Can I secure Prometheus/JMX monitoring Network Policies?
David Lynn <david.james.lynn@...>
Hi,
I am currently using strimzi with monitoring enabled. I am also using Network Policies to secure my cluster communication.
I have found a method to secure my listeners to allow specific sources to be accessed:
However Strimzi also creates network policies for the Prometheus/JMX ports, and I have been currently unable to see where I would specify the networkPolicyPeers required to restrict communication.
I believe I cannot add these to the listeners, as described in this comment:
Is there somewhere where I can add the Network Policy restrictions for port 9404 (Prometheus) and 9999 (JMX)?
Thanks,
David
David
Re: Does kafka-http bridge work with https?
Jakub Scholz
Hi,
The Bridge does not support HTTPS directly. The expectation is that you would front it with some Ingress, Proxy or API Gateway which will be able to add you things such as HTTPS encryption, authentication etc.
Thanks & Regards
Jakub
On Mon, May 3, 2021 at 10:59 PM Hamza Aslam <hamza.aslam@...> wrote:
Hi,
I successfully used the kafka HTTP bridge to implement a realtime notification system and realized that it is not set up with HTTPS, Is there a way around that?
Sincerely,
Hamza Aslam, Software Engineer
Mercury Broadband | 1100 Walnut St, Suite 2050 | Kansas City, Missouri 64106
O - | www.mercurybroadband.com
Does kafka-http bridge work with https?
Hamza Aslam <hamza.aslam@...>
Hi,
I successfully used the kafka HTTP bridge to implement a realtime notification system and realized that it is not set up with HTTPS, Is there a way around that?
Sincerely,
Hamza Aslam, Software Engineer
Mercury Broadband | 1100 Walnut St, Suite 2050 | Kansas City, Missouri
64106
O - | www.mercurybroadband.com
[ANNOUNCE] [RELEASE] Strimzi Kafka OAuth library 0.7.2 released
Jakub Scholz
Hi,
Version 0.7.2 of the Strimzi Kafka OAuth library is now available: https://github.com/strimzi/strimzi-kafka-oauth/releases/tag/0.7.2.
Version 0.7.2 of the Strimzi Kafka OAuth library is now available: https://github.com/strimzi/strimzi-kafka-oauth/releases/tag/0.7.2.
The main change since 0.7.1 is an improvement to OAuth over SASL-PLAIN:
For more details about the new features see the RELEASE_NOTES and the README files. All changes can be found under the 0.7.2 milestone.
Thanks to everyone who contributed to this release!
Thanks & Regards
* Introduced 'no-client-credentials' mode with OAuth over PLAIN (#107)
For more details about the new features see the RELEASE_NOTES and the README files. All changes can be found under the 0.7.2 milestone.
Thanks to everyone who contributed to this release!
Thanks & Regards
Strimzi team
Re: Reg: Setting up strimzi kafka with own CA certs
Tom Bentley
FWIW I am in the process of rewriting the certificate handling to support more flexible CA hierarchies (and other things) for the "cluster CA" and "clients CA". It's still some way off a PR, but it would support having brokers trust a given root CA certificate (without access to the key), but issuing using an intermediate certificate, which sounds like what you want.
