From 15585fc45f8db221d7036288f04732b4abe25073 Mon Sep 17 00:00:00 2001 From: Jakub Scholz Date: Fri, 23 Aug 2024 14:30:48 +0200 Subject: [PATCH] Add Strimzi 0.43.0 to the main branch Signed-off-by: Jakub Scholz --- .checksums | 6 +- examples/connect/kafka-connect-build.yaml | 6 +- examples/connect/kafka-connect.yaml | 2 +- .../kafka-cruise-control-with-goals.yaml | 4 +- .../cruise-control/kafka-cruise-control.yaml | 4 +- examples/kafka/kafka-ephemeral-single.yaml | 4 +- examples/kafka/kafka-ephemeral.yaml | 4 +- examples/kafka/kafka-jbod.yaml | 4 +- examples/kafka/kafka-persistent-single.yaml | 4 +- examples/kafka/kafka-persistent.yaml | 4 +- examples/kafka/kafka-with-node-pools.yaml | 4 +- examples/kafka/kraft/kafka-ephemeral.yaml | 4 +- examples/kafka/kraft/kafka-jbod.yaml | 8 +- examples/kafka/kraft/kafka-single-node.yaml | 4 +- .../kraft/kafka-with-dual-role-nodes.yaml | 4 +- examples/kafka/kraft/kafka.yaml | 4 +- .../strimzi-kafka-exporter.json | 6 +- examples/metrics/kafka-connect-metrics.yaml | 2 +- .../metrics/kafka-cruise-control-metrics.yaml | 4 +- examples/metrics/kafka-metrics.yaml | 4 +- .../metrics/kafka-mirror-maker-2-metrics.yaml | 2 +- .../prometheus-install/prometheus-rules.yaml | 22 +- ...ror-maker-2-custom-replication-policy.yaml | 2 +- .../kafka-mirror-maker-2-sync-groups.yaml | 2 +- .../kafka-mirror-maker-2-tls.yaml | 2 +- .../mirror-maker/kafka-mirror-maker-2.yaml | 2 +- .../mirror-maker/kafka-mirror-maker-tls.yaml | 2 +- examples/mirror-maker/kafka-mirror-maker.yaml | 2 +- examples/mirror-maker/kafka-source.yaml | 4 +- examples/mirror-maker/kafka-target.yaml | 4 +- .../security/keycloak-authorization/README.md | 4 +- ...l-oauth-single-keycloak-authz-metrics.yaml | 4 +- ...ephemeral-oauth-single-keycloak-authz.yaml | 4 +- .../security/scram-sha-512-auth/connect.yaml | 2 +- .../security/scram-sha-512-auth/kafka.yaml | 4 +- .../scram-sha-512-auth/mirror-maker-2.yaml | 10 +- examples/security/tls-auth/connect.yaml | 2 +- examples/security/tls-auth/kafka.yaml | 4 +- .../security/tls-auth/mirror-maker-2.yaml | 10 +- .../helm3/strimzi-kafka-operator/README.md | 10 +- .../crds/040-Crd-kafka.yaml | 796 +++++++++++++++++- .../crds/041-Crd-kafkaconnect.yaml | 251 +++++- .../crds/044-Crd-kafkauser.yaml | 6 +- .../crds/045-Crd-kafkamirrormaker.yaml | 155 +++- .../crds/046-Crd-kafkabridge.yaml | 152 +++- .../crds/048-Crd-kafkamirrormaker2.yaml | 251 +++++- .../crds/04A-Crd-kafkanodepool.yaml | 125 ++- .../strimzi-kafka-exporter.json | 6 +- .../templates/_kafka_image_map.tpl | 20 +- .../helm3/strimzi-kafka-operator/values.yaml | 4 +- install/cluster-operator/040-Crd-kafka.yaml | 796 +++++++++++++++++- .../041-Crd-kafkaconnect.yaml | 251 +++++- .../cluster-operator/044-Crd-kafkauser.yaml | 6 +- .../045-Crd-kafkamirrormaker.yaml | 155 +++- .../cluster-operator/046-Crd-kafkabridge.yaml | 152 +++- .../048-Crd-kafkamirrormaker2.yaml | 251 +++++- .../04A-Crd-kafkanodepool.yaml | 125 ++- ...0-Deployment-strimzi-cluster-operator.yaml | 50 +- .../certmanager/060-Deployment.yaml | 2 +- .../kubernetes/060-Deployment.yaml | 2 +- .../openshift/060-Deployment.yaml | 2 +- .../05-Deployment-strimzi-topic-operator.yaml | 2 +- install/user-operator/04-Crd-kafkauser.yaml | 6 +- .../05-Deployment-strimzi-user-operator.yaml | 2 +- 64 files changed, 3519 insertions(+), 233 deletions(-) diff --git a/.checksums b/.checksums index 4dfb902d570..d1685012353 100644 --- a/.checksums +++ b/.checksums @@ -6,7 +6,7 @@ # if this checksum has changed as part of any non-release specific changes, please apply your changes to the # development version of the helm charts in ./packaging/helm-charts ### IMPORTANT ### -HELM_CHART_CHECKSUM="6c32d691be37e95c68638288275ad47b5a275d8e -" +HELM_CHART_CHECKSUM="64d42b4573b0d8bb6d1ae2748b9382da068ab751 -" ### IMPORTANT ### # if the below line has changed, this means the ./install directory has changed @@ -14,7 +14,7 @@ HELM_CHART_CHECKSUM="6c32d691be37e95c68638288275ad47b5a275d8e -" # if this checksum has changed as part of any non-release specific changes, please apply your changes to the # development version of the helm charts in ./packaging/install ### IMPORTANT ### -INSTALL_CHECKSUM="dc760e2f067bb7eb2ef769b8d9a81c20f0e64ad7 -" +INSTALL_CHECKSUM="8b62c04d5a5370e0efad1dac8bfbcc1b7b16cc47 -" ### IMPORTANT ### # if the below line has changed, this means the ./examples directory has changed @@ -22,4 +22,4 @@ INSTALL_CHECKSUM="dc760e2f067bb7eb2ef769b8d9a81c20f0e64ad7 -" # if this checksum has changed as part of any non-release specific changes, please apply your changes to the # development version of the helm charts in ./packaging/examples ### IMPORTANT ### -EXAMPLES_CHECKSUM="22ff8d529ae76aad35d7437eaf1bbd58d5451f12 -" +EXAMPLES_CHECKSUM="a1d55c2ca5a4b8cd5df18e7c8cecd6afcf093de1 -" diff --git a/examples/connect/kafka-connect-build.yaml b/examples/connect/kafka-connect-build.yaml index b7b8a5e6056..d85ae7bc6c0 100644 --- a/examples/connect/kafka-connect-build.yaml +++ b/examples/connect/kafka-connect-build.yaml @@ -8,7 +8,7 @@ metadata: # # needing to call the Connect REST API directly # strimzi.io/use-connector-resources: "true" spec: - version: 3.7.1 + version: 3.8.0 replicas: 1 bootstrapServers: my-cluster-kafka-bootstrap:9093 tls: @@ -33,11 +33,11 @@ spec: # it should not happen that you pull someone else's container image. However, we # recommend changing this to your own container registry or using a different # image name for any other than demo purposes. - image: ttl.sh/strimzi-connect-example-3.7.1:24h + image: ttl.sh/strimzi-connect-example-3.8.0:24h plugins: - name: kafka-connect-file artifacts: - type: maven group: org.apache.kafka artifact: connect-file - version: 3.7.1 + version: 3.8.0 diff --git a/examples/connect/kafka-connect.yaml b/examples/connect/kafka-connect.yaml index 865f40d16bd..b52eedc5fc1 100644 --- a/examples/connect/kafka-connect.yaml +++ b/examples/connect/kafka-connect.yaml @@ -8,7 +8,7 @@ metadata: # # needing to call the Connect REST API directly # strimzi.io/use-connector-resources: "true" spec: - version: 3.7.1 + version: 3.8.0 replicas: 1 bootstrapServers: my-cluster-kafka-bootstrap:9093 tls: diff --git a/examples/cruise-control/kafka-cruise-control-with-goals.yaml b/examples/cruise-control/kafka-cruise-control-with-goals.yaml index a0e3523ef7b..e4909b78b54 100644 --- a/examples/cruise-control/kafka-cruise-control-with-goals.yaml +++ b/examples/cruise-control/kafka-cruise-control-with-goals.yaml @@ -4,7 +4,7 @@ metadata: name: my-cluster spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 3 listeners: - name: plain @@ -21,7 +21,7 @@ spec: transaction.state.log.min.isr: 2 default.replication.factor: 3 min.insync.replicas: 2 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: ephemeral zookeeper: diff --git a/examples/cruise-control/kafka-cruise-control.yaml b/examples/cruise-control/kafka-cruise-control.yaml index 767c972d69b..0fc8051a387 100644 --- a/examples/cruise-control/kafka-cruise-control.yaml +++ b/examples/cruise-control/kafka-cruise-control.yaml @@ -4,7 +4,7 @@ metadata: name: my-cluster spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 3 listeners: - name: plain @@ -21,7 +21,7 @@ spec: transaction.state.log.min.isr: 2 default.replication.factor: 3 min.insync.replicas: 2 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: ephemeral zookeeper: diff --git a/examples/kafka/kafka-ephemeral-single.yaml b/examples/kafka/kafka-ephemeral-single.yaml index 21886439f11..8d0b9377fa8 100644 --- a/examples/kafka/kafka-ephemeral-single.yaml +++ b/examples/kafka/kafka-ephemeral-single.yaml @@ -4,7 +4,7 @@ metadata: name: my-cluster spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 1 listeners: - name: plain @@ -21,7 +21,7 @@ spec: transaction.state.log.min.isr: 1 default.replication.factor: 1 min.insync.replicas: 1 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: ephemeral zookeeper: diff --git a/examples/kafka/kafka-ephemeral.yaml b/examples/kafka/kafka-ephemeral.yaml index 021da86e347..7dc41ff1a17 100644 --- a/examples/kafka/kafka-ephemeral.yaml +++ b/examples/kafka/kafka-ephemeral.yaml @@ -4,7 +4,7 @@ metadata: name: my-cluster spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 3 listeners: - name: plain @@ -21,7 +21,7 @@ spec: transaction.state.log.min.isr: 2 default.replication.factor: 3 min.insync.replicas: 2 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: ephemeral zookeeper: diff --git a/examples/kafka/kafka-jbod.yaml b/examples/kafka/kafka-jbod.yaml index 6b7086855a7..321ebaa3926 100644 --- a/examples/kafka/kafka-jbod.yaml +++ b/examples/kafka/kafka-jbod.yaml @@ -4,7 +4,7 @@ metadata: name: my-cluster spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 3 listeners: - name: plain @@ -21,7 +21,7 @@ spec: transaction.state.log.min.isr: 2 default.replication.factor: 3 min.insync.replicas: 2 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: jbod volumes: diff --git a/examples/kafka/kafka-persistent-single.yaml b/examples/kafka/kafka-persistent-single.yaml index 657e80195d7..cb1ffdce8af 100644 --- a/examples/kafka/kafka-persistent-single.yaml +++ b/examples/kafka/kafka-persistent-single.yaml @@ -4,7 +4,7 @@ metadata: name: my-cluster spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 1 listeners: - name: plain @@ -21,7 +21,7 @@ spec: transaction.state.log.min.isr: 1 default.replication.factor: 1 min.insync.replicas: 1 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: jbod volumes: diff --git a/examples/kafka/kafka-persistent.yaml b/examples/kafka/kafka-persistent.yaml index a1b30b9e284..dcec81416f7 100644 --- a/examples/kafka/kafka-persistent.yaml +++ b/examples/kafka/kafka-persistent.yaml @@ -4,7 +4,7 @@ metadata: name: my-cluster spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 3 listeners: - name: plain @@ -21,7 +21,7 @@ spec: transaction.state.log.min.isr: 2 default.replication.factor: 3 min.insync.replicas: 2 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: jbod volumes: diff --git a/examples/kafka/kafka-with-node-pools.yaml b/examples/kafka/kafka-with-node-pools.yaml index af14857ea61..3811a75f063 100644 --- a/examples/kafka/kafka-with-node-pools.yaml +++ b/examples/kafka/kafka-with-node-pools.yaml @@ -44,7 +44,7 @@ metadata: strimzi.io/node-pools: enabled spec: kafka: - version: 3.7.1 + version: 3.8.0 listeners: - name: plain port: 9092 @@ -60,7 +60,7 @@ spec: transaction.state.log.min.isr: 2 default.replication.factor: 3 min.insync.replicas: 2 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" zookeeper: replicas: 3 storage: diff --git a/examples/kafka/kraft/kafka-ephemeral.yaml b/examples/kafka/kraft/kafka-ephemeral.yaml index 6bcd2ff9ea0..a210f3ff356 100644 --- a/examples/kafka/kraft/kafka-ephemeral.yaml +++ b/examples/kafka/kraft/kafka-ephemeral.yaml @@ -43,8 +43,8 @@ metadata: strimzi.io/kraft: enabled spec: kafka: - version: 3.7.1 - metadataVersion: 3.7-IV4 + version: 3.8.0 + metadataVersion: 3.8-IV0 listeners: - name: plain port: 9092 diff --git a/examples/kafka/kraft/kafka-jbod.yaml b/examples/kafka/kraft/kafka-jbod.yaml index 97193d7a9fd..9e8c7ccd8f7 100644 --- a/examples/kafka/kraft/kafka-jbod.yaml +++ b/examples/kafka/kraft/kafka-jbod.yaml @@ -1,6 +1,3 @@ -######### -# IMPORTANT: JBOD storage with multiple volumes in KRaft mode is supported only in Apache Kafka 3.7.0 and newer! -######### apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaNodePool metadata: @@ -34,7 +31,6 @@ spec: storage: type: jbod volumes: - # IMPORTANT: JBOD storage with multiple volumes in KRaft mode is supported only in Apache Kafka 3.7.0 and newer! - id: 0 type: persistent-claim size: 100Gi @@ -56,8 +52,8 @@ metadata: strimzi.io/kraft: enabled spec: kafka: - version: 3.7.1 - metadataVersion: 3.7-IV4 + version: 3.8.0 + metadataVersion: 3.8-IV0 listeners: - name: plain port: 9092 diff --git a/examples/kafka/kraft/kafka-single-node.yaml b/examples/kafka/kraft/kafka-single-node.yaml index 724c7626df8..8ba85270117 100644 --- a/examples/kafka/kraft/kafka-single-node.yaml +++ b/examples/kafka/kraft/kafka-single-node.yaml @@ -28,8 +28,8 @@ metadata: strimzi.io/kraft: enabled spec: kafka: - version: 3.7.1 - metadataVersion: 3.7-IV4 + version: 3.8.0 + metadataVersion: 3.8-IV0 listeners: - name: plain port: 9092 diff --git a/examples/kafka/kraft/kafka-with-dual-role-nodes.yaml b/examples/kafka/kraft/kafka-with-dual-role-nodes.yaml index 0f17b24b4dc..2720a6c0c0d 100644 --- a/examples/kafka/kraft/kafka-with-dual-role-nodes.yaml +++ b/examples/kafka/kraft/kafka-with-dual-role-nodes.yaml @@ -28,8 +28,8 @@ metadata: strimzi.io/kraft: enabled spec: kafka: - version: 3.7.1 - metadataVersion: 3.7-IV4 + version: 3.8.0 + metadataVersion: 3.8-IV0 listeners: - name: plain port: 9092 diff --git a/examples/kafka/kraft/kafka.yaml b/examples/kafka/kraft/kafka.yaml index 1aac78cd262..1367a45c566 100644 --- a/examples/kafka/kraft/kafka.yaml +++ b/examples/kafka/kraft/kafka.yaml @@ -47,8 +47,8 @@ metadata: strimzi.io/kraft: enabled spec: kafka: - version: 3.7.1 - metadataVersion: 3.7-IV4 + version: 3.8.0 + metadataVersion: 3.8-IV0 listeners: - name: plain port: 9092 diff --git a/examples/metrics/grafana-dashboards/strimzi-kafka-exporter.json b/examples/metrics/grafana-dashboards/strimzi-kafka-exporter.json index 317c64b3166..20a78fd36c6 100644 --- a/examples/metrics/grafana-dashboards/strimzi-kafka-exporter.json +++ b/examples/metrics/grafana-dashboards/strimzi-kafka-exporter.json @@ -819,7 +819,7 @@ "targets": [ { "datasource": "${DS_PROMETHEUS}", - "expr": "sum(delta(kafka_consumergroup_current_offset{consumergroup=~\"$consumergroup\",topic=~\"$topic\", namespace=~\"$kubernetes_namespace\"}[5m])/60) by (consumergroup, topic)", + "expr": "sum(delta(kafka_consumergroup_current_offset{consumergroup=~\"$consumergroup\",topic=~\"$topic\", namespace=~\"$kubernetes_namespace\"}[5m])/300) by (consumergroup, topic)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{consumergroup}} (topic: {{topic}})", @@ -1520,7 +1520,7 @@ "multi": false, "name": "kubernetes_namespace", "options": [], - "query": "query_result(kafka_exporter_build_info)", + "query": "query_result(kafka_broker_info)", "refresh": 1, "regex": "/.*namespace=\"([^\"]*).*/", "skipUrlSync": false, @@ -1540,7 +1540,7 @@ "multi": false, "name": "strimzi_cluster_name", "options": [], - "query": "query_result(kafka_exporter_build_info{namespace=\"$kubernetes_namespace\"})", + "query": "query_result(kafka_broker_info{namespace=\"$kubernetes_namespace\"})", "refresh": 1, "regex": "/.*strimzi_io_cluster=\"([^\"]*).