All notable changes to this project will be documented in this file.
- The lifetime of auto generated TLS certificates is now configurable with the role and roleGroup
config property
requestedSecretLifetime
. This helps reducing frequent Pod restarts (#722).
- Fix OIDC endpoint construction in case the
rootPath
does not have a trailing slash (#718). - BREAKING: Use distinct ServiceAccounts for the Stacklets, so that multiple Stacklets can be deployed in one namespace. Existing Stacklets will use the newly created ServiceAccounts after restart (#717).
- Support OpenID Connect authentication (#660).
- Allow configuring proxy host behavior (#668).
- Support disabling the
create-reporting-task
Job (#690). - Support podOverrides on the
create-reporting-task
Job using the fieldspec.clusterConfig.createReportingTaskJob.podOverrides
(#690). - The operator can now run on Kubernetes clusters using a non-default cluster domain.
Use the env var
KUBERNETES_CLUSTER_DOMAIN
or the operator Helm chart propertykubernetesClusterDomain
to set a non-default cluster domain (#694).
- Reduce CRD size from
637KB
to105KB
by accepting arbitrary YAML input instead of the underlying schema for the following fields (#664):podOverrides
affinity
extraVolumes
- Increase
log
Volume size from 33 MiB to 500 MiB (#671). - Replaced experimental NiFi
2.0.0-M4
with2.0.0
(#702). - Don't deploy the
PrometheusReportingTask
Job for NiFi versions2.x.x
and up (#708).
- Switch from
flow.xml.gz
toflow.json.gz
to allow seamless upgrades to version 2.0 (#675). - Failing to parse one
NifiCluster
/AuthenticationClass
should no longer cause the whole operator to stop functioning (#662). - NiFi will now use the JDK trust store when an OIDC provider uses WebPKI as CA (#686, #698).
- Support specifying the SecretClass that is used to obtain TLS certificates (#622).
- Support for NiFi
1.27.0
and2.0.0-M4
(#639).
- Bump
stackable-operator
from0.64.0
to0.70.0
(#641). - Bump
product-config
from0.6.0
to0.7.0
(#641). - Bump other dependencies (#642).
- Make it easy to test custom NiFi images (#616).
- Use config-utils for text-replacement of variables in configs. This fixes escaping problems, especially when you have special characters in your password (#627).
- Processing of corrupted log events fixed; If errors occur, the error messages are added to the log event (#628).
- Removed support for
1.23.2
(#639).
- Various documentation of the CRD (#537).
- Document support for Apache Iceberg extensions (#556).
- Helm: support labels in values.yaml (#560).
- Support for NiFi
1.25.0
(#571).
- A service for a single NiFi node is created for the reporting task to avoid JWT issues (#571).
- Default stackableVersion to operator version. It is recommended to remove
spec.image.stackableVersion
from your custom resources (#493). - Configuration overrides for the JVM security properties, such as DNS caching (#497).
- Support PodDisruptionBudgets (#509).
- Support for 1.23.2 (#513).
- Support graceful shutdown (#528).
vector
0.26.0
->0.33.0
(#494, #513).operator-rs
0.44.0
->0.55.0
(#493, #498, #509, #513).- [BREAKING] Consolidated authentication config to a list of AuthenticationClasses (#498).
- Let secret-operator handle certificate conversion (#505).
- [BREAKING] Removed crd support for nifi.security.allow.anonymous.authentication that was never actually used (#498).
- [BREAKING] Removed crd support for the auto generation of admin credentials (obsolete since the user now always has to provide an AuthenticationClass) (#498).
- Support for 1.15.x, 1.16.x, 1.18.x, 1.20.x (#513).
- Added support for NiFi versions 1.20.0 and 1.21.0 (#464).
- Generate OLM bundle for Release 23.4.0 (#467).
- Missing CRD defaults for
status.conditions
field (#471). - Set explicit resources on all containers (#476).
- Support podOverrides (#483).
operator-rs
0.40.2
->0.44.0
(#461, #486).- Use 0.0.0-dev product images for testing (#463)
- Use testing-tools 0.2.0 (#463)
- Added kuttl test suites (#480)
- Use ou with spaces in LDAP tests (#466).
- Reporting task now escapes user and password input in case of whitespaces (#466).
- Increase the size limit of the log volume (#486).
- Enabled logging and log aggregation (#418)
- Deploy default and support custom affinities (#436, #451)
- Added the ability to mount extra volumes for files that may be needed for NiFi processors to work (#434)
- Openshift compatibility (#446).
