0.28.0

Main changes since 0.27

• Add support for Kafka 3.1.0; remove Kafka 2.8.0 and 2.8.1
• Add support for StrimziPodSet resources (disabled by default through the UseStrimziPodSets feature gate)
• Update Open Policy Agent authorizer to 1.4.0 and add support for enabling metrics
• Support custom authentication mechanisms in Kafka listeners
• Intra-broker disk balancing using Cruise Control
• Add connector context to the default logging configuration in Kafka Connect and Kafka Mirror Maker 2
• Added the option createBootstrapService in the Kafka Spec to disable the creation of the bootstrap service for the Load Balancer Type Listener. It will save the cost of one load balancer resource, specially in the public cloud.
• Added the connectTimeoutSeconds and readTimeoutSeconds options to OAuth authentication configuration. The default connect and read timeouts are set to 60 seconds (previously there was no timeout). Also added groupsClaim and groupsClaimDelimiter options in the listener configuration of Kafka Spec to allow extracting group information from JWT token at authentication time, and making it available to the custom authorizer. These features are enabled by the updated Strimzi Kafka OAuth library (0.10.0).
• Add support for disabling the FIPS mode in OpenJDK
• Fix renewing your own CA certificates #5466
• Update Strimzi Kafka Bridge to 0.21.4
• Update Cruise Control to 2.5.82

All changes can be found under the 0.28.0 milestone.

Changes, deprecations and removals

• The Strimzi Identity Replication Policy (class io.strimzi.kafka.connect.mirror.IdentityReplicationPolicy) is now deprecated and will be removed in the future.
  Please update to Kafka's own Identity Replication Policy (class org.apache.kafka.connect.mirror.IdentityReplicationPolicy).
• The type field in ListenerStatus has been deprecated and will be removed in the future.

Upgrading from Strimzi 0.27

See the documentation for upgrade instructions.

Upgrading from Strimzi 0.22 or earlier

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.28 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.28 is done!

For more details about the CRD upgrades, see the documentation.

0.28.0-rc1

Main changes since 0.27

• Add support for Kafka 3.1.0; remove Kafka 2.8.0 and 2.8.1
• Add support for StrimziPodSet resources (disabled by default through the UseStrimziPodSets feature gate)
• Update Open Policy Agent authorizer to 1.4.0 and add support for enabling metrics
• Support custom authentication mechanisms in Kafka listeners
• Intra-broker disk balancing using Cruise Control
• Add connector context to the default logging configuration in Kafka Connect and Kafka Mirror Maker 2
• Added the option createBootstrapService in the Kafka Spec to disable the creation of the bootstrap service for the Load Balancer Type Listener. It will save the cost of one load balancer resource, specially in the public cloud.
• Added the connectTimeoutSeconds and readTimeoutSeconds options to OAuth authentication configuration. The default connect and read timeouts are set to 60 seconds (previously there was no timeout). Also added groupsClaim and groupsClaimDelimiter options in the listener configuration of Kafka Spec to allow extracting group information from JWT token at authentication time, and making it available to the custom authorizer. These features are enabled by the updated Strimzi Kafka OAuth library (0.10.0).
• Add support for disabling the FIPS mode in OpenJDK
• Fix renewing your own CA certificates #5466
• Update Strimzi Kafka Bridge to 0.21.4
• Update Cruise Control to 2.5.82

All changes can be found under the 0.28.0 milestone.

Changes, deprecations and removals

• The Strimzi Identity Replication Policy (class io.strimzi.kafka.connect.mirror.IdentityReplicationPolicy) is now deprecated and will be removed in the future.
  Please update to Kafka's own Identity Replication Policy (class org.apache.kafka.connect.mirror.IdentityReplicationPolicy).
• The type field in ListenerStatus has been deprecated and will be removed in the future.