Kind regards,
Tom
On Thu, Apr 15, 2021 at 5:10 PM Jakub Scholz <jakub@...> wrote:
Strimzi needs to issue the certificates for the different components to secure them. That is why it needs a CA which can do that. If you use server certificate to issue new certs, properly written applications should reject it. If you want to use a server certificate, you should check the listener certificates, where you can provide only a server certificate and it will be used only for a given listener but not to secure replication etc.: https://strimzi.io/docs/operators/latest/full/using.html#kafka-listener-certificates-strJakubOn Thu, Apr 15, 2021 at 3:00 PM Nag Raj <tsnagraj.08@...> wrote:Hi team,I was deploying strimzi kafka with own CA certs, my organization provides CA.crt, rootCA and intermediate CA. But in the strimzi documentation, to implement this scenario we need to have CA.Key as well which is not provided by my organization. Is there any way we can implement this use case without CA. Key. Thank you.Regards,Raj
Re: Reg: Setting up strimzi kafka with own CA certs
Jakub Scholz
Strimzi needs to issue the certificates for the different components to secure them. That is why it needs a CA which can do that. If you use server certificate to issue new certs, properly written applications should reject it. If you want to use a server certificate, you should check the listener certificates, where you can provide only a server certificate and it will be used only for a given listener but not to secure replication etc.: https://strimzi.io/docs/operators/latest/full/using.html#kafka-listener-certificates-str
Jakub
On Thu, Apr 15, 2021 at 3:00 PM Nag Raj <tsnagraj.08@...> wrote:
Hi team,I was deploying strimzi kafka with own CA certs, my organization provides CA.crt, rootCA and intermediate CA. But in the strimzi documentation, to implement this scenario we need to have CA.Key as well which is not provided by my organization. Is there any way we can implement this use case without CA. Key. Thank you.Regards,Raj
Reg: Setting up strimzi kafka with own CA certs
Nag Raj
Hi team,
I was deploying strimzi kafka with own CA certs, my organization provides CA.crt, rootCA and intermediate CA. But in the strimzi documentation, to implement this scenario we need to have CA.Key as well which is not provided by my organization. Is there any way we can implement this use case without CA. Key. Thank you.
Regards,
Raj
Re: FW: Questions about setting up kafka-http bridge
Jakub Scholz
Hi Hamze,
Thanks & Regards
Jakub
On Tue, Apr 6, 2021 at 8:48 PM Hamza Aslam <hamza.aslam@...> wrote:
I was able to start it up. My postman keeps giving me a 415 format not supported error how do we fix that?
Sincerely,
Hamza Aslam, Software Engineer
Mercury Broadband | 1100 Walnut St, Suite 2050 | Kansas City, Missouri 64106
O - | www.mercurybroadband.comFrom: Hamza Aslam <hamza.aslam@...>
Sent: Tuesday, April 6, 2021 11:18 AM
To: cncf-strimzi-dev@...
Subject: Questions about setting up kafka-http bridge
Hi
I am trying to set up the kafka-http bridge so I can read from and write to a topic. I had the kafka-connect running which I halted and ran the bridge but the get requests say that the server isn’t up even though I ran the bridge and it did not give me any errors and looks like its running. On github it says to edit the applications file but I don’t think anything needs to be changed or updated there. What am I missing. The documentation on the website doesn’t have step by step instructions which I am afraid I will need
Kind regards
Hamza
Sincerely,
Hamza Aslam, Software Engineer
Mercury Broadband | 1100 Walnut St, Suite 2050 | Kansas City, Missouri 64106
O - | www.mercurybroadband.com
FW: Questions about setting up kafka-http bridge
Hamza Aslam <hamza.aslam@...>
I was able to start it up. My postman keeps giving me a 415 format not supported error how do we fix that?
Sincerely,
Hamza Aslam, Software Engineer
Mercury Broadband | 1100 Walnut St, Suite 2050 | Kansas City, Missouri
64106
O - | www.mercurybroadband.com
From: Hamza Aslam <hamza.aslam@...>
Sent: Tuesday, April 6, 2021 11:18 AM
To: cncf-strimzi-dev@...
Subject: Questions about setting up kafka-http bridge
Sent: Tuesday, April 6, 2021 11:18 AM
To: cncf-strimzi-dev@...
