- Add possibility to set Java System Properties for User Operator and Topic Operator via
Kafka
CR. - Make it possible to configure PodManagementPolicy for StatefulSets
- Update build system to use
yq
version 3 (https://github.com/mikefarah/yq)
- Add possibility to set Java System Properties via CR yaml
- Add support for Mirror Maker 2.0
- Add Jmxtrans deployment
- Add public keys of TLS listeners to the status section of the Kafka CR
- Add support for using a Kafka authorizer backed by Keycloak Authorization Services
- Add support for Kafka 2.4.0 and upgrade from Zookeeper 3.4.x to 3.5.x
- Drop support for Kafka 2.2.1 and 2.3.0
- Add KafkaConnector resource and connector operator
- Let user choose which node address will be used as advertised host (
ExternalDNS
,ExternalIP
,InternalDNS
,InternalIP
orHostname
) - Add support for tini
- When not explicitly configured by the user in
jvmOptions
,-Xmx
option is calculated from memory requests rather than from memory limits - Expose JMX port on Kafka brokers via an internal service
- Add support for
externalTrafficPolicy
andloadBalancerSourceRanges
properties on loadbalancer and nodeport type services - Add support for user quotas
- Add support for Istio protocol selection in service port names
Note: Strimzi is essentially adding atcp-
prefix to the port names in Kafka services and headless services.
(e.g clientstls -> tcp-clientstls) - Add service discovery labels and annotations
- Add possibility to specify custom server certificates to TLS based listeners
- Drop support for Kafka 2.1.0, 2.1.1, and 2.2.0
- Add support for Kafka 2.3.1
- Improved Kafka rolling update
- Improve Kafka Exporter Grafana dashboard
- Add sizeLimit option to ephemeral storage (#1505)
- Add
schedulerName
topodTemplate
(#2114) - Allow overriding the auto-detected Kubernetes version
- Garbage Collection (GC) logging disabled by default
- Providing PKCS12 truststore and password in the cluster and clients CA certificates Secrets
- Providing PKCS12 keystore and password in the TLS based KafkaUser related Secret
- Add support for configuring Ingress class (#1716)
- Add support for setting custom environment variables in all containers
- Add liveness and readiness checks to Mirror Maker
- Allow configuring loadBalancerIP for LoadBalancer type services
- Allow setting labels and annotations for Persistent Volume Claims
- Add support for Jaeger tracing in Kafka Mirror Maker and Kafka Connect
- Add support for deploying Kafka Exporter
- Add initial support for OAuth authentication
- Allow users to manually configure ACL rules (for example, using
kafka-acls.sh
) for special Kafka users*
andANONYMOUS
without them being deleted by the User Operator - Add support for configuring a Priority Class name for Pods deployed by Strimzi
- Add support for Kafka 2.3.0
- Add support for Kafka User resource status
- Add support for Kafka Connect resource status
- Add support for Kafka Connect S2I resource status
- Add support for Kafka Bridge resource status
- Add support for Kafka Mirror Maker resource status
- Add support for DNS annotations to
nodeport
type external listeners
- Drop support for Kubernetes 1.9 and 1.10 and OpenShift 3.9 and 3.10. Versions supported since Strimzi 0.12.0 are Kubernetes 1.11 and higher and OpenShift 3.11 and higher. This was required because the CRD versioning and CRD subresources support.
