Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Helm release strimzi-kafka-operator to v0.45.0 #867

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 4, 2024

This PR contains the following updates:

Package Update Change
strimzi-kafka-operator (source) minor 0.29.0 -> 0.45.0

Release Notes

strimzi/strimzi-kafka-operator (strimzi-kafka-operator)

v0.45.0

Compare Source

  • Add support for Kafka 3.9.0 and 3.8.1.
    Remove support for Kafka 3.7.0 and 3.7.1
  • Ability to move data between JBOD disks using Cruise Control.
  • Allow using custom certificates for communication with container registry in Kafka Connect Build with Kaniko
  • Only roll pods once for ClientsCa cert renewal.
    This change also means the restart reason ClientCaCertKeyReplaced is removed and either CaCertRenewed or CaCertHasOldGeneration will be used.
  • Allow rolling update for new cluster CA trust (during Cluster CA key replacement) to continue where it left off before interruption without rolling all pods again.
  • Update HTTP bridge to 0.31.1
  • Add support for mounting CSI volumes using the template sections
Major changes, deprecations and removals

v0.44.0

Compare Source

  • Add the "Unmanaged" KafkaTopic status update.
  • The ContinueReconciliationOnManualRollingUpdateFailure feature gate moves to beta stage and is enabled by default.
    If needed, ContinueReconciliationOnManualRollingUpdateFailure can be disabled in the feature gates configuration in the Cluster Operator.
  • Add support for managing connector offsets via KafkaConnector and KafkaMirrorMaker2 custom resources.
  • Add support for templating host and advertisedHost fields in listener configuration.
  • Allow configuration of environment variables based on Config Map or Secret for every container in the container template sections.
  • Add support for disabling the generation of PodDisruptionBudget resources by the Cluster Operator.
  • Add support for running an automatic rebalancing, via Cruise Control, when the cluster is scaled down or up:
    • after a scaling up, the operator triggers an auto-rebalancing for moving some of the existing partitions to the newly added brokers.
    • before scaling down, and if the brokers to remove are hosting partitions, the operator triggers an auto-rebalancing to these partitions off the brokers to make them free to be removed.
  • Strimzi Access Operator 0.1.0 added to the installation files and examples
Changes, deprecations and removals
  • From Strimzi 0.44.0 on, we support only Kubernetes 1.25 and newer.
    Kubernetes 1.23 and 1.24 are not supported anymore.
  • When finalizers are enabled (default), the Topic Operator will no longer restore finalizers on unmanaged KafkaTopic resources if they are removed, aligning the behavior with paused topics, where finalizers are also not restored.
    This change matches user expectations.
  • The External Configuration (.spec.externalConfiguration) in KafkaConnect and KafkaMirrorMaker2 resources is deprecated and will be removed in the future.
    Please use the environment variables, additional volumes and volume mounts in Pod and container templates instead.
  • The Strimzi Canary installation files were removed based on the Strimzi proposal 086 as the project was discontinued and archived.

v0.43.0

Compare Source

  • Add support for Apache Kafka 3.8.0.
    Remove support for Apache Kafka 3.6.0, 3.6.1, and 3.6.2.
  • Added alerts for Connectors/Tasks in failed state.
  • Support for specifying additional volumes and volume mounts in Strimzi custom resources
  • Strimzi Drain Cleaner updated to 1.2.0 (included in the Strimzi installation files)
  • Additional OAuth configuration options have been added for 'oauth' authentication on the listener and the client.
    On the listener serverBearerTokenLocation and userNamePrefix have been added.
    On the client accessTokenLocation, clientAssertion, clientAssertionLocation, clientAssertionType, and saslExtensions have been added.
  • Add support for custom Cruise Control API users
  • Update HTTP bridge to latest 0.30.0 release
  • Unregistration of KRaft nodes after scale-down
  • Update Kafka Exporter to 1.8.0 and update the Grafana dashboard to work with it
Changes, deprecations and removals
  • The storage overrides for configuring per-broker storage class are deprecated and will be removed in the future.
    If you are using the storage overrides, you should migrate to KafkaNodePool resources and use multiple node pools with a different storage class each.
  • Strimzi 0.43.0 (and any of its patch releases) is the last Strimzi version with support for Kubernetes 1.23 and 1.24.
    From Strimzi 0.44.0 on, we will support only Kubernetes 1.25 and newer.