Subject: Questions about setting up kafka-http bridge
Hi
I am trying to set up the kafka-http bridge so I can read from and write to a topic. I had the kafka-connect running which I halted and ran the bridge but the get requests say that the server isn’t up even though I ran the bridge and it did not give me any errors and looks like its running. On github it says to edit the applications file but I don’t think anything needs to be changed or updated there. What am I missing. The documentation on the website doesn’t have step by step instructions which I am afraid I will need
Kind regards
Hamza
Sincerely,
Hamza Aslam, Software Engineer
Mercury Broadband | 1100 Walnut St, Suite 2050 | Kansas City, Missouri 64106
O - | www.mercurybroadband.com
Questions about setting up kafka-http bridge
Hamza Aslam <hamza.aslam@...>
Hi
I am trying to set up the kafka-http bridge so I can read from and write to a topic. I had the kafka-connect running which I halted and ran the bridge but the get requests say that the server isn’t up even though I ran the bridge and it did not give me any errors and looks like its running. On github it says to edit the applications file but I don’t think anything needs to be changed or updated there. What am I missing. The documentation on the website doesn’t have step by step instructions which I am afraid I will need
Kind regards
Hamza
Sincerely,
Hamza Aslam, Software Engineer
Mercury Broadband | 1100 Walnut St, Suite 2050 | Kansas City, Missouri
64106
O - | www.mercurybroadband.com
[ANNOUNCE] [RELEASE] Strimzi Kafka Operators 0.22.1 released
Jakub Scholz
Strimzi Operators 0.22.1 which addresses the known issues from 0.22.0 release is now available:
* Do not use ownerReference for Entity Operator role in separate watched namespace (#4588)
* Minor documentation and system test improvements
For more details, see the 0.22.1 release on GitHub. See the 0.22.0 release for information about CRD upgrades, deprecations and removals.
For more details, see the 0.22.1 release on GitHub. See the 0.22.0 release for information about CRD upgrades, deprecations and removals.
Thanks to everyone who contributed to this release!
[ANNOUNCE] [RELEASE] Strimzi Kafka Operators 0.22.0 released
Jakub Scholz
Strimzi Operators 0.22.0 has been released with a lot of changes and improvements.
This release introduces new API version `v1beta2` to all Strimzi custom resources. This is a preparation for migration to `apiextensions/v1` which is needed because Kubernetes 1.22 will remove support for `apiextensions/v1beta1`. Migration to `v1beta2` needs to be completed for all Strimzi CRDs and CRs after the upgrade to 0.22 is done and before upgrading to Strimzi 0.23 which will support only Strimzi `v1beta2` APIs and `apiextensions/v1` CRDs. For more details about the CRD upgrades, see the documentation: https://strimzi.io/docs/operators/0.22.0/deploying.html#assembly-upgrade-resources-str
The main changes since the 0.21 release include:
* Add `v1beta2` version for all resources. `v1beta2` removes all deprecated fields.
* Add annotations that enable the operator to restart Kafka Connect connectors or tasks. The annotations can be applied to the KafkaConnector and the KafkaMirrorMaker2 custom resources.
* Add additional configuration options for the Kaniko executor used by the Kafka Connect Build on Kubernetes
* Add support for JMX options configuration of all Kafka Connect (KC, KC2SI, MM2)
* Update Strimzi Kafka OAuth to version 0.7 and add support for new features:
* OAuth authentication over SASL PLAIN mechanism
* Checking token audience
* Validating tokens using JSONPath filter queries to perform custom checks
* Fix Cruise Control crash loop when updating container configurations
* Configure external logging `ConfigMap` name and key.
* Add support for configuring labels and annotations in ClusterRoleBindings created as part of Kafka and Kafka Connect clusters
* Add support for Ingress v1 in Kubernetes 1.19 and newer
* Add support for Kafka 2.6.1
* List topics used by a Kafka Connect connector in the `.status` section of the `KafkaConnector` custom resource
* Bump Cruise Control to v2.5.37 for Kafka 2.7 support. Note this new version of Cruise Control uses `Log4j 2` and is supported by dynamic logging configuration (where logging properties are defined in a ConfigMap). However, existing `Log4j` configurations must be updated to `Log4j 2` configurations.
* Support pausing reconciliation of CR with annotation `strimzi.io/pause-reconciliation`
* Add annotations that enable the operator to restart Kafka Connect connectors or tasks. The annotations can be applied to the KafkaConnector and the KafkaMirrorMaker2 custom resources.
* Add additional configuration options for the Kaniko executor used by the Kafka Connect Build on Kubernetes
* Add support for JMX options configuration of all Kafka Connect (KC, KC2SI, MM2)
* Update Strimzi Kafka OAuth to version 0.7 and add support for new features:
* OAuth authentication over SASL PLAIN mechanism
* Checking token audience
* Validating tokens using JSONPath filter queries to perform custom checks
* Fix Cruise Control crash loop when updating container configurations
* Configure external logging `ConfigMap` name and key.
