the ApiServerSource API, such as v1beta1, the OpenShift Serverless Operator automatically updates these resources to use the v1 version of the API when this is available and the v1beta1 version is deprecated.
After they have been deprecated, older versions of APIs might be removed in any upcoming release. Using deprecated versions of APIs does not cause resources to fail. However, if you try to use a version of an API that has been removed, it will cause resources to fail. Ensure that your manifests are updated to use the latest version to avoid issues.
Generally Available and Technology Preview features
Features which are Generally Available (GA) are fully supported and are suitable for production use. Technology Preview (TP) features are experimental features and are not intended for production use. See the Technology Preview scope of support on the Red Hat Customer Portal for more information about TP features.
The following table provides information about which OpenShift Serverless features are GA and which are TP:
| Feature | 1.23 | 1.24 | 1.25 |
|---|---|---|---|
|
TP |
TP |
TP |
Service Mesh mTLS |
GA |
GA |
GA |
|
GA |
GA |
GA |
HTTPS redirection |
GA |
GA |
GA |
Kafka broker |
TP |
TP |
GA |
Kafka sink |
TP |
TP |
GA |
Init containers support for Knative services |
TP |
GA |
GA |
PVC support for Knative services |
TP |
TP |
TP |
TLS for internal traffic |
- |
- |
TP |
Deprecated and removed features
Some features that were Generally Available (GA) or a Technology Preview (TP) in previous releases have been deprecated or removed. Deprecated functionality is still included in OpenShift Serverless and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.
For the most recent list of major functionality deprecated and removed within OpenShift Serverless, refer to the following table:
| Feature | 1.20 | 1.21 | 1.22 to 1.25 |
|---|---|---|---|
|
Deprecated |
Deprecated |
Removed |
|
Deprecated |
Removed |
Removed |
Release notes for Red Hat OpenShift Serverless 1.25.0
OpenShift Serverless 1.25.0 is now available. New features, changes, and known issues that pertain to OpenShift Serverless on OpenShift Container Platform are included in this topic.
New features
-
OpenShift Serverless now uses Knative Serving 1.4.
-
OpenShift Serverless now uses Knative Eventing 1.4.
-
OpenShift Serverless now uses Kourier 1.4.
-
OpenShift Serverless now uses Knative (
kn) CLI 1.4. -
OpenShift Serverless now uses Knative Kafka 1.4.
-
The
kn funcCLI plug-in now usesfunc1.7.0. -
Integrated development environment (IDE) plug-ins for creating and deploying functions are now available for Visual Studio Code and IntelliJ.
-
Knative Kafka broker is now GA. Knative Kafka broker is a highly performant implementation of the Knative broker API, directly targeting Apache Kafka.
It is recommended to not use the MT-Channel-Broker, but the Knative Kafka broker instead.
-
Knative Kafka sink is now GA. A
KafkaSinktakes aCloudEventand sends it to an Apache Kafka topic. Events can be specified in either structured or binary content modes. -
Enabling TLS for internal traffic is now available as a Technology Preview.
Fixed issues
-
Previously, Knative Serving had an issue where the readiness probe failed if the container was restarted after a liveness probe fail. This issue has been fixed.
Release notes for Red Hat OpenShift Serverless 1.24.0
OpenShift Serverless 1.24.0 is now available. New features, changes, and known issues that pertain to OpenShift Serverless on OpenShift Container Platform are included in this topic.
New features
-
OpenShift Serverless now uses Knative Serving 1.3.
-
OpenShift Serverless now uses Knative Eventing 1.3.
-
OpenShift Serverless now uses Kourier 1.3.
-
OpenShift Serverless now uses Knative
knCLI 1.3. -
OpenShift Serverless now uses Knative Kafka 1.3.
-
The
kn funcCLI plug-in now usesfunc0.24. -
Init containers support for Knative services is now generally available (GA).
-
OpenShift Serverless logic is now available as a Developer Preview. It enables defining declarative workflow models for managing serverless applications.
-
You can now use the cost management service with OpenShift Serverless.
Fixed issues
-
Integrating OpenShift Serverless with Red Hat OpenShift Service Mesh causes the
net-istio-controllerpod to run out of memory on startup when too many secrets are present on the cluster.It is now possible to enable secret filtering, which causes
net-istio-controllerto consider only secrets with anetworking.internal.knative.dev/certificate-uidlabel, thus reducing the amount of memory needed. -
The OpenShift Serverless Functions Technology Preview now uses Cloud Native Buildpacks by default to build container images.