Maven artifacts

To test the Maven artifacts which are part of this release, use the staging repository by including following in your pom.xml:

  <repositories>
    <repository>
      <id>staging</id>
      <url>https://oss.sonatype.org/content/repositories/iostrimzi-1164</url>
    </repository>
  </repositories>

Upgrading from Strimzi 0.27

See the documentation for upgrade instructions.

Upgrading from Strimzi 0.22 or earlier

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.28 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.28 is done!

For more details about the CRD upgrades, see the documentation.

0.27.1

Main changes since 0.27.0

• Fix Helm Chart issue when configuring additional environment variables
• Update Log4j2 to 2.17.1
• Update Fabric8 Kubernetes Client to 5.10.2

All changes can be found under the 0.27.1 milestone.

Upgrading from previous Strimzi versions

See the documentation for upgrade instructions.

Upgrading from Strimzi 0.22 or earlier

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.27 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.27 is done!

For more details about the CRD upgrades, see the documentation.

0.27.0

Main changes since 0.26

• Multi-arch container images with support for x86_64 / AMD64 and AArch64 / ARM64 platforms
  (The support AArch64 is currently considered as experimental. We are not aware of any issues, but the AArch64 build doesn't at this point undergo the same level of testing as the AMD64 container images.)
• Added the option to configure the Cluster Operator's Zookeeper admin client session timeout via an new env var: STRIMZI_ZOOKEEPER_ADMIN_SESSION_TIMEOUT_MS
• The ControlPlaneListener and ServiceAccountPatching feature gates are now in the beta phase and are enabled by default.
• Allow setting any extra environment variables for the Cluster Operator container through Helm using a new extraEnvs value.
• Added SCRAM-SHA-256 authentication for Kafka clients
• Update OPA Authorizer to 1.3.0
• Update to Cruise Control version 2.5.79
• Update Log4j2 to 2.17.0

All changes can be found under the 0.27.0 milestone.

Changes, deprecations and removals

• The ControlPlaneListener feature gate is now enabled by default.
  When upgrading from Strimzi 0.22 or earlier, you have to disable the ControlPlaneListener feature gate when upgrading the cluster operator to make sure the Kafka cluster stays available during the upgrade.
  When downgrading to Strimzi 0.22 or earlier, you have to disable the ControlPlaneListener feature gate before downgrading the cluster operator to make sure the Kafka cluster stays available during the downgrade.

Upgrading from Strimzi 0.26

See the documentation for upgrade instructions.

Upgrading from Strimzi 0.22 or earlier

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.27 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.27 is done!

For more details about the CRD upgrades, see the documentation.

0.27.0-rc2

Main changes since 0.27-rc1

• Fixed AArch64 version of the kaniko-executor container image
• Add Canary installation files to release archives

Maven artifacts

To test the Maven artifacts which are part of this release, use the staging repository by including following in your pom.xml:

  <repositories>
    <repository>
      <id>staging</id>
      <url>https://oss.sonatype.org/content/repositories/iostrimzi-1145</url>
    </repository>
  </repositories>

0.27.0-rc1

Main changes since 0.26

• Multi-arch container images with support for x86_64 / AMD64 and AArch64 / ARM64 platforms
  (The support AArch64 is currently considered as experimental. We are not aware of any issues, but the AArch64 build doesn't at this point undergo the same level of testing as the AMD64 container images.)
• Added the option to configure the Cluster Operator's Zookeeper admin client session timeout via an new env var: STRIMZI_ZOOKEEPER_ADMIN_SESSION_TIMEOUT_MS
• The ControlPlaneListener and ServiceAccountPatching feature gates are now in the beta phase and are enabled by default.
• Allow setting any extra environment variables for the Cluster Operator container through Helm using a new extraEnvs value.
• Added SCRAM-SHA-256 authentication for Kafka clients
• Update OPA Authorizer to 1.3.0
• Update to Cruise Control version 2.5.79
• Update Log4j2 to 2.17.0

All changes can be found under the 0.27.0 milestone.

