Releases: strimzi/strimzi-kafka-operator
0.34.0
Main changes since 0.33
New features and improvements
- Add support for Kafka 3.4.0 and remove support for Kafka 3.2.x
- Stable Pod identities for Kafka Connect and MirrorMaker 2 (Feature Gate
StableConnectIdentities
) - Use JDK HTTP client in the Kubernetes client instead of the OkHttp client
- Add TLS truststore configuration for HTTPS connections to OPA server
- Add image digest support in Helm chart
- Update Strimzi HTTP Bridge to 0.25.0 and strimzi Oauth to 0.12.0
All changes can be found under the 0.34.0 milestone.
Upgrading from Strimzi 0.33.0
See the documentation for upgrade instructions.
Upgrading from Strimzi 0.22 or earlier
Direct upgrade from Strimzi 0.22 or earlier is not supported anymore! You have to upgrade first to one of the previous versions of Strimzi. You will also need to convert the CRD resources. For more details, see the documentation.
Container images
The following container images are part of this release:
Name | Image |
---|---|
Operators | quay.io/strimzi/operator@sha256:f4ee3ca482a2dd19785f59634578a0850273444c1173a5699a99cf02f3a018fe |
Apache Kafka 3.3.1 | quay.io/strimzi/kafka@sha256:1da35fd7b36b113d1343e254fdc6efd97ca8660cc7977d8985aa3a3547d5ebb1 |
Apache Kafka 3.3.2 | quay.io/strimzi/kafka@sha256:1ace2cc0db9653ac1b388477fa56c3c1cd97c7b3846eba3c7824dc58ea179476 |
Apache Kafka 3.4.0 | quay.io/strimzi/kafka@sha256:37cf8d0fea1d2078511920190a72b49977ff4047b6ecbfed6b394c6f9e1e2ff0 |
Strimzi Bridge | quay.io/strimzi/kafka-bridge@sha256:51babca0f7a328f4db005c6a16daa8ac4a4306c46fe3ca89382919134aa09179 |
JMX Trans | quay.io/strimzi/jmxtrans@sha256:62272e8a03da2144340bd7267f7a824d1ed70f4f3e30dc7aadfba9ee1b9baf76 |
Kaniko executor | quay.io/strimzi/kaniko-executor@sha256:dc27d8aeb851245c79fb7276febe98769cc098d678bea096b338caaaf111dd27 |
Maven Builder | quay.io/strimzi/maven-builder@sha256:f781b6b857d437c2de62585462e97b9fae357912c9f6711c1df39f431278878d |
0.34.0-rc1
Main changes since 0.33
New features and improvements
- Add support for Kafka 3.4.0 and remove support for Kafka 3.2.x
- Stable Pod identities for Kafka Connect and MirrorMaker 2 (Feature Gate
StableConnectIdentities
) - Use JDK HTTP client in the Kubernetes client instead of the OkHttp client
- Add TLS truststore configuration for HTTPS connections to OPA server
- Add image digest support in Helm chart
- Update Strimzi HTTP Bridge to 0.25.0 and strimzi Oauth to 0.12.0
All changes can be found under the 0.34.0 milestone.
Maven artifacts
To test the Maven artifacts which are part of this release, use the staging repository by including the following in your pom.xml
:
<repositories>
<repository>
<id>staging</id>
<url>https://oss.sonatype.org/content/repositories/iostrimzi-1177/</url>
</repository>
</repositories>
Upgrading from Strimzi 0.33.0
See the documentation for upgrade instructions.
Upgrading from Strimzi 0.22 or earlier
Direct upgrade from Strimzi 0.22 or earlier is not supported anymore! You have to upgrade first to one of the previous versions of Strimzi. You will also need to convert the CRD resources. For more details, see the documentation.