- Extend cluster resources for status and cluster operation (paused, stopped) (#447)
- Cluster status conditions (#448)
- [BREAKING]: Renamed global
config
toclusterConfig
(#417) - [BREAKING]: Moved
zookeeper_configmap_name
toclusterConfig
(#417) operator-rs
0.33.0
->0.40.2
(#418, #447, #452)- [BREAKING] Support specifying Service type.
This enables us to later switch non-breaking to using
ListenerClasses
for the exposure of Services. This change is breaking, because - for security reasons - we default to thecluster-internal
ListenerClass
. If you need your cluster to be accessible from outside of Kubernetes you need to setclusterConfig.listenerClass
toexternal-unstable
(#449).
- Avoid empty log events dated to 1970-01-01 and improve the precision of the log event timestamps (#452).
- Fix
create-reporting-task
to support multiple rolegroups (#453) - Fix proxy hosts list missing an entry for the load-balanced Service (#453)
- Remove hardcoded
kubernetes.io/os=linux
selector when determining list of valid proxy nodes (#453)
- Updated operator-rs to 0.31.0 (#382, #401, #408)
- Do not run init container as root anymore and avoid chmod and chown (#390)
- [BREAKING] Use Product image selection instead of version.
spec.version
has been replaced byspec.image
(#394) - [BREAKING]: Removed tools image (reporting task job and init container) and replaced with NiFi product image. This means the latest stackable version has to be used in the product image selection (#397)
- Fixed the RoleGroup
selector
. It was not used before. (#401) - Refactoring of authentication handling (#408)
- Fixed a regression that made PVC configs mandatory in some cases (#375)
- Updated stackable image versions (#376)
- Support for in-place NiFi cluster upgrades (#323)
- Added default resource requests (memory and cpu) for NiFi pods (#353)
- Added support for NiFi version 1.18.0 (#360)
- Updated operator-rs to 0.26.1 (#371)
- NiFi repository sizes are now adjusted based on declared PVC sizes (#371)
- Include chart name when installing with a custom release name (#300, #301).
- Orphaned resources are deleted (#319)
- Updated operator-rs to 0.25.0 (#319, #328)
- Operator will not error out any more if admin credential need to be generated but
auto_generate
is not set. Instead the pods are written but will stay in initializing state until the necessary secrets have been created. (#319)
- Reconciliation errors are now reported as Kubernetes events (#218).
- Use cli argument
watch-namespace
/ env varWATCH_NAMESPACE
to specify a single namespace to watch (#223). - Enable prometheus metrics via a
Job
. This is done via a python script that creates a ReportingTask via the NiFi REST API in thetools
docker image (#230). - Monitoring scraping label prometheus.io/scrape: true (#230).
operator-rs
0.10.0
->0.15.0
(#218, #223, #230).- [BREAKING] Specifying the product version has been changed to adhere to ADR018 instead of just specifying the product version you will now have to add the Stackable image version as well, so
version: 3.5.8
becomes (for example)version: 3.5.8-stackable0.1.0
(#270) - [BREAKING] CRD overhaul: Moved
authenticationConfig
to top levelconfig.authentication
.SingleUser
now proper camelCasesingleUser
.adminCredentialsSecret
now takes a String instead ofSecretReference
(#277). - [BREAKING] CRD overhaul: Moved
sensitivePropertiesConfig
to top levelconfig.sensitiveProperties
(#277).
- The
monitoring.rs
module which is obsolete (#230).
- The ZooKeeper discovery now references config map name of ZNode (#207).
operator-rs
0.9.0
→0.10.0
(#207).
- Removed support for 1.13.2 (#125)
- Added/removed some default config settings that changed from 1.13 to 1.15 (#125)
operator-rs
0.3.0
→0.4.0
(#101).stackable-zookeeper-crd
:0.4.1
→0.5.0
(#101).- Adapted pod image and container command to docker image (#101).
- Adapted documentation to represent new workflow with docker images (#101).
- Added versioning code from operator-rs for up and downgrades (#81).
- Added
ProductVersion
to status (#81). - Added
Condition
to status (#81). - Use sticky scheduler (#87)
stackable-zookeeper-crd
:0.3.0
→0.4.1
(#92).operator-rs
:0.3.0
(#92).kube-rs
:0.58
→0.60
(#83).k8s-openapi
0.12
→0.13
and features:v1_21
→v1_22
(#83).operator-rs
0.2.1
→0.2.2
(#83).
- Fixed a bug where
wait_until_crds_present
only reacted to the main CRD, not the commands (#92).
- Breaking: Repository structure was changed and the -server crate renamed to -binary. As part of this change the -server suffix was removed from both the package name for os packages and the name of the executable (#72).
- Initial release