Skip to main content
StreamNative Private Cloud is an enterprise product which brings specific controllers for Kubernetes by providing specific Custom Resource Definitions (CRDs) that extend the basic Kubernetes orchestration capabilities to support the setup and management of StreamNative components.

​
What’s Changed

​
πŸš€ New Features

​
Istio Ambient Mode Support

  • Ambient Mode Integration: Added comprehensive support for running Pulsar clusters in Istio ambient mode
  • API Support: New API configuration for enabling ambient mode in Pulsar clusters
  • Service Mesh: Enhanced service mesh capabilities with ambient mode support for improved performance and reduced resource overhead

​
Agent Function Enhancements

  • Session Mode Support: Added session mode support for Agent Functions with enhanced configuration options
  • MCP Server Support: Support for multiple MCP (Model Context Protocol) servers in Orca engine
  • Configurable Agent Functions: Made agent function configurations customizable through AgentFunction CRD
  • MCP Streamable HTTP Config: Added McpStreamableHttpConfig configuration for Agent Functions
  • Manifest Generation: Automatic manifest generation for agent_function resources

​
Pulsar Functions Worker

  • Individual Deployment: New PulsarFunctionsWorker CRD to support individual deployment of Functions Worker
  • Custom Configuration: Enhanced configuration and dependencies management for individual Functions Worker instances
  • Resource Management: Improved resource allocation and management for Functions Worker pods

​
Multi-Catalog Support

  • Multiple Catalogs: Support for multiple catalogs in compaction scheduler and storage catalog
  • S3Table Catalog: Added support for appending S3Table catalog configurations
  • Catalog Management: Enhanced catalog list checking and validation
  • Cluster-Level Catalog: Fixed catalog enabled flag on cluster level configuration

​
Compaction Service Enhancements

  • Cluster Name Support: Introduced clusterName configuration for compaction service
  • StatefulSet Deployment: Added configuration support for compaction StatefulSet deployment
  • Skip Pause Rollout: Support for compaction scheduler to skip pause during rollout operations
  • Status Synchronization: Fixed compaction status synchronization on StatefulSet deployment
  • Linking Mode: Added linkingMode configuration for UniLink
  • Topic Rename Map: Support for TopicRenameMap configuration in UniLink
  • Subject Rename Map: Added subjectRenameMap support for UniLinkSchema

​
Ultra Low Latency Profile

  • Performance Profile: New ultra low latency configuration profile for optimized low-latency workloads
  • Tuned Settings: Pre-configured settings for minimal latency operations

​
πŸ”§ Enhancements

​
Kafka Connect

  • Passthrough Config: Support for passthrough Kafka client configurations in KafkaConnect
  • RBAC Support: Enabled Kafka RBAC for versions > 4.0.5.0
  • Client Configuration: Enhanced flexibility in Kafka client configuration management

​
Graceful Rollout

  • Token Authentication: Support for token authentication in graceful rollout process
  • HPA Integration: Fixed HPA (Horizontal Pod Autoscaler) when graceful rollout is enabled
  • Token Parameters: Fixed token parameters handling for graceful rollout operations
  • Storage Catalog: Fixed graceful rollout for storage catalog retrieval

​
Monitoring & Observability

  • Full Metrics: Support for full metrics collection and reporting
  • API Key Integration: Disable full metrics if API key is not enabled
  • Istio Resource Naming: Fixed Istio resource naming for full metrics
  • Autorecovery Probes: Added liveness and readiness probes for autorecovery service

​
Tiered Storage

  • Ursa Lakehouse: Support for enabling ursa-lakehouse in environment when lakehouse is enabled
  • Managed Ledger Offload: Added managed ledger offload deletion lag milliseconds configuration
  • Storage Configuration: Fixed tiered storage configuration with ursa-lakehouse support

​
Resource Management

  • Prepare Container: Added securityContext and resource limits for prepare container
  • Function Mesh Resources: Added resource configuration for function mesh components
  • BookKeeper Storage: Added PVC and VolumeMount support for BookKeeper when stream storage is enabled

​
Authentication & Authorization

  • Original Auth Data: Added authenticateOriginalAuthData configuration for authentication
  • Unity OAuth2: Adjusted Unity for Iceberg OAuth2 authentication configuration
  • Broker Token: Support for reading broker authentication tokens from file mounts in SN Agent

​
Gateway Configuration

  • TLS Fields: Introduced feature flag DISABLE_AUTO_FILL_UP_GATEWAY_TLS_FIELDS for gateway TLS configuration
  • Proxy Status: Fixed proxy status check when TLS is disabled
  • Readonly FS Script: Fixed proxy readonly filesystem script