* Add support for configuring labels and annotations in ClusterRoleBindings created as part of Kafka and Kafka Connect clusters
* Add support for Ingress v1 in Kubernetes 1.19 and newer
* Add support for Kafka 2.6.1
* List topics used by a Kafka Connect connector in the `.status` section of the `KafkaConnector` custom resource
* Bump Cruise Control to v2.5.37 for Kafka 2.7 support. Note this new version of Cruise Control uses `Log4j 2` and is supported by dynamic logging configuration (where logging properties are defined in a ConfigMap). However, existing `Log4j` configurations must be updated to `Log4j 2` configurations.
* Support pausing reconciliation of CR with annotation `strimzi.io/pause-reconciliation`
There are also several deprecations and removals and one known issue. For more details and installation files, go to https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.22.0
Thanks to everyone who contributed to this release!
RC1 of Strimzi Operators 0.22.0
Jakub Scholz
Release Candidate 1 of Strimzi Operators 0.22.0 is now available for testing with a lot of changes and improvements.
This release introduces new API version `v1beta2` to all Strimzi custom resources. This is a preparation for migration to `apiextensions/v1` which is needed because Kubernetes 1.22 will remove support for `apiextensions/v1beta1`. Migration to `v1beta2` needs to be completed for all Strimzi CRDs and CRs after the upgrade to 0.22 is done and before upgrading to Strimzi 0.23 which will support only Strimzi `v1beta2` APIs and `apiextensions/v1` CRDs. For more details about the CRD upgrades, see the documentation: https://strimzi.io/docs/operators/master/deploying.html#assembly-upgrade-resources-str
The main changes since the 0.21 release include:
* Add `v1beta2` version for all resources. `v1beta2` removes all deprecated fields.
* Add annotations that enable the operator to restart Kafka Connect connectors or tasks. The annotations can be applied to the KafkaConnector and the KafkaMirrorMaker2 custom resources.
* Add additional configuration options for the Kaniko executor used by the Kafka Connect Build on Kubernetes
* Add support for JMX options configuration of all Kafka Connect (KC, KC2SI, MM2)
* Update Strimzi Kafka OAuth to version 0.7 and add support for new features:
* OAuth authentication over SASL PLAIN mechanism
* Checking token audience
* Validating tokens using JSONPath filter queries to perform custom checks
* Fix Cruise Control crash loop when updating container configurations
* Configure external logging `ConfigMap` name and key.
* Add support for configuring labels and annotations in ClusterRoleBindings created as part of Kafka and Kafka Connect clusters
* Add support for Ingress v1 in Kubernetes 1.19 and newer
* Add support for Kafka 2.6.1
* List topics used by a Kafka Connect connector in the `.status` section of the `KafkaConnector` custom resource
* Bump Cruise Control to v2.5.37 for Kafka 2.7 support. Note this new version of Cruise Control uses `Log4j 2` and is supported by dynamic logging configuration (where logging properties are defined in a ConfigMap). However, existing `Log4j` configurations must be updated to `Log4j 2` configurations.
* Support pausing reconciliation of CR with annotation `strimzi.io/pause-reconciliation`
* Add annotations that enable the operator to restart Kafka Connect connectors or tasks. The annotations can be applied to the KafkaConnector and the KafkaMirrorMaker2 custom resources.
* Add additional configuration options for the Kaniko executor used by the Kafka Connect Build on Kubernetes
* Add support for JMX options configuration of all Kafka Connect (KC, KC2SI, MM2)
* Update Strimzi Kafka OAuth to version 0.7 and add support for new features:
* OAuth authentication over SASL PLAIN mechanism
* Checking token audience
* Validating tokens using JSONPath filter queries to perform custom checks
* Fix Cruise Control crash loop when updating container configurations
* Configure external logging `ConfigMap` name and key.
* Add support for configuring labels and annotations in ClusterRoleBindings created as part of Kafka and Kafka Connect clusters
* Add support for Ingress v1 in Kubernetes 1.19 and newer
* Add support for Kafka 2.6.1
* List topics used by a Kafka Connect connector in the `.status` section of the `KafkaConnector` custom resource
* Bump Cruise Control to v2.5.37 for Kafka 2.7 support. Note this new version of Cruise Control uses `Log4j 2` and is supported by dynamic logging configuration (where logging properties are defined in a ConfigMap). However, existing `Log4j` configurations must be updated to `Log4j 2` configurations.
