|
[ANNOUNCE] [RELEASE] Strimzi Kafka Operators 0.30.0
Jakub Scholz
Strimzi Kafka Operators 0.30.0 has been released. The main changes in this release include: * The `UseStrimziPodSets` feature gate moves to beta stage. StrimziPodSets are now enabled by default and used instead of StatefulSets. * The `ServiceAccountPatching` feature gate moves to GA. It cannot be disabled anymore and will be permanently enabled. * Remove Kafka 3.0.0 and 3.0.1 * Add network and CPU capacity overrides for Cruise Control capacity config * Operator emits Kubernetes events to explain why it restarted a Kafka broker For more details and installation files, go to https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.30.0 You can also check a video about the main new features on our YouTube channel: https://youtu.be/8Le8nFbJBm8 Thanks to everyone who contributed to this release! Thanks & Regards Strimzi team
|
|
|
|
RC2 of Strimzi Kafka Operators 0.30.0 is available for testing
Jakub Scholz
Release candidate 2 of Strimzi Kafka Operators 0.30.0 is now available for testing. Compared to RC1, it contains the following fixes: * Mirror Maker 2 documentation improvements * Fix unnecessary Service Account patching in every reconciliation when `imagePullSecret` are set on the Service Account * Update the Jaeger dependency For more details and installation files, go to https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.30.0-rc2 Any feedback can be provided on the Strimzi mailing list, on the #strimzi Slack channel on CNCF Slack or as a GitHub issue or discussion. Thanks & Regards Strimzi team
|
|
|
|
RC1 of Strimzi Kafka Operators 0.30.0 is available for testing
Jakub Scholz
Release candidate 1 of Strimzi Kafka Operators 0.30.0 is now available for testing. The changes in this release include for example: * The `UseStrimziPodSets` feature gate moves to beta stage. StrimziPodSets are now enabled by default and used instead of StatefulSets. * The `ServiceAccountPatching` feature gate moves to GA. It cannot be disabled anymore and will be permanently enabled. * Remove Kafka 3.0.0 and 3.0.1 * Add network and CPU capacity overrides for Cruise Control capacity config * Operator emits Kafka events to explain why it restarted a Kafka broker For more details and installation files, go to https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.30.0-rc1 Any feedback can be provided on the Strimzi mailing list, on the #strimzi Slack channel on CNCF Slack or as a GitHub issue or discussion. Thanks & Regards Strimzi team
|
|
|
|
[ANNOUNCE] [RELEASE] Strimzi Kafka Bridge 0.21.6
Jakub Scholz
New version 0.21.6 of Strimzi Kafka Bridge has been released. The main changes in this release are: * Add async query parameter to publish endpoint to allow for immediate responses * Dependency updates * Documentation improvements For more details, go to https://github.com/strimzi/strimzi-kafka-bridge/releases/tag/0.21.6 Thanks to everyone who contributed to this release! Regards Strimzi team
|
|
|
|
RC1 of Strimzi Kafka Bridge 0.21.6
Jakub Scholz
Release Candidate 1 of Strimzi Kafka Bridge the 0.21.6 is now available for testing. The main changes since 0.21.5 are: * Add async query parameter to publish endpoint to allow for immediate responses * Dependency updates * Documentation improvements More details and a full list of changes can be found on the GitHub release page: https://github.com/strimzi/strimzi-kafka-bridge/releases/tag/0.21.6-rc1 Any feedback can be provided on the mailing list, on Slack or as a GitHub issue. Thanks & Regards Strimzi team
|
|
|
|
[ANNOUNCE] [RELEASE] Strimzi Canary 0.4.0 released
Paolo Patierno
We have released Strimzi Canary 0.4.0.
Strimzi teamStrimzi canary is a tool which acts as an indicator of whether Kafka clusters are operating correctly. This is achieved by creating a canary topic and periodically producing and consuming
events on the topic and getting metrics out of these exchanges.
For more details about what it does and how to use it, check the README.md file.
For more details and installation files, go to: https://github.com/strimzi/strimzi-canary/releases/tag/0.4.0
Thanks to everyone who contributed to this release!
Thanks & Regards
Paolo Patierno
Senior Principal Software Engineer @ Red Hat
Microsoft MVP on
Azure
|
|
|
|
RC1 of Strimzi Canary 0.4.0
Paolo Patierno
*We have prepared the RC1 of the new Strimzi Canary 0.4.0 release*
For more details and installation files, go to: https://github.com/strimzi/strimzi-canary/releases/tag/0.4.0-rc1
Any feedback can be provided on the Strimzi mailing list, on the #strimzi Slack channel on CNCF Slack or as a GitHub issue.