​
πŸ› Bug Fixes

​
Core Fixes

  • Virtual Hosts Order: Fixed virtual_hosts order in EnvoyFilters for proper routing
  • Catalog List Check: Fixed catalog list validation and checking logic
  • Catalog Enabled Flag: Fixed catalog enabled flag on cluster level configuration
  • Iceberg Suffix: Fixed Iceberg suffix handling in catalog configurations

​
Component-Specific Fixes

  • Function Worker Config: Fixed CustomWorkerConfig not working issue for Functions Worker
  • Compaction Status: Fixed compaction status not synchronizing on StatefulSet deployment with nil checks
  • Proxy Status: Fixed proxy status check when TLS is disabled
  • MCP Headers: Fixed MCP headers for AgentFunctions

​
Infrastructure Fixes

  • E2E Tests: Fixed failed e2e tests and improved test stability
  • MySQL Image: Fixed Bitnami MySQL image usage in e2e tests (switched to bitnami/legacy/mysql)
  • CI/CD: Fixed Bitnami image changes in CI pipeline
  • Test Stability: Improved overall test stability and reliability

​
πŸ”’ Security Updates

​
CVE Fixes

  • Go Version Upgrade: Upgraded Go to version 1.23.12 to address CVE-2025-47907
  • Security Patches: Applied latest security patches and updates

​
Authentication Enhancements

  • Token Security: Enhanced token authentication and management
  • OAuth2 Configuration: Improved OAuth2 authentication configuration for Unity Iceberg
  • RBAC: Enabled Kafka RBAC for enhanced security in Kafka-on-Pulsar deployments

​
πŸ“¦ Dependencies

​
Updated Dependencies

  • Function Mesh: Bumped function-mesh to v0.21.8 for improved functionality
  • PFSQL Gateway: Updated PFSQL gateway to version 0.22.6
  • PFSQL: Bumped PFSQL to version 0.22.5

​
Go Module Updates

  • Go Version: Upgraded to Go 1.23.12 for security and performance improvements
  • Function Worker Dependencies: Updated configuration and dependencies for individual Functions Worker

​
🚨 Breaking Changes

​
Configuration Changes

  • Gateway TLS Fields: New feature flag DISABLE_AUTO_FILL_UP_GATEWAY_TLS_FIELDS changes gateway TLS field auto-fill behavior
  • Catalog Configuration: Multi-catalog support requires updated catalog configuration structure
  • Agent Function Config: Agent Function configuration structure has been enhanced with new options

​
API Changes

  • PulsarFunctionsWorker CRD: New CRD introduced for individual Functions Worker deployment
  • Ambient Mode API: New API fields added for Istio ambient mode support
  • UniLink Configuration: Enhanced UniLink configuration with new linkingMode and TopicRenameMap fields

​
πŸ”„ Migration Notes

​
From v0.12.14 to v0.13.6

  • Catalog Configuration: Review and update catalog configurations if using multi-catalog features
  • Agent Functions: Update Agent Function configurations to leverage new session mode and MCP server support
  • Functions Worker: Consider migrating to individual PulsarFunctionsWorker CRD for better isolation
  • Gateway TLS: Review gateway TLS configuration if using DISABLE_AUTO_FILL_UP_GATEWAY_TLS_FIELDS feature
  • Istio Ambient Mode: If enabling ambient mode, ensure Istio ambient mode is properly configured in your cluster
  • Dependencies: Ensure Kubernetes cluster supports the updated dependencies and Go runtime

​
πŸ“‹ Upgrade Instructions

  1. Backup: Create a backup of your current configuration and state
  2. Update CRDs: Apply the new CRD definitions including PulsarFunctionsWorker
  3. Update Operator: Deploy the new operator version (v0.13)
  4. Review Configurations: Review and update configurations for new features (ambient mode, multi-catalog, etc.)
  5. Verify: Check that all components are running correctly
  6. Test: Validate new features in a test environment before production use
  7. Monitor: Monitor metrics and logs for any issues during and after upgrade

​
🎯 Performance Improvements

  • Ultra Low Latency: New profile optimized for minimal latency workloads
  • Resource Efficiency: Improved resource allocation for prepare containers and function mesh
  • Status Synchronization: Faster and more reliable status synchronization for compaction service
  • Catalog Management: Optimized catalog list checking and validation

​
πŸ“š Documentation

  • Updated API documentation for PulsarFunctionsWorker CRD
  • Enhanced configuration examples for Istio ambient mode
  • Improved guides for multi-catalog configuration
  • Added documentation for Agent Function session mode and MCP server support
  • Updated troubleshooting guides for common issues