Releases: knative/eventing
Releases · knative/eventing
v1.14.1
knative/eventing@release-1.14
Changes by Kind
Bug or Regression
- Reduce the scope for the Config validation webhook to only the
knative-eventing
namespace. (#7792, @pierDipi)
Uncategorized
- Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 (#7750, @matzew)
- Enable storage of EventType
v1beta2
instead ofv1beta1
(#7594, @dsimansk) - EventType Autocreate is now a non blocking operation (#7709, @Cali0707)
- EventTypes are now autocreated on Triggers and Subscriptions when there is a reply event sent to them (#7733, @Cali0707)
- Feature: Added the ability for users to configure
nodeSelector
when deployingapiserversource
, Users can now configure nodeSelector via config-features by adding key-value pair in the format apiserversources.nodeselector.: (#7584, @sadath-12) - Merge keys, which were associated with an older version of YAML (1.1), are no longer officially supported in YAML according to its specifications. YAML version 1.2, the current standard, does not include support for merge keys, rendering them obsolete. (#7662, @converge)
- StatefulSet scheduling now makes fewer API server requests, reducing APIServer load. (#7651, @Cali0707)
- Using 2.15.2 of Go-sdk for CloudEvents (#7747, @matzew)
v1.13.4
Changes by Kind
New Features
- PingSource
schedule
supports optional seconds field (#7394, @SiBell) - Trust-manager integration (#7532, @pierDipi)
- Allow configuring whether to allow cross namespaces Brokers configuration using the
config-br-defaults
ConfigMap. (#7455, @pierDipi) - Expose the Sequence OIDC service account name in the Sequence
.status.auth.serviceAccountName
(#7361, @rahulii) - Use RFC-3339 compliant string encodings in filters for attributes of type time. (#7466, @Cali0707)
- Introduce EventTypes v1beta3 version (#7304, @matzew)
- EventType V1Beta2 deprecation (#7454, @matzew)
- Provide OIDC token in SinkBinding under
/oidc/token
path. (#7444, @creydr) - Channel dispatcher authenticates requests with OIDC (#7445, @Cali0707)
- Authenticate Requests from ApiServerSource (#7452, @Leo6Leo)
- Use underlying input channels audience as sequence audience (#7387, @md-saif-husain)
Misc
- PingSource TLS & OIDC test (#7416, @Leo6Leo)
- Enable storage of EventType
v1beta2
instead ofv1beta1
(#7594, @dsimansk) - EventType v1beta1 deprecation (#7453 and #7303, @matzew)
- Add Prerequisite for e2e test to check if OIDC authentication is enabled (#7609, @creydr)
- Fix mt-broker-ingress watch Broker (#7499, @xiangpingjiang)
- Refactor the AuthStatus Logic (#7417, @xiangpingjiang)
- InMemoryChannel send a 202 response only after successfully delivering the event to all subscribers (#7415, @Cali0707)
- Under OIDC mode, all the outgoing event request will be appended with JWT Authorization header (#7452, @Leo6Leo)
- Use kmeta.ChildName() to generate OIDC service account name (#7521, @xiangpingjiang)
- When running hack/install.sh, all the related testing environments will be set up as well. (#7418, @Leo6Leo)
v1.14.0
knative/eventing@release-1.14
Changes by Kind
Bug or Regression
- Reduce the scope for the Config validation webhook to only the
knative-eventing
namespace. (#7792, @pierDipi)
Uncategorized
- Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 (#7750, @matzew)
- Enable storage of EventType
v1beta2
instead ofv1beta1
(#7594, @dsimansk) - EventType Autocreate is now a non blocking operation (#7709, @Cali0707)
- EventTypes are now autocreated on Triggers and Subscriptions when there is a reply event sent to them (#7733, @Cali0707)
- Feature: Added the ability for users to configure
nodeSelector
when deployingapiserversource