0.33.2
Main changes since 0.33.1
Bug Fixes
- Support for Kafka 3.4.0 which fixes CVE-2023-25194
- Fix RBAC files in standalone User Operator installation files
0.33.2-rc1
Main changes since 0.33.1
Bug Fixes
- Support for Kafka 3.4.0 which fixes CVE-2023-25194
- Fix RBAC files in standalone User OPerator installation files
0.33.1
Main changes since 0.33.0
Bug Fixes
- Remove the
Lease
resource from installation files
0.33.1-rc1
Main changes since 0.33.0
Bug Fixes
- Remove the
Lease
resource from installation files
Maven artifacts
To test the Maven artifacts which are part of this release, use the staging repository by including the following in your pom.xml
:
<repositories>
<repository>
<id>staging</id>
<url>https://oss.sonatype.org/content/repositories/iostrimzi-1170/</url>
</repository>
</repositories>
0.33.0
Main changes since 0.32
New features and improvements
- Add support for Kafka 3.3.2
- Support
loadBalancerClass
attribute in listeners with typeloadbalancer
- Support for automatically restarting failed Connect or Mirror Maker 2 connectors
- Redesign of Strimzi User Operator to improve its scalability
- Use Java 17 as the runtime for all containers and language level for all modules except
api
,crd-generator
,crd-annotations
, andtest
- Improved FIPS (Federal Information Processing Standards) support
- Moved from using the Jaeger exporter to OTLP exporter by default
- Kafka Exporter support for
Recreate
deployment strategy ImageStream
validation for Kafka Connect builds on OpenShift- Support for configuring the metadata for the Role / RoleBinding of Entity Operator
- Add liveness and readiness probes specifically for nodes running in KRaft combined mode
- Upgrade HTTP bridge to latest 0.24.0 release
Known issues
- The TLS passthrough feature of the Ingress-NGINX Controller for Kubernetes is not compatible with some TLS features supported by Java 17 such as the session tickets extension.
If you usetype: ingress
listener with enabled mTLS authentication, we recommend you to test if your clients are affected or not.
If needed, you can also disable the session ticket extension in the Kafka brokers in yourKafka
custom resource by setting thejdk.tls.server.enableSessionTicketExtension
Java system property tofalse
:For more details, see kubernetes/ingress-nginx#9540.apiVersion: kafka.strimzi.io/v1beta2 kind: Kafka metadata: # ... spec: # ... kafka: jvmOptions: javaSystemProperties: - name: jdk.tls.server.enableSessionTicketExtension value: "false" # ...
Notable changes, deprecations, and removals
- The
UseStrimziPodSet
feature gate will move to GA in Strimzi 0.35. Support for StatefulSets will be removed from Strimzi right after the 0.34 release. Please use the Strimzi 0.33 release to test StrimziPodSets in your environment and report any major or blocking issues before the StatefulSet support is removed. - The default length of any new SCRAM-SHA-512 passwords will be 32 characters instead of 12 characters used in the previous Strimzi versions. Existing passwords will not be affected by this change until they are regenerated (for example because the user secret is deleted). If you want to keep using the original password length, you can set it using the
STRIMZI_SCRAM_SHA_PASSWORD_LENGTH
environment variable in.spec.entityOperator.template.userOperatorContainer.env
in theKafka
custom resource or in the
Deployment
of the standalone User Operator.userOperatorContainer: env: - name: STRIMZI_SCRAM_SHA_PASSWORD_LENGTH value: "12"
- In previous versions, the
ssl.secure.random.implementation
option in Kafka brokers was always set toSHA1PRNG
. From Strimzi 0.33 on, it is using the default SecureRandom implementation from the Java Runtime. If you want to keep usingSHA1PRNG
as your SecureRandom, you can configure it in.spec.kafka.config
in yourKafka
custom resource. - Support for JmxTrans in Strimzi is deprecated. It is currently planned to be removed in Strimzi 0.35.0.
- Support for
type: jaeger
tracing based on Jaeger clients and OpenTracing API was deprecated in the Strimzi 0.31 release. As the Jaeger clients are retired and the OpenTracing project is archived, we cannot guarantee their support for future versions. In Strimzi 0.32 and 0.33, we added support for OpenTelemetry tracing as a replacement. If possible, we will maintain the support fortype: jaeger
tracing until June 2023 and remove it afterward. Please migrate to OpenTelemetry as soon as possible. - When OpenTelemetry is enabled for tracing, starting from this release, the operator configures the OTLP exporter instead of the Jaeger one by default. The Jaeger exporter is even not included in the Kafka images anymore, so if you want to use it you have to add the binary by yourself. The
OTEL_EXPORTER_OTLP_ENDPOINT
environment variable has to be used instead of theOTEL_EXPORTER_JAEGER_ENDPOINT
in order to specify the OTLP endpoint to send traces to. If you are using Jaeger as the backend system for tracing, you need to have 1.35 release at least which is the first one exposing an OTLP endpoint.