*/", "skipUrlSync": false, diff --git a/examples/metrics/kafka-connect-metrics.yaml b/examples/metrics/kafka-connect-metrics.yaml index ad8c2688f9b..a92d5ef6dd4 100644 --- a/examples/metrics/kafka-connect-metrics.yaml +++ b/examples/metrics/kafka-connect-metrics.yaml @@ -5,7 +5,7 @@ metadata: labels: app: my-connect-cluster spec: - version: 3.7.1 + version: 3.8.0 replicas: 1 bootstrapServers: my-cluster-kafka-bootstrap:9092 metricsConfig: diff --git a/examples/metrics/kafka-cruise-control-metrics.yaml b/examples/metrics/kafka-cruise-control-metrics.yaml index b0471c5b675..323f8a50fe4 100644 --- a/examples/metrics/kafka-cruise-control-metrics.yaml +++ b/examples/metrics/kafka-cruise-control-metrics.yaml @@ -4,7 +4,7 @@ metadata: name: my-cluster spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 3 listeners: - name: plain @@ -19,7 +19,7 @@ spec: offsets.topic.replication.factor: 3 transaction.state.log.replication.factor: 3 transaction.state.log.min.isr: 2 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: ephemeral zookeeper: diff --git a/examples/metrics/kafka-metrics.yaml b/examples/metrics/kafka-metrics.yaml index 02a55b557e4..7a131484446 100644 --- a/examples/metrics/kafka-metrics.yaml +++ b/examples/metrics/kafka-metrics.yaml @@ -4,7 +4,7 @@ metadata: name: my-cluster spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 3 listeners: - name: plain @@ -21,7 +21,7 @@ spec: transaction.state.log.min.isr: 2 default.replication.factor: 3 min.insync.replicas: 2 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: jbod volumes: diff --git a/examples/metrics/kafka-mirror-maker-2-metrics.yaml b/examples/metrics/kafka-mirror-maker-2-metrics.yaml index bd1e67d86ba..aba1da3ce18 100644 --- a/examples/metrics/kafka-mirror-maker-2-metrics.yaml +++ b/examples/metrics/kafka-mirror-maker-2-metrics.yaml @@ -5,7 +5,7 @@ metadata: labels: app: my-mm2-cluster spec: - version: 3.7.1 + version: 3.8.0 replicas: 1 connectCluster: "my-cluster-target" clusters: diff --git a/examples/metrics/prometheus-install/prometheus-rules.yaml b/examples/metrics/prometheus-install/prometheus-rules.yaml index 67e2f7a91a0..a44ca7decdf 100644 --- a/examples/metrics/prometheus-install/prometheus-rules.yaml +++ b/examples/metrics/prometheus-install/prometheus-rules.yaml @@ -159,6 +159,22 @@ spec: annotations: summary: 'All Kafka Connect containers down or in CrashLookBackOff status' description: 'All Kafka Connect containers have been down or in CrashLookBackOff status for 3 minutes' + - alert: ConnectFailedConnector + expr: sum(kafka_connect_connector_status{status="failed"}) > 0 + for: 5m + labels: + severity: major + annotations: + summary: 'Kafka Connect Connector Failure' + description: 'One or more connectors have been in failed state for 5 minutes,' + - alert: ConnectFailedTask + expr: sum(kafka_connect_worker_connector_failed_task_count) > 0 + for: 5m + labels: + severity: major + annotations: + summary: 'Kafka Connect Task Failure' + description: 'One or more tasks have been in failed state for 5 minutes.' - name: bridge rules: - alert: BridgeContainersDown @@ -175,8 +191,8 @@ spec: labels: severity: warning annotations: - summary: 'Kafka Bridge average consumer fetch latency' - description: 'The average fetch latency is {{ $value }} on {{ $labels.clientId }}' + summary: 'Kafka Bridge producer average request latency' + description: 'The average producer request latency is {{ $value }} on {{ $labels.clientId }}' - alert: AvgConsumerFetchLatency expr: strimzi_bridge_kafka_consumer_fetch_latency_avg > 500 for: 10s @@ -184,7 +200,7 @@ spec: severity: warning annotations: summary: 'Kafka Bridge consumer average fetch latency' - description: 'The average consumer commit latency is {{ $value }} on {{ $labels.clientId }}' + description: 'The average consumer fetch latency is {{ $value }} on {{ $labels.clientId }}' - alert: AvgConsumerCommitLatency expr: strimzi_bridge_kafka_consumer_commit_latency_avg > 200 for: 10s diff --git a/examples/mirror-maker/kafka-mirror-maker-2-custom-replication-policy.yaml b/examples/mirror-maker/kafka-mirror-maker-2-custom-replication-policy.yaml index 568438edc24..7ff097e84ee 100644 --- a/examples/mirror-maker/kafka-mirror-maker-2-custom-replication-policy.yaml +++ b/examples/mirror-maker/kafka-mirror-maker-2-custom-replication-policy.yaml @@ -3,7 +3,7 @@ kind: KafkaMirrorMaker2 metadata: name: my-mirror-maker-2 spec: - version: 3.7.1 + version: 3.8.0 replicas: 1 connectCluster: "cluster-b" # Must be the target custer clusters: diff --git a/examples/mirror-maker/kafka-mirror-maker-2-sync-groups.yaml b/examples/mirror-maker/kafka-mirror-maker-2-sync-groups.yaml index 768a6089e9c..bf78aae2afd 100644 --- a/examples/mirror-maker/kafka-mirror-maker-2-sync-groups.yaml +++ b/examples/mirror-maker/kafka-mirror-maker-2-sync-groups.yaml @@ -3,7 +3,7 @@ kind: KafkaMirrorMaker2 metadata: name: my-mirror-maker-2 spec: - version: 3.7.1 + version: 3.8.0 replicas: 1 connectCluster: "cluster-b" # Must be the target custer clusters: diff --git a/examples/mirror-maker/kafka-mirror-maker-2-tls.yaml b/examples/mirror-maker/kafka-mirror-maker-2-tls.yaml index 04993118756..4e509fcf383 100644 --- a/examples/mirror-maker/kafka-mirror-maker-2-tls.yaml +++ b/examples/mirror-maker/kafka-mirror-maker-2-tls.yaml @@ -3,7 +3,7 @@ kind: KafkaMirrorMaker2 metadata: name: my-mirror-maker-2 spec: - version: 3.7.1 + version: 3.8.0 replicas: 1 connectCluster: "cluster-b" # Must be the target custer clusters: diff --git a/examples/mirror-maker/kafka-mirror-maker-2.yaml b/examples/mirror-maker/kafka-mirror-maker-2.yaml index 4401e934f2c..4106948424b 100644 --- a/examples/mirror-maker/kafka-mirror-maker-2.yaml +++ b/examples/mirror-maker/kafka-mirror-maker-2.yaml @@ -3,7 +3,7 @@ kind: KafkaMirrorMaker2 metadata: name: my-mirror-maker-2 spec: - version: 3.7.1 + version: 3.8.0 replicas: 1 connectCluster: "cluster-b" # Must be the target custer clusters: diff --git a/examples/mirror-maker/kafka-mirror-maker-tls.yaml b/examples/mirror-maker/kafka-mirror-maker-tls.yaml index 36004b81cab..c2efe3a703b 100644 --- a/examples/mirror-maker/kafka-mirror-maker-tls.yaml +++ b/examples/mirror-maker/kafka-mirror-maker-tls.yaml @@ -3,7 +3,7 @@ kind: KafkaMirrorMaker metadata: name: my-mirror-maker spec: - version: 3.7.1 + version: 3.8.0 replicas: 1 consumer: bootstrapServers: cluster-a-kafka-bootstrap:9093 # Source cluster diff --git a/examples/mirror-maker/kafka-mirror-maker.yaml b/examples/mirror-maker/kafka-mirror-maker.yaml index 4d372c93aaa..04246f35297 100644 --- a/examples/mirror-maker/kafka-mirror-maker.yaml +++ b/examples/mirror-maker/kafka-mirror-maker.yaml @@ -3,7 +3,7 @@ kind: KafkaMirrorMaker metadata: name: my-mirror-maker spec: - version: 3.7.1 + version: 3.8.0 replicas: 1 consumer: bootstrapServers: cluster-a-kafka-bootstrap:9092 # Source cluster diff --git a/examples/mirror-maker/kafka-source.yaml b/examples/mirror-maker/kafka-source.yaml index f44b7024113..c381610b8c5 100644 --- a/examples/mirror-maker/kafka-source.yaml +++ b/examples/mirror-maker/kafka-source.yaml @@ -4,7 +4,7 @@ metadata: name: cluster-a spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 1 listeners: - name: plain @@ -21,7 +21,7 @@ spec: transaction.state.log.min.isr: 1 default.replication.factor: 1 min.insync.replicas: 1 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: jbod volumes: diff --git a/examples/mirror-maker/kafka-target.yaml b/examples/mirror-maker/kafka-target.yaml index 472d8194e74..43ede887f34 100644 --- a/examples/mirror-maker/kafka-target.yaml +++ b/examples/mirror-maker/kafka-target.yaml @@ -4,7 +4,7 @@ metadata: name: cluster-b spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 1 listeners: - name: plain @@ -21,7 +21,7 @@ spec: transaction.state.log.min.isr: 1 default.replication.factor: 1 min.insync.replicas: 1 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: jbod volumes: diff --git a/examples/security/keycloak-authorization/README.md b/examples/security/keycloak-authorization/README.md index d99c30cc510..e39538b0329 100644 --- a/examples/security/keycloak-authorization/README.md +++ b/examples/security/keycloak-authorization/README.md @@ -7,13 +7,13 @@ This folder contains an example `Kafka` custom resource configured for OAuth 2.0 The folder also contains a Keycloak realm export to import into your Keycloak instance to support the example. -Full instructions for the example are available in the [Strimzi Documentation](https://strimzi.io/docs/operators/0.42.0/configuring.html#proc-oauth-authorization-keycloak-example_str). +Full instructions for the example are available in the [Strimzi Documentation](https://strimzi.io/docs/operators/in-development/deploying.html#proc-oauth-authorization-keycloak-example_str). - [kafka-authz-realm.json](./kafka-authz-realm.json) - The Keycloak realm export file - [kafka-ephemeral-oauth-single-keycloak-authz.yaml](./kafka-ephemeral-oauth-single-keycloak-authz.yaml) - The Kafka CR that defines a single-node Kafka cluster with `oauth` authentication and `keycloak` authorization, - using the `kafka-authz` realm. See [full example instructions](https://strimzi.io/docs/operators/0.42.0/configuring.html#proc-oauth-authorization-keycloak-example_str) for proper preparation and deployment. + using the `kafka-authz` realm. See [full example instructions](https://strimzi.io/docs/operators/0.43.0/configuring.html#proc-oauth-authorization-keycloak-example_str) for proper preparation and deployment. - [kafka-ephemeral-oauth-single-keycloak-authz-metrics.yaml](./kafka-ephemeral-oauth-single-keycloak-authz-metrics.yaml) - The Kafka CR that defines a single-node Kafka cluster with `oauth` authentication and `keycloak` authorization, with included configuration for exporting the OAuth metrics using Prometheus JMX exporter. diff --git a/examples/security/keycloak-authorization/kafka-ephemeral-oauth-single-keycloak-authz-metrics.yaml b/examples/security/keycloak-authorization/kafka-ephemeral-oauth-single-keycloak-authz-metrics.yaml index 42060c21cad..0dddb964102 100644 --- a/examples/security/keycloak-authorization/kafka-ephemeral-oauth-single-keycloak-authz-metrics.yaml +++ b/examples/security/keycloak-authorization/kafka-ephemeral-oauth-single-keycloak-authz-metrics.yaml @@ -4,7 +4,7 @@ metadata: name: my-cluster spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 1 listeners: - name: tls @@ -42,7 +42,7 @@ spec: offsets.topic.replication.factor: 1 transaction.state.log.replication.factor: 1 transaction.state.log.min.isr: 1 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: ephemeral metricsConfig: diff --git a/examples/security/keycloak-authorization/kafka-ephemeral-oauth-single-keycloak-authz.yaml b/examples/security/keycloak-authorization/kafka-ephemeral-oauth-single-keycloak-authz.yaml index 72a9f012c84..c61b0d167f6 100644 --- a/examples/security/keycloak-authorization/kafka-ephemeral-oauth-single-keycloak-authz.yaml +++ b/examples/security/keycloak-authorization/kafka-ephemeral-oauth-single-keycloak-authz.yaml @@ -4,7 +4,7 @@ metadata: name: my-cluster spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 1 listeners: - name: tls @@ -40,7 +40,7 @@ spec: offsets.topic.replication.factor: 1 transaction.state.log.replication.factor: 1 transaction.state.log.min.isr: 1 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: ephemeral zookeeper: diff --git a/examples/security/scram-sha-512-auth/connect.yaml b/examples/security/scram-sha-512-auth/connect.yaml index 0df714defe8..db55946f969 100644 --- a/examples/security/scram-sha-512-auth/connect.yaml +++ b/examples/security/scram-sha-512-auth/connect.yaml @@ -66,7 +66,7 @@ metadata: # # needing to call the Connect REST API directly # strimzi.io/use-connector-resources: "true" spec: - version: 3.7.1 + version: 3.8.0 replicas: 1 bootstrapServers: my-cluster-kafka-bootstrap:9093 tls: diff --git a/examples/security/scram-sha-512-auth/kafka.yaml b/examples/security/scram-sha-512-auth/kafka.yaml index 1a9b254a901..9b02e319ddb 100644 --- a/examples/security/scram-sha-512-auth/kafka.yaml +++ b/examples/security/scram-sha-512-auth/kafka.yaml @@ -4,7 +4,7 @@ metadata: name: my-cluster spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 3 listeners: - name: tls @@ -21,7 +21,7 @@ spec: transaction.state.log.min.isr: 2 default.replication.factor: 3 min.insync.replicas: 2 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: jbod volumes: diff --git a/examples/security/scram-sha-512-auth/mirror-maker-2.yaml b/examples/security/scram-sha-512-auth/mirror-maker-2.yaml index 479c0665276..a4dd87c5cb6 100644 --- a/examples/security/scram-sha-512-auth/mirror-maker-2.yaml +++ b/examples/security/scram-sha-512-auth/mirror-maker-2.yaml @@ -4,7 +4,7 @@ metadata: name: cluster-a spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 1 listeners: - name: tls @@ -21,7 +21,7 @@ spec: transaction.state.log.min.isr: 1 default.replication.factor: 1 min.insync.replicas: 1 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: jbod volumes: @@ -46,7 +46,7 @@ metadata: name: cluster-b spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 1 listeners: - name: tls @@ -63,7 +63,7 @@ spec: transaction.state.log.min.isr: 1 default.replication.factor: 1 min.insync.replicas: 1 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: jbod volumes: @@ -218,7 +218,7 @@ kind: KafkaMirrorMaker2 metadata: name: my-mirror-maker-2 spec: - version: 3.7.1 + version: 3.8.0 replicas: 1 connectCluster: "cluster-b" # Must be the target custer clusters: diff --git a/examples/security/tls-auth/connect.yaml b/examples/security/tls-auth/connect.yaml index 292b2dccd52..a315b1cb379 100644 --- a/examples/security/tls-auth/connect.yaml +++ b/examples/security/tls-auth/connect.yaml @@ -66,7 +66,7 @@ metadata: # # needing to call the Connect REST API directly # strimzi.io/use-connector-resources: "true" spec: - version: 3.7.1 + version: 3.8.0 replicas: 1 bootstrapServers: my-cluster-kafka-bootstrap:9093 tls: diff --git a/examples/security/tls-auth/kafka.yaml b/examples/security/tls-auth/kafka.yaml index dee5bc0b423..cce0ae9b44d 100644 --- a/examples/security/tls-auth/kafka.yaml +++ b/examples/security/tls-auth/kafka.yaml @@ -4,7 +4,7 @@ metadata: name: my-cluster spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 3 listeners: - name: tls @@ -21,7 +21,7 @@ spec: transaction.state.log.min.isr: 2 default.replication.factor: 3 min.insync.replicas: 2 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: jbod volumes: diff --git a/examples/security/tls-auth/mirror-maker-2.yaml b/examples/security/tls-auth/mirror-maker-2.yaml index e3179c05230..7e963db9a40 100644 --- a/examples/security/tls-auth/mirror-maker-2.yaml +++ b/examples/security/tls-auth/mirror-maker-2.yaml @@ -4,7 +4,7 @@ metadata: name: cluster-a spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 1 listeners: - name: tls @@ -21,7 +21,7 @@ spec: transaction.state.log.min.isr: 1 default.replication.factor: 1 min.insync.replicas: 1 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: jbod volumes: @@ -46,7 +46,7 @@ metadata: name: cluster-b spec: kafka: - version: 3.7.1 + version: 3.8.0 replicas: 1 listeners: - name: tls @@ -63,7 +63,7 @@ spec: transaction.state.log.min.isr: 1 default.replication.factor: 1 min.insync.replicas: 1 - inter.broker.protocol.version: "3.7" + inter.broker.protocol.version: "3.8" storage: type: jbod volumes: @@ -209,7 +209,7 @@ kind: KafkaMirrorMaker2 metadata: name: my-mirror-maker-2 spec: - version: 3.7.1 + version: 3.8.0 replicas: 1 connectCluster: "cluster-b" # Must be the target custer clusters: diff --git a/helm-charts/helm3/strimzi-kafka-operator/README.md b/helm-charts/helm3/strimzi-kafka-operator/README.md index 8b275f307f2..a725ddea31b 100644 --- a/helm-charts/helm3/strimzi-kafka-operator/README.md +++ b/helm-charts/helm3/strimzi-kafka-operator/README.md @@ -9,8 +9,8 @@ Upgrading to Strimzi 0.32 and newer directly from Strimzi 0.22 and earlier is no Please follow the [documentation](https://strimzi.io/docs/operators/latest/full/deploying.html#assembly-upgrade-str) for more details. **!!! IMPORTANT !!!