v0.42.0

Compare Source

  • Add support for Kafka 3.7.1
  • The UseKRaft feature gate moves to GA stage and is permanently enabled without the possibility to disable it.
    To use KRaft (ZooKeeper-less Apache Kafka), you still need to use the strimzi.io/kraft: enabled annotation on the Kafka custom resources or migrate from an existing ZooKeeper-based cluster.
  • Update the base image used by Strimzi containers from UBI8 to UBI9
  • Add support for filename patterns when configuring trusted certificates
  • Enhance KafkaBridge resource with consumer inactivity timeout and HTTP consumer/producer enablement.
  • Add support for feature gates to User and Topic Operators
  • Add support for setting publishNotReadyAddresses on services for listener types other than internal.
  • Update HTTP bridge to latest 0.29.0 release
  • Uncommented and enabled (by default) KRaft-related metrics in the kafka-metrics.yaml example file.
  • Added support for configuring the quotas plugin with type strimzi or kafka in the Kafka custom resource.
    The Strimzi Quotas plugin version was updated to 0.3.1.
Changes, deprecations and removals
  • The reconciliationIntervalSeconds configuration for the Topic and User Operators is deprecated, and will be removed when upgrading schemas to v1.
    Use reconciliationIntervalMs converting the value to milliseconds.
  • Usage of Strimzi Quotas plugin version 0.2.0 is not supported, the plugin was updated to 0.3.1 and changed significantly.
    Additionally, from Strimzi 0.42.0 the plugin should be configured in .spec.kafka.quotas section - the configuration of the plugin inside .spec.kafka.config is ignored and should be removed.

v0.41.0

Compare Source

  • Add support for Apache Kafka 3.6.2
  • Provide metrics to monitor certificates expiration as well as modified Strimzi Operators dashboard to include certificate expiration per cluster.
  • Add support for JBOD storage in KRaft mode.
    (Note: JBOD support in KRaft mode is considered early-access in Apache Kafka 3.7.x)
  • Added support for topic replication factor change to the Unidirectional Topic Operator when Cruise Control integration is enabled.
  • The KafkaNodePools feature gate moves to GA stage and is permanently enabled without the possibility to disable it.
    To use the Kafka Node Pool resources, you still need to use the strimzi.io/node-pools: enabled annotation on the Kafka custom resources.
  • Added support for configuring the externalIPs field in node port type services.
  • The UnidirectionalTopicOperator feature gate moves to GA stage and is permanently enabled without the possibility to disable it.
    If the topics whose names start with strimzi-store-topic and strimzi-topic-operator still exist, you can delete them.
  • Don't allow MirrorMaker2 mirrors with target set to something else than the connect cluster.
  • Added support for custom SASL config in standalone Topic Operator deployment to support alternate access controllers (i.e. AWS_MSK_IAM)
  • Remove Angular dependent plugins from Grafana example dashboard. This makes our dashboard compatible with Grafana 7.4.5 and higher.
  • Continue reconciliation after failed manual rolling update using the strimzi.io/manual-rolling-update annotation (when the ContinueReconciliationOnManualRollingUpdateFailure feature gate is enabled).
Changes, deprecations and removals
  • The tlsSidecar configuration for the Entity Operator is now deprecated and will be ignored.
  • The zookeeperSessionTimeoutSeconds and topicMetadataMaxAttempts configurations for the Entity Topic Operator have been removed and will be ignored.