Known issues
-
The Federal Information Processing Standards (FIPS) mode is disabled for Kafka broker, Kafka source, and Kafka sink.
-
In OpenShift Serverless 1.23, support for KafkaBindings and the
kafka-bindingwebhook were removed. However, an existingkafkabindings.webhook.kafka.sources.knative.dev MutatingWebhookConfigurationmight remain, pointing to thekafka-source-webhookservice, which no longer exists.For certain specifications of KafkaBindings on the cluster,
kafkabindings.webhook.kafka.sources.knative.dev MutatingWebhookConfigurationmight be configured to pass any create and update events to various resources, such as Deployments, Knative Services, or Jobs, through the webhook, which would then fail.To work around this issue, manually delete
kafkabindings.webhook.kafka.sources.knative.dev MutatingWebhookConfigurationfrom the cluster after upgrading to OpenShift Serverless 1.23:
Release notes for Red Hat OpenShift Serverless 1.23.0
OpenShift Serverless 1.23.0 is now available. New features, changes, and known issues that pertain to OpenShift Serverless on OpenShift Container Platform are included in this topic.
New features
-
OpenShift Serverless now uses Knative Serving 1.2.
-
OpenShift Serverless now uses Knative Eventing 1.2.
-
OpenShift Serverless now uses Kourier 1.2.
-
OpenShift Serverless now uses Knative (
kn) CLI 1.2. -
OpenShift Serverless now uses Knative Kafka 1.2.
-
The
kn funcCLI plug-in now usesfunc0.24. -
It is now possible to use the
kafka.eventing.knative.dev/external.topicannotation with the Kafka broker. This annotation makes it possible to use an existing externally managed topic instead of the broker creating its own internal topic. -
The
kafka-ch-controllerandkafka-webhookKafka components no longer exist. These components have been replaced by thekafka-webhook-eventingcomponent. -
The OpenShift Serverless Functions Technology Preview now uses Source-to-Image (S2I) by default to build container images.
Known issues
-
The Federal Information Processing Standards (FIPS) mode is disabled for Kafka broker, Kafka source, and Kafka sink.
-
If you delete a namespace that includes a Kafka broker, the namespace finalizer may fail to be removed if the broker’s
auth.secret.ref.namesecret is deleted before the broker. -
Running OpenShift Serverless with a large number of Knative services can cause Knative activator pods to run close to their default memory limits of 600MB. These pods might be restarted if memory consumption reaches this limit. Requests and limits for the activator deployment can be configured by modifying the
KnativeServingcustom resource:apiVersion: operator.knative.dev/v1alpha1 kind: KnativeServing metadata: name: knative-serving namespace: knative-serving spec: deployments: - name: activator resources: - container: activator requests: cpu: 300m memory: 60Mi limits: cpu: 1000m memory: 1000Mi -
If you are using Cloud Native Buildpacks as the local build strategy for a function,
kn funcis unable to automatically start podman or use an SSH tunnel to a remote daemon. The workaround for these issues is to have a Docker or podman daemon already running on the local development computer before deploying a function. -
On-cluster function builds currently fail for Quarkus and Golang runtimes. They work correctly for Node, Typescript, Python, and Springboot runtimes.
Additional resources
Release notes for Red Hat OpenShift Serverless 1.22.0
OpenShift Serverless 1.22.0 is now available. New features, changes, and known issues that pertain to OpenShift Serverless on OpenShift Container Platform are included in this topic.
New features
-
OpenShift Serverless now uses Knative Serving 1.1.
-
OpenShift Serverless now uses Knative Eventing 1.1.
-
OpenShift Serverless now uses Kourier 1.1.
-
OpenShift Serverless now uses Knative (
kn) CLI 1.1. -
OpenShift Serverless now uses Knative Kafka 1.1.
-
The
kn funcCLI plug-in now usesfunc0.23. -
Init containers support for Knative services is now available as a Technology Preview.
-
Persistent volume claim (PVC) support for Knative services is now available as a Technology Preview.
-
The
knative-serving,knative-serving-ingress,knative-eventingandknative-kafkasystem namespaces now have theknative.openshift.io/part-of: "openshift-serverless"label by default. -
The Knative Eventing - Kafka Broker/Trigger dashboard has been added, which allows visualizing Kafka broker and trigger metrics in the web console.
