Date   

RC2 of Strimzi Kafka Operators 0.30.0 is available for testing

Jakub Scholz
 

Release candidate 2 of Strimzi Kafka Operators 0.30.0 is now available for testing. Compared to RC1, it contains the following fixes:
* Mirror Maker 2 documentation improvements
* Fix unnecessary Service Account patching in every reconciliation when `imagePullSecret` are set on the Service Account
* Update the Jaeger dependency

Any feedback can be provided on the Strimzi mailing list, on the #strimzi Slack channel on CNCF Slack or as a GitHub issue or discussion.

Thanks & Regards
Strimzi team


RC1 of Strimzi Kafka Operators 0.30.0 is available for testing

Jakub Scholz
 

Release candidate 1 of Strimzi Kafka Operators 0.30.0 is now available for testing. The changes in this release include for example:
* The `UseStrimziPodSets` feature gate moves to beta stage. StrimziPodSets are now enabled by default and used instead of StatefulSets.
* The `ServiceAccountPatching` feature gate moves to GA. It cannot be disabled anymore and will be permanently enabled.
* Remove Kafka 3.0.0 and 3.0.1
* Add network and CPU capacity overrides for Cruise Control capacity config
* Operator emits Kafka events to explain why it restarted a Kafka broker

Any feedback can be provided on the Strimzi mailing list, on the #strimzi Slack channel on CNCF Slack or as a GitHub issue or discussion.

Thanks & Regards
Strimzi team


[ANNOUNCE] [RELEASE] Strimzi Kafka Bridge 0.21.6

Jakub Scholz
 

New version 0.21.6 of Strimzi Kafka Bridge has been released. The main changes in this release are:
* Add async query parameter to publish endpoint to allow for immediate responses
* Dependency updates
* Documentation improvements


Thanks to everyone who contributed to this release!

Regards
Strimzi team


RC1 of Strimzi Kafka Bridge 0.21.6

Jakub Scholz
 

Release Candidate 1 of Strimzi Kafka Bridge the 0.21.6 is now available for testing. The main changes since 0.21.5 are:
* Add async query parameter to publish endpoint to allow for immediate responses
* Dependency updates
* Documentation improvements

More details and a full list of changes can be found on the GitHub release page: https://github.com/strimzi/strimzi-kafka-bridge/releases/tag/0.21.6-rc1

Any feedback can be provided on the mailing list, on Slack or as a GitHub issue.

Thanks & Regards
Strimzi team


[ANNOUNCE] [RELEASE] Strimzi Canary 0.4.0 released

Paolo Patierno
 

We have released Strimzi Canary 0.4.0.
Strimzi canary is a tool which acts as an indicator of whether Kafka clusters are operating correctly. This is achieved by creating a canary topic and periodically producing and consuming events on the topic and getting metrics out of these exchanges.
For more details about what it does and how to use it, check the README.md file.

For more details and installation files, go to: https://github.com/strimzi/strimzi-canary/releases/tag/0.4.0

Thanks to everyone who contributed to this release!

Thanks & Regards
Strimzi team

Paolo Patierno
Senior Principal Software Engineer @ Red Hat
Microsoft MVP on Azure

Twitter : @ppatierno
Linkedin : paolopatierno
Blog : DevExperience


RC1 of Strimzi Canary 0.4.0

Paolo Patierno
 

*We have prepared the RC1 of the new Strimzi Canary 0.4.0 release*

For more details and installation files, go to: https://github.com/strimzi/strimzi-canary/releases/tag/0.4.0-rc1

Any feedback can be provided on the Strimzi mailing list, on the #strimzi Slack channel on CNCF Slack or as a GitHub issue.

Thanks & Regards
Strimzi team

Paolo Patierno
Principal Software Engineer @ Red Hat
Microsoft MVP on Azure

Twitter : @ppatierno
Linkedin : paolopatierno
Blog : DevExperience


Strimzi survey 2022 .... last chance!

Paolo Patierno
 

We want to hear from you for making Strimzi even better! 
Today is the last chance to take the survey 2022 which will be closed on July 1st.
Looking forward to get your feedback! 


The Strimzi maintainer.

Paolo Patierno
Principal Software Engineer @ Red Hat
Microsoft MVP on Azure

Twitter : @ppatierno
Linkedin : paolopatierno
Blog : DevExperience


[ANNOUCE] [Release Candidate 1] Strimzi test containers 0.102.0

Maros Orsak
 

Release candidate 1 of Strimzi test containers 0.102.0 is now available for testing. The main changes from version 0.101.0 in this release include :
  • adding new Kafka versions (i.e., 3.1.1., 3.2.0)
  • removes compile dependency on kafka-client
Images used by Strimzi test container (no change in images)
quay.io/strimzi-test-container/test-container:0.102.0-rc1-kafka-3.2.0
quay.io/strimzi-test-container/test-container:0.102.0-rc1-kafka-3.1.1
quay.io/strimzi-test-container/test-container:0.102.0-rc1-kafka-3.1.0
quay.io/strimzi-test-container/test-container:0.102.0-rc1-kafka-3.0.1
quay.io/strimzi-test-container/test-container:0.102.0-rc1-kafka-2.8.1
Maven artefacts
To test the Maven artefacts which are part of this release, use the staging repository by including the following in your pom.xml:
   <repositories>
    <repository>
      <id>staging</id>
      <url>https://oss.sonatype.org/content/repositories/iostrimzi-1172</url>
    </repository>
  </repositories>
Best regards,
--

Maroš Orsák

Quality Engineer - AMQ Streams

Red Hat

morsak@...   


