Update Helm release strimzi-kafka-operator to v0.45.0 #867
+1
−1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.29.0
->0.45.0
Release Notes
strimzi/strimzi-kafka-operator (strimzi-kafka-operator)
v0.45.0
Compare Source
Remove support for Kafka 3.7.0 and 3.7.1
This change also means the restart reason ClientCaCertKeyReplaced is removed and either CaCertRenewed or CaCertHasOldGeneration will be used.
template
sectionsMajor changes, deprecations and removals
Please make sure to migrate to KRaft and MirrorMaker 2 before upgrading to Strimzi 0.46 or newer.
Please use the Apache Kafka EnvVarConfigProvider and Identity Replication Policy instead.
v0.44.0
Compare Source
ContinueReconciliationOnManualRollingUpdateFailure
feature gate moves to beta stage and is enabled by default.If needed,
ContinueReconciliationOnManualRollingUpdateFailure
can be disabled in the feature gates configuration in the Cluster Operator.host
andadvertisedHost
fields in listener configuration.Changes, deprecations and removals
Kubernetes 1.23 and 1.24 are not supported anymore.
KafkaTopic
resources if they are removed, aligning the behavior with paused topics, where finalizers are also not restored.This change matches user expectations.
.spec.externalConfiguration
) inKafkaConnect
andKafkaMirrorMaker2
resources is deprecated and will be removed in the future.Please use the environment variables, additional volumes and volume mounts in Pod and container templates instead.
v0.43.0
Compare Source
Remove support for Apache Kafka 3.6.0, 3.6.1, and 3.6.2.
On the listener
serverBearerTokenLocation
anduserNamePrefix
have been added.On the client
accessTokenLocation
,clientAssertion
,clientAssertionLocation
,clientAssertionType
, andsaslExtensions
have been added.Changes, deprecations and removals
If you are using the storage overrides, you should migrate to KafkaNodePool resources and use multiple node pools with a different storage class each.
From Strimzi 0.44.0 on, we will support only Kubernetes 1.25 and newer.
v0.42.0
Compare Source
UseKRaft
feature gate moves to GA stage and is permanently enabled without the possibility to disable it.To use KRaft (ZooKeeper-less Apache Kafka), you still need to use the
strimzi.io/kraft: enabled
annotation on theKafka
custom resources or migrate from an existing ZooKeeper-based cluster.KafkaBridge
resource with consumer inactivity timeout and HTTP consumer/producer enablement.publishNotReadyAddresses
on services for listener types other than internal.kafka-metrics.yaml
example file.strimzi
orkafka
in theKafka
custom resource.The Strimzi Quotas plugin version was updated to 0.3.1.
Changes, deprecations and removals
reconciliationIntervalSeconds
configuration for the Topic and User Operators is deprecated, and will be removed when upgrading schemas to v1.Use
reconciliationIntervalMs
converting the value to milliseconds.Additionally, from Strimzi 0.42.0 the plugin should be configured in
.spec.kafka.quotas
section - the configuration of the plugin inside.spec.kafka.config
is ignored and should be removed.v0.41.0
Compare Source
Strimzi Operators
dashboard to include certificate expiration per cluster.(Note: JBOD support in KRaft mode is considered early-access in Apache Kafka 3.7.x)
KafkaNodePools
feature gate moves to GA stage and is permanently enabled without the possibility to disable it.To use the Kafka Node Pool resources, you still need to use the
strimzi.io/node-pools: enabled
annotation on theKafka
custom resources.externalIPs
field in node port type services.UnidirectionalTopicOperator
feature gate moves to GA stage and is permanently enabled without the possibility to disable it.If the topics whose names start with
strimzi-store-topic
andstrimzi-topic-operator
still exist, you can delete them.AWS_MSK_IAM
)strimzi.io/manual-rolling-update
annotation (when theContinueReconciliationOnManualRollingUpdateFailure
feature gate is enabled).Changes, deprecations and removals
tlsSidecar
configuration for the Entity Operator is now deprecated and will be ignored.zookeeperSessionTimeoutSeconds
andtopicMetadataMaxAttempts
configurations for the Entity Topic Operator have been removed and will be ignored.v0.40.0
Compare Source
Remove support for Apache Kafka 3.5.0, 3.5.1, and 3.5.2.
