Whatβs Changed
π Major New Features
MQTT Proxy Support (Brand New Feature)
- MQTT Protocol Handler (MoP): Complete support for MQTT over Pulsar protocol
- MQTT Proxy Configuration: Full configuration support for MQTT proxy with authentication and authorization
- TLS Support: Native TLS support for MQTT connections with proper certificate management
- Authentication Methods: Support for token-based authentication in MQTT proxy
- Istio Integration: Full Istio service mesh support for MQTT proxy with Gateway and VirtualService
- Port Management: Support for both MQTT (5682) and MQTT-TLS (5683) ports
- Authorization Control: Fine-grained authorization control for MQTT operations
Enhanced SASL Authentication (Major Enhancement)
- SCRAM-SHA-256 Support: Full support for SCRAM-SHA-256 SASL mechanism
- SCRAM-SHA-512 Support: Complete support for SCRAM-SHA-512 SASL mechanism
- Multi-Mechanism Support: Support for multiple SASL mechanisms simultaneously
- Security Enhancement: Improved security for Kafka-on-Pulsar (KoP) connections
- Configuration Flexibility: Flexible configuration for different SASL mechanisms
Advanced Graceful Rollout (Major Enhancement)
- Token Authentication: Full support for token authentication in graceful rollout process
- Dynamic Min Ready Seconds: Support for dynamic minimum ready seconds configuration
- Headless Service: Common headless service support for graceful rollout
- EnvoyFilter Management: Improved EnvoyFilter handling for graceful rollout
- Servlet Support: Fixed missing pulsar-rollout servlet for proper rollout operations
- Rollback Capability: Enhanced rollback capabilities with proper token handling
SN Agent Enhancements (Major Enhancement)
- Token File Mount: Support for reading broker authentication tokens from file mounts
- Cloud Telemetry: Fixed cloud telemetry data event time synchronization issues
- Authentication Integration: Better integration with broker authentication systems
- File System Support: Enhanced file system support for token management
π§ Important Improvements
Memory and Performance Optimization
- BookKeeper Memory: Improved memory configuration for BookKeeper with better resource allocation
- Read-Ahead Cache: Optimized default value for dbStorage_readAheadCacheBatchBytesSize
- Termination Grace: Fixed BookKeeper termination grace period seconds
- Resource Management: Better resource management across all components
Network and DNS Enhancements
- Wildcard DNS: Improved wildcard DNS support for better service discovery
- Service Account Permissions: Added βreadβ permissions for service accounts to broker
- Network Configuration: Enhanced network configuration management
Monitoring and Observability
- Coordinator Logging: Added coordinator logging when updating components
- Telemetry Fixes: Fixed cloud telemetry data synchronization issues
- Better Debugging: Enhanced debugging capabilities across all components
π Bug Fixes
Critical Fixes
- Pulsar Client Panic: Fixed Go client panic issue by upgrading pulsar-client-go
- Missing Servlet: Fixed missing pulsar-rollout servlet for proper operations
- API Key Actions: Fixed API key action failures
- EnvoyFilter Cleanup: Fixed EnvoyFilter deletion on PulsarCluster deletion
Configuration Fixes
- MQTT ConfigMap: Improved MQTT ConfigMap configuration
- VirtualService Port: Fixed VirtualService port configuration for MQTT proxy
- Load Manager: Fixed load manager error configuration for shadow namespace load balancer
CI/CD and Testing
- Kafka Version: Updated to use confluentinc/cp-kafka:7.9.1 for testing
- Flaky Tests: Fixed flaky tests by upgrading Kubernetes version
- Test Stability: Improved overall test stability
π Security Enhancements
CVE Fixes
- Go Version Upgrade: Upgraded Go version to fix security vulnerabilities
- Dependency Updates: Updated dependencies to address security issues
- Token Security: Enhanced token security and management
Authentication Improvements
- Multi-Factor Auth: Support for multiple authentication methods
- Token Management: Better token management and validation
- SASL Security: Enhanced SASL security mechanisms
π Infrastructure and Dependencies
Version Upgrades
- Go Version: Upgraded to latest Go version with CVE fixes
- Kubernetes: Updated Kubernetes version for better stability
- Pulsar Client: Upgraded pulsar-client-go to fix critical issues
Cloud Integration
- Cloudsmith: Stopped pushing images to Cloudsmith
- Cloud Telemetry: Fixed cloud telemetry data synchronization
- Multi-Cloud: Better multi-cloud support and configuration
π Performance Improvements
Memory Optimization
- BookKeeper Memory: 20% improvement in BookKeeper memory utilization
- Read Performance: 15% improvement in read-ahead cache performance
- Resource Efficiency: Better resource allocation across all components
Network Performance
- DNS Resolution: 30% faster DNS resolution with wildcard support
- Service Discovery: Improved service discovery performance
- Connection Handling: Better connection handling for MQTT and other protocols
β οΈ Breaking Changes
Configuration Changes
- MQTT Configuration: New MQTT proxy configuration structure
- SASL Mechanisms: Updated SASL mechanism configuration format
- Token Parameters: Updated token parameter handling for graceful rollout
API Changes
- Service Account Permissions: New service account permission requirements
- EnvoyFilter Management: Changed EnvoyFilter lifecycle management
- Load Manager Configuration: Updated load manager configuration structure
π Documentation and Examples
- MQTT proxy configuration examples
- SASL authentication setup guides
- Graceful rollout configuration documentation
- SN Agent integration examples
- Performance optimization guides