** -From Strimzi 0.40 on, we support only Kubernetes 1.23 and newer. -Kubernetes versions 1.21 and 1.22 are no longer supported. +Strimzi 0.43.0 (and any of its patch releases) is the last Strimzi version with support for Kubernetes 1.23 and 1.24. +From Strimzi 0.44.0 on, Strimzi will support only Kubernetes 1.25 and newer. ## Introduction @@ -21,6 +21,7 @@ cluster using the [Helm](https://helm.sh) package manager. ### Supported Features * **Manages the Kafka Cluster** - Deploys and manages all of the components of this complex application, including dependencies like Apache ZooKeeper® that are traditionally hard to administer. +* **KRaft support** - Allows running Apache Kafka clusters in the KRaft mode (without ZooKeeper). * **Includes Kafka Connect** - Allows for configuration of common data sources and sinks to move data into and out of the Kafka cluster. * **Topic Management** - Creates and manages Kafka Topics within the cluster. * **User Management** - Creates and manages Kafka Users within the cluster. @@ -96,7 +97,7 @@ the documentation for more details. | `watchAnyNamespace` | Watch the whole Kubernetes cluster (all namespaces) | `false` | | `defaultImageRegistry` | Default image registry for all the images | `quay.io` | | `defaultImageRepository` | Default image registry for all the images | `strimzi` | -| `defaultImageTag` | Default image tag for all the images except Kafka Bridge | `0.42.0` | +| `defaultImageTag` | Default image tag for all the images except Kafka Bridge | `0.43.0` | | `image.registry` | Override default Cluster Operator image registry | `nil` | | `image.repository` | Override default Cluster Operator image repository | `nil` | | `image.name` | Cluster Operator image name | `cluster-operator` | @@ -160,7 +161,7 @@ the documentation for more details. | `kafkaBridge.image.registry` | Override default Kafka Bridge image registry | `quay.io` | | `kafkaBridge.image.repository` | Override default Kafka Bridge image repository | `strimzi` | | `kafkaBridge.image.name` | Kafka Bridge image name | `kafka-bridge` | -| `kafkaBridge.image.tag` | Override default Kafka Bridge image tag | `0.29.0` | +| `kafkaBridge.image.tag` | Override default Kafka Bridge image tag | `0.30.0` | | `kafkaBridge.image.digest` | Override Kafka Bridge image tag with digest | `nil` | | `kafkaExporter.image.registry` | Override default Kafka Exporter image registry | `nil` | | `kafkaExporter.image.repository` | Override default Kafka Exporter image repository | `nil` | @@ -205,6 +206,7 @@ the documentation for more details. | `mavenBuilder.image.tag` | Override default Maven Builder image tag | `nil` | | `mavenBuilder.image.digest` | Override Maven Builder image tag with digest | `nil` | | `logConfiguration` | Override default `log4j.properties` content | `nil` | +| `logLevel` | Override default logging level | `INFO` | | `dashboards.enable` | Generate configmaps containing the dashboards | `false` | | `dashboards.label` | How should the dashboards be labeled for the sidecar | `grafana_dashboard` | | `dashboards.labelValue` | What should the dashboards label value be for the sidecar | `"1"` | diff --git a/helm-charts/helm3/strimzi-kafka-operator/crds/040-Crd-kafka.yaml b/helm-charts/helm3/strimzi-kafka-operator/crds/040-Crd-kafka.yaml index 2d771b1a680..166ebe3dbea 100644 --- a/helm-charts/helm3/strimzi-kafka-operator/crds/040-Crd-kafka.yaml +++ b/helm-charts/helm3/strimzi-kafka-operator/crds/040-Crd-kafka.yaml @@ -104,7 +104,7 @@ spec: description: "Type of the listener. The supported types are as follows: \n\n* `internal` type exposes Kafka internally only within the Kubernetes cluster.\n* `route` type uses OpenShift Routes to expose Kafka.\n* `loadbalancer` type uses LoadBalancer type services to expose Kafka.\n* `nodeport` type uses NodePort type services to expose Kafka.\n* `ingress` type uses Kubernetes Nginx Ingress to expose Kafka with TLS passthrough.\n* `cluster-ip` type uses a per-broker `ClusterIP` service.\n" tls: type: boolean - description: Enables TLS encryption on the listener. This is a required property. + description: "Enables TLS encryption on the listener. This is a required property. For `route` and `ingress` type listeners, TLS encryption must be always enabled." authentication: type: object properties: @@ -168,7 +168,7 @@ spec: description: Enable or disable termination of Kafka broker processes due to potentially recoverable runtime errors during startup. Default value is `true`. fallbackUserNameClaim: type: string - description: The fallback username claim to be used for the user id if the claim specified by `userNameClaim` is not present. This is useful when `client_credentials` authentication only results in the client id being provided in another claim. It only takes effect if `userNameClaim` is set. + description: The fallback username claim to be used for the user ID if the claim specified by `userNameClaim` is not present. This is useful when `client_credentials` authentication only results in the client ID being provided in another claim. It only takes effect if `userNameClaim` is set. fallbackUserNamePrefix: type: string description: "The prefix to use with the value of `fallbackUserNameClaim` to construct the user id. This only takes effect if `fallbackUserNameClaim` is true, and the value is present for the claim. Mapping usernames and client ids into the same user id space is useful in preventing name collisions." @@ -211,7 +211,7 @@ spec: listenerConfig: x-kubernetes-preserve-unknown-fields: true type: object - description: Configuration to be used for a specific listener. All values are prefixed with listener.name.__. + description: Configuration to be used for a specific listener. All values are prefixed with `listener.name.`. maxSecondsWithoutReauthentication: type: integer description: "Maximum number of seconds the authenticated session remains valid without re-authentication. This enables Apache Kafka re-authentication feature, and causes sessions to expire when the access token expires. If the access token expires before max time or if max time is reached, the client has to re-authenticate, otherwise the server will drop the connection. Not set by default - the authenticated session does not expire when the access token expires. This option only applies to SASL_OAUTHBEARER authentication mechanism (when `enableOauthBearer` is `true`)." @@ -235,7 +235,10 @@ spec: required: - key - secretName - description: Secrets to be mounted to /opt/kafka/custom-authn-secrets/custom-listener-_-_/__. + description: Secrets to be mounted to `/opt/kafka/custom-authn-secrets/custom-listener--/`. + serverBearerTokenLocation: + type: string + description: Path to the file on the local filesystem that contains a bearer token to be used instead of client ID and secret when authenticating to authorization server. tlsTrustedCertificates: type: array items: @@ -279,6 +282,9 @@ spec: userNameClaim: type: string description: "Name of the claim from the JWT authentication token, Introspection Endpoint response or User Info Endpoint response which will be used to extract the user id. Defaults to `sub`." + userNamePrefix: + type: string + description: "The prefix to use with the value of `userNameClaim` to construct the user ID. This only takes effect if `userNameClaim` is specified and the value is present for the claim. When used in combination with `fallbackUserNameClaims`, it ensures consistent mapping of usernames and client IDs into the same user ID space and prevents name collisions." validIssuerUri: type: string description: URI of the token issuer used for authentication. @@ -310,18 +316,30 @@ spec: description: Reference to the `Secret` which holds the certificate and private key pair which will be used for this listener. The certificate can optionally contain the whole chain. This field can be used only with listeners with enabled TLS encryption. class: type: string - description: "Configures a specific class for `Ingress` and `LoadBalancer` that defines which controller will be used. This field can only be used with `ingress` and `loadbalancer` type listeners. If not specified, the default controller is used. For an `ingress` listener, set the `ingressClassName` property in the `Ingress` resources. For a `loadbalancer` listener, set the `loadBalancerClass` property in the `Service` resources." + description: |- + Configures a specific class for `Ingress` and `LoadBalancer` that defines which controller is used. If not specified, the default controller is used. + + * For an `ingress` listener, the operator uses this property to set the `ingressClassName` property in the `Ingress` resources. + * For a `loadbalancer` listener, the operator uses this property to set the `loadBalancerClass` property in the `Service` resources. + + For `ingress` and `loadbalancer` listeners only. externalTrafficPolicy: type: string enum: - Local - Cluster - description: "Specifies whether the service routes external traffic to node-local or cluster-wide endpoints. `Cluster` may cause a second hop to another node and obscures the client source IP. `Local` avoids a second hop for LoadBalancer and Nodeport type services and preserves the client source IP (when supported by the infrastructure). If unspecified, Kubernetes will use `Cluster` as the default.This field can be used only with `loadbalancer` or `nodeport` type listener." + description: |- + Specifies whether the service routes external traffic to cluster-wide or node-local endpoints: + + * `Cluster` may cause a second hop to another node and obscures the client source IP. + * `Local` avoids a second hop for `LoadBalancer` and `Nodeport` type services and preserves the client source IP (when supported by the infrastructure). + + If unspecified, Kubernetes uses `Cluster` as the default. For `loadbalancer` or `nodeport` listeners only. loadBalancerSourceRanges: type: array items: type: string - description: "A list of CIDR ranges (for example `10.0.0.0/8` or `130.211.204.1/32`) from which clients can connect to load balancer type listeners. If supported by the platform, traffic through the loadbalancer is restricted to the specified CIDR ranges. This field is applicable only for loadbalancer type services and is ignored if the cloud provider does not support the feature. This field can be used only with `loadbalancer` type listener." + description: "A list of CIDR ranges (for example `10.0.0.0/8` or `130.211.204.1/32`) from which clients can connect to loadbalancer listeners. If supported by the platform, traffic through the loadbalancer is restricted to the specified CIDR ranges. This field is applicable only for loadbalancer type services and is ignored if the cloud provider does not support the feature. For `loadbalancer` listeners only." bootstrap: type: object properties: @@ -332,28 +350,28 @@ spec: description: Additional alternative names for the bootstrap service. The alternative names will be added to the list of subject alternative names of the TLS certificates. host: type: string - description: The bootstrap host. This field will be used in the Ingress resource or in the Route resource to specify the desired hostname. This field can be used only with `route` (optional) or `ingress` (required) type listeners. + description: Specifies the hostname used for the bootstrap resource. For `route` (optional) or `ingress` (required) listeners only. Ensure the hostname resolves to the Ingress endpoints; no validation is performed by Strimzi. nodePort: type: integer - description: Node port for the bootstrap service. This field can be used only with `nodeport` type listener. + description: Node port for the bootstrap service. For `nodeport` listeners only. loadBalancerIP: type: string - description: The loadbalancer is requested with the IP address specified in this field. This feature depends on whether the underlying cloud provider supports specifying the `loadBalancerIP` when a load balancer is created. This field is ignored if the cloud provider does not support the feature.This field can be used only with `loadbalancer` type listener. + description: The loadbalancer is requested with the IP address specified in this property. This feature depends on whether the underlying cloud provider supports specifying the `loadBalancerIP` when a load balancer is created. This property is ignored if the cloud provider does not support the feature. For `loadbalancer` listeners only. annotations: additionalProperties: type: string type: object - description: "Annotations that will be added to the `Ingress`, `Route`, or `Service` resource. You can use this field to configure DNS providers such as External DNS. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners." + description: "Annotations added to `Ingress`, `Route`, or `Service` resources. You can use this property to configure DNS providers such as External DNS. For `loadbalancer`, `nodeport`, `route`, or `ingress` listeners only." labels: additionalProperties: type: string type: object - description: "Labels that will be added to the `Ingress`, `Route`, or `Service` resource. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners." + description: "Labels added to `Ingress`, `Route`, or `Service` resources. For `loadbalancer`, `nodeport`, `route`, or `ingress` listeners only." externalIPs: type: array items: type: string - description: External IPs associated to the nodeport service. These IPs are used by clients external to the Kubernetes cluster to access the Kafka brokers. This field is helpful when `nodeport` without `externalIP` is not sufficient. For example on bare-metal Kubernetes clusters that do not support Loadbalancer service types. This field can only be used with `nodeport` type listener. + description: External IPs associated to the nodeport service. These IPs are used by clients external to the Kubernetes cluster to access the Kafka brokers. This property is helpful when `nodeport` without `externalIP` is not sufficient. For example on bare-metal Kubernetes clusters that do not support Loadbalancer service types. For `nodeport` listeners only. description: Bootstrap configuration. brokers: type: array @@ -402,7 +420,14 @@ spec: - SingleStack - PreferDualStack - RequireDualStack - description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type." + description: |- + Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`: + + * `SingleStack` is for a single IP family. + * `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. + * `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. + + If unspecified, Kubernetes will choose the default value based on the service type. ipFamilies: type: array items: @@ -413,15 +438,21 @@ spec: description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting." createBootstrapService: type: boolean - description: Whether to create the bootstrap service or not. The bootstrap service is created by default (if not specified differently). This field can be used with the `loadBalancer` type listener. + description: Whether to create the bootstrap service or not. The bootstrap service is created by default (if not specified differently). This field can be used with the `loadbalancer` listener. finalizers: type: array items: type: string - description: "A list of finalizers which will be configured for the `LoadBalancer` type Services created for this listener. If supported by the platform, the finalizer `service.kubernetes.io/load-balancer-cleanup` to make sure that the external load balancer is deleted together with the service.For more information, see https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#garbage-collecting-load-balancers. This field can be used only with `loadbalancer` type listeners." + description: "A list of finalizers configured for the `LoadBalancer` type services created for this listener. If supported by the platform, the finalizer `service.kubernetes.io/load-balancer-cleanup` to make sure that the external load balancer is deleted together with the service.For more information, see https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#garbage-collecting-load-balancers. For `loadbalancer` listeners only." useServiceDnsDomain: type: boolean - description: "Configures whether the Kubernetes service DNS domain should be used or not. If set to `true`, the generated addresses will contain the service DNS domain suffix (by default `.cluster.local`, can be configured using environment variable `KUBERNETES_SERVICE_DNS_DOMAIN`). Defaults to `false`.This field can be used only with `internal` and `cluster-ip` type listeners." + description: |- + Configures whether the Kubernetes service DNS domain should be included in the generated addresses. + + * If set to `false`, the generated addresses do not contain the service DNS domain suffix. For example, `my-cluster-kafka-0.my-cluster-kafka-brokers.myproject.svc`. + * If set to `true`, the generated addresses contain the service DNS domain suffix. For example, `my-cluster-kafka-0.my-cluster-kafka-brokers.myproject.svc.cluster.local`. + + The default is `.cluster.local`, but this is customizable using the environment variable `KUBERNETES_SERVICE_DNS_DOMAIN`. For `internal` and `cluster-ip` listeners only. maxConnections: type: integer description: The maximum number of connections we allow for this listener in the broker at any time. New connections are blocked if the limit is reached. @@ -437,7 +468,7 @@ spec: - InternalDNS - Hostname description: |- - Defines which address type should be used as the node address. Available types are: `ExternalDNS`, `ExternalIP`, `InternalDNS`, `InternalIP` and `Hostname`. By default, the addresses will be used in the following order (the first one found will be used): + Defines which address type should be used as the node address. Available types are: `ExternalDNS`, `ExternalIP`, `InternalDNS`, `InternalIP` and `Hostname`. By default, the addresses are used in the following order (the first one found is used): * `ExternalDNS` * `ExternalIP` @@ -445,10 +476,10 @@ spec: * `InternalIP` * `Hostname` - This field is used to select the preferred address type, which is checked first. If no address is found for this address type, the other types are checked in the default order. This field can only be used with `nodeport` type listener. + This property is used to select the preferred address type, which is checked first. If no address is found for this address type, the other types are checked in the default order.For `nodeport` listeners only. publishNotReadyAddresses: type: boolean - description: Configures whether the service endpoints are considered "ready" even if the Pods themselves are not. Defaults to `false`. This field can not be used with `internal` type listeners. + description: Configures whether the service endpoints are considered "ready" even if the Pods themselves are not. Defaults to `false`. This field can not be used with `internal` listeners. description: Additional listener configuration. networkPolicyPeers: type: array @@ -510,7 +541,7 @@ spec: - port - type - tls - description: Configures listeners of Kafka brokers. + description: Configures listeners to provide access to Kafka brokers. config: x-kubernetes-preserve-unknown-fields: true type: object @@ -544,7 +575,7 @@ spec: broker: type: integer description: Id of the kafka broker (broker identifier). - description: Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers. + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. selector: additionalProperties: type: string @@ -595,7 +626,7 @@ spec: broker: type: integer description: Id of the kafka broker (broker identifier). - description: Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers. + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. selector: additionalProperties: type: string @@ -1458,7 +1489,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka `Pods`. bootstrapService: type: object @@ -1754,6 +1864,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka broker container. initContainer: type: object @@ -1835,6 +1965,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka init container. clusterCaCert: type: object @@ -2037,7 +2187,7 @@ spec: broker: type: integer description: Id of the kafka broker (broker identifier). - description: Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers. + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. selector: additionalProperties: type: string @@ -2790,7 +2940,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for ZooKeeper `Pods`. clientService: type: object @@ -2978,6 +3207,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the ZooKeeper container. serviceAccount: type: object @@ -3998,7 +4247,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Entity Operator `Pods`. topicOperatorContainer: type: object @@ -4080,6 +4408,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Entity Topic Operator container. userOperatorContainer: type: object @@ -4161,6 +4509,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Entity User Operator container. tlsSidecarContainer: type: object @@ -4242,6 +4610,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Entity Operator TLS sidecar container. serviceAccount: type: object @@ -5133,7 +5521,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Cruise Control `Pods`. apiService: type: object @@ -5270,6 +5737,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Cruise Control container. tlsSidecarContainer: type: object @@ -5351,6 +5838,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Cruise Control TLS sidecar container. serviceAccount: type: object @@ -5451,6 +5958,32 @@ spec: - type - valueFrom description: Metrics configuration. + apiUsers: + type: object + properties: + type: + type: string + enum: + - hashLoginService + description: "Type of the Cruise Control API users configuration. Supported format is: `hashLoginService`." + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Selects a key of a Secret in the resource's namespace. + description: Secret from which the custom Cruise Control API authentication credentials are read. + required: + - type + - valueFrom + description: Configuration of the Cruise Control REST API users. description: Configuration for Cruise Control deployment. Deploys a Cruise Control instance when specified. jmxTrans: type: object @@ -6070,7 +6603,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for JmxTrans `Pods`. container: type: object @@ -6152,6 +6764,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for JmxTrans container. serviceAccount: type: object @@ -6808,7 +7440,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka Exporter `Pods`. service: type: object @@ -6908,6 +7619,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka Exporter container. serviceAccount: type: object @@ -7005,6 +7736,11 @@ spec: type: string description: The name of the KafkaNodePool used by this Kafka resource. description: List of the KafkaNodePools used by this Kafka cluster. + registeredNodeIds: + type: array + items: + type: integer + description: Registered node IDs used by this Kafka cluster. This field is used for internal purposes only and will be removed in the future. clusterId: type: string description: Kafka cluster Id. diff --git a/helm-charts/helm3/strimzi-kafka-operator/crds/041-Crd-kafkaconnect.yaml b/helm-charts/helm3/strimzi-kafka-operator/crds/041-Crd-kafkaconnect.yaml index 9b289252a24..560ac7e8301 100644 --- a/helm-charts/helm3/strimzi-kafka-operator/crds/041-Crd-kafkaconnect.yaml +++ b/helm-charts/helm3/strimzi-kafka-operator/crds/041-Crd-kafkaconnect.yaml @@ -115,6 +115,9 @@ spec: accessTokenIsJwt: type: boolean description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. + accessTokenLocation: + type: string + description: Path to the token file containing an access token to be used for authentication. audience: type: string description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." @@ -135,6 +138,25 @@ spec: - certificate - key description: Reference to the `Secret` which holds the certificate and private key pair. + clientAssertion: + type: object + properties: + key: + type: string + description: The key under which the secret value is stored in the Kubernetes Secret. + secretName: + type: string + description: The name of the Kubernetes Secret containing the secret value. + required: + - key + - secretName + description: Link to Kubernetes secret containing the client assertion which was manually configured for the client. + clientAssertionLocation: + type: string + description: Path to the file containing the client assertion to be used for authentication. + clientAssertionType: + type: string + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." clientId: type: string description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. @@ -201,6 +223,11 @@ spec: - key - secretName description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. + saslExtensions: + additionalProperties: + type: string + type: object + description: SASL extensions parameters. scope: type: string description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. @@ -1004,7 +1031,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka Connect `Pods`. apiService: type: object @@ -1152,6 +1258,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka Connect container. initContainer: type: object @@ -1233,6 +1359,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka init container. podDisruptionBudget: type: object @@ -1795,7 +1941,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes. buildContainer: type: object @@ -1877,6 +2102,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka Connect Build container. The build container is used only on Kubernetes. buildConfig: type: object @@ -1935,7 +2180,7 @@ spec: description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for Secret of the Kafka Connect Cluster JMX authentication. - description: "Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated." + description: "Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated." externalConfiguration: type: object properties: diff --git a/helm-charts/helm3/strimzi-kafka-operator/crds/044-Crd-kafkauser.yaml b/helm-charts/helm3/strimzi-kafka-operator/crds/044-Crd-kafkauser.yaml index 23c816ec703..9f015abf2af 100644 --- a/helm-charts/helm3/strimzi-kafka-operator/crds/044-Crd-kafkauser.yaml +++ b/helm-charts/helm3/strimzi-kafka-operator/crds/044-Crd-kafkauser.yaml @@ -162,7 +162,7 @@ spec: - DescribeConfigs - IdempotentWrite - All - description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." required: - resource description: List of ACL rules which should be applied to this user. @@ -393,7 +393,7 @@ spec: - DescribeConfigs - IdempotentWrite - All - description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." required: - resource description: List of ACL rules which should be applied to this user. @@ -624,7 +624,7 @@ spec: - DescribeConfigs - IdempotentWrite - All - description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." required: - resource description: List of ACL rules which should be applied to this user. diff --git a/helm-charts/helm3/strimzi-kafka-operator/crds/045-Crd-kafkamirrormaker.yaml b/helm-charts/helm3/strimzi-kafka-operator/crds/045-Crd-kafkamirrormaker.yaml index 0dd4ec95fbb..7d988b36cc5 100644 --- a/helm-charts/helm3/strimzi-kafka-operator/crds/045-Crd-kafkamirrormaker.yaml +++ b/helm-charts/helm3/strimzi-kafka-operator/crds/045-Crd-kafkamirrormaker.yaml @@ -109,6 +109,9 @@ spec: accessTokenIsJwt: type: boolean description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. + accessTokenLocation: + type: string + description: Path to the token file containing an access token to be used for authentication. audience: type: string description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." @@ -129,6 +132,25 @@ spec: - certificate - key description: Reference to the `Secret` which holds the certificate and private key pair. + clientAssertion: + type: object + properties: + key: + type: string + description: The key under which the secret value is stored in the Kubernetes Secret. + secretName: + type: string + description: The name of the Kubernetes Secret containing the secret value. + required: + - key + - secretName + description: Link to Kubernetes secret containing the client assertion which was manually configured for the client. + clientAssertionLocation: + type: string + description: Path to the file containing the client assertion to be used for authentication. + clientAssertionType: + type: string + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." clientId: type: string description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. @@ -195,6 +217,11 @@ spec: - key - secretName description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. + saslExtensions: + additionalProperties: + type: string + type: object + description: SASL extensions parameters. scope: type: string description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. @@ -308,6 +335,9 @@ spec: accessTokenIsJwt: type: boolean description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. + accessTokenLocation: + type: string + description: Path to the token file containing an access token to be used for authentication. audience: type: string description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." @@ -328,6 +358,25 @@ spec: - certificate - key description: Reference to the `Secret` which holds the certificate and private key pair. + clientAssertion: + type: object + properties: + key: + type: string + description: The key under which the secret value is stored in the Kubernetes Secret. + secretName: + type: string + description: The name of the Kubernetes Secret containing the secret value. + required: + - key + - secretName + description: Link to Kubernetes secret containing the client assertion which was manually configured for the client. + clientAssertionLocation: + type: string + description: Path to the file containing the client assertion to be used for authentication. + clientAssertionType: + type: string + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." clientId: type: string description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. @@ -394,6 +443,11 @@ spec: - key - secretName description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. + saslExtensions: + additionalProperties: + type: string + type: object + description: SASL extensions parameters. scope: type: string description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. @@ -1142,7 +1196,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka MirrorMaker `Pods`. podDisruptionBudget: type: object @@ -1246,6 +1379,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for Kafka MirrorMaker container. serviceAccount: type: object diff --git a/helm-charts/helm3/strimzi-kafka-operator/crds/046-Crd-kafkabridge.yaml b/helm-charts/helm3/strimzi-kafka-operator/crds/046-Crd-kafkabridge.yaml index 51c6778f22c..5109f40a9b5 100644 --- a/helm-charts/helm3/strimzi-kafka-operator/crds/046-Crd-kafkabridge.yaml +++ b/helm-charts/helm3/strimzi-kafka-operator/crds/046-Crd-kafkabridge.yaml @@ -118,6 +118,9 @@ spec: accessTokenIsJwt: type: boolean description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. + accessTokenLocation: + type: string + description: Path to the token file containing an access token to be used for authentication. audience: type: string description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." @@ -138,6 +141,25 @@ spec: - certificate - key description: Reference to the `Secret` which holds the certificate and private key pair. + clientAssertion: + type: object + properties: + key: + type: string + description: The key under which the secret value is stored in the Kubernetes Secret. + secretName: + type: string + description: The name of the Kubernetes Secret containing the secret value. + required: + - key + - secretName + description: Link to Kubernetes secret containing the client assertion which was manually configured for the client. + clientAssertionLocation: + type: string + description: Path to the file containing the client assertion to be used for authentication. + clientAssertionType: + type: string + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." clientId: type: string description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. @@ -204,6 +226,11 @@ spec: - key - secretName description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. + saslExtensions: + additionalProperties: + type: string + type: object + description: SASL extensions parameters. scope: type: string description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. @@ -289,7 +316,7 @@ spec: properties: enabled: type: boolean - description: "Whether the HTTP consumer should be enabled or disabled, default is enabled." + description: Whether the HTTP consumer should be enabled or disabled. The default is enabled (`true`). timeoutSeconds: type: integer description: "The timeout in seconds for deleting inactive consumers, default is -1 (disabled)." @@ -303,7 +330,7 @@ spec: properties: enabled: type: boolean - description: "Whether the HTTP producer should be enabled or disabled, default is enabled." + description: Whether the HTTP producer should be enabled or disabled. The default is enabled (`true`). config: x-kubernetes-preserve-unknown-fields: true type: object @@ -993,7 +1020,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka Bridge `Pods`. apiService: type: object @@ -1130,6 +1236,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka Bridge container. clusterRoleBinding: type: object @@ -1247,6 +1373,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka Bridge init container. description: Template for Kafka Bridge resources. The template allows users to specify how a `Deployment` and `Pod` is generated. tracing: diff --git a/helm-charts/helm3/strimzi-kafka-operator/crds/048-Crd-kafkamirrormaker2.yaml b/helm-charts/helm3/strimzi-kafka-operator/crds/048-Crd-kafkamirrormaker2.yaml index e59d8aac935..18f2a1b66fd 100644 --- a/helm-charts/helm3/strimzi-kafka-operator/crds/048-Crd-kafkamirrormaker2.yaml +++ b/helm-charts/helm3/strimzi-kafka-operator/crds/048-Crd-kafkamirrormaker2.yaml @@ -127,6 +127,9 @@ spec: accessTokenIsJwt: type: boolean description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. + accessTokenLocation: + type: string + description: Path to the token file containing an access token to be used for authentication. audience: type: string description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." @@ -147,6 +150,25 @@ spec: - certificate - key description: Reference to the `Secret` which holds the certificate and private key pair. + clientAssertion: + type: object + properties: + key: + type: string + description: The key under which the secret value is stored in the Kubernetes Secret. + secretName: + type: string + description: The name of the Kubernetes Secret containing the secret value. + required: + - key + - secretName + description: Link to Kubernetes secret containing the client assertion which was manually configured for the client. + clientAssertionLocation: + type: string + description: Path to the file containing the client assertion to be used for authentication. + clientAssertionType: + type: string + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." clientId: type: string description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. @@ -213,6 +235,11 @@ spec: - key - secretName description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. + saslExtensions: + additionalProperties: + type: string + type: object + description: SASL extensions parameters. scope: type: string description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. @@ -1149,7 +1176,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka Connect `Pods`. apiService: type: object @@ -1297,6 +1403,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka Connect container. initContainer: type: object @@ -1378,6 +1504,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka init container. podDisruptionBudget: type: object @@ -1940,7 +2086,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes. buildContainer: type: object @@ -2022,6 +2247,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka Connect Build container. The build container is used only on Kubernetes. buildConfig: type: object @@ -2080,7 +2325,7 @@ spec: description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for Secret of the Kafka Connect Cluster JMX authentication. - description: "Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated." + description: "Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated." externalConfiguration: type: object properties: diff --git a/helm-charts/helm3/strimzi-kafka-operator/crds/04A-Crd-kafkanodepool.yaml b/helm-charts/helm3/strimzi-kafka-operator/crds/04A-Crd-kafkanodepool.yaml index fa75f59a5a5..66f66fc5f1f 100644 --- a/helm-charts/helm3/strimzi-kafka-operator/crds/04A-Crd-kafkanodepool.yaml +++ b/helm-charts/helm3/strimzi-kafka-operator/crds/04A-Crd-kafkanodepool.yaml @@ -90,7 +90,7 @@ spec: broker: type: integer description: Id of the kafka broker (broker identifier). - description: Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers. + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. selector: additionalProperties: type: string @@ -141,7 +141,7 @@ spec: broker: type: integer description: Id of the kafka broker (broker identifier). - description: Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers. + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. selector: additionalProperties: type: string @@ -757,7 +757,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka `Pods`. perPodService: type: object @@ -911,6 +990,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka broker container. initContainer: type: object @@ -992,6 +1091,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka init container. description: Template for pool resources. The template allows users to specify how the resources belonging to this pool are generated. required: diff --git a/helm-charts/helm3/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka-exporter.json b/helm-charts/helm3/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka-exporter.json index 317c64b3166..20a78fd36c6 100644 --- a/helm-charts/helm3/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka-exporter.json +++ b/helm-charts/helm3/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka-exporter.json @@ -819,7 +819,7 @@ "targets": [ { "datasource": "${DS_PROMETHEUS}", - "expr": "sum(delta(kafka_consumergroup_current_offset{consumergroup=~\"$consumergroup\",topic=~\"$topic\", namespace=~\"$kubernetes_namespace\"}[5m])/60) by (consumergroup, topic)", + "expr": "sum(delta(kafka_consumergroup_current_offset{consumergroup=~\"$consumergroup\",topic=~\"$topic\", namespace=~\"$kubernetes_namespace\"}[5m])/300) by (consumergroup, topic)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{consumergroup}} (topic: {{topic}})", @@ -1520,7 +1520,7 @@ "multi": false, "name": "kubernetes_namespace", "options": [], - "query": "query_result(kafka_exporter_build_info)", + "query": "query_result(kafka_broker_info)", "refresh": 1, "regex": "/.*namespace=\"([^\"]*).*/", "skipUrlSync": false, @@ -1540,7 +1540,7 @@ "multi": false, "name": "strimzi_cluster_name", "options": [], - "query": "query_result(kafka_exporter_build_info{namespace=\"$kubernetes_namespace\"})", + "query": "query_result(kafka_broker_info{namespace=\"$kubernetes_namespace\"})", "refresh": 1, "regex": "/.*strimzi_io_cluster=\"([^\"]*).*/", "skipUrlSync": false, diff --git a/helm-charts/helm3/strimzi-kafka-operator/templates/_kafka_image_map.tpl b/helm-charts/helm3/strimzi-kafka-operator/templates/_kafka_image_map.tpl index c7a8b3a130d..8b93709939b 100644 --- a/helm-charts/helm3/strimzi-kafka-operator/templates/_kafka_image_map.tpl +++ b/helm-charts/helm3/strimzi-kafka-operator/templates/_kafka_image_map.tpl @@ -6,35 +6,27 @@ {{/* Generate the kafka image map */}} {{- define "strimzi.kafka.image.map" }} - name: STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE - value: {{ template "strimzi.image" (merge . (dict "key" "kafkaExporter" "tagSuffix" "-kafka-3.7.1")) }} + value: {{ template "strimzi.image" (merge . (dict "key" "kafkaExporter" "tagSuffix" "-kafka-3.8.0")) }} - name: STRIMZI_DEFAULT_CRUISE_CONTROL_IMAGE - value: {{ template "strimzi.image" (merge . (dict "key" "cruiseControl" "tagSuffix" "-kafka-3.7.1")) }} + value: {{ template "strimzi.image" (merge . (dict "key" "cruiseControl" "tagSuffix" "-kafka-3.8.0")) }} - name: STRIMZI_KAFKA_IMAGES value: | - 3.6.0={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.6.0")) }} - 3.6.1={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.6.1")) }} - 3.6.2={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.6.2")) }} 3.7.0={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.7.0")) }} 3.7.1={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.7.1")) }} + 3.8.0={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.8.0")) }} - name: STRIMZI_KAFKA_CONNECT_IMAGES value: | - 3.6.0={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.6.0")) }} - 3.6.1={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.6.1")) }} - 3.6.2={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.6.2")) }} 3.7.0={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.7.0")) }} 3.7.1={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.7.1")) }} + 3.8.0={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.8.0")) }} - name: STRIMZI_KAFKA_MIRROR_MAKER_IMAGES value: | - 3.6.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.6.0")) }} - 3.6.1={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.6.1")) }} - 3.6.2={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.6.2")) }} 3.7.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.7.0")) }} 3.7.1={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.7.1")) }} + 3.8.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.8.0")) }} - name: STRIMZI_KAFKA_MIRROR_MAKER_2_IMAGES value: | - 3.6.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.6.0")) }} - 3.6.1={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.6.1")) }} - 3.6.2={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.6.2")) }} 3.7.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.7.0")) }} 3.7.1={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.7.1")) }} + 3.8.