* Support pausing reconciliation of CR with annotation `strimzi.io/pause-reconciliation`
There are also several deprecations and removals. For more details and installation files, go to https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.22.0-rc1
Any feedback can be provided on the Strimzi mailing list, on the #strimzi Slack channel on CNCF Slack or as a GitHub issue.
Thanks & Regards
Jakub & Strimzi team
[ANNOUNCE] [RELEASE] Strimzi Kafka OAuth library 0.7.1 released
Jakub Scholz
Hi,
Version 0.7.1 of the Strimzi Kafka OAuth library is now available: https://github.com/strimzi/strimzi-kafka-oauth/releases/tag/0.7.1.
Version 0.7.1 of the Strimzi Kafka OAuth library is now available: https://github.com/strimzi/strimzi-kafka-oauth/releases/tag/0.7.1.
The main changes since 0.7.0 are two bugfixes:
For more details about the new features see the RELEASE_NOTES and the README files. All changes can be found under the 0.7.1 milestone.
Thanks to everyone who contributed to this release!
Thanks & Regards
* Fixed OAuth over PLAIN intermittent failures (#95)
* Fix NPE in Keycloak Authorizer (#97)
* Fix NPE in Keycloak Authorizer (#97)
For more details about the new features see the RELEASE_NOTES and the README files. All changes can be found under the 0.7.1 milestone.
Thanks to everyone who contributed to this release!
Thanks & Regards
Strimzi team
[ANNOUNCE] [RELEASE] Strimzi Kafka OAuth library 0.7.0 released
Jakub Scholz
Hi,
Version 0.7.0 of the Strimzi Kafka OAuth library is now available: https://github.com/strimzi/strimzi-kafka-oauth/releases/tag/0.7.0.
Version 0.7.0 of the Strimzi Kafka OAuth library is now available: https://github.com/strimzi/strimzi-kafka-oauth/releases/tag/0.7.0.
The main changes since 0.6.x are:
For more details about the new features see the RELEASE_NOTES and the README files. All changes can be found under the 0.7.0 milestone.
Thanks to everyone who contributed to this release!
Thanks & Regards
* OAuth authentication over SASL PLAIN
* Checking `audience` of the JWT token in the server part of the OAuth library
* Custom claim checking
For more details about the new features see the RELEASE_NOTES and the README files. All changes can be found under the 0.7.0 milestone.
Thanks to everyone who contributed to this release!
Thanks & Regards
Strimzi team
RC2 of Strimzi Kafka OAuth library 0.7.0
Jakub Scholz
Hi,
Release Candidate 2 of the 0.7.0 version of the Strimzi Kafka OAuth library is now available for testing: https://github.com/strimzi/strimzi-kafka-oauth/releases/tag/0.7.0-rc2. Compared to RC1, it adds the custom claim checking feature and test improvements.
Release Candidate 2 of the 0.7.0 version of the Strimzi Kafka OAuth library is now available for testing: https://github.com/strimzi/strimzi-kafka-oauth/releases/tag/0.7.0-rc2. Compared to RC1, it adds the custom claim checking feature and test improvements.
The main changes since 0.6.x are:
Any feedback can be provided on the mailing list, on Slack or as a GitHub issue.
Thanks & Regards
* OAuth authentication over SASL PLAIN
* Checking `audience` of the JWT token in the server part of the OAuth library
* Custom claim checking
To test it, you can use the staging Maven repository:
<repositories>
<repository>
<id>staging</id>
<url>https://oss.sonatype.org/content/repositories/iostrimzi-1090</url>
</repository>
</repositories>
For more details about the new features see the RELEASE_NOTES and the README files. All changes can be found under the 0.7.0 milestone.
<repositories>
<repository>
<id>staging</id>
<url>https://oss.sonatype.org/content/repositories/iostrimzi-1090</url>
</repository>
</repositories>
For more details about the new features see the RELEASE_NOTES and the README files. All changes can be found under the 0.7.0 milestone.
