0.29.0-rc1

Main changes since 0.28

• Add support for Apache Kafka 3.0.1, 3.1.1 and 3.2.0
• Increase the size of the /tmp volumes to 5Mi to allow unpacking of compression libraries
• Use /healthz endpoint for Kafka Exporter health checks
• Renew user certificates in User Operator only during maintenance windows
• Ensure Topic Operator using Kafka Streams state store can start up successfully
• Update Cruise Control to 2.5.89
• Remove TLS sidecar from Cruise Control pod. Cruise Control is now configured to not using ZooKeeper, so the TLS sidecar is not needed anymore.
• Allow Cruise Control topic names to be configured
• Add support for spec.rack.topologyKey property in Mirror Maker 2 to enable "fetch from the closest replica" feature.
• Support for the s390x platform
  (The s390x support is currently considered as experimental. We are not aware of any issues, but the s390x build doesn't at this point undergo the same level of testing as the AMD64 container images.)
• Update Strimzi Kafka Bridge to 0.21.5
• Added rebalancing modes on the KafkaRebalance custom resource
  • full: this mode runs a full rebalance moving replicas across all the brokers in the cluster. This is the default one if not specified.
  • add-brokers: after scaling up the cluster, this mode is used to move replicas to the newly added brokers specified in the custom resource.
  • remove-brokers: this mode is used to move replicas off the brokers that are going to be removed, before scaling down the cluster.
• Experimental KRaft mode (ZooKeeper-less Kafka) which can be enabled using the UseKRaft feature gate.
  Important: Use it for development and testing only!

All changes can be found under the 0.29.0 milestone.

Changes, deprecations and removals

• Since the Cruise Control TLS sidecar has been removed, the related configuration options .spec.cruiseControl.tlsSidecar and .spec.cruiseControl.template.tlsSidecar in the Kafka custom resource are now deprecated.

Maven artifacts

To test the Maven artifacts which are part of this release, use the staging repository by including following in your pom.xml:

  <repositories>
    <repository>
      <id>staging</id>
      <url>https://oss.sonatype.org/content/repositories/iostrimzi-1169</url>
    </repository>
  </repositories>

Upgrading from Strimzi 0.28

See the documentation for upgrade instructions.

Upgrading from Strimzi 0.22 or earlier

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.28 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.28 is done!

For more details about the CRD upgrades, see the documentation.

0.28.0

Main changes since 0.27

• Add support for Kafka 3.1.0; remove Kafka 2.8.0 and 2.8.1
• Add support for StrimziPodSet resources (disabled by default through the UseStrimziPodSets feature gate)
• Update Open Policy Agent authorizer to 1.4.0 and add support for enabling metrics
• Support custom authentication mechanisms in Kafka listeners
• Intra-broker disk balancing using Cruise Control
• Add connector context to the default logging configuration in Kafka Connect and Kafka Mirror Maker 2
• Added the option createBootstrapService in the Kafka Spec to disable the creation of the bootstrap service for the Load Balancer Type Listener. It will save the cost of one load balancer resource, specially in the public cloud.
• Added the connectTimeoutSeconds and readTimeoutSeconds options to OAuth authentication configuration. The default connect and read timeouts are set to 60 seconds (previously there was no timeout). Also added groupsClaim and groupsClaimDelimiter options in the listener configuration of Kafka Spec to allow extracting group information from JWT token at authentication time, and making it available to the custom authorizer. These features are enabled by the updated Strimzi Kafka OAuth library (0.10.0).
• Add support for disabling the FIPS mode in OpenJDK
• Fix renewing your own CA certificates #5466
• Update Strimzi Kafka Bridge to 0.21.4
• Update Cruise Control to 2.5.82

All changes can be found under the 0.28.0 milestone.

Changes, deprecations and removals

• The Strimzi Identity Replication Policy (class io.strimzi.kafka.connect.mirror.IdentityReplicationPolicy) is now deprecated and will be removed in the future.
  Please update to Kafka's own Identity Replication Policy (class org.apache.kafka.connect.mirror.IdentityReplicationPolicy).
• The type field in ListenerStatus has been deprecated and will be removed in the future.

Upgrading from Strimzi 0.27

See the documentation for upgrade instructions.

Upgrading from Strimzi 0.22 or earlier

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.28 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.28 is done!

For more details about the CRD upgrades, see the documentation.

0.28.0-rc1

Main changes since 0.27

• Add support for Kafka 3.1.0; remove Kafka 2.8.0 and 2.8.1
• Add support for StrimziPodSet resources (disabled by default through the UseStrimziPodSets feature gate)
• Update Open Policy Agent authorizer to 1.4.0 and add support for enabling metrics
• Support custom authentication mechanisms in Kafka listeners
• Intra-broker disk balancing using Cruise Control
• Add connector context to the default logging configuration in Kafka Connect and Kafka Mirror Maker 2
• Added the option createBootstrapService in the Kafka Spec to disable the creation of the bootstrap service for the Load Balancer Type Listener. It will save the cost of one load balancer resource, specially in the public cloud.
• Added the connectTimeoutSeconds and readTimeoutSeconds options to OAuth authentication configuration. The default connect and read timeouts are set to 60 seconds (previously there was no timeout). Also added groupsClaim and groupsClaimDelimiter options in the listener configuration of Kafka Spec to allow extracting group information from JWT token at authentication time, and making it available to the custom authorizer. These features are enabled by the updated Strimzi Kafka OAuth library (0.10.0).
• Add support for disabling the FIPS mode in OpenJDK
• Fix renewing your own CA certificates #5466
• Update Strimzi Kafka Bridge to 0.21.4
• Update Cruise Control to 2.5.82

All changes can be found under the 0.28.0 milestone.