, Users can now configure nodeSelector via config-features by adding key-value pair in the format apiserversources.nodeselector.: (#7584, @sadath-12) - Merge keys, which were associated with an older version of YAML (1.1), are no longer officially supported in YAML according to its specifications. YAML version 1.2, the current standard, does not include support for merge keys, rendering them obsolete. (#7662, @converge)
- StatefulSet scheduling now makes fewer API server requests, reducing APIServer load. (#7651, @Cali0707)
- Using 2.15.2 of Go-sdk for CloudEvents (#7747, @matzew)
v1.12.6
Changes by Kind
New Features
- The
filters
field in Triggers is now beta and enabled by default- New Event Filters are now only created once, rather than on each event (#7213, @Cali0707)
- The Any filter now dynamically optimizes the order of nested filters for optimal performance. (#7205, @Cali0707)
- The all filter now dynamically optimizes its ordering to improve performance (#7300, @Cali0707)
- The exact filter now uses less memory and is faster! (#7311, @Cali0707)
- The prefix filter just got a whole lot faster! (#7309, @Cali0707)
- The suffix filter is now faster! (#7312, @Cali0707)
- OIDC authentication feature
- Add Audience field in CRDs (#7244, @xiangpingjiang)
- Expose OIDC audience of a Broker in its status (#7237, @creydr)
- Expose OIDC audience of an InMemoryChannel in its status (#7371, @creydr)
- Expose the APIServerSource OIDC service account name in the APIServerSource .status.auth.serviceAccountName (#7330, @Leo6Leo)
- Expose the PingSource OIDC service account name in the PingSource .status.auth.serviceAccountName (#7344, @Leo6Leo)
- Expose the SinkBinding OIDC service account name in the SinkBinding .status.auth.serviceAccountName (#7327, @rahulii)
- Expose the SubscriptionsOIDC service account name in the Subscriptions.status.auth.serviceAccountName (#7338, @xiangpingjiang)
- Expose the Triggers OIDC service account name in the Triggers .status.auth.serviceAccountName (#7299, @creydr)
- Mt-broker-ingress: verify the audience of the received JWT if OIDC authentication is enabled (#7336, @creydr)
- OIDC tokens are now cached to improve performance. (#7335, @Cali0707)
- It is now possible to specify a subset of features in
config-features
without overriding default values (#7379, @pierDipi) - PingSource
schedule
supports optional seconds field
Bug Fixes
- Fix unique name generator for auto-created
EventType
(#7160, @dsimansk) - Correctly handle networking errors when ApiServerSource adapter can't retrieve resources when starts. (#7279, @pierDipi)
- Event Types are now only created once when using a MTChannelBasedBroker. (#7161, @Cali0707)
- Set cluster domain suffix in TLS records correctly. (#7145, @creydr)
- 🐛 Memory leak in the not filter was fixed. (#7310, @Cali0707)
- 🐛 The filters field now only overrides the filter field on a trigger if there are filters in the filters field. (#7286, @Cali0707)
- Fixed bug where eventtypes for builtin sources were created and deleted in a loop (#7245, @Cali0707)
- Fix of the rule aggregation of the
knative-eventing-namespaced-edit
role to only give view permissions on knative eventing resources. (#7124, @creydr) - Update go
x/net
dependency to help mitigate CVE-2023-44487 (#7348, @Cali0707)
v1.13.3
Changes by Kind
New Features
- PingSource
schedule
supports optional seconds field (#7394, @SiBell) - Trust-manager integration (#7532, @pierDipi)
- Allow configuring whether to allow cross namespaces Brokers configuration using the
config-br-defaults
ConfigMap. (#7455, @pierDipi) - Expose the Sequence OIDC service account name in the Sequence
.status.auth.serviceAccountName
(#7361, @rahulii) - Use RFC-3339 compliant string encodings in filters for attributes of type time. (#7466, @Cali0707)
- Introduce EventTypes v1beta3 version (#7304, @matzew)