v0.40.0

Compare Source

  • Add support for Apache Kafka 3.7.0.
    Remove support for Apache Kafka 3.5.0, 3.5.1, and 3.5.2.
  • The UseKRaft feature gate moves to beta stage and is enabled by default.
    If needed, UseKRaft can be disabled in the feature gates configuration in the Cluster Operator.
  • Add support for ZooKeeper to KRaft migration by enabling the users to move from using ZooKeeper to store metadata to use KRaft.
  • Add support for moving from dedicated controller-only KRaft nodes to mixed KRaft nodes
  • Fix NullPointerException from missing listenerConfig when using custom auth
  • Added support for Kafka Exporter offset.show-all parameter
  • Prevent removal of the broker process role from KRaft mixed-nodes that have assigned partition-replicas
  • Improve broker scale-down prevention to continue in reconciliation when scale-down cannot be executed
  • Added support for Tiered Storage by enabling the configuration of custom storage plugins through the Kafka custom resource.
  • Update HTTP bridge to latest 0.28.0 release
Changes, deprecations and removals
  • From Strimzi 0.40.0 on, we support only Kubernetes 1.23 and newer.
    Kubernetes 1.21 and 1.22 are not supported anymore.
  • #​9508 fixes the Strimzi CRDs and their definitions of labels and annotations.
    This change brings our CRDs in-sync with the Kubernetes APIs.
    After this fix, the label and annotation definitions in our CRDs (for example in the template sections) cannot contain integer values anymore and have to always use string values.
    If your custom resources use an integer value, for example:
    template:
    apiService:
    metadata:
    annotations:
    discovery.myapigateway.io/port: 8080
    You might get an error similar to this when applying the resource:
    * spec.template.apiService.metadata.annotations.discovery.myapigateway.io/port: Invalid value: "integer": spec.template.apiService.metadata.annotations.discovery.myapigateway.io/port in body must be of type string: "integer"
    To fix the issue, just use a string value instead of an integer:
    template:
    apiService:
    metadata:
    annotations:
    discovery.myapigateway.io/port: "8080"
  • Support for the JmxTrans component is now completely removed.
    If you are upgrading from Strimzi 0.34 or earlier and have JmxTrans enabled in .spec.jmxTrans of the Kafka custom resource, you should disable it before the upgrade or delete it manually after the upgrade is complete.
  • The api module was refactored and classes were moved to new packages.
  • Strimzi Drain Cleaner 1.1.0 (included in the Strimzi 0.40.0 installation files) changes the way it handles Kubernetes eviction requests.
    It denies them instead of allowing them.
    This new behavior does not require the PodDisruptionBudget to be set to maxUnavailable: 0.
    We expect this to improve the compatibility with various tools used for scaling Kubernetes clusters such as Karpenter.
    If you observe any problems with your toolchain or just want to stick with the previous behavior, you can use the STRIMZI_DENY_EVICTION environment variable and set it to false to switch back to the old (legacy) mode.

v0.39.0

Compare Source

  • Add support for Apache Kafka 3.5.2 and 3.6.1
  • The StableConnectIdentities feature gate moves to GA stage and is now permanently enabled without the possibility to disable it.
    All Connect and Mirror Maker 2 operands will now use StrimziPodSets.
  • The KafkaNodePools feature gate moves to beta stage and is enabled by default.
    If needed, KafkaNodePools can be disabled in the feature gates configuration in the Cluster Operator.
  • The UnidirectionalTopicOperator feature gate moves to beta stage and is enabled by default.
    If needed, UnidirectionalTopicOperator can be disabled in the feature gates configuration in the Cluster Operator.
  • Improved Kafka Connect metrics and dashboard example files
  • Allow specifying and managing KRaft metadata version
  • Add support for KRaft to KRaft upgrades (Apache Kafka upgrades for the KRaft based clusters)
  • Improved Kafka Mirror Maker 2 dashboard example file
Changes, deprecations and removals
  • The StableConnectIdentities feature gate moves to GA stage and cannot be disabled anymore.
    When using Connect or Mirror Maker 2 operands, direct downgrade to Strimzi versions older than 0.34 is not supported anymore.
    You have to first downgrade to Strimzi version between 0.34 to 0.38, disable the StableConnectIdentities feature gate, and only then downgrade to an older Strimzi version.
  • Strimzi 0.39.0 (and any of its patch releases) is the last Strimzi version with support for Kubernetes 1.21 and 1.22.
    From Strimzi 0.40.0 on, we will support only Kubernetes 1.23 and newer.

