v1.18.0-rc1
Features
Major theme of this release is support for multiple namespaces/multitenancy in Fission.
Fission CLI Changes
Fission CLI now communicates with Kubernetes API server directly. We have removed the dependency on Fission controller.
This gives few benefits for the Fission users
- You can use Kubernetes RBAC to control access to Fission resources. Refer RBAC Permissions for Fission CLI for detailed info.
- Fission CLI can be used with any Kubernetes cluster Fission installed.
- Enhanced security during Fission CLI communication
Fission CLI has been updated to support multiple namespaces. We have added/modified/deprecated couple of CLI options. Please refer to Fission CLI Reference for a couple of more details.
- We have introduced two global flags
--namespace
and--all-namespace
to specify the namespace for the Fission resources. - One spec file can be used to apply resources in different namespaces.
Fission Logs CLI now works with Kubernetes, you don’t need to set up influxdb to use this feature.
Fission Core Changes
Multiple Namespaces Support in Helm Chart
We have major changes in Helm chart please do not skip this section.
- Fission installation by default supports a single namespace
defaultNamespace
when installed. If you want to enable multiple namespaces, please set it viaadditionalFissionNamespaces
in Helm values. - You need to ensure
singleDefaultNamespace
is set tofalse
in Helm values, if you are planning to use Fission via multiple namespaces. Please check PR #2539 for details. - You can also have multiple Fission installations on the same cluster within different namespaces.
- We are creating separate service accounts for each Fission service now and assign specific roles to them.
Fission now supports multiple namespaces. This means that you can create functions, packages, triggers, etc. in different namespaces. This is a major feature that enables Fission to be used in a multi-tenant environment.
Webhook Server Addition
We have added a new webhook server to Fission. This webhook server is responsible for validating Fission resources. We have moved most of the validations from Fission controller and Fission CLI to webhook server. This gives us more flexibility to add more validations in the future.
By default, we create a self-signed certificate for the webhook server. You can provide your own certificate via webhook
section in Helm values or use cert-manager to create a certificate.
Legacy behaviour of default namespace
Earlier when you used to create functions and environments in the defaultNamespace
mentioned via Helm Chart, Fission used to function create resources in the functionNamespace
and builderNamespace
.
Where as for other namespaces, Fission used to create resources in the same namespace.
We have changed this behavior now. Fission will create resources in the same namespace for all namespaces.
If you want older behavior, you have to set functionNamespace
and builderNamespace
to fission-function
and fission-builder
respectively. By default, these values are empty in 1.18.0-rc1 release.
Deprecation
Controller Deprecation
We have deprecated Fission controller and disabled it by default. You can enable it via controller.enabled
in Helm values.
We plan to remove Fission controller in the next release.
HTTP Trigger Deprecation
- HTTPTrigger/Route creation from Fission CLI is deprecated. Use
fission route create
instead. PR #2171 - We have deprecated
Spec.Method
in HTTPTrigger since 1.13.0, please useSpec.Methods
instead.
Removed
Azure Storage Queue and Nats traditional connector
With the addition of KEDA connectors, we have removed the following connectors type fission.
- Remove deprecated Fission Azure Storage Queue connector #2404 (sanketsudake)
- Remove deprecated Fission Nats connector #2403 (sanketsudake)
Prometheus chart dependency
We have removed the prometheus dependency because it’s not required by default by fission. If you want to use canary functions or checkout fission metrics, we recommend using prometheus-community/prometheus or prometheus-community/kube-prometheus-stack.
- [helm chart] Remove prometheus chart dependency from Fission #2371 (sanketsudake)
Opentracing support removed
With addition of OpenTelemetry, we have removed OpenTracing instrumentation. Since OpenTelemetry is a superset of OpenTracing, we recommend using OpenTelemetry for tracing.
- cleanup: Remove Opentracing support as no active users #2196 (sanketsudake)
- removed unused reference of TRACING_SAMPLING_RATE #2498 (shubham-bansal96)
Changelog
- 68286fe4 Track all Go tools version in tools package #2628
- d559628f add validation to avoid cross ns config and functions #2627
- 4cbe6a70 Get logs from Pods using Kubernetes API for function log command #2623
- 6d117ad4 Allow empty namespace for fission function and builder #2621
- 70a0afd6 use namespace flag from global options for watch command #2622
- d2f201b7 Add Controller enable/disable flag in Helm Charts #2620
- 3b2a86a8 Run canary config server separate from controller #2617
- 9a07d7d9 Add validation/mutating webhook server for Fission custom resources #2608
- 31dfc3e4 Convert ClusterRoles to Roles for all components for multiple namespaces #2584
- 66897cb9 Delete builder service associated with environment name #2616
- 57d3a80f Allow different namespaces in CI for fission-function and fission-builder #2609
- fa037166 Add Fission version API to router for CLI consumption #2612
- 32bd874a List fission resources in specific namespace instead of all namespace #2604
- b71a36dc Use Kubernetes Client instead of Controller APIs from CLI #2605
- 261bf249 Use informer for environment handling in buildermanager with multiple namespaces #2603
- 6af53807 Monitor specific namespaces for configmap/secret updates #2598
- f37e9e6f Use informer for kube watcher handling with multiple namespace support #2594
- b9fa6ca2 Use informer for time trigger handling with multiple namespace support #2593
- c33842c9 Run package informer in go routine for multiple namespaces in buildermanager #2592
- 9ff9a6e0 newdeploy executor to work with specific namespaces #2590
- a64fcc3f use controller-runtime signals #2589
- 47cbbef0 List Fission resource for specific namespace in executor reaper #2587
- dbd21531 Fission failed to list resources if namespace flag is not provided #2585
- 2bd005c3 Refactor code generator for deepcopy files #2580
- 3a9e5ab6 Error if rolebinding exists with different role reference in namespace #2579
- ee790b3e Update chart version to v1.18.0-rc1 #2576
- 7eeb3ead Role and RoleBinding for fission-fetcher and fission-builder for user configured namespaces #2574
- 827baea9 Allow namespace configuration for different CRD resources in Fission #2539
- facd14de mprove warning/verbose messages around namespace in Fission CLI #2572
- 8d65b062 Extract out permissions for fission.io components per-component #2570
- d933f0ba Skip CI if label added to PR #2571
- f2b79092 Remove unwanted permissions from Fission components #2568
- 8fe62b75 Grant CustomResourcedefintion read permission to specific components #2567
- b9513868 add namespace param for fn and env #2556
- 0739aca9 Separate service accounts for each fission component #2560
- 18225db2 Delete greetings.yml #2563
- 8008a542 Update deps #2558
- 3fa0f4bd Ensuring passing context across fission #2555
- a8a81ef5 Remove
--force
option from upgrade strategy in skaffold.yaml #2557 - 1102999b Add ability to configure object reaper interval for different executor types #2543
- da50c375 feat: add the fn annotations to newdeploy function based deployment #2554
- e87c84ee Capture context from cobra CLI and pass forward #2551
- d0339594 changes to inject of otelhttp transport in executor #2552
- b19d18c8 Enable promlinter and enhance exposed metrics. #2550