Changes, deprecations and removals

• The ControlPlaneListener feature gate is now enabled by default.
  When upgrading from Strimzi 0.22 or earlier, you have to disable the ControlPlaneListener feature gate when upgrading the cluster operator to make sure the Kafka cluster stays available during the upgrade.
  When downgrading to Strimzi 0.22 or earlier, you have to disable the ControlPlaneListener feature gate before downgrading the cluster operator to make sure the Kafka cluster stays available during the downgrade.

Maven artifacts

To test the Maven artifacts which are part of this release, use the staging repository by including following in your pom.xml:

  <repositories>
    <repository>
      <id>staging</id>
      <url>https://oss.sonatype.org/content/repositories/iostrimzi-1144</url>
    </repository>
  </repositories>

Upgrading from Strimzi 0.26

See the documentation for upgrade instructions.

Upgrading from Strimzi 0.22 or earlier

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.27 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.27 is done!

For more details about the CRD upgrades, see the documentation.

0.26.1

Main changes since 0.26.0

• Updated Log4j2 to 2.15.0 to mitigate CVE-2021-44228
  • In the Strimzi operators and init containers
  • In Cruise Control
  • In the Kafka Bridge
• Documentation improvements

0.26.0

CRD Upgrades

!!! IMPORTANT !!!

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.26 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.26 is done!

For more details about the CRD upgrades, see the documentation.

Main changes since 0.25

• Add support for Kafka 2.8.1 and 3.0.0; remove Kafka 2.7.0 and 2.7.1
• Update the Open Policy Agent Authorizer to version 1.2.0
• Expose JMX port on Zookeeper nodes via a headless service
• Allow configuring labels and annotations for JMX authentication secrets
• Enable Cruise Control anomaly.detection configurations
• Add support for building connector images from the Maven coordinates
• Allow Kafka Connect Build artifacts to be downloaded from insecure servers (#5542)
• Add option to specify pull secret in Kafka Connect Build on OpenShift (#5631)
• Configurable authentication, authorization, and SSL for Cruise Control API
• Update to Cruise Control version 2.5.73
• Allow to configure /tmp volume size via Pod template. By default 1Mi is used

All changes can be found under the 0.26.0 milestone.

Changes, deprecations and removals

• imageRepositoryOverride, imageRegistryOverride and imageTagOverride are now removed from values.yaml in the Helm Chart. defaultImageRepository, defaultImageRegistry and defaultImageTag values are introduced in Helm Charts which sets the default registry, repository and tags for the images.
• The OpenShift Templates were removed from the examples and are no longer supported (#5548)
• Kafka MirrorMaker 1 has been deprecated in Apache Kafka 3.0.0 and will be removed in Apache Kafka 4.0.0. As a result, the KafkaMirrorMaker custom resource which is used to deploy Kafka MirrorMaker 1 has been deprecated in Strimzi as well. The KafkaMirrorMaker resource will be removed from Strimzi when we adopt Apache Kafka 4.0.0. As a replacement, use the KafkaMirrorMaker2 custom resource with the IdentityReplicationPolicy.

Upgrading from Strimzi 0.25

See the documentation for upgrade instructions.

0.26.0-rc1

CRD Upgrades

!!! IMPORTANT !!!

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.26 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.26 is done!

For more details about the CRD upgrades, see the documentation.

Main changes since 0.25

• Add support for Kafka 2.8.1 and 3.0.0; remove Kafka 2.7.0 and 2.7.1
• Update the Open Policy Agent Authorizer to version 1.2.0
• Expose JMX port on Zookeeper nodes via a headless service
• Allow configuring labels and annotations for JMX authentication secrets
• Enable Cruise Control anomaly.detection configurations
• Add support for building connector images from the Maven coordinates
• Allow Kafka Connect Build artifacts to be downloaded from insecure servers (#5542)
• Add option to specify pull secret in Kafka Connect Build on OpenShift (#5631)
• Configurable authentication, authorization, and SSL for Cruise Control API
• Update to Cruise Control version 2.5.73
• Allow to configure /tmp volume size via Pod template. By default 1Mi is used

All changes can be found under the 0.26.0 milestone.