- EventType V1Beta2 deprecation (#7454, @matzew)
- Provide OIDC token in SinkBinding under
/oidc/token
path. (#7444, @creydr) - Channel dispatcher authenticates requests with OIDC (#7445, @Cali0707)
- Authenticate Requests from ApiServerSource (#7452, @Leo6Leo)
- Use underlying input channels audience as sequence audience (#7387, @md-saif-husain)
Misc
- PingSource TLS & OIDC test (#7416, @Leo6Leo)
- Enable storage of EventType
v1beta2
instead ofv1beta1
(#7594, @dsimansk) - EventType v1beta1 deprecation (#7453 and #7303, @matzew)
- Add Prerequisite for e2e test to check if OIDC authentication is enabled (#7609, @creydr)
- Fix mt-broker-ingress watch Broker (#7499, @xiangpingjiang)
- Refactor the AuthStatus Logic (#7417, @xiangpingjiang)
- InMemoryChannel send a 202 response only after successfully delivering the event to all subscribers (#7415, @Cali0707)
- Under OIDC mode, all the outgoing event request will be appended with JWT Authorization header (#7452, @Leo6Leo)
- Use kmeta.ChildName() to generate OIDC service account name (#7521, @xiangpingjiang)
- When running hack/install.sh, all the related testing environments will be set up as well. (#7418, @Leo6Leo)
v1.13.2
Changes by Kind
New Features
- PingSource
schedule
supports optional seconds field (#7394, @SiBell) - Trust-manager integration (#7532, @pierDipi)
- Allow configuring whether to allow cross namespaces Brokers configuration using the
config-br-defaults
ConfigMap. (#7455, @pierDipi) - Expose the Sequence OIDC service account name in the Sequence
.status.auth.serviceAccountName
(#7361, @rahulii) - Use RFC-3339 compliant string encodings in filters for attributes of type time. (#7466, @Cali0707)
- Introduce EventTypes v1beta3 version (#7304, @matzew)
- EventType V1Beta2 deprecation (#7454, @matzew)
- Provide OIDC token in SinkBinding under
/oidc/token
path. (#7444, @creydr) - Channel dispatcher authenticates requests with OIDC (#7445, @Cali0707)
- Authenticate Requests from ApiServerSource (#7452, @Leo6Leo)
- Use underlying input channels audience as sequence audience (#7387, @md-saif-husain)
Misc
- PingSource TLS & OIDC test (#7416, @Leo6Leo)
- Enable storage of EventType
v1beta2
instead ofv1beta1
(#7594, @dsimansk) - EventType v1beta1 deprecation (#7453 and #7303, @matzew)
- Add Prerequisite for e2e test to check if OIDC authentication is enabled (#7609, @creydr)
- Fix mt-broker-ingress watch Broker (#7499, @xiangpingjiang)
- Refactor the AuthStatus Logic (#7417, @xiangpingjiang)
- InMemoryChannel send a 202 response only after successfully delivering the event to all subscribers (#7415, @Cali0707)
- Under OIDC mode, all the outgoing event request will be appended with JWT Authorization header (#7452, @Leo6Leo)
- Use kmeta.ChildName() to generate OIDC service account name (#7521, @xiangpingjiang)
- When running hack/install.sh, all the related testing environments will be set up as well. (#7418, @Leo6Leo)
v1.12.5
Changes by Kind
New Features
- The
filters
field in Triggers is now beta and enabled by default- New Event Filters are now only created once, rather than on each event (#7213, @Cali0707)
- The Any filter now dynamically optimizes the order of nested filters for optimal performance. (#7205, @Cali0707)
- The all filter now dynamically optimizes its ordering to improve performance (#7300, @Cali0707)
- The exact filter now uses less memory and is faster! (#7311, @Cali0707)
- The prefix filter just got a whole lot faster! (#7309, @Cali0707)
- The suffix filter is now faster! (#7312, @Cali0707)
- OIDC authentication feature
- Add Audience field in CRDs (#7244, @xiangpingjiang)
- Expose OIDC audience of a Broker in its status (#7237, @creydr)
- Expose OIDC audience of an InMemoryChannel in its status (#7371, @creydr)
