Security Context Setting for Fission Installation
By default, Fission runs with the
default security context. This means that it will be run as root.
We have added settings in Helm chart for securityContext across all services in Fission.
You can enable recommended securityContext settings during Fission installation.
E.g. By settings values in fission installation through
executor.securityContext.enabled: true router.securityContext.enabled: true buildermgr.securityContext.enabled: true controller.securityContext.enabled: true kubewatcher.securityContext.enabled: true storagesvc.securityContext.enabled: true
We plan to make this setting default in the future.
Also, we have added recommended security context for builder and function pods.
runtimePodSpec.enabled: true builderPodSpec.enabled: true
If you want to patch the security context or any fields for podSpec which are common across all functions you can modify
- [issue-2401] Added pod security context for Fission Components #2449 (baba230896)
- Added support to set builder and fn pod specs via helm chart #2461 (blackfly19)
Enhancements in Storage Service
We have introduced a CLI to operate archives in Fission Storage Service. Please refer to Fission Archive CLI for more details.
- CLI to operate archives managed by Storage Service #2450 (blackfly19)
- Added variable to enable or disable archivePruner #2458 (blackfly19)
- Fix for archivepruner to delete files only from subdir #2456 (blackfly19)
- builder: Allow command with arguments via custom build options #2453 (shubham-bansal96)
- Ensure poolmanager fn address validation even if pod has active connections #2441 (blackfly19)
- Pods immediately terminate for idletimeout in new deployment and container executer type #2459 (shubham-bansal96)
- Avoid fission installation failure due to analytics connection error #2457 (shubham-bansal96)
- Upgraded controller-gen to remove status from fission CRDs #2454 (sanketsudake)
- Fix pre-check failure during new fission installation #2437 (shubham4443)
- Fixed help for ColdStarts metric in executor according to new labels #2446 (blackfly19)
- Update controller-tools to v0.9.2 #2467 (sanketsudake)
- OpenTelemetry package update to v1.7.0 #2466 (shubham-bansal96)
- Update github.com/opencontainers/runc dependency to 1.1.2 #2448 (blackfly19)
- With addition of OpenTelemetry, we would be soon removing OpenTracing instrumentation.
- HTTPTrigger/Route creation from Fission CLI is deprecated. Use
fission route createinstead. PR #2171
- We have deprecated
Spec.Methodin HTTPTrigger since 1.13.0, please use
With the addition of KEDA connectors, we have removed the following connectors type fission.
- Remove deprecated Fission Azure Storage Queue connector #2404 (sanketsudake)
- Remove deprecated Fission Nats connector #2403 (sanketsudake)
We have also removed the prometheus dependency because it’s not required by default by fission. If you want to use canary functions or checkout fission metrics, we recommend using prometheus-community/prometheus or prometheus-community/kube-prometheus-stack.