v0.38.0

Compare Source

  • Add support for Apache Kafka 3.6.0 and drop support for 3.4.0 and 3.4.1
  • Sign containers using cosign
  • Generate and publish Software Bill of Materials (SBOMs) of Strimzi containers
  • Add support for stopping connectors according to Strimzi Proposal #​54
  • Allow manual rolling of Kafka Connect and Kafka Mirror Maker 2 pods using the strimzi.io/manual-rolling-update annotation (supported only when StableConnectIdentities feature gate is enabled)
  • Make sure brokers are empty before scaling them down
  • Update Cruise Control to 2.5.128
  • Add support for pausing reconciliations to the Unidirectional Topic Operator
  • Allow running ZooKeeper and KRaft based Apache Kafka clusters in parallel when the +UseKRaft feature gate is enabled
  • Add support for metrics to the Unidirectional Topic Operator
  • Added the includeAcceptHeader option to OAuth client and listener authentication configuration and to keycloak authorization. If set to false it turns off sending of Accept header when communicating with OAuth / OIDC authorization server. This feature is enabled by the updated Strimzi Kafka OAuth library (0.14.0).
  • Update HTTP bridge to latest 0.27.0 release
Changes, deprecations and removals
  • The Kafka.KafkaStatus.ListenerStatus.type property has been deprecated for a long time, and now we do not use it anymore.
    The current plan is to completely remove this property in the next schema version.
    If needed, you can use the Kafka.KafkaStatus.ListenerStatus.name property, which has the same value.
  • Added strimzi.io/kraft annotation to be applied on Kafka custom resource, together with the +UseKRaft feature gate enabled, to declare a ZooKeeper or KRaft based cluster.
    • if enabled the Kafka resource defines a KRaft-based cluster.
    • if disabled, missing or any other value, the operator handle the Kafka resource as a ZooKeeper-based cluster.
  • The io.strimzi.kafka.EnvVarConfigProvider configuration provider is now deprecated and will be removed in Strimzi 0.42. Users should migrate to Kafka's implementation, org.apache.kafka.common.config.provider.EnvVarConfigProvider, which is a drop-in replacement.
    For example:
    config:

...

config.providers: env
config.providers.env.class: io.strimzi.kafka.EnvVarConfigProvider

...

