strimzi/strimzi-kafka-operator 0.49.0 on GitHub

⚠️ IMPORTANT: Strimzi 0.49 introduces new API version v1 to all Strimzi custom resources.

Make sure to Upgrade the CRDs as part of the Strimzi upgrade as well (especially when using Helm).
The old API versions (v1alpha1, v1beta1, and v1beta2) will continue to be supported until Strimzi 1.0.0 / 0.52.0.
Before upgrading to Strimzi 0.49.0 or newer, make sure that you update your KafkaUser resources to use the .spec.authorization.acls[]operations field instead of the deprecated .spec.authorization.acls[]operation.
For more details about the migration to the v1 API and CRD upgrades, see the documentation.

Main changes since 0.48

This release contains the following new features and improvements:

Introduce the v1 API to Strimzi CRDs and move User and Topic Operators to use it.
The v1 API Conversion Tool can be used to convert the resources in files or in your Kubernetes cluter from the v1beta2 API to the v1 API.
Add support for Kafka 4.1.1 and 4.0.1
Set blockOwnerDeletion to true in the owner references in Strimzi managed resources.
Deleting the Strimzi custom resources will now, by default, wait for the deletion of all the owned Kubernetes resources.
Make .spec.replicas properties required in the v1 of the KafkaBridge, KafkaConnect, and KafkaMirrorMaker2 custom resources.
New fields .spec.groupId, .spec.configStorageTopic, .spec.offsetStorageTopic, and .spec.statusStorageTopic in the KafkaConnect custom resource for configuring Connect's group ID and internal topics.
New way of defining the target (.spec.target) and source clusters (.spec.mirrors[].source) in the KafkaMirrorMaker2 custom resources.
Improved behavior for merging the Kafka and KafkaNodePool template sections.
The templates are now merged at a property level.
If two different properties are defined in the two template sections, both are applied.
If the same property is defined in both template sections, only the property from the KafkaNodePool template is used.
See the Strimzi Proposal 120 for more details.
New feature gate UseConnectBuildWithBuildah (disabled by default) for running the Connect Build feature with Buildah instead of Kaniko on Kubernetes - according to Strimzi Proposal #114.
New field spec.version in the KafkaConnecter custom resource, and new version fields for each connector under spec.mirrors[] in the KafkaMirrorMaker2 custom resource for configuring the desired version of a connector.
New field .volumeAttributesClass for persistent-claim type Storage in Kafka and KafkaNodePool custom resource. Enables configuring VolumeAttributesClass for PersistentVolumeClaims available since Kubernetes v1.34.

All changes can be found under the 0.49.0 milestone.

Major changes, deprecations, and removals

There are also many important changes, deprecations, and removals:

