Business Hub Upgrade Notes and Technical Changes
Notes for all versions
Updating CRDs
Some upgrades include changes to Custom Resource Definitions (CRDs).
If you are using the automated CRD updater tool bundled with the KNIME Business Hub application, CRDs are updated automatically during the upgrade.
If you have disabled the updater and installed CRDs manually, make sure to re-apply the latest CRDs from the public repository after each upgrade.
Outdated CRDs can cause issues such as executor errors or failed component deployments.
KNIME Business Hub version 1.17
Important Notice
We are still assessing production readiness of KNIME Business Hub 1.17.0 for the OpenShift distribution. If you are deploying KNIME Business Hub into OpenShift, please do not install or upgrade to 1.17.0. KNIME will make an announcement or release a patch in the near future to ensure OpenShift compatibility.
Upgrade Notes / Technical Changes
- In ArgoCD, Elasticsearch has been configured to be highly available by default. This provisions 3 replicas for the Elasticsearch StatefulSet which have anti-affinity.
- By default, the anti-affinity is set to use “soft” (best-effort) scheduling. This is to ensure Elasticsearch comes online in smaller clusters.
- If anti-affinity is set to “hard”, there must be 3+ schedulable nodes in the cluster for Elasticsearch to run on (based on kubernetes.io/hostname topology key).
- If using “soft”, please note that there are a few risks:
- HA risk: Both replicas of one ES shard could be scheduled on the same node; if that node fails, both replicas are lost.
- AWS AZ issue: Pods can get "stuck" in a specific AZ even if you add nodes in other AZs, since EBS volumes (PVCs) are not automatically moved between AZs.
- Changing from "soft" to "hard" in existing clusters may cause scheduling issues if there are insufficient nodes to satisfy the hard anti-affinity requirement.
- The elasticsearch-master StatefulSet can be deleted (allowing ArgoCD to recreate it), both for the 1.17.0 upgrade and in general when changing Elasticsearch configuration. Please note that search and other functionality will be offline while Elasticsearch is provisioning.
- ArgoCD customers upgrading from <1.17.0: Set
knime-hub-secret-store-minio.config.s3.url="http://secret-store-minio:9000"in your local-values.yaml overrides, to continue using the internal secret store because migration to offloaded S3 is not yet supported. - Notifications Service: Starting with 1.17.0, whitespaces at the beginning of lines in the configuration of the notification service are not allowed anymore. Such lines will be ignored.
- Removal of X-Frame-Options, replaced with frame-ancestors in CSP.
Removal of the X-Frame-Options header
In previous releases, embedding Data Apps in iframes was controlled by the X-Frame-Options header. This header only has three options: allow embedding on the same domain, anywhere, or nowhere. The frame-ancestors directive in the Content-Security-Policy header allows for more control over which webpages can embed Data Apps, so we've removed the X-Frame-Options header from KNIME Business Hub.
- If you've never allowed embedding Data Apps before: There is no change for you. We set a default that denies all embedding.
- If you've allowed embedding Data Apps before: Configure the
frame-ancestorsdirective in theContent-Security-Policyheader to include your external webpages. See Configure Browser Security for more information.
KNIME Business Hub version 1.16
Important notice for existing customers (32 GiB RAM instances)
Previously, a Hub instance with 32 GiB of RAM could host executors configured with up to 12 GiB of memory. After this update, the maximum executor size must be reduced to 8 GiB before starting the upgrade (Editing Executor Configuration). If executor memory is not adjusted, executors will fail to start until their configuration is lowered.
For customers on instances with more than 32 GiB RAM
In some cases, a large share of memory may already be reserved for execution. To ensure smooth operation, core services now require 24 GiB, leaving the remainder available for execution. Please adjust your executor memory accordingly before the update.
KURL-related infrastructure changes
Updated KURL installer (KURL Installer), bringing the following updates and more:
- Kubernetes update to 1.33.4 (from 1.30.7 compared to last KURL update)
- KOTS installer update to 1.125.2
- Velero update to 1.16.2
Updated RoleBinding for license validation
With this release the RoleBinding used for license validation has been updated with additional ServiceAccount references. If you’ve installed KNIME Business Hub with Minimal RBAC you need to apply the updated Cluster Roles as described here before updating.
Updated RoleBinding for license validation
With this release the RoleBinding used for license validation has been updated with additional ServiceAccount references. If you’ve installed KNIME Business Hub with Minimal RBAC you need to apply the updated Cluster Roles as described here before updating.
Upgrading Existing Argo CD Installations
For clusters where KNIME Business Hub was previously installed and managed via Argo CD, ensure the following configuration adjustments before upgrading to this release:
- Navigate to Settings → Projects → knime-business-hub.
- Under Namespaces, set this resource to Denied in the project configuration.
- In the Cluster Resource Allow List, allow all resources (*).
- In the Cluster Resource Deny List, deny at least the Namespaces resource.
- In the Namespace Resource Allow List, allow all resources (*).
These settings ensure a safe and consistent upgrade path for existing deployments managed by Argo CD.
KNIME Business Hub version 1.15
Istio upgrade
Istio has been upgraded to version 1.24.2.
- For installations that have manually installed
istioit is highly recommended to updateistioto the same version. Instructions are available here. - For installations that install
istiovia KOTS, no other input is required. The upgrade will be automatic.
This upgrade will be mandatory in future releases when features only found in istio 1.24 are in use.