RATATOSKRATATOSK
ログイン

Knative

knative-v1.21.2Orchestration & Management
2026年3月24日

Knative v1.21.2 is a small patch release with one TLS improvement and a heads-up that secure-pod-defaults will flip to AllowRootBounded in v1.22.

  • breakingAudit root-dependent workloads before v1.22 ships

    The AllowRootBounded secure-pod-defaults setting is coming as the new default in v1.22. If any of your Knative Services run containers that require root (e.g., legacy apps, certain base images), they will break after that upgrade. Right now, while you're on v1.21, test those workloads with AllowRootBounded explicitly enabled. If they fail, set secure-pod-defaults to 'disabled' in your config-features ConfigMap before upgrading to v1.22 — don't wait until upgrade day.

  • enhancementConfigurable TLS via knative.dev/pkg/network/tls

    The shift to the shared knative.dev/pkg/network/tls library gives operators more control over TLS settings in Serving. If you manage custom TLS configurations or have internal PKI requirements, review whether this change aligns your TLS behavior with expectations — particularly in environments where cipher suites or minimum TLS versions are enforced by policy.

主な変更 (3)

  • TLS configuration now uses knative.dev/pkg/network/tls for more flexible, configurable TLS behavior in Serving
  • secure-pod-defaults remains disabled by default in v1.21, but AllowRootBounded will become the default in v1.22
  • AllowRootBounded improves security posture while maintaining compatibility with most (but not all) images that expect root access