becomes
```yaml
config:
### ...
  config.providers: env
  config.providers.env.class: org.apache.kafka.common.config.provider.EnvVarConfigProvider
### ...

v0.37.0

Compare Source

  • The StableConnectIdentites feature gate moves to beta stage.
    By default, StrimziPodSets are used for Kafka Connect and Kafka Mirror Maker 2.
    If needed, StableConnectIdentites can be disabled in the feature gates configuration in the Cluster Operator.
  • Support for the ppc64le platform
  • Added version fields to the Kafka custom resource status to track install and upgrade state
  • Support for infinite auto-restarts of Kafka Connect and Kafka Mirror Maker 2 connectors
Changes, deprecations and removals
  • Removed support for OpenTracing:
    • The tracing.type: jaeger configuration, in KafkaConnect, KafkaMirrorMaker, KafkaMirrorMaker2 and KafkaBridge resources, is not supported anymore.
    • The OpenTelemetry based tracing is the only available by using tracing.type: opentelemetry.
  • The default behavior of the Kafka Connect connector auto-restart has changed.
    When the auto-restart feature is enabled in KafkaConnector or KafkaMirrorMaker2 custom resources, it will now continue to restart the connectors indefinitely rather than stopping after 7 restarts, as previously.
    If you want to use the original behaviour, use the .spec.autoRestart.maxRestarts option to configure the maximum number of restarts.
    For example:
    apiVersion: kafka.strimzi.io/v1beta2
    kind: KafkaConnector
    metadata:
      labels:
        strimzi.io/cluster: my-connect
      name: echo-sink-connector
    spec:

...

autoRestart:
  enabled: true
  maxRestarts: 7

...

* **The automatic configuration of Cruise Control CPU capacity has been changed in this release**:
* There are three ways to configure Cruise Control CPU capacity values:
  * `.spec.cruiseControl.brokerCapacity` (for all brokers)
  * `.spec.cruiseControl.brokerCapacity.overrides` (per broker)
  * Kafka resource requests and limits (for all brokers).
* The precedence of which Cruise Control CPU capacity configuration is used has been changed.
* In previous Strimzi versions, the Kafka resource limit (if set) took precedence, regardless if any other CPU configurations were set.
  * For example:
    * (1) Kafka resource limits
    * (2) `.spec.cruiseControl.brokerCapacity.overrides`
    * (3) `.spec.cruiseControl.brokerCapacity`
* This previous behavior was identified as a bug and was fixed in this Strimzi release.
* Going forward, the brokerCapacity overrides per broker take top precedence, then general brokerCapacity configuration, and then the Kafka resource requests, then the Kafka resource limits.
  * For example:
    * (1) `.spec.cruiseControl.brokerCapacity.overrides`
    * (2) `.spec.cruiseControl.brokerCapacity`
    * (3) Kafka resource requests
    * (4) Kafka resource limits
  * When none of Cruise Control CPU capacity configurations mentioned above are configured, CPU capacity will be set to `1`.
as any _override_ value configured in the `.spec.cruiseControl` section of the `Kafka` custom resource.

v0.36.1

Compare Source

  • Add support for Apache Kafka 3.5.1

v0.36.0

Compare Source

  • Add support for Apache Kafka 3.4.1 and 3.5.0, and remove support for 3.3.1 and 3.3.2
  • Enable SCRAM-SHA authentication in KRaft mode (supported in Apache Kafka 3.5.0 and newer)
  • Add support for insecure flag in Maven artifacts in Kafka Connect Build
  • Update Kafka Exporter to 1.7.0
  • Improve Kafka rolling update to avoid rolling broker in log recovery
  • Added support for Kafka Exporter topic exclude and consumer group exclude parameters
  • Update Kaniko container builder to 1.12.1
  • Add support for Kafka node pools according to Strimzi Proposal #​50
  • Add support for Unidirectional Topic Operator according to Strimzi Proposal #​51
  • Update OpenTelemetry 1.19.0
  • Fixed ordering of JVM performance options #​8579
  • Log a warning when a KafkaTopic has no spec #​8465
  • Updated Strimzi OAuth library to 0.13.0 with better support for KRaft
Changes, deprecations and removals
  • From Strimzi 0.36.0 on, we support only Kubernetes 1.21 and newer.
    Kubernetes 1.19 and 1.20 are not supported anymore.
  • Enabling the UseKRaft feature gate is now possible only together with the KafkaNodePools feature gate.
    To deploy a Kafka cluster in the KRaft mode, you have to use the KafkaNodePool resources.
  • The Helm Chart repository at https://strimzi.io/charts/ is now deprecated.
    Please use the Helm Chart OCI artifacts from our Helm Chart OCI repository instead.
  • Option customClaimCheck of 'oauth' authentication which relies on JsonPath changed the handling of equal comparison against null as the behaviour was buggy and is now fixed in the updated version of JsonPath library OAuth #​196

v0.35.1

Compare Source

Main changes since 0.35.0

Bug Fixes
  • Update Fabric8 Kubernetes Client to 6.7.0
Upgrading from Strimzi 0.35.0

See the documentation for upgrade instructions.

Upgrading from Strimzi 0.22 or earlier

Direct upgrade from Strimzi 0.22 or earlier is not supported anymore! You have to upgrade first to one of the previous versions of Strimzi. You will also need to convert the CRD resources. For more details, see the documentation.

Container images

The following container images are part of this release:

Name Image
Operators quay.io/strimzi/operator@sha256:06a94a3021cf028ccc1a49271f35f79216029e344536e664f196c1725ff2c663
Apache Kafka 3.3.1 quay.io/strimzi/kafka@sha256:4de4874a7b722ad813f4dcc58acf509527bca0609999b81e70d81e3b38534d9d
Apache Kafka 3.3.2 quay.io/strimzi/kafka@sha256:0d910e7138cb49e1cd8cd84cef88bce35698b93ddd683a3398f1d485a3162693
Apache Kafka 3.4.0 quay.io/strimzi/kafka@sha256:54c6b25b31f51ef401c1b6e2a1b27432911e819bf3e502e05186f01be3f798e5
Strimzi Bridge quay.io/strimzi/kafka-bridge@sha256:d6be183e492f8f88157ab9fe0af53950df8b6711a8a8c33da465de6064f6f86e
Kaniko executor quay.io/strimzi/kaniko-executor@sha256:39778b90c2b2afc30261e4ad5135805e1a10a2b60e2e53108fb9f80487f1208a
Maven Builder quay.io/strimzi/maven-builder@sha256:88a79eff3b3a386880a630658964b7754caed9e99dd6e645a4c0d23d0fdb47ee

v0.35.0

Compare Source

  • Redesigned the Cluster and User Operator configuration to make it more efficient and flexible
  • Allow multiple imagePullSecrets in the Strimzi Helm chart
  • Remove support for JMX Trans
  • Move feature gate UseStrimziPodSets to GA and remove support for StatefulSets
  • Add flag to load Grafana dashboards from Helm Chart
Changes, deprecations and removals
  • Strimzi 0.35.0 (and any possible patch releases) is the last Strimzi version with support for Kubernetes 1.19 and 1.20.