Re: Question about Critical Security Findings in kafka-exporter dependency in Strimzi images

Jakub Scholz
 

Hi Kerstin,

I'm not really a Golang expert. As for CVE-2022-23806, crypto functions will be used between the Kafka Exporter where mTLS is used. The CVE-2021-38297 seems to suggest it applies only to WASM modules in which case I wonder if it applies here. But obviously it will be showing in scanners anyway.

Did you raise it on the Kafka Exporter project as well? There was not much development going on, but there were occasional releases happening there. Last commit seems to be from January. In general, we tend to rely on the binaries provided by the other projects because having our own build of something like this requires a lot of time (CI, updates, know-how etc.). But if there would not be a new release with a fix, we might need to decide whether we want to fork it to maintain our own build or find some other project for exporting the consumer lag.

Thanks & Regards
Jakub

On Wed, Jun 22, 2022 at 4:13 PM kerstin.maier via lists.cncf.io <kerstin.maier=mercedes-benz.com@...> wrote:
Hi,
we do regular automatic security scans for the Strimzi images we use in our organization and the latest images always have a few CRITICAL findings in our security scan, at the moment this are
NVD - CVE-2021-38297 (nist.gov) and NVD - cve-2022-23806 (nist.gov).

We took a look where this is coming from and seems it's cause the latest Kafka exporter release 1.4.2 (from September 21st, 2021) still comes with Go 1.17.1
https://github.com/danielqsj/kafka_exporter/tags

Looking at the Github repo of Kafka Exporter, it doesn't look as if anybody is actively working on this repo anymore at the moment. We are wondering,are there any plans from Strimzi to deal with such dependencies that aren't regularily updated?
I assume many projects to regular security scans of their images and if some dependencies aren't updated regularily or at all anymore, the critical findings won't disappear.

Thanks,
Kerstin


Question about Critical Security Findings in kafka-exporter dependency in Strimzi images

kerstin.maier@...
 

Hi,
we do regular automatic security scans for the Strimzi images we use in our organization and the latest images always have a few CRITICAL findings in our security scan, at the moment this are
NVD - CVE-2021-38297 (nist.gov) and NVD - cve-2022-23806 (nist.gov).

We took a look where this is coming from and seems it's cause the latest Kafka exporter release 1.4.2 (from September 21st, 2021) still comes with Go 1.17.1
https://github.com/danielqsj/kafka_exporter/tags

Looking at the Github repo of Kafka Exporter, it doesn't look as if anybody is actively working on this repo anymore at the moment. We are wondering,are there any plans from Strimzi to deal with such dependencies that aren't regularily updated?
I assume many projects to regular security scans of their images and if some dependencies aren't updated regularily or at all anymore, the critical findings won't disappear.

Thanks,
Kerstin


Re: strimzi operator running namespaced

Jakub Scholz
 

Strimzi requires access to some cluster wide resources for some important features such as rack awareness. It is also required for example for node-port access or disk resizing. You can disable some of them if you do not need them, but at minimum you would need to create the CRDs and the ClusterRoles. The ClusterRoleBindings might be possibly changed to RoleBindings if you are willing to sacrifice the features.

Thanks & Regards
Jakub

On Tue, Jun 21, 2022 at 8:47 PM <dfernandez@...> wrote:

Hi guys,

I am trying to intall Strimzi operator 0.29 but i am running on a multi tenant kubenetes cluster so I have limited permission. for example I can't create clusterroles/roles objects.

Is there a way that the operator could run on a namespaced level with less permission over the cluster?

 

thanks!


strimzi operator running namespaced

dfernandez@...
 

Hi guys,

I am trying to intall Strimzi operator 0.29 but i am running on a multi tenant kubenetes cluster so I have limited permission. for example I can't create clusterroles/roles objects.

Is there a way that the operator could run on a namespaced level with less permission over the cluster?

 

thanks!


[ANNOUNCE] [RELEASE] Strimzi Canary 0.3.0 released

Paolo Patierno
 

We have released Strimzi Canary 0.3.0.
Strimzi canary is a tool which acts as an indicator of whether Kafka clusters are operating correctly. This is achieved by creating a canary topic and periodically producing and consuming events on the topic and getting metrics out of these exchanges.
For more details about what it does and how to use it, check the README.md file.

For more details and installation files, go to: https://github.com/strimzi/strimzi-canary/releases/tag/0.3.0

Thanks to everyone who contributed to this release!

