Red Hat SummitChapter 1. Release notes
Release notes contain information about new features, deprecated features, breaking changes, and known issues. The following release notes apply to the most recent OpenShift Serverless releases on OpenShift Container Platform.
1.1. About API versions
API versions indicate the development status of features and custom resources in OpenShift Serverless. Using an wrong API version when creating resources on a cluster can cause deployment issues.
The OpenShift Serverless Operator upgrades older resources that use deprecated API versions to the latest version. For example, if you create resources that use older versions of the ApiServerSource API, such as v1beta1, the OpenShift Serverless Operator updates those resources to version 1 when that version becomes available and v1beta1 becomes deprecated.
After deprecation, future releases might remove older API versions. Deprecated APIs continue to work and do not cause resources to fail. However, using an API version that no longer exists causes resource failures. Update your manifests to the latest API version to avoid issues.
1.2. Generally Available and Technology Preview features
Features that are Generally Available (GA) are fully supported and are suitable for production use. Technology Preview (TP) features are experimental features and are not intended for production use. See the Technology Preview scope of support on the Red Hat Customer Portal for more information about TP features.
The following table provides information about which OpenShift Serverless features are GA and which are TP:
| Feature | 1.36 | 1.37 |
|---|---|---|
| Authorization policies for Knative Eventing | TP | TP |
| Service Mesh 3.x integration | - | TP |
|
| TP | TP |
|
Automatic | TP | TP |
|
| TP | TP |
| Eventing Transport encryption | GA | GA |
| Serving Transport encryption | TP | TP |
| ARM64 support | GA | GA |
| Custom Metrics Autoscaler Operator (KEDA) | TP | TP |
| kn event plugin | GA | GA |
| Pipelines-as-code | TP | TP |
| Advanced trigger filters | GA | GA |
| Go function using S2I builder | GA | GA |
| Installing and using Serverless on single-node OpenShift | GA | GA |
| Using Service Mesh to isolate network traffic with Serverless | TP | TP |
|
Overriding | GA | GA |
|
| GA | GA |
| Quarkus functions | GA | GA |
| Node.js functions | GA | GA |
| TypeScript functions | GA | GA |
| Python functions | TP | GA |
| Service Mesh mTLS | GA | GA |
|
| GA | GA |
| HTTPS redirection | GA | GA |
| Kafka broker | GA | GA |
| Kafka sink | GA | GA |
| Init containers support for Knative services | GA | GA |
| PVC support for Knative services | GA | GA |
|
| GA | GA |
1.3. Deprecated and removed features
Earlier releases introduced some features as Generally Available (GA) or Technology Preview (TP). OpenShift Serverless has now deprecated or removed some of these features. OpenShift Serverless still includes and supports deprecated functionality, but a future release will remove it. Do not use deprecated features for new deployments.
For the most recent list of major functionality deprecated and removed within OpenShift Serverless, see the following table:
| Feature | 1.36 | 1.37 |
|---|---|---|
|
Knative client | Deprecated | Deprecated |
|
EventTypes | Deprecated | Deprecated |
|
| Removed | Removed |
| Red Hat OpenShift Service Mesh with Serverless when Kourier is enabled | Deprecated | Deprecated |
| Namespace-scoped Kafka brokers | Deprecated | Deprecated |
|
| Deprecated | Deprecated |
|
Serving and Eventing | Removed | Removed |
|
| Removed | Removed |
|
| Removed | Removed |
1.4. Red Hat OpenShift Serverless 1.37.2
OpenShift Serverless Logic 1.37.2 is now available. This release addresses identified Common Vulnerabilities and Exposures (CVEs) to enhance security and reliability. The following notes describe fixed issues that affect OpenShift Serverless Logic on OpenShift Container Platform.
1.4.1. Fixed issues
- Support for JSON schema files larger than 65 KB in
SonataFlowworkflows Before this update, OpenShift Serverless Logic loaded JSON schema input validation files as strings during the build process. The system assumed that schema files would not exceed 65 KB. As a consequence, workflows failed to process schema files larger than 65 KB. With this release, the workflow build process supports larger JSON schema files. As a result, workflows can use JSON schema files that exceed the earlier 65 KB limitation.