Any feedback can be provided on the mailing list, on Slack or as a GitHub issue.
Thanks & Regards
Jakub
[ANNOUNCE] [RELEASE] Strimzi Kafka Operators 0.21.1 released
Jakub Scholz
Shortly after releasing 0.21.0 we discovered two bugs affecting it. That is why we now released Strimzi Operators 0.21.1 with the following bug-fixes:
* Fix broken links in the OAuth documentation (#4265)
* Fix broken links in the OAuth documentation (#4265)
* Fix the network-policies handling when metrics config from CM is used (#4261)
For more details and installation files, go to https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.21.1
Thanks & Regards
Strimzi team
Re: [ANNOUNCE] [RELEASE] Strimzi Kafka Operators 0.21.0 released
Jakub Scholz
We found a bug in the new feature for configuring metrics from ConfigMap instead of directly in the custom resource. When used, it in some cases does not properly configure the network policies for the port 9404 used for the metrics. As a workaround, either keep using the old configuration or create manually an additional network policy with your custom name for the port 9404. This bug will be fixed in 0.21.1.
Thanks & Regards
Jakub
Strimzi Operators 0.21.0 is now available with a lot of important changes and improvements. The main changes since the 0.20.0 release include:* Add support for Kafka 2.7.0* Add support for declarative management of connector plugins in Kafka Connect CR* Add `inter.broker.protocol.version` to the default configuration in example YAMLs* Add support for `secretPrefix` property for User Operator to prefix all secret names created from KafkaUser resource.* Allow configuring labels and annotations for Cluster CA certificate secrets* Add the JAAS configuration string in the sasl.jaas.config property to the generated secrets for KafkaUser with SCRAM-SHA-512 authentication.* Strimzi `test-container` has been renamed to `strimzi-test-container` to make the name more clear* Updated the CPU usage metric in the Kafka, ZooKeeper and Cruise Control dashboards to include the CPU kernel time (other than the current user time)* Allow disabling ownerReference on CA secrets* Make it possible to run Strimzi operators and operands with read-only root filesystem* Move from Docker Hub to Quay.io as our container registry* Add possibility to configure DeploymentStrategy for Kafka Connect, Kafka Mirror Maker (1 and 2), and Kafka Bridge* Support passing metrics configuration as an external ConfigMap* Enable CORS configuration for Cruise Control* Add support for rolling individual Kafka or ZooKeeper pods through the Cluster Operator using an annotation* Add support for Topology Spread Constraints in Pod templates* Make Kafka `cluster-id` (KIP-78) available on Kafka CRD statusThere are also some deprecations you should be aware of:* The `metrics` field in the Strimzi custom resources has been deprecated and will be removed in the future. For configuring metrics, use the new `metricsConfig` field and pass the configuration via ConfigMap.Since 0.21.0 Strimzi supports Kubernetes version 1.16 and newer.For more details and installation files, go to https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.21.0Many thanks to everyone who contributed to this release!Thanks & RegardsStrimzi team
[ANNOUNCE] [RELEASE] Strimzi Kafka Operators 0.21.0 released
Jakub Scholz
Strimzi Operators 0.21.0 is now available with a lot of important changes and improvements. The main changes since the 0.20.0 release include:
* Add support for Kafka 2.7.0
* Add support for declarative management of connector plugins in Kafka Connect CR
* Add `inter.broker.protocol.version` to the default configuration in example YAMLs
* Add support for `secretPrefix` property for User Operator to prefix all secret names created from KafkaUser resource.
* Allow configuring labels and annotations for Cluster CA certificate secrets
* Add the JAAS configuration string in the sasl.jaas.config property to the generated secrets for KafkaUser with SCRAM-SHA-512 authentication.