Thanks & Regards
Strimzi team

Paolo Patierno
Principal Software Engineer @ Red Hat
Microsoft MVP on Azure

Twitter : @ppatierno
Linkedin : paolopatierno
Blog : DevExperience


Re: RC2 of Strimzi Canary 0.3.0

kwall@...
 

I tested out the RC3 image, all seems good for our use-cases.


RC3 of Strimzi Canary 0.3.0

Paolo Patierno
 

*We have prepared the RC3 of the new Strimzi Canary 0.3.0 release*

For more details and installation files, go to: https://github.com/strimzi/strimzi-canary/releases/tag/0.3.0-rc3

Any feedback can be provided on the Strimzi mailing list, on the #strimzi Slack channel on CNCF Slack or as a GitHub issue.

Thanks & Regards
Strimzi team

Paolo Patierno
Principal Software Engineer @ Red Hat
Microsoft MVP on Azure

Twitter : @ppatierno
Linkedin : paolopatierno
Blog : DevExperience


RC2 of Strimzi Canary 0.3.0

Paolo Patierno
 

*We have prepared the RC2 of the new Strimzi Canary 0.3.0 release*

For more details and installation files, go to: https://github.com/strimzi/strimzi-canary/releases/tag/0.3.0-rc2

Any feedback can be provided on the Strimzi mailing list, on the #strimzi Slack channel on CNCF Slack or as a GitHub issue.

Thanks & Regards
Strimzi team

Paolo Patierno
Principal Software Engineer @ Red Hat
Microsoft MVP on Azure

Twitter : @ppatierno
Linkedin : paolopatierno
Blog : DevExperience


Re: RC1 of Strimzi Canary 0.3.0

Paolo Patierno
 

Thanks for reporting this kwall!

I think that it's an important fix because without it re-auth feature is un-usable and the canary itself if it's enabled.
Before a 0.3.0-RC2 out, I would like to ping Sarama maintainers to see if there is space for approving your fix and releasing a new patched Sarama version 1.33.1.

Thanks,
Paolo

Paolo Patierno
Principal Software Engineer @ Red Hat
Microsoft MVP on Azure

Twitter : @ppatierno
Linkedin : paolopatierno
Blog : DevExperience


From: cncf-strimzi-users@... <cncf-strimzi-users@...> on behalf of kwall@... <kwall@...>
Sent: Thursday, May 26, 2022 11:15 AM
To: cncf-strimzi-users@... <cncf-strimzi-users@...>
Subject: Re: [cncf-strimzi-users] RC1 of Strimzi Canary 0.3.0
 
An issue has been discovered with in the Strimzi RC1 build.  The root cause is a defect in new KIP-368 implementation within the latest release of Sarama 1.33.0 include in the Strimzi RC.    The defect is described by https://github.com/Shopify/sarama/issues/2233 and leads to the canary unexpectedly disconnecting from the kafka cluster and may also lead to unexpected out of memory problems being suffered by the kube pod hosting the canary.

There is already a PR open against Sarama with a proposed fix.  It is hoped if the fix is accepted and a new Sarama micro release made soon, the Strimzi Canary RC will be respun soon.


Re: RC1 of Strimzi Canary 0.3.0

kwall@...
 

An issue has been discovered with in the Strimzi RC1 build.  The root cause is a defect in new KIP-368 implementation within the latest release of Sarama 1.33.0 include in the Strimzi RC.    The defect is described by https://github.com/Shopify/sarama/issues/2233 and leads to the canary unexpectedly disconnecting from the kafka cluster and may also lead to unexpected out of memory problems being suffered by the kube pod hosting the canary.

There is already a PR open against Sarama with a proposed fix.  It is hoped if the fix is accepted and a new Sarama micro release made soon, the Strimzi Canary RC will be respun soon.


[ANNOUNCE] [RELEASE] Strimzi Kafka Operators 0.29.0

Jakub Scholz
 

Strimzi Kafka Operators 0.29.0 has been released. The main changes in this release include:
* Support for new Apache Kafka releases (3.0.1, 3.1.1 and 3.2.0)
* Renew user certificates in User Operator only during maintenance windows
* New rebalancing modes in the `KafkaRebalance` custom resource to add or remove brokers
* Experimental KRaft mode (ZooKeeper-less Kafka)
* Experimental support for the s390x platform

For more details and installation files, go to https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.29.0

You can also check a video about the main new features on our YouTube channelhttps://youtu.be/lUsIoFTZr00

Important: This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.28 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.28 is done! For more details about the CRD upgrades, see the documentation.

Thanks to everyone who contributed to these releases!

Thanks & Regards
Strimzi team


RC2 of Strimzi Kafka Operators 0.29.0 is available for testing

Jakub Scholz
 

Release candidate 2 of Strimzi Kafka Operators 0.29.0 is now available for testing. The changes since RC1 are:
* Fix Kafka, KafkaConnect and Cruise Control examples
* Fix error handling in KafkaRebalance processing
* Fix bugs in Rack-awareness and upgrade system tests

Any feedback can be provided on the Strimzi mailing list, on the #strimzi Slack channel on CNCF Slack or as a GitHub issue.

Thanks & Regards
Strimzi team

21 - 40 of 224