1.5. Red Hat OpenShift Serverless 1.37.1
OpenShift Serverless 1.37.1 is now available. This release of OpenShift Serverless addresses identified Common Vulnerabilities and Exposures (CVEs) to enhance security and reliability. Fixed issues and known issues that pertain to OpenShift Serverless on OpenShift Container Platform are included in the following notes:
1.5.1. New features
- OpenTelemetry support for workflow observability in OpenShift Serverless Logic
- OpenShift Serverless Logic now includes OpenTelemetry support to provide observability for workflow executions. This enhancement enables users to collect and export telemetry data for improved monitoring and tracing of workflows.
1.5.2. Fixed issues
- 3scale Kourier gateway crash due to file descriptor limits on OpenShift Container Platform 4.21
Before this update, OpenShift Container Platform 4.21 and later used a reduced default soft limit for the number of open files when running the
3scale Kourier gatewaywith OpenShift Serverless 1.37.0 and earlier. As a consequence, the3scale Kourier gatewaycould crash with thesocket(2) failed, got error: Too many open fileserror. With this release, the3scale Kourier gatewaydeployment sets the soft limit for the maximum number of open files to the value of the hard limit. As a result, the3scale Kourier gatewayno longer crashes due to file descriptor limits on OpenShift Container Platform 4.21.- Removal of unused webhook server initialization in OpenShift Serverless Logic Operator
Before this update, the OpenShift Serverless Logic Operator initialized webhook server code that the Operator did not use. As a consequence, the Operator included unnecessary initialization logic in its startup sequence. With this release, the OpenShift Serverless Logic Operator removes the unused webhook server initialization code. As a result, the Operator startup process no longer includes unused webhook server components.
- Incorrect hibernate schema initialization option in Data Index PostgreSQL deployments
Before this update, the OpenShift Serverless Logic Operator configured Data Index PostgreSQL deployments with the
QUARKUS_HIBERNATE_ORM_DATABASE_GENERATION=updateenvironment variable, resulting in an unintended database schema generation strategy. With this release, the Operator no longer sets this environment variable for Operator-managed Data Index deployments. As a result, Data Index now uses the correct schema initialization configuration.- Variables and metadata queries restored in OpenShift Serverless Logic GraphQL
Before this update, OpenShift Serverless Logic 1.37 did not support variables and metadata queries in GraphQL because JSON query capability was missing. As a consequence, GraphQL queries that relied on variables and metadata failed. With this release, OpenShift Serverless Logic introduces JSON query capability for GraphQL. As a result, variables and metadata queries now function as expected.
1.5.3. Known issues
- Python runtime limited to 1024 open files on OpenShift Container Platform 4.21
On OpenShift Container Platform 4.21, the default
ulimit -nsoft limit for the number of open files is set to 1024, reduced from 1048576 in earlier OpenShift Container Platform releases up to version 4.20. The hard limit remains 524288. As a result, Serverless functions that use the Python runtime cannot open more than 1024 file descriptors, such as open files or TCP sockets.
1.6. Red Hat OpenShift Serverless 1.37
OpenShift Serverless 1.37 is now available. New features, updates, fixed issues, and known issues that pertain to OpenShift Serverless on OpenShift Container Platform are included in the following notes:
1.6.1. New features
1.6.1.1. OpenShift Serverless Eventing
- OpenShift Serverless now uses Knative Eventing 1.17.
- OpenShift Serverless now uses Knative for Apache Kafka 1.17.
- Knative Eventing now supports the ability to define authorization policies that restrict which entities can send events to Eventing custom resources. This enables greater control and security within event-driven architectures. This functionality is now available as a Technology Preview feature.
1.6.1.2. OpenShift Serverless Serving
- OpenShift Serverless now uses Knative Serving 1.17.
- OpenShift Serverless now uses Kourier 1.17.
-
OpenShift Serverless now uses Knative (
kn) CLI 1.17. - Integration with Red Hat OpenShift Service Mesh 3.x is now available as a Technology Preview feature.
1.6.1.3. OpenShift Serverless Functions
-
The
kn funcCLI plugin now usesfunc1.17. - Python runtime for OpenShift Serverless Functions are now Generally Available (GA).
- The Func MCP server is now available as a Developer Preview feature.
