Skip to content

0.33.0

Compare
Choose a tag to compare
@scholzj scholzj released this 25 Jan 11:12
· 1483 commits to main since this release

Main changes since 0.32

⚠️ Important: Strimzi 0.33.0 supports only Kubernetes 1.19 and newer! Kubernetes versions 1.16, 1.17 and 1.18 are not supported anymore since Strimzi 0.32.

⚠️ Important: Direct upgrade from Strimzi 0.22 or earlier is not supported anymore!

New features and improvements

  • Add support for Kafka 3.3.2
  • Support loadBalancerClass attribute in listeners with type loadbalancer
  • Support for automatically restarting failed Connect or Mirror Maker 2 connectors
  • Redesign of Strimzi User Operator to improve its scalability
  • Use Java 17 as the runtime for all containers and language level for all modules except api, crd-generator, crd-annotations, and test
  • Improved FIPS (Federal Information Processing Standards) support
  • Moved from using the Jaeger exporter to OTLP exporter by default
  • Kafka Exporter support for Recreate deployment strategy
  • ImageStream validation for Kafka Connect builds on OpenShift
  • Support for configuring the metadata for the Role / RoleBinding of Entity Operator
  • Add liveness and readiness probes specifically for nodes running in KRaft combined mode
  • Upgrade HTTP bridge to latest 0.24.0 release

Known issues

  • The TLS passthrough feature of the Ingress-NGINX Controller for Kubernetes is not compatible with some TLS features supported by Java 17 such as the session tickets extension.
    If you use type: ingress listener with enabled mTLS authentication, we recommend you to test if your clients are affected or not.
    If needed, you can also disable the session ticket extension in the Kafka brokers in your Kafka custom resource by setting the jdk.tls.server.enableSessionTicketExtension Java system property to false:
    apiVersion: kafka.strimzi.io/v1beta2
    kind: Kafka
    metadata:
      # ...
    spec:
      # ...
      kafka:
        jvmOptions:
          javaSystemProperties:
            - name: jdk.tls.server.enableSessionTicketExtension
              value: "false"
      # ...
    For more details, see kubernetes/ingress-nginx#9540.

Notable changes, deprecations, and removals

  • The UseStrimziPodSet feature gate will move to GA in Strimzi 0.35. Support for StatefulSets will be removed from Strimzi right after the 0.34 release. Please use the Strimzi 0.33 release to test StrimziPodSets in your environment and report any major or blocking issues before the StatefulSet support is removed.
  • The default length of any new SCRAM-SHA-512 passwords will be 32 characters instead of 12 characters used in the previous Strimzi versions. Existing passwords will not be affected by this change until they are regenerated (for example because the user secret is deleted). If you want to keep using the original password length, you can set it using the STRIMZI_SCRAM_SHA_PASSWORD_LENGTH environment variable in .spec.entityOperator.template.userOperatorContainer.env in the Kafka custom resource or in the
    Deployment of the standalone User Operator.
    userOperatorContainer:
      env:
        - name: STRIMZI_SCRAM_SHA_PASSWORD_LENGTH
          value: "12"
  • In previous versions, the ssl.secure.random.implementation option in Kafka brokers was always set to SHA1PRNG. From Strimzi 0.33 on, it is using the default SecureRandom implementation from the Java Runtime. If you want to keep using SHA1PRNG as your SecureRandom, you can configure it in .spec.kafka.config in your Kafka custom resource.
  • Support for JmxTrans in Strimzi is deprecated. It is currently planned to be removed in Strimzi 0.35.0.
  • Support for type: jaeger tracing based on Jaeger clients and OpenTracing API was deprecated in the Strimzi 0.31 release. As the Jaeger clients are retired and the OpenTracing project is archived, we cannot guarantee their support for future versions. In Strimzi 0.32 and 0.33, we added support for OpenTelemetry tracing as a replacement. If possible, we will maintain the support for type: jaeger tracing until June 2023 and remove it afterward. Please migrate to OpenTelemetry as soon as possible.
  • When OpenTelemetry is enabled for tracing, starting from this release, the operator configures the OTLP exporter instead of the Jaeger one by default. The Jaeger exporter is even not included in the Kafka images anymore, so if you want to use it you have to add the binary by yourself. The OTEL_EXPORTER_OTLP_ENDPOINT environment variable has to be used instead of the OTEL_EXPORTER_JAEGER_ENDPOINT in order to specify the OTLP endpoint to send traces to. If you are using Jaeger as the backend system for tracing, you need to have 1.35 release at least which is the first one exposing an OTLP endpoint.

All changes can be found under the 0.33.0 milestone.

Upgrading from Strimzi 0.32.0

See the documentation for upgrade instructions.

Upgrading from Strimzi 0.22 or earlier

Direct upgrade from Strimzi 0.22 or earlier is not supported anymore! You have to upgrade first to one of the previous versions of Strimzi. You will also need to convert the CRD resources. For more details, see the documentation.