-
The Knative Eventing - KafkaSink dashboard has been added, which allows visualizing KafkaSink metrics in the web console.
-
The Knative Eventing - Broker/Trigger dashboard is now called Knative Eventing - Channel-based Broker/Trigger.
-
The
knative.openshift.io/part-of: "openshift-serverless"label has substituted theknative.openshift.io/system-namespacelabel. -
Naming style in Knative Serving YAML configuration files changed from camel case (
ExampleName) to hyphen style (example-name). Beginning with this release, use the hyphen style notation when creating or editing Knative Serving YAML configuration files.
Release notes for Red Hat OpenShift Serverless 1.21.0
OpenShift Serverless 1.21.0 is now available. New features, changes, and known issues that pertain to OpenShift Serverless on OpenShift Container Platform are included in this topic.
New features
-
OpenShift Serverless now uses Knative Serving 1.0
-
OpenShift Serverless now uses Knative Eventing 1.0.
-
OpenShift Serverless now uses Kourier 1.0.
-
OpenShift Serverless now uses Knative (
kn) CLI 1.0. -
OpenShift Serverless now uses Knative Kafka 1.0.
-
The
kn funcCLI plug-in now usesfunc0.21. -
The Kafka sink is now available as a Technology Preview.
-
The Knative open source project has begun to deprecate camel-cased configuration keys in favor of using kebab-cased keys consistently. As a result, the
defaultExternalSchemekey, previously mentioned in the OpenShift Serverless 1.18.0 release notes, is now deprecated and replaced by thedefault-external-schemekey. Usage instructions for the key remain the same.
Fixed issues
-
In OpenShift Serverless 1.20.0, there was an event delivery issue affecting the use of
kn event sendto send events to a service. This issue is now fixed. -
In OpenShift Serverless 1.20.0 (
func0.20), TypeScript functions created with thehttptemplate failed to deploy on the cluster. This issue is now fixed. -
In OpenShift Serverless 1.20.0 (
func0.20), deploying a function using thegcr.ioregistry failed with an error. This issue is now fixed. -
In OpenShift Serverless 1.20.0 (
func0.20), creating a Springboot function project directory with thekn func createcommand and then running thekn func buildcommand failed with an error message. This issue is now fixed. -
In OpenShift Serverless 1.19.0 (
func0.19), some runtimes were unable to build a function by using podman. This issue is now fixed.
Known issues
-
Currently, the domain mapping controller cannot process the URI of a broker, which contains a path that is currently not supported.
This means that, if you want to use a
DomainMappingcustom resource (CR) to map a custom domain to a broker, you must configure theDomainMappingCR with the broker’s ingress service, and append the exact path of the broker to the custom domain:ExampleDomainMappingCRapiVersion: serving.knative.dev/v1alpha1 kind: DomainMapping metadata: name: <domain-name> namespace: knative-eventing spec: ref: name: broker-ingress kind: Service apiVersion: v1The URI for the broker is then
<domain-name>/<broker-namespace>/<broker-name>.
Release notes for Red Hat OpenShift Serverless 1.20.0
OpenShift Serverless 1.20.0 is now available. New features, changes, and known issues that pertain to OpenShift Serverless on OpenShift Container Platform are included in this topic.
New features
-
OpenShift Serverless now uses Knative Serving 0.26.
-
OpenShift Serverless now uses Knative Eventing 0.26.
-
OpenShift Serverless now uses Kourier 0.26.
-
OpenShift Serverless now uses Knative (
kn) CLI 0.26. -
OpenShift Serverless now uses Knative Kafka 0.26.
-
The
kn funcCLI plug-in now usesfunc0.20. -
The Kafka broker is now available as a Technology Preview.
The Kafka broker, which is currently in Technology Preview, is not supported on FIPS.
-
The
kn eventplug-in is now available as a Technology Preview. -
The
--min-scaleand--max-scaleflags for thekn service createcommand have been deprecated. Use the--scale-minand--scale-maxflags instead.
Known issues
-
OpenShift Serverless deploys Knative services with a default address that uses HTTPS. When sending an event to a resource inside the cluster, the sender does not have the cluster certificate authority (CA) configured. This causes event delivery to fail, unless the cluster uses globally accepted certificates.
For example, an event delivery to a publicly accessible address works:
$ kn event send --to-url https://ce-api.foo.example.com/On the other hand, this delivery fails if the service uses a public address with an HTTPS certificate issued by a custom CA:
$ kn event send --to Service:serving.knative.dev/v1:event-displaySending an event to other addressable objects, such as brokers or channels, is not affected by this issue and works as expected.
