Releases: google/kf
Releases · google/kf
v2.11.26
Changelog
- Changed: increased source package size limit from 1 GB to 3 GB
Dependencies
| Dependency | Version |
|---|---|
| Tekton | v0.53.3 |
| Anthos Service Mesh | 1.19.3-asm.4+config1 |
| Config Connector | 1.111.0 |
Compatibility
- It's safe to use this version of the Kf CLI with the previous server version.
- It's safe to use the previous version of the Kf CLI with this server version.
- It's safe to roll back this server version to the previous version.
v2.11.25
Updated Tekton Pipelines dependency to the newest patch of current LTS release (v0.53.3)
v2.11.24
Changelog
- Changed: Upgraded server-side dependencies
Dependencies
| Dependency | Version |
|---|---|
| Tekton | v0.53.2 |
| Anthos Service Mesh | 1.19.3-asm.4+config1 |
| Config Connector | 1.111.0 |
Compatibility
- It's safe to use this version of the Kf CLI with the previous server version.
- It's safe to use the previous version of the Kf CLI with this server version.
- It's safe to roll back this server version to the previous version.
v2.11.23
Changelog
- Changed: rolled back capitalization of env var names in
kf set-env
Dependencies
| Dependency | Version |
|---|---|
| Tekton | v0.47.1 |
| Anthos Service Mesh | 1.17.4-asm.2+config1 |
| Config Connector | 1.105.0 |
Compatibility
- It's safe to use this version of the Kf CLI with the previous server version.
- It's safe to use the previous version of the Kf CLI with this server version.
- It's safe to roll back this server version to the previous version.
v2.11.22
Changelog
- Changed:
MEMORY_LIMITenvironment variable was used twice in environment section of container specification. One of usages has been renamed toMEMORY_LIMIT_IN_MBto ensure that each variable name appears just once.
Risks and mitigations
- New environment variable
MEMORY_LIMIT_IN_MBis automatically added to container specification. Workload's behaviour may be affected if it depends on the existence or value of such an environment variable.
Dependencies
| Dependency | Version |
|---|---|
| Tekton | v0.47.1 |
| Anthos Service Mesh | 1.17.4-asm.2+config1 |
| Config Connector | 1.105.0 |
Compatibility
- It's safe to use this version of the Kf CLI with the previous server version.
- It's safe to use the previous version of the Kf CLI with this server version.
- It's safe to roll back this server version to the previous version.
v2.11.21
Changelog
- Security: Updated several packages with security updates.
- Security: Removed permissions on auditor roles that they could use to exec in containers.
- Changed:
kf third-party-licensesno longer includes specific versions of dependencies to make automatic security patches smoother. Versions are available in the Kf source downloads for each release. - Changed: When spaces are updated, apps in the affected space will be enqueued on a best-effort basis to avoid blocking the main queue.
- Added: Logging for upload time to
kf push. - Added: Logging for extracted file counts to file extraction build steps.
- Fixed: The featureflag controller will no longer enqueue all namespaces when feature flags are changed, significantly reducing the load on the controller.
- Added: Ability to change the snapshot modes for Kaniko for faster snapshots.
- Changed: The default snapshot mode for Kaniko builds in the v2 buildpacks is now fast rather than robust.
Risks and mitigations
- The new snapshot mode for Kaniko should result in reduced build times and I/O on build nodes. However, applications may see incorrect containers if they were overwriting system files during build in a way that doesn't change their timestamp or size. This shouldn't be the case for any standard applications that are using buildpacks correctly. If applications start to have errors, the behavior can be disabled by turning on the "Robust Build Snapshot" feature: https://kf.dev/docs/v2.11/operator/customizing/customizing-features/#robust-build-snapshots.
Dependencies
| Dependency | Version |
|---|---|
| Tekton | v0.47.1 |
| Anthos Service Mesh | 1.17.4-asm.2+config1 |
| Config Connector | 1.105.0 |
Compatibility
- It's safe to use this version of the Kf CLI with the previous server version.
- It's safe to use the previous version of the Kf CLI with this server version.