Thanks & Regards
Strimzi team
Paolo Patierno
Principal Software Engineer @ Red Hat
Microsoft MVP on Azure
|
|
|
|
Strimzi survey 2022 .... last chance!
Paolo Patierno
We want to hear from you for making Strimzi even better!
Today is the last chance to take the survey 2022 which will be closed on July 1st.
Looking forward to get your feedback!
The Strimzi maintainer.
Paolo Patierno
Principal Software Engineer @ Red Hat
Microsoft MVP on Azure
|
|
|
|
[ANNOUCE] [Release Candidate 1] Strimzi test containers 0.102.0
Maros Orsak
Release candidate 1 of Strimzi test containers 0.102.0 is now available for testing. The main changes from version 0.101.0 in this release include :
Images used by Strimzi test container (no change in images) To test the Maven artefacts which are part of this release, use the staging repository by including the following in your pom.xml: Best regards,
|
|
|
|
Re: Question about Critical Security Findings in kafka-exporter dependency in Strimzi images
Jakub Scholz
Hi Kerstin, I'm not really a Golang expert. As for CVE-2022-23806, crypto functions will be used between the Kafka Exporter where mTLS is used. The CVE-2021-38297 seems to suggest it applies only to WASM modules in which case I wonder if it applies here. But obviously it will be showing in scanners anyway. Did you raise it on the Kafka Exporter project as well? There was not much development going on, but there were occasional releases happening there. Last commit seems to be from January. In general, we tend to rely on the binaries provided by the other projects because having our own build of something like this requires a lot of time (CI, updates, know-how etc.). But if there would not be a new release with a fix, we might need to decide whether we want to fork it to maintain our own build or find some other project for exporting the consumer lag. Thanks & Regards Jakub
On Wed, Jun 22, 2022 at 4:13 PM kerstin.maier via lists.cncf.io <kerstin.maier=mercedes-benz.com@...> wrote: Hi,
|
|
|
|
Question about Critical Security Findings in kafka-exporter dependency in Strimzi images
kerstin.maier@...
Hi,
we do regular automatic security scans for the Strimzi images we use in our organization and the latest images always have a few CRITICAL findings in our security scan, at the moment this are NVD - CVE-2021-38297 (nist.gov) and NVD - cve-2022-23806 (nist.gov). We took a look where this is coming from and seems it's cause the latest Kafka exporter release 1.4.2 (from September 21st, 2021) still comes with Go 1.17.1 https://github.com/danielqsj/kafka_exporter/tags Looking at the Github repo of Kafka Exporter, it doesn't look as if anybody is actively working on this repo anymore at the moment. We are wondering,are there any plans from Strimzi to deal with such dependencies that aren't regularily updated? I assume many projects to regular security scans of their images and if some dependencies aren't updated regularily or at all anymore, the critical findings won't disappear. Thanks, Kerstin
|
|
|
|
Re: strimzi operator running namespaced
Jakub Scholz
Strimzi requires access to some cluster wide resources for some important features such as rack awareness. It is also required for example for node-port access or disk resizing. You can disable some of them if you do not need them, but at minimum you would need to create the CRDs and the ClusterRoles. The ClusterRoleBindings might be possibly changed to RoleBindings if you are willing to sacrifice the features. Thanks & Regards Jakub
On Tue, Jun 21, 2022 at 8:47 PM <dfernandez@...> wrote:
|
|
|
|
strimzi operator running namespaced
dfernandez@...
Hi guys, I am trying to intall Strimzi operator 0.29 but i am running on a multi tenant kubenetes cluster so I have limited permission. for example I can't create clusterroles/roles objects. Is there a way that the operator could run on a namespaced level with less permission over the cluster?
thanks!
|
|
|
|
[ANNOUNCE] [RELEASE] Strimzi Canary 0.3.0 released
Paolo Patierno
We have released Strimzi Canary 0.3.0.
Strimzi canary is a tool which acts as an indicator of whether Kafka clusters are operating correctly. This is achieved by creating a canary topic and periodically producing and consuming
events on the topic and getting metrics out of these exchanges.
For more details about what it does and how to use it, check the README.md file.