- Expose the APIServerSource OIDC service account name in the APIServerSource .status.auth.serviceAccountName (#7330, @Leo6Leo)
- Expose the PingSource OIDC service account name in the PingSource .status.auth.serviceAccountName (#7344, @Leo6Leo)
- Expose the SinkBinding OIDC service account name in the SinkBinding .status.auth.serviceAccountName (#7327, @rahulii)
- Expose the SubscriptionsOIDC service account name in the Subscriptions.status.auth.serviceAccountName (#7338, @xiangpingjiang)
- Expose the Triggers OIDC service account name in the Triggers .status.auth.serviceAccountName (#7299, @creydr)
- Mt-broker-ingress: verify the audience of the received JWT if OIDC authentication is enabled (#7336, @creydr)
- OIDC tokens are now cached to improve performance. (#7335, @Cali0707)
- It is now possible to specify a subset of features in
config-features
without overriding default values (#7379, @pierDipi) - PingSource
schedule
supports optional seconds field
Bug Fixes
- Fix unique name generator for auto-created
EventType
(#7160, @dsimansk) - Correctly handle networking errors when ApiServerSource adapter can't retrieve resources when starts. (#7279, @pierDipi)
- Event Types are now only created once when using a MTChannelBasedBroker. (#7161, @Cali0707)
- Set cluster domain suffix in TLS records correctly. (#7145, @creydr)
- 🐛 Memory leak in the not filter was fixed. (#7310, @Cali0707)
- 🐛 The filters field now only overrides the filter field on a trigger if there are filters in the filters field. (#7286, @Cali0707)
- Fixed bug where eventtypes for builtin sources were created and deleted in a loop (#7245, @Cali0707)
- Fix of the rule aggregation of the
knative-eventing-namespaced-edit
role to only give view permissions on knative eventing resources. (#7124, @creydr) - Update go
x/net
dependency to help mitigate CVE-2023-44487 (#7348, @Cali0707)
v1.13.1
Changes by Kind
New Features
- PingSource
schedule
supports optional seconds field (#7394, @SiBell) - Trust-manager integration (#7532, @pierDipi)
- Allow configuring whether to allow cross namespaces Brokers configuration using the
config-br-defaults
ConfigMap. (#7455, @pierDipi) - Expose the Sequence OIDC service account name in the Sequence
.status.auth.serviceAccountName
(#7361, @rahulii) - Use RFC-3339 compliant string encodings in filters for attributes of type time. (#7466, @Cali0707)
- Introduce EventTypes v1beta3 version (#7304, @matzew)
- EventType V1Beta2 deprecation (#7454, @matzew)
- Provide OIDC token in SinkBinding under
/oidc/token
path. (#7444, @creydr) - Channel dispatcher authenticates requests with OIDC (#7445, @Cali0707)
- Authenticate Requests from ApiServerSource (#7452, @Leo6Leo)
- Use underlying input channels audience as sequence audience (#7387, @md-saif-husain)
Misc
- PingSource TLS & OIDC test (#7416, @Leo6Leo)
- Enable storage of EventType
v1beta2
instead ofv1beta1
(#7594, @dsimansk) - EventType v1beta1 deprecation (#7453 and #7303, @matzew)
- Add Prerequisite for e2e test to check if OIDC authentication is enabled (#7609, @creydr)
- Fix mt-broker-ingress watch Broker (#7499, @xiangpingjiang)
- Refactor the AuthStatus Logic (#7417, @xiangpingjiang)
- InMemoryChannel send a 202 response only after successfully delivering the event to all subscribers (#7415, @Cali0707)
- Under OIDC mode, all the outgoing event request will be appended with JWT Authorization header (#7452, @Leo6Leo)
- Use kmeta.ChildName() to generate OIDC service account name (#7521, @xiangpingjiang)
- When running hack/install.sh, all the related testing environments will be set up as well. (#7418, @Leo6Leo)
v1.11.11
Changes
- Updated mtping TLS cert test to bind to free port (#7036, @Cali0707)