-
The Kafka broker currently does not work on a cluster with Federal Information Processing Standards (FIPS) mode enabled.
-
If you create a Springboot function project directory with the
kn func createcommand, subsequent running of thekn func buildcommand fails with this error message:[analyzer] no stack metadata found at path '' [analyzer] ERROR: failed to : set API for buildpack 'paketo-buildpacks/ca-certificates@3.0.2': buildpack API version '0.7' is incompatible with the lifecycleAs a workaround, you can change the
builderproperty togcr.io/paketo-buildpacks/builder:basein the function configuration filefunc.yaml. -
Deploying a function using the
gcr.ioregistry fails with this error message:Error: failed to get credentials: failed to verify credentials: status code: 404As a workaround, use a different registry than
gcr.io, such asquay.ioordocker.io. -
TypeScript functions created with the
httptemplate fail to deploy on the cluster.As a workaround, in the
func.yamlfile, replace the following section:buildEnvs: []with this:
buildEnvs: - name: BP_NODE_RUN_SCRIPTS value: build -
In
funcversion 0.20, some runtimes might be unable to build a function by using podman. You might see an error message similar to the following:ERROR: failed to image: error during connect: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.40/info": EOF-
The following workaround exists for this issue:
-
Update the podman service by adding
--time=0to the serviceExecStartdefinition:Example service configurationExecStart=/usr/bin/podman $LOGGING system service --time=0 -
Restart the podman service by running the following commands:
$ systemctl --user daemon-reload$ systemctl restart --user podman.socket
-
-
Alternatively, you can expose the podman API by using TCP:
$ podman system service --time=0 tcp:127.0.0.1:5534 & export DOCKER_HOST=tcp://127.0.0.1:5534
-
Release notes for Red Hat OpenShift Serverless 1.19.0
OpenShift Serverless 1.19.0 is now available. New features, changes, and known issues that pertain to OpenShift Serverless on OpenShift Container Platform are included in this topic.
New features
-
OpenShift Serverless now uses Knative Serving 0.25.
-
OpenShift Serverless now uses Knative Eventing 0.25.
-
OpenShift Serverless now uses Kourier 0.25.
-
OpenShift Serverless now uses Knative (
kn) CLI 0.25. -
OpenShift Serverless now uses Knative Kafka 0.25.
-
The
kn funcCLI plug-in now usesfunc0.19. -
The
KafkaBindingAPI is deprecated in OpenShift Serverless 1.19.0 and will be removed in a future release. -
HTTPS redirection is now supported and can be configured either globally for a cluster or per each Knative service.
Fixed issues
-
In previous releases, the Kafka channel dispatcher waited only for the local commit to succeed before responding, which might have caused lost events in the case of an Apache Kafka node failure. The Kafka channel dispatcher now waits for all in-sync replicas to commit before responding.
Known issues
-
In
funcversion 0.19, some runtimes might be unable to build a function by using podman. You might see an error message similar to the following:ERROR: failed to image: error during connect: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.40/info": EOF-
The following workaround exists for this issue:
-
Update the podman service by adding
--time=0to the serviceExecStartdefinition:Example service configurationExecStart=/usr/bin/podman $LOGGING system service --time=0 -
Restart the podman service by running the following commands:
$ systemctl --user daemon-reload$ systemctl restart --user podman.socket
-
-
Alternatively, you can expose the podman API by using TCP:
$ podman system service --time=0 tcp:127.0.0.1:5534 & export DOCKER_HOST=tcp://127.0.0.1:5534
-
Release notes for Red Hat OpenShift Serverless 1.18.0
OpenShift Serverless 1.18.0 is now available. New features, changes, and known issues that pertain to OpenShift Serverless on OpenShift Container Platform are included in this topic.
New features
-
OpenShift Serverless now uses Knative Serving 0.24.0.
-
OpenShift Serverless now uses Knative Eventing 0.24.0.
-
OpenShift Serverless now uses Kourier 0.24.0.
-
OpenShift Serverless now uses Knative (
kn) CLI 0.24.0. -
OpenShift Serverless now uses Knative Kafka 0.24.7.
-
The
kn funcCLI plug-in now usesfunc0.18.0. -
In the upcoming OpenShift Serverless 1.19.0 release, the URL scheme of external routes will default to HTTPS for enhanced security.