For more details and installation files, go to: https://github.com/strimzi/strimzi-canary/releases/tag/0.3.0
Thanks to everyone who contributed to this release!
Thanks & Regards
Strimzi team
Paolo Patierno
Principal Software Engineer @ Red Hat
Microsoft MVP on Azure
|
|
|
|
Re: RC2 of Strimzi Canary 0.3.0
kwall@...
I tested out the RC3 image, all seems good for our use-cases.
|
|
|
|
RC3 of Strimzi Canary 0.3.0
Paolo Patierno
*We have prepared the RC3 of the new Strimzi Canary 0.3.0 release*
For more details and installation files, go to: https://github.com/strimzi/strimzi-canary/releases/tag/0.3.0-rc3
Any feedback can be provided on the Strimzi mailing list, on the #strimzi Slack channel on CNCF Slack or as a GitHub issue.
Thanks & Regards
Strimzi team
Paolo Patierno
Principal Software Engineer @ Red Hat
Microsoft MVP on Azure
|
|
|
|
RC2 of Strimzi Canary 0.3.0
Paolo Patierno
*We have prepared the RC2 of the new Strimzi Canary 0.3.0 release*
For more details and installation files, go to: https://github.com/strimzi/strimzi-canary/releases/tag/0.3.0-rc2
Any feedback can be provided on the Strimzi mailing list, on the #strimzi Slack channel on CNCF Slack or as a GitHub issue.
Thanks & Regards
Strimzi team
Paolo Patierno
Principal Software Engineer @ Red Hat
Microsoft MVP on Azure
|
|
|
|
Re: RC1 of Strimzi Canary 0.3.0
Paolo Patierno
Thanks for reporting this kwall!
I think that it's an important fix because without it re-auth feature is un-usable and the canary itself if it's enabled.
Before a 0.3.0-RC2 out, I would like to ping Sarama maintainers to see if there is space for approving your fix and releasing a new patched Sarama version 1.33.1.
Thanks,
Paolo
Paolo Patierno
Principal Software Engineer @ Red Hat
Microsoft MVP on Azure From: cncf-strimzi-users@... <cncf-strimzi-users@...> on behalf of kwall@... <kwall@...>
Sent: Thursday, May 26, 2022 11:15 AM To: cncf-strimzi-users@... <cncf-strimzi-users@...> Subject: Re: [cncf-strimzi-users] RC1 of Strimzi Canary 0.3.0 An issue has been discovered with in the Strimzi RC1 build. The root cause is a defect in new KIP-368 implementation within the latest release of Sarama 1.33.0 include in the Strimzi RC. The defect is described by https://github.com/Shopify/sarama/issues/2233 and
leads to the canary unexpectedly disconnecting from the kafka cluster and may also lead to unexpected out of memory problems being suffered by the kube pod hosting the canary.
There is already a PR open against Sarama with a proposed fix. It is hoped if the fix is accepted and a new Sarama micro release made soon, the Strimzi Canary RC will be respun soon.
|
|
|
|
Re: RC1 of Strimzi Canary 0.3.0
kwall@...
An issue has been discovered with in the Strimzi RC1 build. The root cause is a defect in new KIP-368 implementation within the latest release of Sarama 1.33.0 include in the Strimzi RC. The defect is described by https://github.com/Shopify/sarama/issues/2233 and leads to the canary unexpectedly disconnecting from the kafka cluster and may also lead to unexpected out of memory problems being suffered by the kube pod hosting the canary.
There is already a PR open against Sarama with a proposed fix. It is hoped if the fix is accepted and a new Sarama micro release made soon, the Strimzi Canary RC will be respun soon.
|
|
|
|
[ANNOUNCE] [RELEASE] Strimzi Kafka Operators 0.29.0
Jakub Scholz
Strimzi Kafka Operators 0.29.0 has been released. The main changes in this release include: * Support for new Apache Kafka releases (3.0.1, 3.1.1 and 3.2.0) * Renew user certificates in User Operator only during maintenance windows * New rebalancing modes in the `KafkaRebalance` custom resource to add or remove brokers * Experimental KRaft mode (ZooKeeper-less Kafka) * Experimental support for the s390x platform For more details and installation files, go to https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.29.0 You can also check a video about the main new features on our YouTube channel: https://youtu.be/lUsIoFTZr00 Important: This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.28 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.28 is done! For more details about the CRD upgrades, see the documentation. Thanks to everyone who contributed to these releases! Thanks & Regards Strimzi team
|
|
|