UseKRaft
feature gate moves to beta stage and is enabled by default.If needed,
UseKRaft
can be disabled in the feature gates configuration in the Cluster Operator.offset.show-all
parameterbroker
process role from KRaft mixed-nodes that have assigned partition-replicasChanges, deprecations and removals
Kubernetes 1.21 and 1.22 are not supported anymore.
This change brings our CRDs in-sync with the Kubernetes APIs.
After this fix, the label and annotation definitions in our CRDs (for example in the
template
sections) cannot contain integer values anymore and have to always use string values.If your custom resources use an integer value, for example:
template:
apiService:
metadata:
annotations:
discovery.myapigateway.io/port: 8080
You might get an error similar to this when applying the resource:
* spec.template.apiService.metadata.annotations.discovery.myapigateway.io/port: Invalid value: "integer": spec.template.apiService.metadata.annotations.discovery.myapigateway.io/port in body must be of type string: "integer"
To fix the issue, just use a string value instead of an integer:
template:
apiService:
metadata:
annotations:
discovery.myapigateway.io/port: "8080"
If you are upgrading from Strimzi 0.34 or earlier and have JmxTrans enabled in
.spec.jmxTrans
of theKafka
custom resource, you should disable it before the upgrade or delete it manually after the upgrade is complete.api
module was refactored and classes were moved to new packages.It denies them instead of allowing them.
This new behavior does not require the
PodDisruptionBudget
to be set tomaxUnavailable: 0
.We expect this to improve the compatibility with various tools used for scaling Kubernetes clusters such as Karpenter.
If you observe any problems with your toolchain or just want to stick with the previous behavior, you can use the
STRIMZI_DENY_EVICTION
environment variable and set it tofalse
to switch back to the old (legacy) mode.v0.39.0
Compare Source
StableConnectIdentities
feature gate moves to GA stage and is now permanently enabled without the possibility to disable it.All Connect and Mirror Maker 2 operands will now use StrimziPodSets.
KafkaNodePools
feature gate moves to beta stage and is enabled by default.If needed,
KafkaNodePools
can be disabled in the feature gates configuration in the Cluster Operator.UnidirectionalTopicOperator
feature gate moves to beta stage and is enabled by default.If needed,
UnidirectionalTopicOperator
can be disabled in the feature gates configuration in the Cluster Operator.Changes, deprecations and removals
StableConnectIdentities
feature gate moves to GA stage and cannot be disabled anymore.When using Connect or Mirror Maker 2 operands, direct downgrade to Strimzi versions older than 0.34 is not supported anymore.
You have to first downgrade to Strimzi version between 0.34 to 0.38, disable the
StableConnectIdentities
feature gate, and only then downgrade to an older Strimzi version.From Strimzi 0.40.0 on, we will support only Kubernetes 1.23 and newer.
v0.38.0
Compare Source
cosign
strimzi.io/manual-rolling-update
annotation (supported only whenStableConnectIdentities
feature gate is enabled)+UseKRaft
feature gate is enabledincludeAcceptHeader
option to OAuth client and listener authentication configuration and tokeycloak
authorization. If set tofalse
it turns off sending ofAccept
header when communicating with OAuth / OIDC authorization server. This feature is enabled by the updated Strimzi Kafka OAuth library (0.14.0).Changes, deprecations and removals
Kafka.KafkaStatus.ListenerStatus.type
property has been deprecated for a long time, and now we do not use it anymore.The current plan is to completely remove this property in the next schema version.
If needed, you can use the
Kafka.KafkaStatus.ListenerStatus.name
property, which has the same value.strimzi.io/kraft
annotation to be applied onKafka
custom resource, together with the+UseKRaft
feature gate enabled, to declare a ZooKeeper or KRaft based cluster.enabled
theKafka
resource defines a KRaft-based cluster.disabled
, missing or any other value, the operator handle theKafka
resource as a ZooKeeper-based cluster.io.strimzi.kafka.EnvVarConfigProvider
configuration provider is now deprecated and will be removed in Strimzi 0.42. Users should migrate to Kafka's implementation,org.apache.kafka.common.config.provider.EnvVarConfigProvider
, which is a drop-in replacement.For example:
config:
...
...
v0.37.0
Compare Source
StableConnectIdentites
feature gate moves to beta stage.By default, StrimziPodSets are used for Kafka Connect and Kafka Mirror Maker 2.
If needed,
StableConnectIdentites
can be disabled in the feature gates configuration in the Cluster Operator.ppc64le
platformKafka
custom resource status to track install and upgrade stateChanges, deprecations and removals
tracing.type: jaeger
configuration, inKafkaConnect
,KafkaMirrorMaker
,KafkaMirrorMaker2
andKafkaBridge
resources, is not supported anymore.tracing.type: opentelemetry
.When the auto-restart feature is enabled in
KafkaConnector
orKafkaMirrorMaker2
custom resources, it will now continue to restart the connectors indefinitely rather than stopping after 7 restarts, as previously.If you want to use the original behaviour, use the
.spec.autoRestart.maxRestarts
option to configure the maximum number of restarts.For example:
...
...
v0.36.1
Compare Source
v0.36.0
Compare Source
Changes, deprecations and removals
Kubernetes 1.19 and 1.20 are not supported anymore.
UseKRaft
feature gate is now possible only together with theKafkaNodePools
feature gate.To deploy a Kafka cluster in the KRaft mode, you have to use the
KafkaNodePool
resources.https://strimzi.io/charts/
is now deprecated.Please use the Helm Chart OCI artifacts from our Helm Chart OCI repository instead.
customClaimCheck
of 'oauth' authentication which relies on JsonPath changed the handling of equal comparison againstnull
as the behaviour was buggy and is now fixed in the updated version of JsonPath library OAuth #196v0.35.1
Compare Source
Main changes since 0.35.0
Bug Fixes
Upgrading from Strimzi 0.35.0
See the documentation for upgrade instructions.
Upgrading from Strimzi 0.22 or earlier
Direct upgrade from Strimzi 0.22 or earlier is not supported anymore! You have to upgrade first to one of the previous versions of Strimzi. You will also need to convert the CRD resources. For more details, see the documentation.
Container images
The following container images are part of this release:
quay.io/strimzi/operator@sha256:06a94a3021cf028ccc1a49271f35f79216029e344536e664f196c1725ff2c663
quay.io/strimzi/kafka@sha256:4de4874a7b722ad813f4dcc58acf509527bca0609999b81e70d81e3b38534d9d
quay.io/strimzi/kafka@sha256:0d910e7138cb49e1cd8cd84cef88bce35698b93ddd683a3398f1d485a3162693
quay.io/strimzi/kafka@sha256:54c6b25b31f51ef401c1b6e2a1b27432911e819bf3e502e05186f01be3f798e5
quay.io/strimzi/kafka-bridge@sha256:d6be183e492f8f88157ab9fe0af53950df8b6711a8a8c33da465de6064f6f86e
quay.io/strimzi/kaniko-executor@sha256:39778b90c2b2afc30261e4ad5135805e1a10a2b60e2e53108fb9f80487f1208a
quay.io/strimzi/maven-builder@sha256:88a79eff3b3a386880a630658964b7754caed9e99dd6e645a4c0d23d0fdb47ee
v0.35.0
Compare Source
UseStrimziPodSets
to GA and remove support for StatefulSetsChanges, deprecations and removals
From Strimzi 0.36.0 on, we will support only Kubernetes 1.21 and newer.
If you have JMX Trans enabled in your
Kafka
custom resource in the.spec.jmxTrans
section, you should remove it.If you upgrade to Strimzi 0.35.0 or newer with JMX Trans deployed / enabled in the
Kafka
custom resource, Strimzi will be automatically deleted after the upgrade.UseStrimziPodSets
has graduated to GA and cannot be disabled anymore.The StatefulSet template properties in the
Kafka
custom resource in.spec.zookeeper.template.statefulSet
and.spec.kafka.template.statefulSet
are deprecated and will be ignored.You should remove them from your custom resources.
v0.34.0
Compare Source
StableConnectIdentities
)httpRetries
andhttpRetryPauseMs
options to OAuth authentication configuration. They are set to0
by default - no retries, no backoff between retries. Also added analogoushttpRetries
option in thekeycloak
authorization configuration. These features are enabled by the updated Strimzi Kafka OAuth library (0.12.0).v0.33.2
Compare Source
Main changes since 0.33.1
Bug Fixes
v0.33.1
Compare Source
Main changes since 0.33.0
Bug Fixes
Lease
resource from installation filesv0.33.0
Compare Source
api
,crd-generator
,crd-annotations
, andtest
Recreate
deployment strategyImageStream
validation for Kafka Connect builds on OpenShiftKnown issues
If you use
type: ingress
listener with enabled mTLS authentication, we recommend you to test if your clients are affected or not.If needed, you can also disable the session ticket extension in the Kafka brokers in your
Kafka
custom resource by setting thejdk.tls.server.enableSessionTicketExtension
Java system property tofalse
:...
spec:
...