- Added support for Kafka 2.2.0 and 2.1.1, dropped support for Kafka 2.0.0 and 2.0.1
- Persistent storage improvements
- Add resizing of persistent volumes
- Allow to specify different storage class for every broker
- Adding and removing volumes in Jbod Storage
- Custom Resources improvements
- New CRD version
v1beta1
. See documentation for more information about upgrading fromv1alpha1
tov1beta1
. - Log at the warn level when a custom resource uses deprecated or unknown properties
- Add initial support for the
status
sub-resource in theKafka
custom resource
- New CRD version
- Add support for Strimzi Kafka Bridge for HTTP protocol
- Reduce the number of container images needed to run Strimzi to just two:
kafka
andoperator
. - Add support for unprivileged users to install the operator with Helm
- Support experimental off-cluster access using Kubernetes Nginx Ingress
- Add ability to configure Image Pull Secrets for all pods in Cluster Operator
- Support for SASL PLAIN mechanism in Kafka Connect and Mirror Maker (for use with non-Strimzi Kafka cluster)
- Add support for JBOD storage for Kafka brokers
- Allow users to configure the default ImagePullPolicy
- Add Prometheus alerting
- Resources for alert manager deployment and configuration
- Alerting rules with alert examples from Kafka and Zookeeper metrics
- Enrich configuration options for off cluster access
- Support for watching all namespaces
- Operator Lifecycle Manager integration
- Support for Kafka 2.1.0
- Support for Kafka upgrades
- Add healthchecks to TLS sidecars
- Add support for new fields in the Pod template: terminationGracePeriod, securityContext and imagePullSecrets
- Rename annotations to use the
strimzi.io
domain consistently (The old annotations are deprecated, but still functional):cluster.operator.strimzi.io/delete-claim
→strimzi.io/delete-claim
operator.strimzi.io/manual-rolling-update
→strimzi.io/manual-rolling-update
operator.strimzi.io/delete-pod-and-pvc
→strimzi.io/delete-pod-and-pvc
operator.strimzi.io/generation
→strimzi.io/generation
- Add support for mounting Secrets and Config Maps into Kafka Connect and Kafka Connect S2I
- Add support for NetworkPolicy peers in listener configurations
- Make sure the TLS sidecar pods shutdown only after the main container
- Add support for Pod Disruption Budgets
- Add possibility to label and annotate different resources (#1039)
- Add support for TransactionalID in KafkaUser resource
- Update to Kafka 2.0.1
- Add maintenance time windows support for allowing CA certificates renewal rolling update started only in specific times (#1117)
- Add support for upgrading between Kafka versions (#1103). This removes support for
STRIMZI_DEFAULT_KAFKA_IMAGE
environment variable in the Cluster Operator, replacing it withSTRIMZI_KAFKA_IMAGES
.
- Run images under group 0 to avoid storage issues
- Fix certificate renewal issues
- Support for unencrypted connections on LoadBalancers and NodePorts.
- Better support for TLS hostname verification for external connections
- Certificate renewal / expiration
- Mirror Maker operator
- Triggering rolling update / pod deletion manually
- Exposing Kafka to the outside using:
- OpenShift Routes
- LoadBalancers
- NodePorts
- Use less wide RBAC permissions (
ClusterRoleBindings
where converted toRoleBindings
where possible) - Support for SASL authentication using the SCRAM-SHA-512 mechanism added to Kafka Connect and Kafka Connect with S2I support
- Network policies for managing access to Zookeeper ports and Kafka replication ports
- Use OwnerReference and Kubernetes garbage collection feature to delete resources and to track the ownership
- Helm chart for Strimzi Cluster Operator
- Topic Operator moving to Custom Resources instead of Config Maps
- Make it possible to enabled and disable:
- Listeners
- Authorization
- Authentication
- Configure Kafka super users (
super.users
field in Kafka configuration) - User Operator
- Managing users and their ACL rights
- Added new Entity Operator for deploying:
- User Operator
- Topic Operator
- Deploying the Topic Operator outside of the new Entity Operator is now deprecated
- Kafka 2.0.0
- Kafka Connect:
- Added TLS support for connecting to the Kafka cluster
- Added TLS client authentication when connecting to the Kafka cluster
- The Cluster Operator now manages RBAC resource for managed resources:
ServiceAccount
andClusterRoleBindings
for Kafka podsServiceAccount
andRoleBindings
for the Topic Operator pods
- Renaming of Kubernetes services (Backwards incompatible!)
- Kubernetes services for Kafka, Kafka Connect and Zookeeper have been renamed to better correspond to their purpose
xxx-kafka
->xxx-kafka-bootstrap
xxx-kafka-headless
->xxx-kafka-brokers
xxx-zookeeper
->xxx-zookeeper-client
xxx-zookeeper-headless
->xxx-zookeeper-nodes
xxx-connect
->xxx-connect-api
- Cluster Operator moving to Custom Resources instead of Config Maps
- TLS support has been added to Kafka, Zookeeper and Topic Operator. The following channels are now encrypted:
- Zookeeper cluster communication
- Kafka cluster commbunication
- Communication between Kafka and Zookeeper
- Communication between Topic Operator and Kafka / Zookeeper
- Logging configuration for Kafka, Kafka Connect and Zookeeper
- Add support for Pod Affinity and Anti-Affinity
- Add support for Tolerations
- Configuring different JVM options
- Support for broker rack in Kafka
- Better configurability of Kafka, Kafka Connect, Zookeeper
- Support for Kubernetes request and limits
- Support for JVM memory configuration of all components
- Controllers renamed to operators
- Improved log verbosity of Cluster Operator
- Update to Kafka 1.1.0