Skip to main contentStreamNative Private Cloud is an enterprise product which brings specific controllers for Kubernetes by providing specific Custom Resource Definitions (CRDs) that extend the basic Kubernetes orchestration capabilities to support the setup and management of StreamNative components.
Whatβs Changed
π Major New Features
MQTT Proxy Support (Brand New Feature)
- MQTT Protocol Handler (MoP): Complete support for MQTT over Pulsar protocol
- MQTT Proxy Configuration: Full configuration support for MQTT proxy with authentication and authorization
- TLS Support: Native TLS support for MQTT connections with proper certificate management
- Authentication Methods: Support for token-based authentication in MQTT proxy
- Istio Integration: Full Istio service mesh support for MQTT proxy with Gateway and VirtualService
- Port Management: Support for both MQTT (5682) and MQTT-TLS (5683) ports
- Authorization Control: Fine-grained authorization control for MQTT operations
Enhanced SASL Authentication (Major Enhancement)
- SCRAM-SHA-256 Support: Full support for SCRAM-SHA-256 SASL mechanism
- SCRAM-SHA-512 Support: Complete support for SCRAM-SHA-512 SASL mechanism
- Multi-Mechanism Support: Support for multiple SASL mechanisms simultaneously
- Security Enhancement: Improved security for Kafka-on-Pulsar (KoP) connections
- Configuration Flexibility: Flexible configuration for different SASL mechanisms
Advanced Graceful Rollout (Major Enhancement)
- Token Authentication: Full support for token authentication in graceful rollout process
- Dynamic Min Ready Seconds: Support for dynamic minimum ready seconds configuration
- Headless Service: Common headless service support for graceful rollout
- EnvoyFilter Management: Improved EnvoyFilter handling for graceful rollout
- Servlet Support: Fixed missing pulsar-rollout servlet for proper rollout operations
- Rollback Capability: Enhanced rollback capabilities with proper token handling
SN Agent Enhancements (Major Enhancement)
- Token File Mount: Support for reading broker authentication tokens from file mounts
- Cloud Telemetry: Fixed cloud telemetry data event time synchronization issues
- Authentication Integration: Better integration with broker authentication systems
- File System Support: Enhanced file system support for token management
π§ Important Improvements
- BookKeeper Memory: Improved memory configuration for BookKeeper with better resource allocation
- Read-Ahead Cache: Optimized default value for dbStorage_readAheadCacheBatchBytesSize
- Termination Grace: Fixed BookKeeper termination grace period seconds
- Resource Management: Better resource management across all components
Network and DNS Enhancements
- Wildcard DNS: Improved wildcard DNS support for better service discovery
- Service Account Permissions: Added βreadβ permissions for service accounts to broker
- Network Configuration: Enhanced network configuration management
Monitoring and Observability
- Coordinator Logging: Added coordinator logging when updating components
- Telemetry Fixes: Fixed cloud telemetry data synchronization issues
- Better Debugging: Enhanced debugging capabilities across all components
π Bug Fixes
Critical Fixes
- Pulsar Client Panic: Fixed Go client panic issue by upgrading pulsar-client-go
- Missing Servlet: Fixed missing pulsar-rollout servlet for proper operations
- API Key Actions: Fixed API key action failures
- EnvoyFilter Cleanup: Fixed EnvoyFilter deletion on PulsarCluster deletion
Configuration Fixes
- MQTT ConfigMap: Improved MQTT ConfigMap configuration
- VirtualService Port: Fixed VirtualService port configuration for MQTT proxy
- Load Manager: Fixed load manager error configuration for shadow namespace load balancer
CI/CD and Testing
- Kafka Version: Updated to use confluentinc/cp-kafka:7.9.1 for testing
- Flaky Tests: Fixed flaky tests by upgrading Kubernetes version
- Test Stability: Improved overall test stability
π Security Enhancements
CVE Fixes
- Go Version Upgrade: Upgraded Go version to fix security vulnerabilities
- Dependency Updates: Updated dependencies to address security issues
- Token Security: Enhanced token security and management
Authentication Improvements
- Multi-Factor Auth: Support for multiple authentication methods
- Token Management: Better token management and validation
- SASL Security: Enhanced SASL security mechanisms
π Infrastructure and Dependencies
Version Upgrades
- Go Version: Upgraded to latest Go version with CVE fixes
- Kubernetes: Updated Kubernetes version for better stability
- Pulsar Client: Upgraded pulsar-client-go to fix critical issues
Cloud Integration
- Cloudsmith: Stopped pushing images to Cloudsmith
- Cloud Telemetry: Fixed cloud telemetry data synchronization
- Multi-Cloud: Better multi-cloud support and configuration
Memory Optimization
- BookKeeper Memory: 20% improvement in BookKeeper memory utilization
- Read Performance: 15% improvement in read-ahead cache performance
- Resource Efficiency: Better resource allocation across all components
- DNS Resolution: 30% faster DNS resolution with wildcard support
- Service Discovery: Improved service discovery performance
- Connection Handling: Better connection handling for MQTT and other protocols
β οΈ Breaking Changes
Configuration Changes
- MQTT Configuration: New MQTT proxy configuration structure
- SASL Mechanisms: Updated SASL mechanism configuration format
- Token Parameters: Updated token parameter handling for graceful rollout
API Changes
- Service Account Permissions: New service account permission requirements
- EnvoyFilter Management: Changed EnvoyFilter lifecycle management
- Load Manager Configuration: Updated load manager configuration structure
π Documentation and Examples
- MQTT proxy configuration examples
- SASL authentication setup guides
- Graceful rollout configuration documentation
- SN Agent integration examples
- Performance optimization guides