All changes can be found under the 0.33.0 milestone.
Upgrading from Strimzi 0.32.0
See the documentation for upgrade instructions.
Upgrading from Strimzi 0.22 or earlier
Direct upgrade from Strimzi 0.22 or earlier is not supported anymore! You have to upgrade first to one of the previous versions of Strimzi. You will also need to convert the CRD resources. For more details, see the documentation.
0.33.0-rc1
Main changes since 0.32
New features and improvements
- Add support for Kafka 3.3.2
- Support
loadBalancerClass
attribute in listeners with typeloadbalancer
- Support for automatically restarting failed Connect or Mirror Maker 2 connectors
- Redesign of Strimzi User Operator to improve its scalability
- Use Java 17 as the runtime for all containers and language level for all modules except
api
,crd-generator
,crd-annotations
, andtest
- Improved FIPS (Federal Information Processing Standards) support
- Moved from using the Jaeger exporter to OTLP exporter by default
- Kafka Exporter support for
Recreate
deployment strategy ImageStream
validation for Kafka Connect builds on OpenShift- Support for configuring the metadata for the Role / RoleBinding of Entity Operator
- Add liveness and readiness probes specifically for nodes running in KRaft combined mode
- Upgrade HTTP bridge to latest 0.24.0 release
Notable changes, deprecations, and removals
- The
UseStrimziPodSet
feature gate will move to GA in Strimzi 0.35. Support for StatefulSets will be removed from Strimzi right after the 0.34 release. Please use the Strimzi 0.33 release to test StrimziPodSets in your environment and report any major or blocking issues before the StatefulSet support is removed. - The default length of any new SCRAM-SHA-512 passwords will be 32 characters instead of 12 characters used in the previous Strimzi versions. Existing passwords will not be affected by this change until they are regenerated (for example because the user secret is deleted). If you want to keep using the original password length, you can set it using the
STRIMZI_SCRAM_SHA_PASSWORD_LENGTH
environment variable in.spec.entityOperator.template.userOperatorContainer.env
in theKafka
custom resource or in the
Deployment
of the standalone User Operator.userOperatorContainer: env: - name: STRIMZI_SCRAM_SHA_PASSWORD_LENGTH value: "12"
- In previous versions, the
ssl.secure.random.implementation
option in Kafka brokers was always set toSHA1PRNG
. From Strimzi 0.33 on, it is using the default SecureRandom implementation from the Java Runtime. If you want to keep usingSHA1PRNG
as your SecureRandom, you can configure it in.spec.kafka.config
in yourKafka
custom resource. - Support for JmxTrans in Strimzi is deprecated. It is currently planned to be removed in Strimzi 0.35.0.
- Support for
type: jaeger
tracing based on Jaeger clients and OpenTracing API was deprecated in the Strimzi 0.31 release. As the Jaeger clients are retired and the OpenTracing project is archived, we cannot guarantee their support for future versions. In Strimzi 0.32 and 0.33, we added support for OpenTelemetry tracing as a replacement. If possible, we will maintain the support fortype: jaeger
tracing until June 2023 and remove it afterward. Please migrate to OpenTelemetry as soon as possible. - When OpenTelemetry is enabled for tracing, starting from this release, the operator configures the OTLP exporter instead of the Jaeger one by default. The Jaeger exporter is even not included in the Kafka images anymore, so if you want to use it you have to add the binary by yourself. The
OTEL_EXPORTER_OTLP_ENDPOINT
environment variable has to be used instead of theOTEL_EXPORTER_JAEGER_ENDPOINT
in order to specify the OTLP endpoint to send traces to. If you are using Jaeger as the backend system for tracing, you need to have 1.35 release at least which is the first one exposing an OLTP endpoint.
All changes can be found under the 0.33.0 milestone.