If you do not want this change to apply for your workloads, you can override the default setting before upgrading to 1.19.0, by adding the following YAML to your
KnativeServingcustom resource (CR):... spec: config: network: defaultExternalScheme: "http" ...If you want the change to apply in 1.18.0 already, add the following YAML:
... spec: config: network: defaultExternalScheme: "https" ... -
In the upcoming OpenShift Serverless 1.19.0 release, the default service type by which the Kourier Gateway is exposed will be
ClusterIPand notLoadBalancer.If you do not want this change to apply to your workloads, you can override the default setting before upgrading to 1.19.0, by adding the following YAML to your
KnativeServingcustom resource (CR):... spec: ingress: kourier: service-type: LoadBalancer ... -
You can now use
emptyDirvolumes with OpenShift Serverless. See the OpenShift Serverless documentation about Knative Serving for details. -
Rust templates are now available when you create a function using
kn func.
Fixed issues
-
The prior 1.4 version of Camel-K was not compatible with OpenShift Serverless 1.17.0. The issue in Camel-K has been fixed, and Camel-K version 1.4.1 can be used with OpenShift Serverless 1.17.0.
-
Previously, if you created a new subscription for a Kafka channel, or a new Kafka source, a delay was possible in the Kafka data plane becoming ready to dispatch messages after the newly created subscription or sink reported a ready status.
As a result, messages that were sent during the time when the data plane was not reporting a ready status, might not have been delivered to the subscriber or sink.
In OpenShift Serverless 1.18.0, the issue is fixed and the initial messages are no longer lost. For more information about the issue, see Knowledgebase Article #6343981.
Known issues
-
Older versions of the Knative
knCLI might use older versions of the Knative Serving and Knative Eventing APIs. For example, version 0.23.2 of theknCLI uses thev1alpha1API version.On the other hand, newer releases of OpenShift Serverless might no longer support older API versions. For example, OpenShift Serverless 1.18.0 no longer supports version
v1alpha1of thekafkasources.sources.knative.devAPI.Consequently, using an older version of the Knative
knCLI with a newer OpenShift Serverless might produce an error because thekncannot find the outdated API. For example, version 0.23.2 of theknCLI does not work with OpenShift Serverless 1.18.0.To avoid issues, use the latest
knCLI version available for your OpenShift Serverless release. For OpenShift Serverless 1.18.0, use KnativeknCLI 0.24.0.
Release Notes for Red Hat OpenShift Serverless 1.17.0
OpenShift Serverless 1.17.0 is now available. New features, changes, and known issues that pertain to OpenShift Serverless on OpenShift Container Platform are included in this topic.
New features
-
OpenShift Serverless now uses Knative Serving 0.23.0.
-
OpenShift Serverless now uses Knative Eventing 0.23.0.
-
OpenShift Serverless now uses Kourier 0.23.0.
-
OpenShift Serverless now uses Knative
knCLI 0.23.0. -
OpenShift Serverless now uses Knative Kafka 0.23.0.
-
The
kn funcCLI plug-in now usesfunc0.17.0. -
In the upcoming OpenShift Serverless 1.19.0 release, the URL scheme of external routes will default to HTTPS for enhanced security.
If you do not want this change to apply for your workloads, you can override the default setting before upgrading to 1.19.0, by adding the following YAML to your
KnativeServingcustom resource (CR):... spec: config: network: defaultExternalScheme: "http" ... -
mTLS functionality is now Generally Available (GA).
-
TypeScript templates are now available when you create a function using
kn func. -
Changes to API versions in Knative Eventing 0.23.0:
-
The
v1alpha1version of theKafkaChannelAPI, which was deprecated in OpenShift Serverless version 1.14.0, has been removed. If theChannelTemplateSpecparameters of your config maps contain references to this older version, you must update this part of the spec to use the correct API version.
-
Known issues
-
If you try to use an older version of the Knative
knCLI with a newer OpenShift Serverless release, the API is not found and an error occurs.For example, if you use the 1.16.0 release of the
knCLI, which uses version 0.22.0, with the 1.17.0 OpenShift Serverless release, which uses the 0.23.0 versions of the Knative Serving and Knative Eventing APIs, the CLI does not work because it continues to look for the outdated 0.22.0 API versions.Ensure that you are using the latest
knCLI version for your OpenShift Serverless release to avoid issues. -
Kafka channel metrics are not monitored or shown in the corresponding web console dashboard in this release. This is due to a breaking change in the Kafka dispatcher reconciling process.
-
If you create a new subscription for a Kafka channel, or a new Kafka source, there might be a delay in the Kafka data plane becoming ready to dispatch messages after the newly created subscription or sink reports a ready status.
As a result, messages that are sent during the time when the data plane is not reporting a ready status might not be delivered to the subscriber or sink.
For more information about this issue and possible workarounds, see Knowledge Article #6343981.
-
The Camel-K 1.4 release is not compatible with OpenShift Serverless version 1.17.0. This is because Camel-K 1.4 uses APIs that were removed in Knative version 0.23.0. There is currently no workaround available for this issue. If you need to use Camel-K 1.4 with OpenShift Serverless, do not upgrade to OpenShift Serverless version 1.17.0.
The issue has been fixed, and Camel-K version 1.4.1 is compatible with OpenShift Serverless 1.17.0.
Release Notes for Red Hat OpenShift Serverless 1.16.0
OpenShift Serverless 1.16.0 is now available. New features, changes, and known issues that pertain to OpenShift Serverless on OpenShift Container Platform are included in this topic.
New features
-
OpenShift Serverless now uses Knative Serving 0.22.0.
-
OpenShift Serverless now uses Knative Eventing 0.22.0.
-
OpenShift Serverless now uses Kourier 0.22.0.
-
OpenShift Serverless now uses Knative
knCLI 0.22.0. -
OpenShift Serverless now uses Knative Kafka 0.22.0.
-
The
kn funcCLI plug-in now usesfunc0.16.0. -
The
kn func emitcommand has been added to the functionsknplug-in. You can use this command to send events to test locally deployed functions.
Known issues
-
You must upgrade OpenShift Container Platform to version 4.6.30, 4.7.11, or higher before upgrading to OpenShift Serverless 1.16.0.
-
The AMQ Streams Operator might prevent the installation or upgrade of the OpenShift Serverless Operator. If this happens, the following error is thrown by Operator Lifecycle Manager (OLM):
WARNING: found multiple channel heads: [amqstreams.v1.7.2 amqstreams.v1.6.2], please check the `replaces`/`skipRange` fields of the operator bundles.You can fix this issue by uninstalling the AMQ Streams Operator before installing or upgrading the OpenShift Serverless Operator. You can then reinstall the AMQ Streams Operator.
-
If Service Mesh is enabled with mTLS, metrics for Knative Serving are disabled by default because Service Mesh prevents Prometheus from scraping metrics. For instructions on enabling Knative Serving metrics for use with Service Mesh and mTLS, see the "Integrating Service Mesh with OpenShift Serverless" section of the Serverless documentation.
-
If you deploy Service Mesh CRs with the Istio ingress enabled, you might see the following warning in the
istio-ingressgatewaypod:2021-05-02T12:56:17.700398Z warning envoy config [external/envoy/source/common/config/grpc_subscription_impl.cc:101] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) 0.0.0.0_8081: duplicate listener 0.0.0.0_8081 foundYour Knative services might also not be accessible.
You can use the following workaround to fix this issue by recreating the
knative-local-gatewayservice:-
Delete the existing
knative-local-gatewayservice in theistio-systemnamespace:$ oc delete services -n istio-system knative-local-gateway -
Create and apply a
knative-local-gatewayservice that contains the following YAML:apiVersion: v1 kind: Service metadata: name: knative-local-gateway namespace: istio-system labels: experimental.istio.io/disable-gateway-port-translation: "true" spec: type: ClusterIP selector: istio: ingressgateway ports: - name: http2 port: 80 targetPort: 8081
-
-
If you have 1000 Knative services on a cluster, and then perform a reinstall or upgrade of Knative Serving, there is a delay when you create the first new service after the
KnativeServingcustom resource (CR) becomesReady.The
3scale-kourier-controlservice reconciles all previously existing Knative services before processing the creation of a new service, which causes the new service to spend approximately 800 seconds in anIngressNotConfiguredorUnknownstate before the state updates toReady. -
If you create a new subscription for a Kafka channel, or a new Kafka source, there might be a delay in the Kafka data plane becoming ready to dispatch messages after the newly created subscription or sink reports a ready status.
As a result, messages that are sent during the time when the data plane is not reporting a ready status might not be delivered to the subscriber or sink.
For more information about this issue and possible workarounds, see Knowledge Article #6343981.