...
ssl.secure.random.implementation
option in Kafka brokers was always set toSHA1PRNG
.From Strimzi 0.33 on, it is using the default SecureRandom implementation from the Java Runtime.
If you want to keep using
SHA1PRNG
as your SecureRandom, you can configure it in.spec.kafka.config
in yourKafka
custom resource.It is currently planned to be removed in Strimzi 0.35.0.
type: jaeger
tracing based on Jaeger clients and OpenTracing API was deprecated in the Strimzi 0.31 release.As the Jaeger clients are retired and the OpenTracing project is archived, we cannot guarantee their support for future versions.
In Strimzi 0.32 and 0.33, we added support for OpenTelemetry tracing as a replacement.
If possible, we will maintain the support for
type: jaeger
tracing until June 2023 and remove it afterwards.Please migrate to OpenTelemetry as soon as possible.
The Jaeger exporter is even not included in the Kafka images anymore, so if you want to use it you have to add the binary by yourself.
The
OTEL_EXPORTER_OTLP_ENDPOINT
environment variable has to be used instead of theOTEL_EXPORTER_JAEGER_ENDPOINT
in order to specify the OTLP endpoint to send traces to.If you are using Jaeger as the backend system for tracing, you need to have 1.35 release at least which is the first one exposing an OTLP endpoint.
v0.32.0
Compare Source
ControlPlaneListener
feature gate moves to GAcluster-ip
listener. We can use it with a tcp port configuration in an ingress controller to expose kafka with an optional tls encryption and a single LoadBalancer.Changes, deprecations and removals
ClusterRole
from file020-ClusterRole-strimzi-cluster-operator-role.yaml
was split into two separate roles:strimzi-cluster-operator-namespaced
ClusterRole
in the file020-ClusterRole-strimzi-cluster-operator-role.yaml
contains the rights related to the resources created based on some Strimzi custom resources.strimzi-cluster-operator-watched
ClusterRole
in the file023-ClusterRole-strimzi-cluster-operator-role.yaml
contains the rights required to watch and manage the Strimzi custom resources.When deploying the Strimzi Cluster Operator as cluster-wide, the
strimzi-cluster-operator-watched
ClusterRole
needs to be always granted at the cluster level.But the
strimzi-cluster-operator-namespaced
ClusterRole
might be granted only for the namespaces where any custom resources are created.ControlPlaneListener
feature gate moves to GA.Direct upgrade from Strimzi 0.22 or earlier is not possible anymore.
You have to upgrade first to one of the Strimzi versions between 0.22 and 0.32 before upgrading to Strimzi 0.32 or newer.
Please follow the docs for more details.
spec.authorization.acls[*].operation
field in theKafkaUser
resource has been deprecated in favour of the fieldspec.authorization.acls[*].operations
which allows to set multiple operations per ACLRule.v0.31.1
Compare Source
sasl.server.max.receive.size
broker option user configurablev0.31.0
Compare Source
Deprecations and removals
From Strimzi 0.32.0 on, we will support only Kubernetes 1.19 and newer.
The supported Kubernetes versions will be re-evaluated again in Q1/2023.
type: jaeger
tracing support based on Jaeger clients and OpenTracing API is now deprecated.Because the Jaeger clients are retired and the OpenTracing project is archived, we cannot guarantee their support for future Kafka versions.
In the future, we plan to replace it with a new tracing feature based on the OpenTelemetry project.
v0.30.0
Compare Source
simple
authorization and for the User Operator to the experimentalUseKRaft
feature gate(Note: Due to KAFKA-13909, broker restarts currently don't work when authorization is enabled.)
ServiceAccountPatching
feature gate moves to GA.It cannot be disabled anymore and will be permanently enabled.
UseStrimziPodSets
feature gate moves to beta stage.By default, StrimziPodSets are used instead of StatefulSets.
If needed,
UseStrimziPodSets
can be disabled in the feature gates configuration in the Cluster Operator.For existing clusters, the certificates will not be updated during upgrade but only next time the PKCS12 store is created.
Configuration
📅 Schedule: Branch creation - "before 6am on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.