Changes, deprecations and removals

• The Strimzi Identity Replication Policy (class io.strimzi.kafka.connect.mirror.IdentityReplicationPolicy) is now deprecated and will be removed in the future.
  Please update to Kafka's own Identity Replication Policy (class org.apache.kafka.connect.mirror.IdentityReplicationPolicy).
• The type field in ListenerStatus has been deprecated and will be removed in the future.

Maven artifacts

To test the Maven artifacts which are part of this release, use the staging repository by including following in your pom.xml:

  <repositories>
    <repository>
      <id>staging</id>
      <url>https://oss.sonatype.org/content/repositories/iostrimzi-1164</url>
    </repository>
  </repositories>

Upgrading from Strimzi 0.27

See the documentation for upgrade instructions.

Upgrading from Strimzi 0.22 or earlier

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.28 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.28 is done!

For more details about the CRD upgrades, see the documentation.

0.27.1

Main changes since 0.27.0

• Fix Helm Chart issue when configuring additional environment variables
• Update Log4j2 to 2.17.1
• Update Fabric8 Kubernetes Client to 5.10.2

All changes can be found under the 0.27.1 milestone.

Upgrading from previous Strimzi versions

See the documentation for upgrade instructions.

Upgrading from Strimzi 0.22 or earlier

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.27 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.27 is done!

For more details about the CRD upgrades, see the documentation.

0.27.0

Main changes since 0.26

• Multi-arch container images with support for x86_64 / AMD64 and AArch64 / ARM64 platforms
  (The support AArch64 is currently considered as experimental. We are not aware of any issues, but the AArch64 build doesn't at this point undergo the same level of testing as the AMD64 container images.)
• Added the option to configure the Cluster Operator's Zookeeper admin client session timeout via an new env var: STRIMZI_ZOOKEEPER_ADMIN_SESSION_TIMEOUT_MS
• The ControlPlaneListener and ServiceAccountPatching feature gates are now in the beta phase and are enabled by default.
• Allow setting any extra environment variables for the Cluster Operator container through Helm using a new extraEnvs value.
• Added SCRAM-SHA-256 authentication for Kafka clients
• Update OPA Authorizer to 1.3.0
• Update to Cruise Control version 2.5.79
• Update Log4j2 to 2.17.0

All changes can be found under the 0.27.0 milestone.

Changes, deprecations and removals

• The ControlPlaneListener feature gate is now enabled by default.
  When upgrading from Strimzi 0.22 or earlier, you have to disable the ControlPlaneListener feature gate when upgrading the cluster operator to make sure the Kafka cluster stays available during the upgrade.
  When downgrading to Strimzi 0.22 or earlier, you have to disable the ControlPlaneListener feature gate before downgrading the cluster operator to make sure the Kafka cluster stays available during the downgrade.

Upgrading from Strimzi 0.26

See the documentation for upgrade instructions.

Upgrading from Strimzi 0.22 or earlier

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.27 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.27 is done!

For more details about the CRD upgrades, see the documentation.

0.27.0-rc2

Main changes since 0.27-rc1

• Fixed AArch64 version of the kaniko-executor container image
• Add Canary installation files to release archives

Maven artifacts

To test the Maven artifacts which are part of this release, use the staging repository by including following in your pom.xml:

  <repositories>
    <repository>
      <id>staging</id>
      <url>https://oss.sonatype.org/content/repositories/iostrimzi-1145</url>
    </repository>
  </repositories>

0.27.0-rc1

Main changes since 0.26

• Multi-arch container images with support for x86_64 / AMD64 and AArch64 / ARM64 platforms
  (The support AArch64 is currently considered as experimental. We are not aware of any issues, but the AArch64 build doesn't at this point undergo the same level of testing as the AMD64 container images.)
• Added the option to configure the Cluster Operator's Zookeeper admin client session timeout via an new env var: STRIMZI_ZOOKEEPER_ADMIN_SESSION_TIMEOUT_MS
• The ControlPlaneListener and ServiceAccountPatching feature gates are now in the beta phase and are enabled by default.
• Allow setting any extra environment variables for the Cluster Operator container through Helm using a new extraEnvs value.
• Added SCRAM-SHA-256 authentication for Kafka clients
• Update OPA Authorizer to 1.3.0
• Update to Cruise Control version 2.5.79
• Update Log4j2 to 2.17.0

All changes can be found under the 0.27.0 milestone.