* Strimzi `test-container` has been renamed to `strimzi-test-container` to make the name more clear
* Updated the CPU usage metric in the Kafka, ZooKeeper and Cruise Control dashboards to include the CPU kernel time (other than the current user time)
* Allow disabling ownerReference on CA secrets
* Make it possible to run Strimzi operators and operands with read-only root filesystem
* Move from Docker Hub to Quay.io as our container registry
* Add possibility to configure DeploymentStrategy for Kafka Connect, Kafka Mirror Maker (1 and 2), and Kafka Bridge
* Support passing metrics configuration as an external ConfigMap
* Enable CORS configuration for Cruise Control
* Add support for rolling individual Kafka or ZooKeeper pods through the Cluster Operator using an annotation
* Add support for Topology Spread Constraints in Pod templates
* Make Kafka `cluster-id` (KIP-78) available on Kafka CRD status
There are also some deprecations you should be aware of:
* The `metrics` field in the Strimzi custom resources has been deprecated and will be removed in the future. For configuring metrics, use the new `metricsConfig` field and pass the configuration via ConfigMap.
Since 0.21.0 Strimzi supports Kubernetes version 1.16 and newer.
For more details and installation files, go to https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.21.0
Many thanks to everyone who contributed to this release!
Thanks & Regards
Strimzi team
RC1 of Strimzi Operators 0.21.0
Jakub Scholz
Release Candidate 1 of Strimzi Operators 0.21.0 is now available for testing with a lot of changes and improvements. The main changes since the 0.20.0 release include:
* Add support for declarative management of connector plugins in Kafka Connect CR
* Add `inter.broker.protocol.version` to the default configuration in example YAMLs
* Add support for `secretPrefix` property for User Operator to prefix all secret names created from KafkaUser resource.
* Allow configuring labels and annotations for Cluster CA certificate secrets
* Add the JAAS configuration string in the sasl.jaas.config property to the generated secrets for KafkaUser with SCRAM-SHA-512 authentication.
* Strimzi `test-container` has been renamed to `strimzi-test-container` to make the name more clear
* Updated the CPU usage metric in the Kafka, ZooKeeper and Cruise Control dashboards to include the CPU kernel time (other than the current user time)
* Allow disabling ownerReference on CA secrets
* Make it possible to run Strimzi operators and operands with read-only root filesystem
* Move from Docker Hub to Quay.io as our container registry
* Add possibility to configure DeploymentStrategy for Kafka Connect, Kafka Mirror Maker (1 and 2), and Kafka Bridge
* Support passing metrics configuration as an external ConfigMap
* Enable CORS configuration for Cruise Control
* Add support for rolling individual Kafka or ZooKeeper pods through the Cluster Operator using an annotation
* Add support for Topology Spread Constraints in Pod templates
* Make Kafka `cluster-id` (KIP-78) available on Kafka CRD status
* Add `inter.broker.protocol.version` to the default configuration in example YAMLs
* Add support for `secretPrefix` property for User Operator to prefix all secret names created from KafkaUser resource.
* Allow configuring labels and annotations for Cluster CA certificate secrets
* Add the JAAS configuration string in the sasl.jaas.config property to the generated secrets for KafkaUser with SCRAM-SHA-512 authentication.
* Strimzi `test-container` has been renamed to `strimzi-test-container` to make the name more clear
* Updated the CPU usage metric in the Kafka, ZooKeeper and Cruise Control dashboards to include the CPU kernel time (other than the current user time)
* Allow disabling ownerReference on CA secrets
* Make it possible to run Strimzi operators and operands with read-only root filesystem
* Move from Docker Hub to Quay.io as our container registry
* Add possibility to configure DeploymentStrategy for Kafka Connect, Kafka Mirror Maker (1 and 2), and Kafka Bridge
* Support passing metrics configuration as an external ConfigMap
* Enable CORS configuration for Cruise Control
* Add support for rolling individual Kafka or ZooKeeper pods through the Cluster Operator using an annotation
* Add support for Topology Spread Constraints in Pod templates
* Make Kafka `cluster-id` (KIP-78) available on Kafka CRD status
There are also some deprecations and removals which you should be aware of:
* The `metrics` field in the Strimzi custom resources has been deprecated and will be removed in the future. For configuring metrics, use the new `metricsConfig` field and pass the configuration via ConfigMap.
This version of Strimzi supports Kubernetes 1.16 and higher.
For more details and installation files, go to https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.21.0-rc1
Any feedback can be provided on the Strimzi mailing list, on the #strimzi Slack channel on CNCF Slack or as a GitHub issue.
Thanks & Regards
Jakub & Strimzi team