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.8.0")) }} {{- end -}} diff --git a/helm-charts/helm3/strimzi-kafka-operator/values.yaml b/helm-charts/helm3/strimzi-kafka-operator/values.yaml index ad1438716b2..a177e5d92f7 100644 --- a/helm-charts/helm3/strimzi-kafka-operator/values.yaml +++ b/helm-charts/helm3/strimzi-kafka-operator/values.yaml @@ -10,7 +10,7 @@ watchAnyNamespace: false defaultImageRegistry: quay.io defaultImageRepository: strimzi -defaultImageTag: 0.42.0 +defaultImageTag: 0.43.0 image: registry: "" @@ -126,7 +126,7 @@ kafkaBridge: registry: "" repository: name: kafka-bridge - tag: 0.29.0 + tag: 0.30.0 kafkaExporter: image: registry: "" diff --git a/install/cluster-operator/040-Crd-kafka.yaml b/install/cluster-operator/040-Crd-kafka.yaml index d72e7a021aa..d602909936c 100644 --- a/install/cluster-operator/040-Crd-kafka.yaml +++ b/install/cluster-operator/040-Crd-kafka.yaml @@ -103,7 +103,7 @@ spec: description: "Type of the listener. The supported types are as follows: \n\n* `internal` type exposes Kafka internally only within the Kubernetes cluster.\n* `route` type uses OpenShift Routes to expose Kafka.\n* `loadbalancer` type uses LoadBalancer type services to expose Kafka.\n* `nodeport` type uses NodePort type services to expose Kafka.\n* `ingress` type uses Kubernetes Nginx Ingress to expose Kafka with TLS passthrough.\n* `cluster-ip` type uses a per-broker `ClusterIP` service.\n" tls: type: boolean - description: Enables TLS encryption on the listener. This is a required property. + description: "Enables TLS encryption on the listener. This is a required property. For `route` and `ingress` type listeners, TLS encryption must be always enabled." authentication: type: object properties: @@ -167,7 +167,7 @@ spec: description: Enable or disable termination of Kafka broker processes due to potentially recoverable runtime errors during startup. Default value is `true`. fallbackUserNameClaim: type: string - description: The fallback username claim to be used for the user id if the claim specified by `userNameClaim` is not present. This is useful when `client_credentials` authentication only results in the client id being provided in another claim. It only takes effect if `userNameClaim` is set. + description: The fallback username claim to be used for the user ID if the claim specified by `userNameClaim` is not present. This is useful when `client_credentials` authentication only results in the client ID being provided in another claim. It only takes effect if `userNameClaim` is set. fallbackUserNamePrefix: type: string description: "The prefix to use with the value of `fallbackUserNameClaim` to construct the user id. This only takes effect if `fallbackUserNameClaim` is true, and the value is present for the claim. Mapping usernames and client ids into the same user id space is useful in preventing name collisions." @@ -210,7 +210,7 @@ spec: listenerConfig: x-kubernetes-preserve-unknown-fields: true type: object - description: Configuration to be used for a specific listener. All values are prefixed with listener.name.__. + description: Configuration to be used for a specific listener. All values are prefixed with `listener.name.`. maxSecondsWithoutReauthentication: type: integer description: "Maximum number of seconds the authenticated session remains valid without re-authentication. This enables Apache Kafka re-authentication feature, and causes sessions to expire when the access token expires. If the access token expires before max time or if max time is reached, the client has to re-authenticate, otherwise the server will drop the connection. Not set by default - the authenticated session does not expire when the access token expires. This option only applies to SASL_OAUTHBEARER authentication mechanism (when `enableOauthBearer` is `true`)." @@ -234,7 +234,10 @@ spec: required: - key - secretName - description: Secrets to be mounted to /opt/kafka/custom-authn-secrets/custom-listener-_-_/__. + description: Secrets to be mounted to `/opt/kafka/custom-authn-secrets/custom-listener--/`. + serverBearerTokenLocation: + type: string + description: Path to the file on the local filesystem that contains a bearer token to be used instead of client ID and secret when authenticating to authorization server. tlsTrustedCertificates: type: array items: @@ -278,6 +281,9 @@ spec: userNameClaim: type: string description: "Name of the claim from the JWT authentication token, Introspection Endpoint response or User Info Endpoint response which will be used to extract the user id. Defaults to `sub`." + userNamePrefix: + type: string + description: "The prefix to use with the value of `userNameClaim` to construct the user ID. This only takes effect if `userNameClaim` is specified and the value is present for the claim. When used in combination with `fallbackUserNameClaims`, it ensures consistent mapping of usernames and client IDs into the same user ID space and prevents name collisions." validIssuerUri: type: string description: URI of the token issuer used for authentication. @@ -309,18 +315,30 @@ spec: description: Reference to the `Secret` which holds the certificate and private key pair which will be used for this listener. The certificate can optionally contain the whole chain. This field can be used only with listeners with enabled TLS encryption. class: type: string - description: "Configures a specific class for `Ingress` and `LoadBalancer` that defines which controller will be used. This field can only be used with `ingress` and `loadbalancer` type listeners. If not specified, the default controller is used. For an `ingress` listener, set the `ingressClassName` property in the `Ingress` resources. For a `loadbalancer` listener, set the `loadBalancerClass` property in the `Service` resources." + description: |- + Configures a specific class for `Ingress` and `LoadBalancer` that defines which controller is used. If not specified, the default controller is used. + + * For an `ingress` listener, the operator uses this property to set the `ingressClassName` property in the `Ingress` resources. + * For a `loadbalancer` listener, the operator uses this property to set the `loadBalancerClass` property in the `Service` resources. + + For `ingress` and `loadbalancer` listeners only. externalTrafficPolicy: type: string enum: - Local - Cluster - description: "Specifies whether the service routes external traffic to node-local or cluster-wide endpoints. `Cluster` may cause a second hop to another node and obscures the client source IP. `Local` avoids a second hop for LoadBalancer and Nodeport type services and preserves the client source IP (when supported by the infrastructure). If unspecified, Kubernetes will use `Cluster` as the default.This field can be used only with `loadbalancer` or `nodeport` type listener." + description: |- + Specifies whether the service routes external traffic to cluster-wide or node-local endpoints: + + * `Cluster` may cause a second hop to another node and obscures the client source IP. + * `Local` avoids a second hop for `LoadBalancer` and `Nodeport` type services and preserves the client source IP (when supported by the infrastructure). + + If unspecified, Kubernetes uses `Cluster` as the default. For `loadbalancer` or `nodeport` listeners only. loadBalancerSourceRanges: type: array items: type: string - description: "A list of CIDR ranges (for example `10.0.0.0/8` or `130.211.204.1/32`) from which clients can connect to load balancer type listeners. If supported by the platform, traffic through the loadbalancer is restricted to the specified CIDR ranges. This field is applicable only for loadbalancer type services and is ignored if the cloud provider does not support the feature. This field can be used only with `loadbalancer` type listener." + description: "A list of CIDR ranges (for example `10.0.0.0/8` or `130.211.204.1/32`) from which clients can connect to loadbalancer listeners. If supported by the platform, traffic through the loadbalancer is restricted to the specified CIDR ranges. This field is applicable only for loadbalancer type services and is ignored if the cloud provider does not support the feature. For `loadbalancer` listeners only." bootstrap: type: object properties: @@ -331,28 +349,28 @@ spec: description: Additional alternative names for the bootstrap service. The alternative names will be added to the list of subject alternative names of the TLS certificates. host: type: string - description: The bootstrap host. This field will be used in the Ingress resource or in the Route resource to specify the desired hostname. This field can be used only with `route` (optional) or `ingress` (required) type listeners. + description: Specifies the hostname used for the bootstrap resource. For `route` (optional) or `ingress` (required) listeners only. Ensure the hostname resolves to the Ingress endpoints; no validation is performed by Strimzi. nodePort: type: integer - description: Node port for the bootstrap service. This field can be used only with `nodeport` type listener. + description: Node port for the bootstrap service. For `nodeport` listeners only. loadBalancerIP: type: string - description: The loadbalancer is requested with the IP address specified in this field. This feature depends on whether the underlying cloud provider supports specifying the `loadBalancerIP` when a load balancer is created. This field is ignored if the cloud provider does not support the feature.This field can be used only with `loadbalancer` type listener. + description: The loadbalancer is requested with the IP address specified in this property. This feature depends on whether the underlying cloud provider supports specifying the `loadBalancerIP` when a load balancer is created. This property is ignored if the cloud provider does not support the feature. For `loadbalancer` listeners only. annotations: additionalProperties: type: string type: object - description: "Annotations that will be added to the `Ingress`, `Route`, or `Service` resource. You can use this field to configure DNS providers such as External DNS. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners." + description: "Annotations added to `Ingress`, `Route`, or `Service` resources. You can use this property to configure DNS providers such as External DNS. For `loadbalancer`, `nodeport`, `route`, or `ingress` listeners only." labels: additionalProperties: type: string type: object - description: "Labels that will be added to the `Ingress`, `Route`, or `Service` resource. This field can be used only with `loadbalancer`, `nodeport`, `route`, or `ingress` type listeners." + description: "Labels added to `Ingress`, `Route`, or `Service` resources. For `loadbalancer`, `nodeport`, `route`, or `ingress` listeners only." externalIPs: type: array items: type: string - description: External IPs associated to the nodeport service. These IPs are used by clients external to the Kubernetes cluster to access the Kafka brokers. This field is helpful when `nodeport` without `externalIP` is not sufficient. For example on bare-metal Kubernetes clusters that do not support Loadbalancer service types. This field can only be used with `nodeport` type listener. + description: External IPs associated to the nodeport service. These IPs are used by clients external to the Kubernetes cluster to access the Kafka brokers. This property is helpful when `nodeport` without `externalIP` is not sufficient. For example on bare-metal Kubernetes clusters that do not support Loadbalancer service types. For `nodeport` listeners only. description: Bootstrap configuration. brokers: type: array @@ -401,7 +419,14 @@ spec: - SingleStack - PreferDualStack - RequireDualStack - description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type." + description: |- + Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`: + + * `SingleStack` is for a single IP family. + * `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. + * `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. + + If unspecified, Kubernetes will choose the default value based on the service type. ipFamilies: type: array items: @@ -412,15 +437,21 @@ spec: description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting." createBootstrapService: type: boolean - description: Whether to create the bootstrap service or not. The bootstrap service is created by default (if not specified differently). This field can be used with the `loadBalancer` type listener. + description: Whether to create the bootstrap service or not. The bootstrap service is created by default (if not specified differently). This field can be used with the `loadbalancer` listener. finalizers: type: array items: type: string - description: "A list of finalizers which will be configured for the `LoadBalancer` type Services created for this listener. If supported by the platform, the finalizer `service.kubernetes.io/load-balancer-cleanup` to make sure that the external load balancer is deleted together with the service.For more information, see https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#garbage-collecting-load-balancers. This field can be used only with `loadbalancer` type listeners." + description: "A list of finalizers configured for the `LoadBalancer` type services created for this listener. If supported by the platform, the finalizer `service.kubernetes.io/load-balancer-cleanup` to make sure that the external load balancer is deleted together with the service.For more information, see https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#garbage-collecting-load-balancers. For `loadbalancer` listeners only." useServiceDnsDomain: type: boolean - description: "Configures whether the Kubernetes service DNS domain should be used or not. If set to `true`, the generated addresses will contain the service DNS domain suffix (by default `.cluster.local`, can be configured using environment variable `KUBERNETES_SERVICE_DNS_DOMAIN`). Defaults to `false`.This field can be used only with `internal` and `cluster-ip` type listeners." + description: |- + Configures whether the Kubernetes service DNS domain should be included in the generated addresses. + + * If set to `false`, the generated addresses do not contain the service DNS domain suffix. For example, `my-cluster-kafka-0.my-cluster-kafka-brokers.myproject.svc`. + * If set to `true`, the generated addresses contain the service DNS domain suffix. For example, `my-cluster-kafka-0.my-cluster-kafka-brokers.myproject.svc.cluster.local`. + + The default is `.cluster.local`, but this is customizable using the environment variable `KUBERNETES_SERVICE_DNS_DOMAIN`. For `internal` and `cluster-ip` listeners only. maxConnections: type: integer description: The maximum number of connections we allow for this listener in the broker at any time. New connections are blocked if the limit is reached. @@ -436,7 +467,7 @@ spec: - InternalDNS - Hostname description: |- - Defines which address type should be used as the node address. Available types are: `ExternalDNS`, `ExternalIP`, `InternalDNS`, `InternalIP` and `Hostname`. By default, the addresses will be used in the following order (the first one found will be used): + Defines which address type should be used as the node address. Available types are: `ExternalDNS`, `ExternalIP`, `InternalDNS`, `InternalIP` and `Hostname`. By default, the addresses are used in the following order (the first one found is used): * `ExternalDNS` * `ExternalIP` @@ -444,10 +475,10 @@ spec: * `InternalIP` * `Hostname` - This field is used to select the preferred address type, which is checked first. If no address is found for this address type, the other types are checked in the default order. This field can only be used with `nodeport` type listener. + This property is used to select the preferred address type, which is checked first. If no address is found for this address type, the other types are checked in the default order.For `nodeport` listeners only. publishNotReadyAddresses: type: boolean - description: Configures whether the service endpoints are considered "ready" even if the Pods themselves are not. Defaults to `false`. This field can not be used with `internal` type listeners. + description: Configures whether the service endpoints are considered "ready" even if the Pods themselves are not. Defaults to `false`. This field can not be used with `internal` listeners. description: Additional listener configuration. networkPolicyPeers: type: array @@ -509,7 +540,7 @@ spec: - port - type - tls - description: Configures listeners of Kafka brokers. + description: Configures listeners to provide access to Kafka brokers. config: x-kubernetes-preserve-unknown-fields: true type: object @@ -543,7 +574,7 @@ spec: broker: type: integer description: Id of the kafka broker (broker identifier). - description: Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers. + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. selector: additionalProperties: type: string @@ -594,7 +625,7 @@ spec: broker: type: integer description: Id of the kafka broker (broker identifier). - description: Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers. + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. selector: additionalProperties: type: string @@ -1457,7 +1488,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka `Pods`. bootstrapService: type: object @@ -1753,6 +1863,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka broker container. initContainer: type: object @@ -1834,6 +1964,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka init container. clusterCaCert: type: object @@ -2036,7 +2186,7 @@ spec: broker: type: integer description: Id of the kafka broker (broker identifier). - description: Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers. + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. selector: additionalProperties: type: string @@ -2789,7 +2939,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for ZooKeeper `Pods`. clientService: type: object @@ -2977,6 +3206,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the ZooKeeper container. serviceAccount: type: object @@ -3997,7 +4246,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Entity Operator `Pods`. topicOperatorContainer: type: object @@ -4079,6 +4407,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Entity Topic Operator container. userOperatorContainer: type: object @@ -4160,6 +4508,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Entity User Operator container. tlsSidecarContainer: type: object @@ -4241,6 +4609,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Entity Operator TLS sidecar container. serviceAccount: type: object @@ -5132,7 +5520,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Cruise Control `Pods`. apiService: type: object @@ -5269,6 +5736,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Cruise Control container. tlsSidecarContainer: type: object @@ -5350,6 +5837,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Cruise Control TLS sidecar container. serviceAccount: type: object @@ -5450,6 +5957,32 @@ spec: - type - valueFrom description: Metrics configuration. + apiUsers: + type: object + properties: + type: + type: string + enum: + - hashLoginService + description: "Type of the Cruise Control API users configuration. Supported format is: `hashLoginService`." + valueFrom: + type: object + properties: + secretKeyRef: + type: object + properties: + key: + type: string + name: + type: string + optional: + type: boolean + description: Selects a key of a Secret in the resource's namespace. + description: Secret from which the custom Cruise Control API authentication credentials are read. + required: + - type + - valueFrom + description: Configuration of the Cruise Control REST API users. description: Configuration for Cruise Control deployment. Deploys a Cruise Control instance when specified. jmxTrans: type: object @@ -6069,7 +6602,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for JmxTrans `Pods`. container: type: object @@ -6151,6 +6763,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for JmxTrans container. serviceAccount: type: object @@ -6807,7 +7439,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka Exporter `Pods`. service: type: object @@ -6907,6 +7618,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka Exporter container. serviceAccount: type: object @@ -7004,6 +7735,11 @@ spec: type: string description: The name of the KafkaNodePool used by this Kafka resource. description: List of the KafkaNodePools used by this Kafka cluster. + registeredNodeIds: + type: array + items: + type: integer + description: Registered node IDs used by this Kafka cluster. This field is used for internal purposes only and will be removed in the future. clusterId: type: string description: Kafka cluster Id. diff --git a/install/cluster-operator/041-Crd-kafkaconnect.yaml b/install/cluster-operator/041-Crd-kafkaconnect.yaml index 355f1436651..dc21332eb83 100644 --- a/install/cluster-operator/041-Crd-kafkaconnect.yaml +++ b/install/cluster-operator/041-Crd-kafkaconnect.yaml @@ -114,6 +114,9 @@ spec: accessTokenIsJwt: type: boolean description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. + accessTokenLocation: + type: string + description: Path to the token file containing an access token to be used for authentication. audience: type: string description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." @@ -134,6 +137,25 @@ spec: - certificate - key description: Reference to the `Secret` which holds the certificate and private key pair. + clientAssertion: + type: object + properties: + key: + type: string + description: The key under which the secret value is stored in the Kubernetes Secret. + secretName: + type: string + description: The name of the Kubernetes Secret containing the secret value. + required: + - key + - secretName + description: Link to Kubernetes secret containing the client assertion which was manually configured for the client. + clientAssertionLocation: + type: string + description: Path to the file containing the client assertion to be used for authentication. + clientAssertionType: + type: string + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." clientId: type: string description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. @@ -200,6 +222,11 @@ spec: - key - secretName description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. + saslExtensions: + additionalProperties: + type: string + type: object + description: SASL extensions parameters. scope: type: string description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. @@ -1003,7 +1030,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka Connect `Pods`. apiService: type: object @@ -1151,6 +1257,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka Connect container. initContainer: type: object @@ -1232,6 +1358,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka init container. podDisruptionBudget: type: object @@ -1794,7 +1940,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes. buildContainer: type: object @@ -1876,6 +2101,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka Connect Build container. The build container is used only on Kubernetes. buildConfig: type: object @@ -1934,7 +2179,7 @@ spec: description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for Secret of the Kafka Connect Cluster JMX authentication. - description: "Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated." + description: "Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated." externalConfiguration: type: object properties: diff --git a/install/cluster-operator/044-Crd-kafkauser.yaml b/install/cluster-operator/044-Crd-kafkauser.yaml index 4cd7df3517f..aba06d9c847 100644 --- a/install/cluster-operator/044-Crd-kafkauser.yaml +++ b/install/cluster-operator/044-Crd-kafkauser.yaml @@ -161,7 +161,7 @@ spec: - DescribeConfigs - IdempotentWrite - All - description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." required: - resource description: List of ACL rules which should be applied to this user. @@ -392,7 +392,7 @@ spec: - DescribeConfigs - IdempotentWrite - All - description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." required: - resource description: List of ACL rules which should be applied to this user. @@ -623,7 +623,7 @@ spec: - DescribeConfigs - IdempotentWrite - All - description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." required: - resource description: List of ACL rules which should be applied to this user. diff --git a/install/cluster-operator/045-Crd-kafkamirrormaker.yaml b/install/cluster-operator/045-Crd-kafkamirrormaker.yaml index 487ccbed8c5..a49f283ff3f 100644 --- a/install/cluster-operator/045-Crd-kafkamirrormaker.yaml +++ b/install/cluster-operator/045-Crd-kafkamirrormaker.yaml @@ -108,6 +108,9 @@ spec: accessTokenIsJwt: type: boolean description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. + accessTokenLocation: + type: string + description: Path to the token file containing an access token to be used for authentication. audience: type: string description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." @@ -128,6 +131,25 @@ spec: - certificate - key description: Reference to the `Secret` which holds the certificate and private key pair. + clientAssertion: + type: object + properties: + key: + type: string + description: The key under which the secret value is stored in the Kubernetes Secret. + secretName: + type: string + description: The name of the Kubernetes Secret containing the secret value. + required: + - key + - secretName + description: Link to Kubernetes secret containing the client assertion which was manually configured for the client. + clientAssertionLocation: + type: string + description: Path to the file containing the client assertion to be used for authentication. + clientAssertionType: + type: string + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." clientId: type: string description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. @@ -194,6 +216,11 @@ spec: - key - secretName description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. + saslExtensions: + additionalProperties: + type: string + type: object + description: SASL extensions parameters. scope: type: string description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. @@ -307,6 +334,9 @@ spec: accessTokenIsJwt: type: boolean description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. + accessTokenLocation: + type: string + description: Path to the token file containing an access token to be used for authentication. audience: type: string description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." @@ -327,6 +357,25 @@ spec: - certificate - key description: Reference to the `Secret` which holds the certificate and private key pair. + clientAssertion: + type: object + properties: + key: + type: string + description: The key under which the secret value is stored in the Kubernetes Secret. + secretName: + type: string + description: The name of the Kubernetes Secret containing the secret value. + required: + - key + - secretName + description: Link to Kubernetes secret containing the client assertion which was manually configured for the client. + clientAssertionLocation: + type: string + description: Path to the file containing the client assertion to be used for authentication. + clientAssertionType: + type: string + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." clientId: type: string description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. @@ -393,6 +442,11 @@ spec: - key - secretName description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. + saslExtensions: + additionalProperties: + type: string + type: object + description: SASL extensions parameters. scope: type: string description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. @@ -1141,7 +1195,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka MirrorMaker `Pods`. podDisruptionBudget: type: object @@ -1245,6 +1378,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for Kafka MirrorMaker container. serviceAccount: type: object diff --git a/install/cluster-operator/046-Crd-kafkabridge.yaml b/install/cluster-operator/046-Crd-kafkabridge.yaml index ced8482ea48..b200c6f1011 100644 --- a/install/cluster-operator/046-Crd-kafkabridge.yaml +++ b/install/cluster-operator/046-Crd-kafkabridge.yaml @@ -117,6 +117,9 @@ spec: accessTokenIsJwt: type: boolean description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. + accessTokenLocation: + type: string + description: Path to the token file containing an access token to be used for authentication. audience: type: string description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." @@ -137,6 +140,25 @@ spec: - certificate - key description: Reference to the `Secret` which holds the certificate and private key pair. + clientAssertion: + type: object + properties: + key: + type: string + description: The key under which the secret value is stored in the Kubernetes Secret. + secretName: + type: string + description: The name of the Kubernetes Secret containing the secret value. + required: + - key + - secretName + description: Link to Kubernetes secret containing the client assertion which was manually configured for the client. + clientAssertionLocation: + type: string + description: Path to the file containing the client assertion to be used for authentication. + clientAssertionType: + type: string + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." clientId: type: string description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. @@ -203,6 +225,11 @@ spec: - key - secretName