Maven artifacts
To test the Maven artifacts which are part of this release, use the staging repository by including the following in your pom.xml
:
<repositories>
<repository>
<id>staging</id>
<url>https://oss.sonatype.org/content/repositories/iostrimzi-1169/</url>
</repository>
</repositories>
Upgrading from Strimzi 0.32.0
See the documentation for upgrade instructions.
Upgrading from Strimzi 0.22 or earlier
Direct upgrade from Strimzi 0.22 or earlier is not supported anymore! You have to upgrade first to one of the previous versions of Strimzi. You will also need to convert the CRD resources. For more details, see the documentation.
0.32.0
Main changes since 0.31
- Add support for Kafka 3.3.1 and remove support for Kafka 3.1.0, 3.1.1, and 3.1.2
- Update KafkaConnector CR status so the 'NotReady' condition is added if the connector or any tasks are reporting a 'FAILED' state.
- Add auto-approval mechanism on KafkaRebalance resource when an optimization proposal is ready
- The
ControlPlaneListener
feature gate moves to GA - Add client rack-awareness support to Strimzi Bridge pods
- Add support for OpenTelemetry for distributed tracing
- ZookeeperRoller considers unready pods
- Support multiple operations per ACLRule
- Add new listener type "cluster-ip" which is using per-broker services instead of the pod DNS names
- Update Strimzi OAuth library to 0.11.0
All changes can be found under the 0.32.0 milestone.
This release has OpenTelemetry support by using the Jaeger exporter by default.
This exporter needs a Jaeger endpoint to send traces to.
OpenTelemetry project encourages use of the OLTP exporter and will deprecate and remove the Jaeger exporter in the future.
For this reason, the Strimzi project is going to move from the Jaeger exporter to the OTLP exporter for the next releases.
In order to use it, the minimum version of the Jaeger backend has to be 1.35 because it's the first version exposing an OLTP endpoint for getting traces from such an OLTP exporter.
When the migration is done, Strimzi users can still use the Jaeger exporter if they want by building their own image with the opentelemetry-exporter-jaeger library and setting OTEL_TRACES_EXPORTER=jaeger environment variable.
Upgrading from Strimzi 0.31.0
See the documentation for upgrade instructions.
Upgrading from Strimzi 0.22 or earlier
Direct upgrade from Strimzi 0.22 or earlier is not supported anymore! You have to upgrade first to one of the previous versions of Strimzi. You will also need to convert the CRD resources. For more details, see the documentation.
0.32.0-rc1
Main changes since 0.31
Important: From Strimzi 0.32.0, Strimzi supports only Kubernetes 1.19 and newer! Kubernetes versions 1.16, 1.17 and 1.18 are not supported anymore.
Important: Direct upgrade from Strimzi 0.22 or earlier is not supported anymore!
- Add support for Kafka 3.3.1 and remove support for Kafka 3.1.0, 3.1.1, and 3.1.2
- Update KafkaConnector CR status so the 'NotReady' condition is added if the connector or any tasks are reporting a 'FAILED' state.
- Add auto-approval mechanism on KafkaRebalance resource when an optimization proposal is ready
- The
ControlPlaneListener
feature gate moves to GA - Add client rack-awareness support to Strimzi Bridge pods
- Add support for OpenTelemetry for distributed tracing
- ZookeeperRoller considers unready pods
- Support multiple operations per ACLRule
- Add new listener type "cluster-ip" which is using per-broker services instead of the pod DNS names
- Update Strimzi OAuth library to 0.11.0
All changes can be found under the 0.32.0 milestone.
Maven artifacts
To test the Maven artifacts which are part of this release, use the staging repository by including following in your pom.xml
:
<repositories>
<repository>
<id>staging</id>
<url>https://oss.sonatype.org/content/repositories/iostrimzi-1204</url>
</repository>
</repositories>
Upgrading from Strimzi 0.31.0
See the documentation for upgrade instructions.
Upgrading from Strimzi 0.22 or earlier
Direct upgrade from Strimzi 0.22 or earlier is not supported anymore! You have to upgrade first to one of the previous versions of Strimzi. You will also need to convert the CRD resources. For more details, see the documentation.