Skip to content
This repository has been archived by the owner on Jun 19, 2022. It is now read-only.

Knative-GCP release v0.16.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@knative-prow-releaser-robot knative-prow-releaser-robot released this 08 Jul 13:51
· 8 commits to release-0.16 since this release
v0.16.0
147772d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release notes for 0.16

The minimum supported Kubernetes version is now 0.16. (#1156, @Harwayne)

Changes by Kind

Action Required

  • Added upgrade job/yaml that deletes legacy {pullsubscription,topic}.pubsub.cloud.google.com COs
    Before updating to 0.16, run the upgrade Job. Only after that Job has succeeded, then update to 0.16. Failure to run the update Job first, may leak the resources associated with the Kubernetes resources that were to be deleted, namely Topics and PullSubscriptions in GCP. (#1383, @yolocs)
  • Changes to the Events sent by CloudAuditLogsSource, CloudSchedulerSource, and CloudStorageSource. See the Breaking Changes section for more information on what changes occurred and what actions are required. (#1340, @yolocs)

Breaking Changes

  • All event types are updated to match event types in googleapis/google-cloudevents.
  • CloudAuditLogs/Storage/Scheduler events have changed their CE source and subject attributes.
  • Scheduler events have a new data schema.

Action Required

  • Users who only depend on source, type, and subject attributes in the Trigger filters must create new Triggers with the new filter values (see details below).
  • Users who depend on source, type, and subject attributes in their receiver code must update their code.
  • Users who depend on Scheduler event data must update their code.

Detailed Changes

  1. All event types and data schemas were updated to be compliant with https://github.com/googleapis/google-cloudevents/tree/master/proto/google/events/cloud. There are no substantive changes to the CloudAuditLogs/PubSub/Storage event schemas. Scheduler event schema was updated to https://github.com/googleapis/google-cloudevents/blob/master/proto/google/events/cloud/scheduler/v1/data.proto.
  2. Source changes:
    • CloudAuditLogs: was //[service_name]/projects/[project_id] => now //cloudaudit.googleapis.com/projects/[project_id]/logs/[activity/data_access]
    • Scheduler: was //cloudscheduler.googleapis.com/projects/[project_id]/locations/[location]/schedulers/[k8s_scheduler_source_name] => now //cloudscheduler.googleapis.com/projects/[project_id]/locations/[location]/jobs/[job_name]
    • Storage: was //storage.googleapis.com/buckets/[bucket_name] => now //storage.googleapis.com/projects/_/buckets/[bucket_name]
  3. Subject changes:
    • CloudAuditLogs: was [resource_name] => now [service_name]/[resource_name]
    • Scheduler: was jobs/[job_name] => now NONE (removed)
    • Storage: was [object_id] => now objects/[object_id]
  4. Type changes:
    • CloudAuditLogs: was com.google.cloud.auditlog.event => now google.cloud.audit.log.v1.written
    • PubSub: was com.google.cloud.pubsub.topic.publish => now google.cloud.pubsub.topic.v1.messagePublished
    • Scheduler: was com.google.cloud.scheduler.job.execute => now google.cloud.scheduler.job.v1.executed
    • Storage:
      • Was com.google.cloud.storage.object.finalize => now google.cloud.storage.object.v1.finalized
      • Was com.google.cloud.storage.object.delete => now google.cloud.storage.object.v1.deleted
      • Was com.google.cloud.storage.object.archive => now google.cloud.storage.object.v1.archived
      • Was com.google.cloud.storage.object.metadataUpdate => now google.cloud.storage.object.v1.metadataUpdated

Upgrade Notes

  • We have changed the naming convention we use for GCP resources in order to make it easy for users to understand what created them (e.g., a particular source or channel). The convention is cre-<owner_type>_<namespace>_<name>_<uid>. For example if a Source mysource in the namespace default with uid 47163a creates a Pub/Sub subscription, then the subscription will be called cre-src_default_mysource_47163a. (#1207, @nachocano)
  • Given that we have renamed many resources in #1207, when upgrading to 0.16 we will delete those old resources and re-create them with the newer names. You may experience some delay in getting your resources back to the ready state. (#1380, @nachocano)
  • pullsubscription.pubsub.events.google.com and topic.pubsub.events.google.com have been removed. Make sure to run the pre-upgrade job in the Action Required section to properly clean these resources up. (#1129, @Harwayne)

Authorization

  • config-gcp-auth is a new ConfigMap in the cloud-run-events namespace. It is used to control which GCP credentials are defaulted into Channels and Sources. By default, it will use the same default which was already present, a secret named google-cloud-key. (#1183, @Harwayne)
  • spec.googleServiceAccount has been removed. All automatic Workload Identity related controller work is now handled via config-gcp-auth. (#1249, @grac3gao)
  • If either spec.serviceAccountName or spec.secret is specified, then no additional credential defaulting will be applied to the Source or Channel. (#1214, @grac3gao)

Resource Usage

  • Adjusted Broker components memory resource
    • Increased Broker Ingress memory limit to 1000Mi.
    • Set memory limits much high than requested.
  • Adjusted HPA
    • The avg memory usage is set to half of the limit for Broker Fanout/Retry (this hopefully helps to mitigate some problem from surging memory usage).
    • Lower the max replicas for Broker Fanout/Retry as we've seen a higher DNS error rate with more than 10 replicas.
  • Relaxed liveness probe timeout (helps reduce some noise)
  • Override MaxIdleConns for delivery HTTP client (helps with reusing connections and reduce the chance of DNS errors) (#1269, @yolocs)
  • Adjusted PullSubscription receiver adapter CPU and memory requests and limits. We expect this to support 1000 QPS. (#1327, @capri-xiyue)
    • CPU request: 500m
    • CPU limit: 600m
    • memory request: 50mi
    • memory limit: 600mi
  • Garbage collect BrokerCell if no Brokers are using it (#1162, @liu-cong)
  • CloudStorageSource, CloudSchedulerSource and CloudAuditLogsSource do not create a Knative Service along with a Topic. (#1226, @nachocano)
  • We are using CE SDK v2 for Sources and Channels, with all its performance improvements (#1296, @nachocano)

Reliability

  • Add Broker Ingress liveness probe (#1179, @yolocs)
  • Add Broker Ingress readiness probe (#1322, @yolocs)
  • Add liveness probes for Broker Fanout and Retry (#1185, @yolocs)
  • Add client side backoff retries for PubSub messages (#1218, @yolocs)
  • Drop non-event messages. (#1212, @liu-cong)
  • Broker Ingress rejects events when the Broker under request is not ready (#1272, @yolocs)
  • If the Topic of a Broker/Trigger is deleted out-of-band, the Topic and Subscription will be recreated. This may cause unacknowledged events to be lost. (#1268, @liu-cong)
  • The Webhook will disallow mutations to the _example section of ConfigMaps. This is to prevent accidentally altering the example, while intending to alter the actual, used configuration. (#1260, @Harwayne)

Observability

  • Broker metrics won't include specific custom event types in Stackdriver. Only GCP defined event types will be present. All others will use the value custom. (#1352, @zargarpur)

Sources

Assets 5
Loading