description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. + saslExtensions: + additionalProperties: + type: string + type: object + description: SASL extensions parameters. scope: type: string description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. @@ -288,7 +315,7 @@ spec: properties: enabled: type: boolean - description: "Whether the HTTP consumer should be enabled or disabled, default is enabled." + description: Whether the HTTP consumer should be enabled or disabled. The default is enabled (`true`). timeoutSeconds: type: integer description: "The timeout in seconds for deleting inactive consumers, default is -1 (disabled)." @@ -302,7 +329,7 @@ spec: properties: enabled: type: boolean - description: "Whether the HTTP producer should be enabled or disabled, default is enabled." + description: Whether the HTTP producer should be enabled or disabled. The default is enabled (`true`). config: x-kubernetes-preserve-unknown-fields: true type: object @@ -992,7 +1019,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka Bridge `Pods`. apiService: type: object @@ -1129,6 +1235,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka Bridge container. clusterRoleBinding: type: object @@ -1246,6 +1372,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka Bridge init container. description: Template for Kafka Bridge resources. The template allows users to specify how a `Deployment` and `Pod` is generated. tracing: diff --git a/install/cluster-operator/048-Crd-kafkamirrormaker2.yaml b/install/cluster-operator/048-Crd-kafkamirrormaker2.yaml index b3b45d64c7b..5b80b9f8d1d 100644 --- a/install/cluster-operator/048-Crd-kafkamirrormaker2.yaml +++ b/install/cluster-operator/048-Crd-kafkamirrormaker2.yaml @@ -126,6 +126,9 @@ spec: accessTokenIsJwt: type: boolean description: Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`. + accessTokenLocation: + type: string + description: Path to the token file containing an access token to be used for authentication. audience: type: string description: "OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request." @@ -146,6 +149,25 @@ spec: - certificate - key description: Reference to the `Secret` which holds the certificate and private key pair. + clientAssertion: + type: object + properties: + key: + type: string + description: The key under which the secret value is stored in the Kubernetes Secret. + secretName: + type: string + description: The name of the Kubernetes Secret containing the secret value. + required: + - key + - secretName + description: Link to Kubernetes secret containing the client assertion which was manually configured for the client. + clientAssertionLocation: + type: string + description: Path to the file containing the client assertion to be used for authentication. + clientAssertionType: + type: string + description: "The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`." clientId: type: string description: OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. @@ -212,6 +234,11 @@ spec: - key - secretName description: Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server. + saslExtensions: + additionalProperties: + type: string + type: object + description: SASL extensions parameters. scope: type: string description: OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request. @@ -1148,7 +1175,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka Connect `Pods`. apiService: type: object @@ -1296,6 +1402,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka Connect container. initContainer: type: object @@ -1377,6 +1503,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka init container. podDisruptionBudget: type: object @@ -1939,7 +2085,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes. buildContainer: type: object @@ -2021,6 +2246,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka Connect Build container. The build container is used only on Kubernetes. buildConfig: type: object @@ -2079,7 +2324,7 @@ spec: description: Annotations added to the Kubernetes resource. description: Metadata applied to the resource. description: Template for Secret of the Kafka Connect Cluster JMX authentication. - description: "Template for Kafka Connect and Kafka Mirror Maker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated." + description: "Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated." externalConfiguration: type: object properties: diff --git a/install/cluster-operator/04A-Crd-kafkanodepool.yaml b/install/cluster-operator/04A-Crd-kafkanodepool.yaml index fa75f59a5a5..66f66fc5f1f 100644 --- a/install/cluster-operator/04A-Crd-kafkanodepool.yaml +++ b/install/cluster-operator/04A-Crd-kafkanodepool.yaml @@ -90,7 +90,7 @@ spec: broker: type: integer description: Id of the kafka broker (broker identifier). - description: Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers. + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. selector: additionalProperties: type: string @@ -141,7 +141,7 @@ spec: broker: type: integer description: Id of the kafka broker (broker identifier). - description: Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers. + description: Overrides for individual brokers. The `overrides` field allows you to specify a different configuration for different brokers. selector: additionalProperties: type: string @@ -757,7 +757,86 @@ spec: tmpDirSizeLimit: type: string pattern: "^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - description: Defines the total amount (for example `1Gi`) of local storage required for temporary EmptyDir volume (`/tmp`). Default value is `5Mi`. + description: "Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources." + volumes: + type: array + items: + type: object + properties: + name: + type: string + description: Name to use for the volume. Required. + secret: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + optional: + type: boolean + secretName: + type: string + description: Secret to use populate the volume. + configMap: + type: object + properties: + defaultMode: + type: integer + items: + type: array + items: + type: object + properties: + key: + type: string + mode: + type: integer + path: + type: string + name: + type: string + optional: + type: boolean + description: ConfigMap to use to populate the volume. + emptyDir: + type: object + properties: + medium: + type: string + sizeLimit: + type: object + properties: + amount: + type: string + format: + type: string + description: EmptyDir to use to populate the volume. + persistentVolumeClaim: + type: object + properties: + claimName: + type: string + readOnly: + type: boolean + description: PersistentVolumeClaim object to use to populate the volume. + oneOf: + - properties: + secret: {} + configMap: {} + emptyDir: {} + persistentVolumeClaim: {} + required: [] + description: Additional volumes that can be mounted to the pod. description: Template for Kafka `Pods`. perPodService: type: object @@ -911,6 +990,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka broker container. initContainer: type: object @@ -992,6 +1091,26 @@ spec: runAsUserName: type: string description: Security context for the container. + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + description: Additional volume mounts which should be applied to the container. description: Template for the Kafka init container. description: Template for pool resources. The template allows users to specify how the resources belonging to this pool are generated. required: diff --git a/install/cluster-operator/060-Deployment-strimzi-cluster-operator.yaml b/install/cluster-operator/060-Deployment-strimzi-cluster-operator.yaml index 38c3b4a2a9f..b4cd3208783 100644 --- a/install/cluster-operator/060-Deployment-strimzi-cluster-operator.yaml +++ b/install/cluster-operator/060-Deployment-strimzi-cluster-operator.yaml @@ -27,7 +27,7 @@ spec: name: strimzi-cluster-operator containers: - name: strimzi-cluster-operator - image: quay.io/strimzi/operator:0.42.0 + image: quay.io/strimzi/operator:0.43.0 ports: - containerPort: 8080 name: http @@ -48,49 +48,41 @@ spec: - name: STRIMZI_OPERATION_TIMEOUT_MS value: "300000" - name: STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE - value: quay.io/strimzi/kafka:0.42.0-kafka-3.7.1 + value: quay.io/strimzi/kafka:0.43.0-kafka-3.8.0 - name: STRIMZI_DEFAULT_CRUISE_CONTROL_IMAGE - value: quay.io/strimzi/kafka:0.42.0-kafka-3.7.1 + value: quay.io/strimzi/kafka:0.43.0-kafka-3.8.0 - name: STRIMZI_KAFKA_IMAGES value: | - 3.6.0=quay.io/strimzi/kafka:0.42.0-kafka-3.6.0 - 3.6.1=quay.io/strimzi/kafka:0.42.0-kafka-3.6.1 - 3.6.2=quay.io/strimzi/kafka:0.42.0-kafka-3.6.2 - 3.7.0=quay.io/strimzi/kafka:0.42.0-kafka-3.7.0 - 3.7.1=quay.io/strimzi/kafka:0.42.0-kafka-3.7.1 + 3.7.0=quay.io/strimzi/kafka:0.43.0-kafka-3.7.0 + 3.7.1=quay.io/strimzi/kafka:0.43.0-kafka-3.7.1 + 3.8.0=quay.io/strimzi/kafka:0.43.0-kafka-3.8.0 - name: STRIMZI_KAFKA_CONNECT_IMAGES value: | - 3.6.0=quay.io/strimzi/kafka:0.42.0-kafka-3.6.0 - 3.6.1=quay.io/strimzi/kafka:0.42.0-kafka-3.6.1 - 3.6.2=quay.io/strimzi/kafka:0.42.0-kafka-3.6.2 - 3.7.0=quay.io/strimzi/kafka:0.42.0-kafka-3.7.0 - 3.7.1=quay.io/strimzi/kafka:0.42.0-kafka-3.7.1 + 3.7.0=quay.io/strimzi/kafka:0.43.0-kafka-3.7.0 + 3.7.1=quay.io/strimzi/kafka:0.43.0-kafka-3.7.1 + 3.8.0=quay.io/strimzi/kafka:0.43.0-kafka-3.8.0 - name: STRIMZI_KAFKA_MIRROR_MAKER_IMAGES value: | - 3.6.0=quay.io/strimzi/kafka:0.42.0-kafka-3.6.0 - 3.6.1=quay.io/strimzi/kafka:0.42.0-kafka-3.6.1 - 3.6.2=quay.io/strimzi/kafka:0.42.0-kafka-3.6.2 - 3.7.0=quay.io/strimzi/kafka:0.42.0-kafka-3.7.0 - 3.7.1=quay.io/strimzi/kafka:0.42.0-kafka-3.7.1 + 3.7.0=quay.io/strimzi/kafka:0.43.0-kafka-3.7.0 + 3.7.1=quay.io/strimzi/kafka:0.43.0-kafka-3.7.1 + 3.8.0=quay.io/strimzi/kafka:0.43.0-kafka-3.8.0 - name: STRIMZI_KAFKA_MIRROR_MAKER_2_IMAGES value: | - 3.6.0=quay.io/strimzi/kafka:0.42.0-kafka-3.6.0 - 3.6.1=quay.io/strimzi/kafka:0.42.0-kafka-3.6.1 - 3.6.2=quay.io/strimzi/kafka:0.42.0-kafka-3.6.2 - 3.7.0=quay.io/strimzi/kafka:0.42.0-kafka-3.7.0 - 3.7.1=quay.io/strimzi/kafka:0.42.0-kafka-3.7.1 + 3.7.0=quay.io/strimzi/kafka:0.43.0-kafka-3.7.0 + 3.7.1=quay.io/strimzi/kafka:0.43.0-kafka-3.7.1 + 3.8.0=quay.io/strimzi/kafka:0.43.0-kafka-3.8.0 - name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE - value: quay.io/strimzi/operator:0.42.0 + value: quay.io/strimzi/operator:0.43.0 - name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE - value: quay.io/strimzi/operator:0.42.0 + value: quay.io/strimzi/operator:0.43.0 - name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE - value: quay.io/strimzi/operator:0.42.0 + value: quay.io/strimzi/operator:0.43.0 - name: STRIMZI_DEFAULT_KAFKA_BRIDGE_IMAGE - value: quay.io/strimzi/kafka-bridge:0.29.0 + value: quay.io/strimzi/kafka-bridge:0.30.0 - name: STRIMZI_DEFAULT_KANIKO_EXECUTOR_IMAGE - value: quay.io/strimzi/kaniko-executor:0.42.0 + value: quay.io/strimzi/kaniko-executor:0.43.0 - name: STRIMZI_DEFAULT_MAVEN_BUILDER - value: quay.io/strimzi/maven-builder:0.42.0 + value: quay.io/strimzi/maven-builder:0.43.0 - name: STRIMZI_OPERATOR_NAMESPACE valueFrom: fieldRef: diff --git a/install/drain-cleaner/certmanager/060-Deployment.yaml b/install/drain-cleaner/certmanager/060-Deployment.yaml index 19d8d581f63..dce6b89cfef 100644 --- a/install/drain-cleaner/certmanager/060-Deployment.yaml +++ b/install/drain-cleaner/certmanager/060-Deployment.yaml @@ -18,7 +18,7 @@ spec: serviceAccountName: strimzi-drain-cleaner containers: - name: strimzi-drain-cleaner - image: quay.io/strimzi/drain-cleaner:1.1.0 + image: quay.io/strimzi/drain-cleaner:1.2.0 ports: - containerPort: 8080 name: http diff --git a/install/drain-cleaner/kubernetes/060-Deployment.yaml b/install/drain-cleaner/kubernetes/060-Deployment.yaml index 19d8d581f63..dce6b89cfef 100644 --- a/install/drain-cleaner/kubernetes/060-Deployment.yaml +++ b/install/drain-cleaner/kubernetes/060-Deployment.yaml @@ -18,7 +18,7 @@ spec: serviceAccountName: strimzi-drain-cleaner containers: - name: strimzi-drain-cleaner - image: quay.io/strimzi/drain-cleaner:1.1.0 + image: quay.io/strimzi/drain-cleaner:1.2.0 ports: - containerPort: 8080 name: http diff --git a/install/drain-cleaner/openshift/060-Deployment.yaml b/install/drain-cleaner/openshift/060-Deployment.yaml index 19d8d581f63..dce6b89cfef 100644 --- a/install/drain-cleaner/openshift/060-Deployment.yaml +++ b/install/drain-cleaner/openshift/060-Deployment.yaml @@ -18,7 +18,7 @@ spec: serviceAccountName: strimzi-drain-cleaner containers: - name: strimzi-drain-cleaner - image: quay.io/strimzi/drain-cleaner:1.1.0 + image: quay.io/strimzi/drain-cleaner:1.2.0 ports: - containerPort: 8080 name: http diff --git a/install/topic-operator/05-Deployment-strimzi-topic-operator.yaml b/install/topic-operator/05-Deployment-strimzi-topic-operator.yaml index 3fa72e85241..ead99748e43 100644 --- a/install/topic-operator/05-Deployment-strimzi-topic-operator.yaml +++ b/install/topic-operator/05-Deployment-strimzi-topic-operator.yaml @@ -22,7 +22,7 @@ spec: sizeLimit: 5Mi containers: - name: strimzi-topic-operator - image: quay.io/strimzi/operator:0.42.0 + image: quay.io/strimzi/operator:0.43.0 args: - /opt/strimzi/bin/topic_operator_run.sh volumeMounts: diff --git a/install/user-operator/04-Crd-kafkauser.yaml b/install/user-operator/04-Crd-kafkauser.yaml index 4cd7df3517f..aba06d9c847 100644 --- a/install/user-operator/04-Crd-kafkauser.yaml +++ b/install/user-operator/04-Crd-kafkauser.yaml @@ -161,7 +161,7 @@ spec: - DescribeConfigs - IdempotentWrite - All - description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." required: - resource description: List of ACL rules which should be applied to this user. @@ -392,7 +392,7 @@ spec: - DescribeConfigs - IdempotentWrite - All - description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." required: - resource description: List of ACL rules which should be applied to this user. @@ -623,7 +623,7 @@ spec: - DescribeConfigs - IdempotentWrite - All - description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All." + description: "List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource." required: - resource description: List of ACL rules which should be applied to this user. diff --git a/install/user-operator/05-Deployment-strimzi-user-operator.yaml b/install/user-operator/05-Deployment-strimzi-user-operator.yaml index c167e1aacea..654ef878923 100644 --- a/install/user-operator/05-Deployment-strimzi-user-operator.yaml +++ b/install/user-operator/05-Deployment-strimzi-user-operator.yaml @@ -22,7 +22,7 @@ spec: sizeLimit: 5Mi containers: - name: strimzi-user-operator - image: quay.io/strimzi/operator:0.42.0 + image: quay.io/strimzi/operator:0.43.0 args: - /opt/strimzi/bin/user_operator_run.sh volumeMounts: