v1.3.0

What's changed in v1.3.0

• feat: add knative resource defaults and nodepool (#14) (by @patrickleet)

See full diff: v1.2.0...v1.3.0

v1.2.0

What's changed in v1.2.0

• feat(deps): update crossplane-contrib/function-auto-ready docker tag to v0.6.5 (#13) (by @renovate[bot])

  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

See full diff: v1.1.0...v1.2.0

v1.1.0

What's changed in v1.1.0

• fix: bump eventing-webhook memory limit from 200Mi to 512Mi (by @patrickleet)

  Chart default of 200Mi OOMKills under modest ApiServerSource / Trigger
  reconcile load. Inject a deployments override into the KnativeEventing
  CR default spec so the webhook stays up.

• feat: Burstable resource defaults for NATS (container + reloader) (by @patrickleet)

  NATS chart ships container + reloader as BestEffort by default. Sized
  via the chart's container.merge / reloader.merge strategic-merge-patch
  hooks. JetStream-backed NATS is restart-recoverable thanks to PVC
  persistence; Burstable memory is fine.

  Verified on pat-local: statefulset rolled pat-local-nats-2 to Burstable
  with nats container at 100m/256Mi request, 500m/512Mi limit; reloader
  at 10m/32Mi request, 50m/64Mi limit. Other replicas rolling.

  Implements [[tasks/cluster-wide-resource-right-sizing-p95-observation]] tier-1 #7

See full diff: v1.0.0...v1.1.0

v1.0.0

What's changed in v1.0.0

• feat: rebuild on net-gateway-api with per-namespace wildcard auto-TLS (by @patrickleet)

  BREAKING CHANGE: Switches Knative Serving's networking layer from net-istio (sidecar) to
  net-gateway-api. Knative now emits Gateway API HTTPRoutes attached to a
  platform Gateway provisioned by istio-stack (ambient + Gateway API).
  PeerAuthentication is dropped — ambient handles mTLS at the node via ztunnel.

  New schema:

  • spec.gatewayRef.{name,namespace,gatewayClassName} — parent Gateway
    (defaults: platform / istio-ingress / istio).
  • spec.autoTls.{enabled,namespaceSelector} — per-namespace wildcard auto-TLS.
    When on, Knative emits a *.. Certificate per matching
    namespace; cert-manager fulfills via DNS-01; net-gateway-api wires the
    Secret into the Gateway TLS listener. Scales linearly with tenancy and
    avoids Let's Encrypt rate-limit pressure of per-service mode.
  • New 225-knative-local-gateway.yaml.gotmpl composes the cluster-local
    Gateway in knative-serving namespace.

  Implements [[tasks/knative-stack-net-gateway-api-rebuild]]

  BREAKING CHANGE: net-istio is no longer supported. spec.* shape changed —
  gatewayRef and autoTls are new; config.istio is replaced by config.gateway.
  Consumers must switch to ambient + Gateway API; istio-stack v2+ is required.

• fix(e2e): wire gateway-api-stack + istio-stack v1.0.0 as initResources/deps (by @patrickleet)

  Knative e2e was failing because the kind cluster lacks Gateway API CRDs
  required by knative-local-gateway. Restructure the e2e to install the full
  dependency chain:

  1. gateway-api-stack@v0.1.0 → Configuration package + GatewayAPIStack XR
     (installs Gateway API CRDs via Helm)
  2. istio-stack@v1.0.0 → Configuration package + IstioStack XR
     (ambient mode; ingressGateway disabled — knative uses its own
     knative-local-gateway, no public ingress needed inside kind)
  3. KnativeStack → the test subject

  Also updates stale provider config refs to the new helm/kubernetes split
  that landed with the istio + knative ambient rewrites.

• fix(e2e): disable knativeEventing in e2e (heavy reconcile, not on critical path) (by @patrickleet)

• fix(e2e): bump timeout to 90 min for full Istio Ambient + Knative install (by @patrickleet)

• ci: bump e2e timeout/cleanup to 60min for full Knative+Istio+GW-API unwind (by @patrickleet)

• ci: split e2e cleanup — KnativeStack first, then IstioStack/GatewayAPIStack (by @patrickleet)

  Mirrors the aws-observe-stack pattern. KnativeStack cleanup runs first under
  cleanup-timeout-minutes (30); the heavy infra (IstioStack + GatewayAPIStack)
  gets torn down in a separate Delete extra resources phase under
  delete-extra-resources-timeout-minutes (30). Total cleanup budget unchanged
  but each phase has clear ownership; test phase always returns to a clean
  managed-resource state on a kind cluster.

  The previous 60min cleanup timed out on releases/-istio-base — the
  istio Helm release teardown was racing with KnativeStack's own teardown and
  neither could complete.

See full diff: v0.8.0...v1.0.0

v0.8.0

What's changed in v0.8.0

• feat: composed StorageClass for NATS and deep-merged values (by @patrickleet)

  Adds spec.nats.storageClass (default enabled, name "knative-nats",
  provisioner ebs.csi.eks.amazonaws.com, type gp3). The stack now composes
  its own StorageClass for NATS JetStream PVCs instead of depending on the
  target cluster having a working default — fixes EKS Auto Mode where the
  in-tree gp2 provisioner is unsupported.

  The NATS Helm Release is gated on the SC being observed-ready, and a
  Usage prevents SC deletion before NATS teardown so the CSI provisioner
  can deprovision PVs cleanly.

  Also fixes the values DX: nats.values now deep-merges with defaults via
  mergeOverwrite in state-init, rendered once in 240-nats.yaml.gotmpl. The
  previous "literal defaults + toYaml user-values appended" pattern emitted
  duplicate keys at the same level, which the Helm provider's YAML parser
  silently dropped — partial overrides were lost.

  Default NATS PVC storageClassName resolves to the composed SC name unless
  the user explicitly sets nats.values.config.jetstream.fileStore.pvc.storageClassName.

• fix(tests): align composition tests with NATS SC gate and label change (by @patrickleet)

  Commit 31f7dd9 broke 6 of 9 composition tests:

  • 5 NATS-asserting tests failed because NATS Release is now gated on the
    composed StorageClass being observed-ready, but the fixtures provided no
    observed resources. Added a Ready+Synced StorageClass to each so they
    reflect production ordering.
  • custom-labels asserted the legacy hardcoded label key. State-init now
    derives the key from $xr.kind (KnativeStack -> knativestack), so update
    the assertion to hops.ops.com.ai/knativestack.

  Adds a new test 'nats-gates-on-storage-class' that exercises the full gate
  contract: observes both SC and NATS as Ready, asserts the SC Object, the
  NATS Release, and the delete-nats-before-storage-class Usage all render.
  The Usage is the strongest signal — it only emits when both SC and NATS
  are observed-ready.

  10/10 passing locally via 'make test'.

See full diff: v0.7.0...v0.8.0

v0.7.0

What's changed in v0.7.0

• chore(makefile): add generate-configuration target (by @patrickleet)

  Wires hops validate generate-configuration as a prerequisite of
  validate:all / validate / validate:% so configuration.yaml is
  regenerated from upbound.yaml before each validation run.

  Implements [[tasks/update-xrd-makefiles-generate-config]]

• feat(deps): update crossplane-contrib/function-auto-ready docker tag to v0.6.4 (#9) (by @renovate[bot])

  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

See full diff: v0.6.0...v0.7.0

v0.6.0

What's changed in v0.6.0

• feat(deps): update crossplane-contrib/function-auto-ready docker tag to v0.6.3 (#8) (by @renovate[bot])

  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

See full diff: v0.5.0...v0.6.0

v0.5.0

What's changed in v0.5.0

• chore(deps): update unbounded-tech/workflows-crossplane action to v2.17.0 (#4) (by @renovate[bot])

  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

• chore(deps): update unbounded-tech/workflows-crossplane action to v2.18.0 (#5) (by @renovate[bot])

  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

• chore(deps): update unbounded-tech/workflows-crossplane action to v2.20.0 (#6) (by @renovate[bot])

  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

• feat(deps): update crossplane-contrib/function-auto-ready docker tag to v0.6.2 (#7) (by @renovate[bot])

  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

See full diff: v0.4.0...v0.5.0

v0.4.0

What's changed in v0.4.0

• chore(deps): update unbounded-tech/workflows-crossplane action to v2.16.0 (#3) (by @renovate[bot])

  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

• feat: stack-knative -> knative-stack, kind: KnativeStack, api: hops.ops.com.ai (by @patrickleet)

• fix: test updates (by @patrickleet)

• fix: test updates (by @patrickleet)

• feat: unit tests (by @patrickleet)

See full diff: v0.3.0...v0.4.0

v0.3.0

What's changed in v0.3.0

• chore: e2e usage of istio by knative (by @patrickleet)

• chore: e2e usage of istio by knative makes tests hang forever despite everything being created successfully (by @patrickleet)

• feat(deps): update crossplane-contrib/function-auto-ready docker tag to v0.6.1 (#2) (by @renovate[bot])

  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

See full diff: v0.2.0...v0.3.0