    From Strimzi 0.36.0 on, we will support only Kubernetes 1.21 and newer.
  • Support for JMX Trans has been removed in Strimzi 0.35.0.
    If you have JMX Trans enabled in your Kafka custom resource in the .spec.jmxTrans section, you should remove it.
    If you upgrade to Strimzi 0.35.0 or newer with JMX Trans deployed / enabled in the Kafka custom resource, Strimzi will be automatically deleted after the upgrade.
  • The feature gate UseStrimziPodSets has graduated to GA and cannot be disabled anymore.
    The StatefulSet template properties in the Kafka custom resource in .spec.zookeeper.template.statefulSet and .spec.kafka.template.statefulSet are deprecated and will be ignored.
    You should remove them from your custom resources.

v0.34.0

Compare Source

  • Add support for Kafka 3.4.0 and remove support for Kafka 3.2.x
  • Stable Pod identities for Kafka Connect and MirrorMaker 2 (Feature Gate StableConnectIdentities)
  • Use JDK HTTP client in the Kubernetes client instead of the OkHttp client
  • Add truststore configuration for HTTPS connections to OPA server
  • Add image digest support in Helm chart
  • Added the httpRetries and httpRetryPauseMs options to OAuth authentication configuration. They are set to 0 by default - no retries, no backoff between retries. Also added analogous httpRetries option in the keycloak authorization configuration. These features are enabled by the updated Strimzi Kafka OAuth library (0.12.0).

v0.33.2

Compare Source

Main changes since 0.33.1

⚠️ Important: Strimzi 0.33.2 supports only Kubernetes 1.19 and newer! Kubernetes versions 1.16, 1.17 and 1.18 are not supported anymore since Strimzi 0.32.

⚠️ Important: Direct upgrade from Strimzi 0.22 or earlier is not supported anymore!

Bug Fixes
  • Support for Kafka 3.4.0 which fixes CVE-2023-25194
  • Fix RBAC files in standalone User Operator installation files

v0.33.1

Compare Source

Main changes since 0.33.0

⚠️ Important: Strimzi 0.33.1 supports only Kubernetes 1.19 and newer! Kubernetes versions 1.16, 1.17 and 1.18 are not supported anymore since Strimzi 0.32.

⚠️ Important: Direct upgrade from Strimzi 0.22 or earlier is not supported anymore!

Bug Fixes
  • Remove the Lease resource from installation files

v0.33.0

Compare Source

  • Add support for Kafka 3.3.2
  • Support loadBalancerClass attribute in service with type loadBalancer
  • Support for automatically restarting failed Connect or Mirror Maker 2 connectors
  • Redesign of Strimzi User Operator to improve its scalability
  • Use Java 17 as the runtime for all containers and language level for all modules except api, crd-generator, crd-annotations, and test
  • Improved FIPS (Federal Information Processing Standards) support
  • Upgrade Vert.x to 4.3.5
  • Moved from using the Jaeger exporter to OTLP exporter by default
  • Kafka Exporter support for Recreate deployment strategy
  • ImageStream validation for Kafka Connect builds on OpenShift
  • Support for configuring the metadata for the Role / RoleBinding of Entity Operator
  • Add liveness and readiness probes specifically for nodes running in KRaft combined mode
  • Upgrade HTTP bridge to latest 0.24.0 release
Known issues
  • The TLS passthrough feature of the Ingress-NGINX Controller for Kubernetes is not compatible with some new TLS features supported by Java 17 such as the session tickets extension.
    If you use type: ingress listener with enabled mTLS authentication, we recommend you to test if your clients are affected or not.
    If needed, you can also disable the session ticket extension in the Kafka brokers in your Kafka custom resource by setting the jdk.tls.server.enableSessionTicketExtension Java system property to false:
    apiVersion: kafka.strimzi.io/v1beta2
    kind: Kafka
    metadata:

...

spec:

...

kafka:
  jvmOptions:
    javaSystemProperties:
      - name: jdk.tls.server.enableSessionTicketExtension
        value: "false"

...

For more details, see [kubernetes/ingress-nginx#9540](https://redirect.github.com/kubernetes/ingress-nginx/issues/9540).
##### Changes, deprecations and removals

* The `UseStrimziPodSet` feature gate will move to GA in Strimzi 0.35.
Support for StatefulSets will be removed from Strimzi right after the 0.34 release.
Please use the Strimzi 0.33 release to test StrimziPodSets in your environment and report any major or blocking issues before the StatefulSet support is removed.
* The default length of any new SCRAM-SHA-512 passwords will be 32 characters instead of 12 characters used in the previous Strimzi versions.
Existing passwords will not be affected by this change until they are regenerated (for example because the user secret is deleted).
If you want to keep using the original password length, you can set it using the `STRIMZI_SCRAM_SHA_PASSWORD_LENGTH` environment variable in `.spec.entityOperator.template.userOperatorContainer.env` in the `Kafka` custom resource or in the `Deployment` of the standalone User Operator.
```yaml
userOperatorContainer:
  env:
    - name: STRIMZI_SCRAM_SHA_PASSWORD_LENGTH
      value: "12"
  • In previous versions, the ssl.secure.random.implementation option in Kafka brokers was always set to SHA1PRNG.
    From Strimzi 0.33 on, it is using the default SecureRandom implementation from the Java Runtime.
    If you want to keep using SHA1PRNG as your SecureRandom, you can configure it in .spec.kafka.config in your Kafka custom resource.
  • Support for JmxTrans in Strimzi is deprecated.
    It is currently planned to be removed in Strimzi 0.35.0.
  • Support for type: jaeger tracing based on Jaeger clients and OpenTracing API was deprecated in the Strimzi 0.31 release.
    As the Jaeger clients are retired and the OpenTracing project is archived, we cannot guarantee their support for future versions.
    In Strimzi 0.32 and 0.33, we added support for OpenTelemetry tracing as a replacement.
    If possible, we will maintain the support for type: jaeger tracing until June 2023 and remove it afterwards.
    Please migrate to OpenTelemetry as soon as possible.
  • When OpenTelemetry is enabled for tracing, starting from this release, the operator configures the OTLP exporter instead of the Jaeger one by default.
    The Jaeger exporter is even not included in the Kafka images anymore, so if you want to use it you have to add the binary by yourself.
    The OTEL_EXPORTER_OTLP_ENDPOINT environment variable has to be used instead of the OTEL_EXPORTER_JAEGER_ENDPOINT in order to specify the OTLP endpoint to send traces to.
    If you are using Jaeger as the backend system for tracing, you need to have 1.35 release at least which is the first one exposing an OTLP endpoint.