1.6.1.4. OpenShift Serverless Logic
OpenShift Serverless Logic introduces a new data index mutation named
ExecuteAfter, which enables you to create and execute a new workflow instance that can reuse the output of a previously completed workflow as its input.The
ExecuteAftermutation accepts the following arguments:-
processId: Specifies the process ID of the workflow definition to execute. -
processVersion: Specifies the process version of the workflow definition to execute. -
completedInstanceId(optional): Specifies the ID of a previously completed workflow whose output serves as input for the new workflow instance. -
input(optional): Specifies the additional input data, which the system merges with the output of thecompletedInstanceId, if you provide it. -
excludeProperties(optional): Specifies the list of properties that the system does not copy from thecompletedInstanceIdoutput into the new workflow instance input.
-
- OpenShift Serverless Logic container images now use the RHEL UBI 9 parent image, aligning the Serverless Logic components with the RHEL 9 runtime environment.
-
OpenShift Serverless Logic Operator now uses a simplified
ClusterServiceVersion(CSV) naming schema that removes therhel9suffix. For example, the CSV name is nowlogic-operator.v1.37.0. - OpenShift Serverless Logic now provides a landing web application for the Jobs Service and Data Index services, offering users a centralized entry point to access and explore these services.
- OpenShift Serverless Logic now supports dynamic URLs and security configurations for OpenAPI function calls in workflows, enabling workflows to adapt securely to different environments and endpoints.
- OpenShift Serverless Logic now includes a new guide that explains how to configure Maven mirrors in builder and devmode images.
-
OpenShift Serverless Logic now supports token exchange by introducing JSON Web Token (JWT) token parsing for SonataFlow workflows. This feature adds a new Quarkus add-on,
sonataflow-addons-quarkus-jwt-parser, which enables workflows to parse JWT tokens and extract user claims to generate personalized responses.
1.6.2. Fixed issues
1.6.2.1. OpenShift Serverless Eventing
Before this update, the
KafkaSourcedispatcher stopped committing offsets when the offsets of produced events were not consecutive integers, for example, when events were produced within a Kafka transaction. This behavior caused the dispatcher to stall and prevented subsequent events from being processed.With this update, the
KafkaSourcedispatcher has been fixed to handle such empty offsets correctly. Additionally, the default Kafka consumer configuration forKafkaSourcehas been updated toisolation.level=read_committed. When Kafka transactions are used to produce events into a Kafka topic, theKafkaSourcenow processes only the events from committed transactions.
1.6.2.2. OpenShift Serverless Logic
- Before this update, the Sleep state removed tokens from the workflow context when used within a sub-flow. This issue is now fixed, ensuring that tokens remain available throughout the workflow execution.
- Before this update, converting a project to a Quarkus project using the Kn workflow plugin generated incorrect Maven repositories. This issue is now fixed, and the conversion process generates the correct Maven repositories.
-
Before this update, the OpenShift Serverless Logic Builder image downloaded
plexus-utilsversion 1.1. This issue is now fixed, and the Builder image no longer downloads this dependency.
1.6.3. Known issues
1.6.3.1. OpenShift Serverless Eventing
-
The
EventTransformcustom resource definition (CRD) is currently not compatible with Red Hat OpenShift Service Mesh. TheEventTransformresource does not provide a way to configure Istio-specific labels or annotations required for integration with Red Hat OpenShift Service Mesh. As a result, theEventTransformcomponent cannot function properly in environments where Red Hat OpenShift Service Mesh is enabled.
1.6.3.2. OpenShift Serverless Serving
In some cases, cluster-scoped resources such as webhook configurations are not removed during the uninstallation, reinstallation, or upgrade of the
KnativeServingor Serverless Operator components. When this occurs, the reconciliation ofKnativeServingfails, and the installation process becomes stuck with an error similar to the following example:failed to apply non rbac manifest: Internal error occurred: failed calling webhook "webhook.serving.knative.dev": failed to call webhook: Post "https://webhook.knative-serving.svc:443/?timeout=10s": no endpoints available for service "webhook"-
When the
serving.knative.openshift.io/disableRoute=trueannotation is applied to a Knative Service, the service displays an invalid URL in the.status.urlfield. The URL shown does not resolve to the Knative Service and can be misleading. Additionally, both the OpenShift Console UI and the Knative client (kn) CLI display this invalid address in multiple locations. The corresponding Knative Route is also created, and its.status.urlfield contains the same invalid URL.