- It's safe to roll back this server version to the previous version.
v2.11.20
v2.11.20
Changelog
Added: Support for Tekton 0.47.1
Added: Support for KCC 1.105.0
Added: Support for ASM 1.17
Added: RBAC to manage service account to Space
Dependencies
| Dependency | Version |
|---|---|
| Tekton | v0.47.1 |
| Anthos Service Mesh | 1.17.4-asm.2+config1 |
| Config Connector | 1.105.0 |
Compatibility
Kf should be upgraded first to v2.11.20 before upgrading Tekton and KCC.
v2.11.19
Changelog
- Added: The ability to override KSAs for applications. This allows consistent KSAs to be used for blue/green applications, and for integrations like GCP's workload identity to work with the KSAs in Kf -- supporting Kf users who want to move away from Service Brokers and use rotating creds.
Dependencies
| Dependency | Version |
|---|---|
| Tekton | v0.32.1 |
| Anthos Service Mesh | 1.16.4-asm.2+config1 |
| Config Connector | 1.66.0 |
Compatibility
- It's safe to use this version of the Kf CLI with the previous server version.
- It's safe to use the previous version of the Kf CLI with this server version.
- It's not safe to roll back this server version to the previous version, apps may revert to their original service accounts.
v2.11.18
Changelog
- Added (preview):
kf xargs-appswhich runs a command on each app in a collection of targeted spaces. Ex:kf xargs-apps --all-spaces -- kf restart {{.Name}} --space {{.Space}}will restart all apps in all spaces - Added: The developer role now has the
attachverb on pods similar to the existingexec. - Changed: Tested version of ASM is increased to 1.16.
- Changed:
kf pushwill no longer wait for placeholder creation during push to reduce push times. - Changed: Increased threads for apps and builds to match large realistic app sizes.
- Changed: Extracted garbage collection and app start command detection out of the app reconciler to improve reconciliation throughput.
- Changed: Increased memory and CPU for controller/webhook to prevent throttling.
- Security: Updated vulnerable dependencies. These should not be exploitable unless an attacker already has access to the cluster and permissions necessary to contact the stateless sub-resource API.
Risks and mitigations
- The controller and webhook now have increased resource limits, the cluster should be large enough to accommodate these.
- Kf will no longer wait for an application's start command to be populated before marking an application as ready, so the start command displayed during push may be out of date. If you rely on this poll the app until
status.imagematchesstatus.startCommands.imagewhich indicates the current application has been polled.
Dependencies
| Dependency | Version |
|---|---|
| Tekton | v0.32.1 |
| Anthos Service Mesh | 1.16.4-asm.2+config1 |
| Config Connector | 1.66.0 |
Known issues
- If multiple versions of ASM are installed, Kf will always pick the latest version's sidecar to add to applications rather than the version attached to the ingress gateway.
Compatibility
- It's safe to use this version of the Kf CLI with the previous server version.
- It's safe to use the previous version of the Kf CLI with this server version.
- It's safe to roll back this server version to the previous version of Kf.
v2.11.17
Changelog
Added--no-short-circuit-waitflag (defaults to false) to many app commands which allows commands to terminate without waiting only if they are operating on an app that is in the stopped state.Changedincreased concurrency of app and route reconcilers to improve performance.
Risks and mitigations
The --no-short-circuit-wait flag is defaulted on and is expected to improve the performance of common kf workflows by automatically skipping unnecessary waiting. If you notice problems, test your commands with --no-short-circuit-wait=false to disable the new behavior.
Increased concurrency of app and route reconcilers is expected to improve performance at the cost of higher load on the Kubernetes control plane as well as Kf's processes. If experiencing performance problems allocate more resources to Kubernetes.
Compatibility
- It's safe to use this version of the Kf CLI with the previous server version; it should start decreasing wait times.
- It's safe to use the previous version of the Kf CLI with this server version.
- It's safe to roll back this server version to the previous version of Kf.
Known issues
- Some commands may show an incorrect text string describing why they're not waiting for the resource to be reconciled on the Kf server e.g. showing "Creating autoscaling rule for App "foo" in Space "bar" asynchronously because app is stopped" when the app is started, but instead the autoscaling isn't enabled yet.
Dependencies
| Dependency | Version |
|---|---|
| Tekton | v0.32.1 |
| ASM | 1.15.3-asm.6+config2 |
| Config Connector | 1.66.0 |