v0.32.0

Compare Source

  • Add support for Kafka 3.3.1 and remove support for Kafka 3.1.0, 3.1.1, and 3.1.2
  • Update Open Policy Agent (OPA) Authorizer to 1.5.0
  • Update KafkaConnector CR status so the 'NotReady' condition is added if the connector or any tasks are reporting a 'FAILED' state.
  • Add auto-approval mechanism on KafkaRebalance resource when an optimization proposal is ready
  • The ControlPlaneListener feature gate moves to GA
  • Add client rack-awareness support to Strimzi Bridge pods
  • Add support for OpenTelemetry for distributed tracing
    • Kafka Connect, Mirror Maker, Mirror Maker 2 and Strimzi Bridge can be configured to use OpenTelemetry
    • Using Jaeger exporter by default for backward compatibility
  • Updated JMX Exporter dependency to 0.17.2
  • ZookeeperRoller considers unready pods
  • Support multiple operations per ACLRule
  • Upgrade Vert.x to 4.3.4
  • Add cluster-ip listener. We can use it with a tcp port configuration in an ingress controller to expose kafka with an optional tls encryption and a single LoadBalancer.
  • Update Strimzi OAuth library to 0.11.0
Changes, deprecations and removals
  • From 0.32.0 on, Strimzi supports only Kubernetes version 1.19 and newer.
  • A connector or task failing triggers a 'NotReady' condition to be added to the KafkaConnector CR status. This is different from previous versions where the CR would report 'Ready' even if the connector or a task had failed.
  • The ClusterRole from file 020-ClusterRole-strimzi-cluster-operator-role.yaml was split into two separate roles:
    • The original strimzi-cluster-operator-namespaced ClusterRole in the file 020-ClusterRole-strimzi-cluster-operator-role.yaml contains the rights related to the resources created based on some Strimzi custom resources.
    • The new strimzi-cluster-operator-watched ClusterRole in the file 023-ClusterRole-strimzi-cluster-operator-role.yaml contains the rights required to watch and manage the Strimzi custom resources.
      When deploying the Strimzi Cluster Operator as cluster-wide, the strimzi-cluster-operator-watched ClusterRole needs to be always granted at the cluster level.
      But the strimzi-cluster-operator-namespaced ClusterRole might be granted only for the namespaces where any custom resources are created.
  • The ControlPlaneListener feature gate moves to GA.
    Direct upgrade from Strimzi 0.22 or earlier is not possible anymore.
    You have to upgrade first to one of the Strimzi versions between 0.22 and 0.32 before upgrading to Strimzi 0.32 or newer.
    Please follow the docs for more details.
  • The spec.authorization.acls[*].operation field in the KafkaUser resource has been deprecated in favour of the field
    spec.authorization.acls[*].operations which allows to set multiple operations per ACLRule.