- Add TLS support for mt-broker-filter (#6940, @creydr)
- Adding v1beta2 version for EventType and type conversion (#6903, @matzew)
- ApiServerSource supports sending events to TLS endpoints, minimum TLS version is v1.2 (#6956, @pierDipi)
- ContainerSource supports sending events to TLS endpoints, minimum TLS version is v1.2 (#6957, @vishal-chdhry)
- Even Type auto-create feature:
- Based on CloudEvents processed in an inmemorychannel corresponding
EventType
resources are created in the namespace (#7089, @Cali0707) - Feature flag to enable:
eventtype-auto-create
inconfigmap/config-features
- Based on CloudEvents processed in a broker corresponding
EventType
resources are created in the namespace (#7034, @dsimansk)
- Based on CloudEvents processed in an inmemorychannel corresponding
- EventType v1b2 on sources
duck
controller/reconciler used (#6962, @matzew) - EventType v1beta2 usage on the reconciler (#6949, @matzew)
- Do not parse flags in InitializeEventingFlags (#6966, @mgencur)
- PingSource supports sending events to TLS endpoints, minimum TLS version is v1.2 (#6965, @pierDipi)
- Source duck compliant source now create EventTypes for KResources, not just brokers (#7032, @matzew)
- The ApiServerSource controller now sets the K_CA_CERTS environment variable when creating the adapter and the sink has CACerts defined. (#6897, @vishal-chdhry)
- The ApiServerSource controller now sets the K_CA_CERTS environment variable when creating the adapter and the sink has CACerts defined. (#6920, @vishal-chdhry)
- The BROKER field of the EventType is deprecated, and is replaced by a KRef reference, pointing to the broker. In the future Knative will be able to support other addressables with EventType, instead of just a broker (#6870, @matzew)
- The EventType CRD can now point to other resources, like channels or sinks (#7023, @matzew)
- imc-dispatcher supports an https endpoint for receiving events. The channel is deduced from the path. (#6954, @gab-satchi)
Full Changelog: knative-v1.10.0...knative-v1.11.0
v1.13.0
Changes by Kind
New Features
- PingSource
schedule
supports optional seconds field (#7394, @SiBell) - Trust-manager integration (#7532, @pierDipi)
- Allow configuring whether to allow cross namespaces Brokers configuration using the
config-br-defaults
ConfigMap. (#7455, @pierDipi) - Expose the Sequence OIDC service account name in the Sequence
.status.auth.serviceAccountName
(#7361, @rahulii) - Use RFC-3339 compliant string encodings in filters for attributes of type time. (#7466, @Cali0707)
- Introduce EventTypes v1beta3 version (#7304, @matzew)
- EventType V1Beta2 deprecation (#7454, @matzew)
- Provide OIDC token in SinkBinding under
/oidc/token
path. (#7444, @creydr) - Channel dispatcher authenticates requests with OIDC (#7445, @Cali0707)
- Authenticate Requests from ApiServerSource (#7452, @Leo6Leo)
- Use underlying input channels audience as sequence audience (#7387, @md-saif-husain)
Misc
- PingSource TLS & OIDC test (#7416, @Leo6Leo)
- Enable storage of EventType
v1beta2
instead ofv1beta1
(#7594, @dsimansk) - EventType v1beta1 deprecation (#7453 and #7303, @matzew)
- Add Prerequisite for e2e test to check if OIDC authentication is enabled (#7609, @creydr)
- Fix mt-broker-ingress watch Broker (#7499, @xiangpingjiang)
- Refactor the AuthStatus Logic (#7417, @xiangpingjiang)
- InMemoryChannel send a 202 response only after successfully delivering the event to all subscribers (#7415, @Cali0707)
- Under OIDC mode, all the outgoing event request will be appended with JWT Authorization header (#7452, @Leo6Leo)
- Use kmeta.ChildName() to generate OIDC service account name (#7521, @xiangpingjiang)
- When running hack/install.sh, all the related testing environments will be set up as well. (#7418, @Leo6Leo)