1.6.3.3. OpenShift Serverless Functions
Some operations of the OpenShift Serverless Function MCP server, such as build and deploy, fail when triggered from the Cursor IDE using its built-in agent. When invoking these operations, the Cursor agent sends a malformed request for any optional parameters. Although the parameter values appear correctly formatted, for example,
"quay.io/myuser", the OpenShift Serverless Function MCP API returns the following error message:Error calling tool: Parameter 'optionalStr' must be of type null,string, got string
1.6.3.4. Knative client (kn) CLI
As of OpenShift Serverless 1.37 release, the
knclient is built with RHEL 9 dependencies and cannot run on RHEL 8. Attempting to run the binary on RHEL 8 displays an error similar to the following:kn: /lib64/libc.so.6: version `GLIBC_2.33' not found (required by kn)-
As of OpenShift Serverless 1.37 release, the
knclient binary downloaded from the Command Line Tools page in the OpenShift Container Platform web console is not signed with the Red Hat certificate for macOS and Windows platforms. This issue affects the binaries available directly through the OpenShift Container Platform console. To obtain properly signed binaries, download them from the Official OpenShift Serverless downloads mirror instead.
1.6.3.5. OpenShift Serverless Logic
-
In disconnected cluster environments, the
logic-swf-builder-rhel9image attempts to download theplexus-utils-1.1.jardependency during the build process. As external network access is restricted in disconnected setups, this behavior can result in build failures or timeouts. -
If you apply a
SonataFlowcustom resource (CR) to an OpenShift cluster and the firstSonataFlowBuildfails for any reason, the Operator does not create the workflow deployment even after the build issue is resolved. As a result, the workflow remains undeployed until you manually reapply or rebuild it.
1.7. Red Hat OpenShift Serverless 1.36.1
OpenShift Serverless 1.36.1 is now available. This release of OpenShift Serverless addresses identified Common Vulnerabilities and Exposures (CVEs) to enhance security and reliability. Fixed issues and known issues that pertain to OpenShift Serverless on OpenShift Container Platform are included in the following notes:
1.7.1. Fixed issues
-
Before this update, the OpenShift Serverless Functions client failed to build remotely with Red Hat OpenShift Pipelines version 1.19, causing pipeline runs to remain in the
Pendingstate on thefetch-sourcestask and report admission webhook errors. With this release, the issue is resolved, and remote builds complete successfully.
1.7.2. Known issues
-
Deploying a Quarkus function with the
kn func deploy --remotecommand on an OpenShift Container Platform s390x cluster triggers a known issue that causes the build task to hang. As a result, the build process does not complete.
1.8. Red Hat OpenShift Serverless 1.36
OpenShift Serverless 1.36 is now available. New features, updates, fixed issues, and known issues that pertain to OpenShift Serverless on OpenShift Container Platform are included in the following notes:
1.8.1. New features
1.8.1.1. OpenShift Serverless Eventing
- OpenShift Serverless now uses Knative Eventing 1.16.
- OpenShift Serverless now uses Knative for Apache Kafka 1.16.
-
IntegrationSourceandIntegrationSinkare now available as a Technology Preview. These are Knative Eventing custom resources that support selected Kamelets from the Apache Camel project. Kamelets enables you to connect to third-party systems for improved connectivity, acting as either sources (event producers) or sinks (event consumers). - Knative Eventing can now automatically discover and register EventTypes based on the structure of incoming events. This feature simplifies the configuration and management of EventTypes, reducing the need for manual definitions. This feature is available as a Technology Preview.
OpenShift Serverless Eventing introduces
EventTransform, a new API resource that you can use to declaratively transform JSON events without writing custom code. WithEventTransform, you can modify attributes, extract or reshape data, and streamline event flows across systems. Common use cases include event enrichment, format conversion, and request-response transformation.EventTransformintegrates seamlessly with Knative sources, triggers, and brokers, enhancing interoperability in event-driven architectures. This feature is now available as a Technology Preview.See the following key features of
EventTransform:- Define transformations declaratively using Kubernetes-native resources
- Use JSONata expressions for advanced and flexible event data manipulation
- Easily insert transformations at any point within event-driven workflows
- Support for transforming both sink-bound and reply events for better routing control
-
The
sinks.knative.devAPI group has now been added to theClusterRolesnamespace in Knative Eventing. Developers now have permissions toget,list, andwatchresources in this API group, improving accessibility and integration with sink resources. - Transport encryption for Knative Eventing is now available as a Generally Available (GA) feature.