v0.31.1

Compare Source

  • Kafka 3.1.2 and 3.2.3 (fixes CVE-2022-34917)
  • Make sasl.server.max.receive.size broker option user configurable
  • Documentation improvements
  • Configuring number of operator replicas through the Strimzi Helm Chart
  • Update Strimzi Kafka Bridge to 0.22.1

v0.31.0

Compare Source

  • Add support for Kafka 3.2.1
  • Update Kaniko builder to 1.9.0 and Maven builder to 1.14
  • Update Kafka Exporter to 1.6.0
  • Pluggable Pod Security Profiles with built-in support for restricted Kubernetes Security Profile
  • Add support for leader election and running multiple operator replicas (1 active leader replicas and one or more stand-by replicas)
  • Update Strimzi Kafka Bridge to 0.22.0
  • Add support for IPv6 addresses being used in Strimzi issued certificates
  • Make it easier to wait for custom resource readiness when using the Strimzi api module
  • Add StrimziPodSet reconciliation metrics
Deprecations and removals
  • Strimzi 0.31.0 (and any possible patch releases) is the last Strimzi version with support for Kubernetes 1.16, 1.17 and 1.18.
    From Strimzi 0.32.0 on, we will support only Kubernetes 1.19 and newer.
    The supported Kubernetes versions will be re-evaluated again in Q1/2023.
  • The type: jaeger tracing support based on Jaeger clients and OpenTracing API is now deprecated.
    Because the Jaeger clients are retired and the OpenTracing project is archived, we cannot guarantee their support for future Kafka versions.
    In the future, we plan to replace it with a new tracing feature based on the OpenTelemetry project.

v0.30.0

Compare Source

  • Remove Kafka 3.0.0 and 3.0.1
  • Add support for simple authorization and for the User Operator to the experimental UseKRaft feature gate
    (Note: Due to KAFKA-13909, broker restarts currently don't work when authorization is enabled.)
  • Add network capacity overrides for Cruise Control capacity config
  • The ServiceAccountPatching feature gate moves to GA.
    It cannot be disabled anymore and will be permanently enabled.
  • The UseStrimziPodSets feature gate moves to beta stage.
    By default, StrimziPodSets are used instead of StatefulSets.
    If needed, UseStrimziPodSets can be disabled in the feature gates configuration in the Cluster Operator.
  • Use better encryption and digest algorithms when creating the PKCS12 stores.
    For existing clusters, the certificates will not be updated during upgrade but only next time the PKCS12 store is created.
  • Add CPU capacity overrides for Cruise Control capacity config
  • Use CustomResource existing spec and status to fix Quarkus native build's serialization
  • Update JMX Exporter to version 0.17.0
  • Operator emits Kubernetes Events to explain why it restarted a Kafka broker
  • Better configurability of the Kafka Admin client in the User Operator
  • Update Strimzi Kafka Bridge to 0.21.6

Configuration

📅 Schedule: Branch creation - "before 6am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/strimzi-kafka-operator-0.x branch from 4e50a32 to a0a8f29 Compare November 4, 2024 16:13
@renovate renovate bot force-pushed the renovate/strimzi-kafka-operator-0.x branch from a0a8f29 to acf3cb6 Compare November 12, 2024 19:36
@renovate renovate bot force-pushed the renovate/strimzi-kafka-operator-0.x branch 2 times, most recently from c566759 to 32bae47 Compare December 2, 2024 16:54
@renovate renovate bot force-pushed the renovate/strimzi-kafka-operator-0.x branch 2 times, most recently from f6af06b to c3a1798 Compare December 17, 2024 17:58
@renovate renovate bot changed the title Update Helm release strimzi-kafka-operator to v0.44.0 Update Helm release strimzi-kafka-operator to v0.45.0 Dec 17, 2024
@renovate renovate bot force-pushed the renovate/strimzi-kafka-operator-0.x branch from c3a1798 to f5597d9 Compare January 6, 2025 16:46
@renovate renovate bot force-pushed the renovate/strimzi-kafka-operator-0.x branch from f5597d9 to 7b316b1 Compare January 6, 2025 16:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants