This repository has been archived by the owner on Jun 19, 2022. It is now read-only.
Knative GCP release v0.16.2
Pre-release
Pre-release
knative-prow-releaser-robot
released this
19 Sep 01:52
·
1 commit
to release-0.16
since this release
Release notes for 0.16.1
The minimum supported Kubernetes version is now 0.16. (#1156, @Harwayne)
Changes by Kind
Action Required
- Added upgrade job/yaml that deletes legacy {pullsubscription,topic}.pubsub.cloud.google.com COs
Before updating to 0.16, run the upgrade Job. Only after that Job has succeeded, then update to 0.16. Failure to run the update Job first, may leak the resources associated with the Kubernetes resources that were to be deleted, namelyTopic
s andPullSubscription
s in GCP. (#1383, @yolocs) - Changes to the Events sent by CloudAuditLogsSource, CloudSchedulerSource, and CloudStorageSource. See the
Breaking Changes
section for more information on what changes occurred and what actions are required. (#1340, @yolocs)
Breaking Changes
- All event types are updated to match event types in googleapis/google-cloudevents.
- CloudAuditLogs/Storage/Scheduler events have changed their CE
source
andsubject
attributes. - Scheduler events have a new data schema.
Action Required
- Users who only depend on
source
,type
, andsubject
attributes in the Trigger filters must create new Triggers with the new filter values (see details below). - Users who depend on
source
,type
, andsubject
attributes in their receiver code must update their code. - Users who depend on Scheduler event data must update their code.
Detailed Changes
- All event types and data schemas were updated to be compliant with https://github.com/googleapis/google-cloudevents/tree/master/proto/google/events/cloud. There are no substantive changes to the CloudAuditLogs/PubSub/Storage event schemas. Scheduler event schema was updated to https://github.com/googleapis/google-cloudevents/blob/master/proto/google/events/cloud/scheduler/v1/data.proto.
- Source changes:
- CloudAuditLogs: was
//[service_name]/projects/[project_id]
=> now//cloudaudit.googleapis.com/projects/[project_id]/logs/[activity/data_access]
- Scheduler: was
//cloudscheduler.googleapis.com/projects/[project_id]/locations/[location]/schedulers/[k8s_scheduler_source_name]
=> now//cloudscheduler.googleapis.com/projects/[project_id]/locations/[location]/jobs/[job_name]
- Storage: was
//storage.googleapis.com/buckets/[bucket_name]
=> now//storage.googleapis.com/projects/_/buckets/[bucket_name]
- CloudAuditLogs: was
- Subject changes:
- CloudAuditLogs: was
[resource_name]
=> now[service_name]/[resource_name]
- Scheduler: was
jobs/[job_name]
=> now NONE (removed) - Storage: was
[object_id]
=> nowobjects/[object_id]
- CloudAuditLogs: was
- Type changes:
- CloudAuditLogs: was
com.google.cloud.auditlog.event
=> nowgoogle.cloud.audit.log.v1.written
- PubSub: was
com.google.cloud.pubsub.topic.publish
=> nowgoogle.cloud.pubsub.topic.v1.messagePublished
- Scheduler: was
com.google.cloud.scheduler.job.execute
=> nowgoogle.cloud.scheduler.job.v1.executed
- Storage:
- Was
com.google.cloud.storage.object.finalize
=> nowgoogle.cloud.storage.object.v1.finalized
- Was
com.google.cloud.storage.object.delete
=> nowgoogle.cloud.storage.object.v1.deleted
- Was
com.google.cloud.storage.object.archive
=> nowgoogle.cloud.storage.object.v1.archived
- Was
com.google.cloud.storage.object.metadataUpdate
=> nowgoogle.cloud.storage.object.v1.metadataUpdated
- Was
- CloudAuditLogs: was
Upgrade Notes
- We have changed the naming convention we use for GCP resources in order to make it easy for users to understand what created them (e.g., a particular source or channel). The convention is
cre-<owner_type>_<namespace>_<name>_<uid>
. For example if a Source mysource in the namespace default with uid 47163a creates a Pub/Sub subscription, then the subscription will be calledcre-src_default_mysource_47163a
. (#1207, @nachocano) - Given that we have renamed many resources in #1207, when upgrading to 0.16 we will delete those old resources and re-create them with the newer names. You may experience some delay in getting your resources back to the ready state. (#1380, @nachocano)
pullsubscription.pubsub.events.google.com
andtopic.pubsub.events.google.com
have been removed. Make sure to run the pre-upgrade job in theAction Required
section to properly clean these resources up. (#1129, @Harwayne)
Authorization
config-gcp-auth
is a new ConfigMap in thecloud-run-events
namespace. It is used to control which GCP credentials are defaulted into Channels and Sources. By default, it will use the same default which was already present, a secret namedgoogle-cloud-key
. (#1183, @Harwayne)spec.googleServiceAccount
has been removed. All automatic Workload Identity related controller work is now handled viaconfig-gcp-auth
. (#1249, @grac3gao)- If either
spec.serviceAccountName
orspec.secret
is specified, then no additional credential defaulting will be applied to the Source or Channel. (#1214, @grac3gao)
Resource Usage
- Adjusted Broker components memory resource
- Increased Broker Ingress memory limit to 1000Mi.
- Set memory limits much high than requested.
- Adjusted HPA
- The avg memory usage is set to half of the limit for Broker Fanout/Retry (this hopefully helps to mitigate some problem from surging memory usage).
- Lower the max replicas for Broker Fanout/Retry as we've seen a higher DNS error rate with more than 10 replicas.
- Relaxed liveness probe timeout (helps reduce some noise)
- Override
MaxIdleConns
for delivery HTTP client (helps with reusing connections and reduce the chance of DNS errors) (#1269, @yolocs) - Adjusted PullSubscription receiver adapter CPU and memory requests and limits. We expect this to support 1000 QPS. (#1327, @capri-xiyue)
- CPU request: 500m
- CPU limit: 600m
- memory request: 50mi
- memory limit: 600mi
- Garbage collect BrokerCell if no Brokers are using it (#1162, @liu-cong)
- CloudStorageSource, CloudSchedulerSource and CloudAuditLogsSource do not create a Knative Service along with a Topic. (#1226, @nachocano)
- We are using CE SDK v2 for Sources and Channels, with all its performance improvements (#1296, @nachocano)
Reliability
- Add Broker Ingress liveness probe (#1179, @yolocs)
- Add Broker Ingress readiness probe (#1322, @yolocs)
- Add liveness probes for Broker Fanout and Retry (#1185, @yolocs)
- Add client side backoff retries for PubSub messages (#1218, @yolocs)
- Drop non-event messages. (#1212, @liu-cong)
- Broker Ingress rejects events when the Broker under request is not ready (#1272, @yolocs)
- If the Topic of a Broker/Trigger is deleted out-of-band, the Topic and Subscription will be recreated. This may cause unacknowledged events to be lost. (#1268, @liu-cong)
- The Webhook will disallow mutations to the
_example
section of ConfigMaps. This is to prevent accidentally altering the example, while intending to alter the actual, used configuration. (#1260, @Harwayne)
Observability
- Broker metrics won't include specific custom event types in Stackdriver. Only GCP defined event types will be present. All others will use the value
custom
. (#1352, @zargarpur)
Sources
- CloudBuildSource is now v1beta1. (#1264, @capri-xiyue)