- Knative Eventing now supports the ability to define authorization policies that restrict which entities can send events to Eventing custom resources. This enables greater control and security within event-driven architectures. This functionality is available as a Developer Preview.
- Knative Eventing catalog is now integrated into the Red Hat Developer Hub through the Event Catalog plugin for Backstage. This integration enables users to discover and explore Knative Eventing resources directly within the Red Hat Developer Hub interface. This functionality is available as a Developer Preview.
-
The
KafkaSourceAPI has now been promoted to versionv1, signaling its stability and readiness for production use. - OpenShift Serverless now supports deployment on ARM architecture as a Generally Available (GA) feature.
-
The
kn eventplugin is now available as a GA feature. You can use this plugin to send events directly from the command line to various destinations, streamlining event-driven application development and testing workflows.
1.8.1.2. OpenShift Serverless Serving
- OpenShift Serverless now uses Knative Serving 1.16.
- OpenShift Serverless now uses Kourier 1.16.
-
OpenShift Serverless now uses Knative (
kn) CLI 1.16.
1.8.1.3. OpenShift Serverless Functions
-
The
kn funcCLI plugin now usesfunc1.16. - OpenShift Serverless Functions support integration with Cert Manager, enabling automated certificate management for the function workloads. This functionality is available as a Developer Preview.
1.8.1.4. OpenShift Serverless Logic
When starting a workflow via HTTP, you can now include additional properties alongside the
workflowdatafield in the request body. These extra fields are ignored by the runtime but are available in the Data Index as process variables as shown in the following example:{"workflowdata": {"name": "John"}, "groupKey": "follower"}You can now filter workflow instances by the content of workflow variables using GraphQL queries on
ProcessInstances.variables. For example, the following query retrieves process instances where thelanguagefield inworkflowdataequalsSpanish:ProcessInstances (where:{variables:{workflowdata:{language:{equal:Spanish}}}}) { variables, state, lastUpdate, nodes { name } }- OpenShift Serverless Logic Data Index now supports filtering queries by using workflow definition metadata.
- OpenShift Serverless Logic Operator now emits events to the Data Index to indicate when a workflow definition becomes available or unavailable.
1.8.2. Fixed issues
1.8.2.1. OpenShift Serverless Eventing
Previously, the Knative Kafka dispatcher could stop consuming events if a Kafka consumer group rebalance occurred while a sink was processing events out of order. This behavior triggered the following errors:
-
SEVERE: Unhandled exception -
java.lang.IndexOutOfBoundsException: bitIndex < 0 -
Repeated logs like
Request joining group due to: group is already rebalancing
This issue is now fixed. The dispatcher correctly handles out-of-order event consumption during rebalancing and continues processing events without interruption.
-
-
Previously, a KafkaSource remained in a
Readystate even whenKafkaSource.spec.net.tls.keyfailed to load due to the use of unsupported TLS certificates in PKCS #1 format. This issue is now fixed. An appropriate error is now reported when attempting to create aKafkaBroker,KafkaChannel,KafkaSource, orKafkaSinkusing TLS certificates in an unsupported format.
1.8.3. Known issues
1.8.3.1. OpenShift Serverless Logic
-
If the
swf-dev-modeimage is started with a broken or invalid workflow definition, the container might enter a stuck state. -
When deploying a workflow in the
previewprofile on OpenShift Container Platform, if the initial build fails and is later corrected, the Operator does not create the corresponding workflow deployment. As a result, the deployment remains missing and theSonataFlowstatus is not updated, even after the build is fixed. -
The OpenShift Serverless Logic builder image consistently downloads the
plexus-utils-1.1artifact during the build process, regardless of local caching or dependency resolution settings. - When running images in disconnected or restricted network environments, the Maven wrapper might experience timeouts while attempting to download required components.
-
The
openshift-serverless-1/logic-swf-builder-rhel8:1.35.0andopenshift-serverless-1/logic-swf-builder-rhel8:1.36.0images are currently downloading the persistence extensions from Maven during the build process.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}