This version introduces a new API version to our CRDs.
Before upgrading to Strimzi 0.49 or newer, make sure that you update your KafkaUser resources to use the .spec.authorization.acls[]operations field instead of the deprecated .spec.authorization.acls[]operation.
Especially when using Helm, make sure that the CRDs are updated when you upgrade the operator.
When rack-awareness is enabled in the Kafka custom resource (.spec.kafka.rack), Strimzi will not automatically add the best-effort-affinity rules for spreading the Kafka Pods between the zones.
Please make sure to set your own topologySpreadConstraint or affinity rules instead.
The .status.kafkaMetadataState field in the Kafka custom resource is deprecated and not used anymore.
The type: oauth authentication in Kafka brokers and Kafka clients (Kafka Connect, MirrorMaker 2, and Strimzi HTTP Bridge) has been deprecated.
Please use the type: custom authentication instead.
The Strimzi OAuth library continues to be packaged with the Strimzi container images.
Follow the documentation for the examples and migration details.
The Keycloak authorization (type: keycloak) has been deprecated and will be removed in the future.
To use the Keycloak authorizer, you can use the type: custom authorization.
The Strimzi OAuth library with the Keycloak authorizer continues to be packaged with the Strimzi container images.
Follow the documentation for the examples and migration details.
CPU and memory configuration for the Kafka nodes in .spec.kafka.resources is deprecated and will be removed in the v1 CRD API.
Please use the KafkaNodePool resources to configure CPU and memory for Kafka nodes.
The group.id, config.storage.topic, offset.storage.topic, and status.storage.topic fields in .spec.config section of the KafkaConnect resource are deprecated and will be forbidden in the v1 CRD API.
Please use the new .spec.groupId, .spec.configStorageTopic, .spec.offsetStorageTopic, and .spec.statusStorageTopic fields instead.
The .spec.connectCluster, .spec.clusters, .spec.mirrors[].sourceCluster, .spec.mirrors[].targetCluster, and .spec.mirrors[].heartbeatConnector fields of the KafkaMirrorMaker2 resource are deprecated and will be removed in the v1 CRD API.
Please use the new fields .spec.target and .spec.mirrors[].source instead to configure the source and target clusters.
If you want to deploy and run the Heartbeat connector, you can use separate KafkaConnect and KafkaConnector custom resources.
The .spec.build.output.additionalKanikoOptions field in the KafkaConnect custom resource is deprecated and will be removed in the future.
- Use .spec.build.output.additionalBuildOptions field instead.
The way the template properties in the Kafka and KafkaNodePool resources are handled has changed.
See the 0.49.0 section or the Strimzi Proposal 120 for more details.
Kafka nodes are now configured with PEM certificates instead of P12/JKS for keystore and truststore.
Configuring connector.plugin.version under spec.config in the KafkaConnector custom resource, and under spec.mirrors[].sourceConnector.config, spec.mirrors[].checkpointConnector.config, and spec.mirrors[].heartbeatConnector.config in the KafkaMirrorMaker2 custom resource is deprecated and will be forbidden in Strimzi 0.50.0.
Instead, please use spec.version in the KafkaConnecter custom resource, and the connector specific version fields in the KafkaMirrorMaker2 custom resource.

Known issues

Kafka Connect Build with Buildah (UseConnectBuildWithBuildah feature gate enabled) fails to push to container registries with authentication (#12157)

Upgrading from Strimzi 0.48.0

See the documentation for upgrade instructions.

Container images

The following container images are part of this release:

Name	Image
Operators	`quay.io/strimzi/operator@sha256:03c1eab418b7c0d0711d47d7b140d19bc9c8e4b6a590d0fe27193afe8e8a414a`
Apache Kafka 4.0.0	`quay.io/strimzi/kafka@sha256:4597937c5addc051f3c623b18f7dab95c7ecb45a6a3a36bb53680838058b4498`
Apache Kafka 4.0.1	`quay.io/strimzi/kafka@sha256:ef62adf737d52e98e0c09d6c988b4c82491916fe94f188a2b0b556b8fcb886ae`
Apache Kafka 4.1.0	`quay.io/strimzi/kafka@sha256:7a08fc4adddd559469921a200763c566003b5606ec2f86d3b21b0ceb4b4a5e89`
Apache Kafka 4.1.1	`quay.io/strimzi/kafka@sha256:435fcab3d03d2b829c54d602e2860a5d6769ad2d30bf05261e78126b5b716ec5`
Strimzi Bridge	`quay.io/strimzi/kafka-bridge@sha256:53034f64f0b672f10b5bacea1c7a25132f118df7fd5c9032c4dbf702ed93796a`
Kaniko executor	`quay.io/strimzi/kaniko-executor@sha256:a5088c14d7b8bf1d336669cba047b971bf3ece8969647dae2c1e3a07a7be0c5e`
Maven Builder	`quay.io/strimzi/maven-builder@sha256:0bdebb0e3e0bac382449c5d6d7a421d908acad8ff045aab7c833f8d9863b2073`
Buildah builder	`quay.io/strimzi/buildah@sha256:ba89470b45a49e5e09aaab91a5c3c03ecb14f9013d598bc14b3d756eb9a145b4`

New Contributors

@rodrigo-molina made their first contribution in #11917
@totochichi made their first contribution in #11948
@championshuttler made their first contribution in #11995
@Smoothengineer made their first contribution in #11953
@Firoj-Patel made their first contribution in #12044
@TanmaySrivastav made their first contribution in #12019

Full Changelog: 0.48.0...0.49.0-rc1