Changes, deprecations and removals

• imageRepositoryOverride, imageRegistryOverride and imageTagOverride are now removed from values.yaml in the Helm Chart. defaultImageRepository, defaultImageRegistry and defaultImageTag values are introduced in Helm Charts which sets the default registry, repository and tags for the images.
• The OpenShift Templates were removed from the examples and are no longer supported (#5548)
• Kafka MirrorMaker 1 has been deprecated in Apache Kafka 3.0.0 and will be removed in Apache Kafka 4.0.0. As a result, the KafkaMirrorMaker custom resource which is used to deploy Kafka MirrorMaker 1 has been deprecated in Strimzi as well. The KafkaMirrorMaker resource will be removed from Strimzi when we adopt Apache Kafka 4.0.0. As a replacement, use the KafkaMirrorMaker2 custom resource with the IdentityReplicationPolicy.

Upgrading from Strimzi 0.25

See the documentation for upgrade instructions.

0.25.0

CRD Upgrades

!!! IMPORTANT !!!

This release supports only the API version v1beta2 and CRD version apiextensions.k8s.io/v1. If upgrading from Strimzi 0.22, migration to v1beta2 needs to be completed for all Strimzi CRDs and CRs before the upgrade to 0.25 is done! If upgrading from Strimzi version earlier than 0.22, you need to first install the CRDs from Strimzi 0.22 and complete the migration to v1beta2 for all Strimzi CRDs and CRs before the upgrade to 0.25 is done!

For more details about the CRD upgrades, see the documentation.

Main changes since 0.24

• Move from Scala 2.12 to Scala 2.13. (#5192)
• Open Policy Agent authorizer updated to a new version supporting Scala 2.13. See the Changes, deprecations and removals sections for more details. (#5192)
• Allow a custom password to be set for SCRAM-SHA-512 users by referencing a secret in the KafkaUser resource
• Add support for EnvVar Configuration Provider for Apache Kafka
• Add support for tls-external authentication to User Operator to allow management of ACLs and Quotas for TLS users with user certificates generated externally (#5249)
• Support for disabling the automatic generation of network policies by the Cluster Operator. Set the Cluster Operator's STRIMZI_NETWORK_POLICY_GENERATION environment variable to false to disable network policies. (#5258)
• Update User Operator to use Admin API for managing SCRAM-SHA-512 users
• Configure fixed size limit for emptyDir volumes used for temporary files (#5340)
• Update Strimzi Kafka Bridge to 0.20.2

All changes can be found under the 0.25.0 milestone.

Changes, deprecations and removals

• The KafkaConnectS2I resource has been removed and is no longer supported by the operator.
  Please use the migration guide to migrate your KafkaConnectS2I deployments to KafkaConnect Build instead.
• The Open Policy Agent authorizer has been updated to a new version that supports Scala 2.13.
  The new release introduces a new format of the input data sent to the Open Policy Agent server.
  For more information about the new format and how to migrate from the old version, see the OPA Kafka plugin v1.0.0 release notes.
• User Operator now uses Kafka Admin API to manage SCRAM-SHA-512 credentials.
  All operations done by the User Operator now use Kafka Admin API and connect directly to Kafka instead of ZooKeeper.
  As a result, the environment variables STRIMZI_ZOOKEEPER_CONNECT and STRIMZI_ZOOKEEPER_SESSION_TIMEOUT_MS were removed from the User Operator configuration.
• All emptyDir volumes used by Strimzi for temporary files have now configured a fixed size limit.
• Annotate Cluster Operator resource metrics with a namespace label

Upgrading from Strimzi 0.24

See the documentation for upgrade instructions.