Changes, deprecations and removals

• The ControlPlaneListener feature gate is now enabled by default.
  When upgrading from Strimzi 0.22 or earlier, you have to disable the ControlPlaneListener feature gate when upgrading the cluster operator to make sure the Kafka cluster stays available during the upgrade.
  When downgrading to Strimzi 0.22 or earlier, you have to disable the ControlPlaneListener feature gate before downgrading the cluster operator to make sure the Kafka cluster stays available during the downgrade.

Maven artifacts

To test the Maven artifacts which are part of this release, use the staging repository by including following in your pom.xml:

  <repositories>
    <repository>
      <id>staging</id>
      <url>https://oss.sonatype.org/content/repositories/iostrimzi-1144</url>
    </repository>
  </repositories>

Upgrading from Strimzi 0.26

See the documentation for upgrade instructions.

Upgrading from Strimzi 0.22 or earlier

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.27 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.27 is done!

For more details about the CRD upgrades, see the documentation.

0.26.1

Main changes since 0.26.0

• Updated Log4j2 to 2.15.0 to mitigate CVE-2021-44228
  • In the Strimzi operators and init containers
  • In Cruise Control
  • In the Kafka Bridge
• Documentation improvements

0.26.0

CRD Upgrades

!!! IMPORTANT !!!

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.26 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.26 is done!

For more details about the CRD upgrades, see the documentation.

Main changes since 0.25

• Add support for Kafka 2.8.1 and 3.0.0; remove Kafka 2.7.0 and 2.7.1
• Update the Open Policy Agent Authorizer to version 1.2.0
• Expose JMX port on Zookeeper nodes via a headless service
• Allow configuring labels and annotations for JMX authentication secrets
• Enable Cruise Control anomaly.detection configurations
• Add support for building connector images from the Maven coordinates
• Allow Kafka Connect Build artifacts to be downloaded from insecure servers (#5542)
• Add option to specify pull secret in Kafka Connect Build on OpenShift (#5631)
• Configurable authentication, authorization, and SSL for Cruise Control API
• Update to Cruise Control version 2.5.73
• Allow to configure /tmp volume size via Pod template. By default 1Mi is used

All changes can be found under the 0.26.0 milestone.

Changes, deprecations and removals

• imageRepositoryOverride, imageRegistryOverride and imageTagOverride are now removed from values.yaml in the Helm Chart. defaultImageRepository, defaultImageRegistry and defaultImageTag values are introduced in Helm Charts which sets the default registry, repository and tags for the images.
• The OpenShift Templates were removed from the examples and are no longer supported (#5548)
• Kafka MirrorMaker 1 has been deprecated in Apache Kafka 3.0.0 and will be removed in Apache Kafka 4.0.0. As a result, the KafkaMirrorMaker custom resource which is used to deploy Kafka MirrorMaker 1 has been deprecated in Strimzi as well. The KafkaMirrorMaker resource will be removed from Strimzi when we adopt Apache Kafka 4.0.0. As a replacement, use the KafkaMirrorMaker2 custom resource with the IdentityReplicationPolicy.

Upgrading from Strimzi 0.25

See the documentation for upgrade instructions.

0.26.0-rc1

CRD Upgrades

!!! IMPORTANT !!!

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.26 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.26 is done!

For more details about the CRD upgrades, see the documentation.

Main changes since 0.25

• Add support for Kafka 2.8.1 and 3.0.0; remove Kafka 2.7.0 and 2.7.1
• Update the Open Policy Agent Authorizer to version 1.2.0
• Expose JMX port on Zookeeper nodes via a headless service
• Allow configuring labels and annotations for JMX authentication secrets
• Enable Cruise Control anomaly.detection configurations
• Add support for building connector images from the Maven coordinates
• Allow Kafka Connect Build artifacts to be downloaded from insecure servers (#5542)
• Add option to specify pull secret in Kafka Connect Build on OpenShift (#5631)
• Configurable authentication, authorization, and SSL for Cruise Control API
• Update to Cruise Control version 2.5.73
• Allow to configure /tmp volume size via Pod template. By default 1Mi is used

All changes can be found under the 0.26.0 milestone.

Changes, deprecations and removals

• imageRepositoryOverride, imageRegistryOverride and imageTagOverride are now removed from values.yaml in the Helm Chart. defaultImageRepository, defaultImageRegistry and defaultImageTag values are introduced in Helm Charts which sets the default registry, repository and tags for the images.
• The OpenShift Templates were removed from the examples and are no longer supported (#5548)
• Kafka MirrorMaker 1 has been deprecated in Apache Kafka 3.0.0 and will be removed in Apache Kafka 4.0.0. As a result, the KafkaMirrorMaker custom resource which is used to deploy Kafka MirrorMaker 1 has been deprecated in Strimzi as well. The KafkaMirrorMaker resource will be removed from Strimzi when we adopt Apache Kafka 4.0.0. As a replacement, use the KafkaMirrorMaker2 custom resource with the IdentityReplicationPolicy.

Upgrading from Strimzi 0.25

See the documentation for upgrade instructions.