Security Context Setting for Fission Installation

By default, Fission runs with the default security context. This means that it will be run as root. We have added settings in Helm chart for securityContext across all services in Fission. You can enable recommended securityContext settings during Fission installation.

E.g. By settings values in fission installation through values.yaml

    executor.securityContext.enabled: true
    router.securityContext.enabled: true
    buildermgr.securityContext.enabled: true
    controller.securityContext.enabled: true
    kubewatcher.securityContext.enabled: true
    storagesvc.securityContext.enabled: true

We plan to make this setting default in the future.

Also, we have added recommended security context for builder and function pods.

    runtimePodSpec.enabled: true
    builderPodSpec.enabled: true

If you want to patch the security context or any fields for podSpec which are common across all functions you can modify runtimePodSpec.podSpec and builderPodSpec.podSpec in values.yaml

  • [issue-2401] Added pod security context for Fission Components #2449 (baba230896)
  • Added support to set builder and fn pod specs via helm chart #2461 (blackfly19)

Enhancements in Storage Service

We have introduced a CLI to operate archives in Fission Storage Service. Please refer to Fission Archive CLI for more details.



  • With addition of OpenTelemetry, we would be soon removing OpenTracing instrumentation.
  • HTTPTrigger/Route creation from Fission CLI is deprecated. Use fission route create instead. PR #2171
  • We have deprecated Spec.Method in HTTPTrigger since 1.13.0, please use Spec.Methods instead.


With the addition of KEDA connectors, we have removed the following connectors type fission.

We have also removed the prometheus dependency because it’s not required by default by fission. If you want to use canary functions or checkout fission metrics, we recommend using prometheus-community/prometheus or prometheus-community/kube-prometheus-stack.