What’s Changed
🚀 New Features
KafkaCluster Support
- KafkaCluster Controller: Added a dedicated controller for
KafkaClusterresources - Listener Management: Added support for listeners and additional listeners on
KafkaCluster - APIKey Authentication: Added API key authentication support for Kafka clusters
- Enabled by Default:
KafkaClusterfeature gate is now enabled by default
Kafka Ecosystem Resources
- Kafka REST Proxy: Added a new
KafkaRestProxyresource with controller, service, and Istio integration - Schema Registry: Added a new
SNSchemaRegistryresource with controller, service, StatefulSet, and Istio support - Functions Worker for Kafka: Made Pulsar Functions Worker ready for Kafka cluster scenarios
Coordinator, Toolset, and Detector
- Coordinator Resource: Added coordinator support for deploying detector and toolset workloads
- Toolset Deployment: Added end-to-end toolset deployment support
- Detector Deployment: Added detector deployment support for Kafka-related workflows
- Resource Rename: Renamed
GeneralCoordinatortoCoordinator
Agent and API Key Enhancements
- Custom Agent Framework: Added support for
"custom"AgentFramework - API Key Configs: Added CRD and configuration support for API key management
- Functions Component Limits: Added
componentLimitsconfiguration for functions on serverless clusters
🔧 Enhancements
Kafka Networking and Exposure
- Istio Ingress Design: Added design proposal for exposing Kafka clusters by using Istio ingress gateway
- Bootstrap Service Readiness: Enabled
publishNotReadyAddressesfor broker headless services - KafkaCluster CRD Completion: Added missing webhook, CA injection, RBAC, and sample wiring for
KafkaCluster
Broker and Load Management
- Bundle Distribution Control: Added
loadBalancerDistributeBundlesEvenlyEnabledformodularLoadManager - Default Load Balancer Config: Continued the default broker load balancer improvements for Pulsar 3.x
- Usage Reporting: Added namespace UID to usage report data
Platform Compatibility
- Kubernetes 1.31: Upgraded Kubernetes dependencies to v1.31
- Dependency Refresh: Upgraded
jose2goand refreshed container images - Base Image Update: Upgraded Alpine base image
🐛 Bug Fixes
Kafka and Istio Fixes
- Passthrough Port Alignment: Fixed bind address and
VirtualServiceport alignment in passthrough mode with multiple gateways - Kafka REST Proxy Routing: Fixed Kafka REST Proxy
VirtualServiceports and label selectors - API Keys with KafkaNodePools: Fixed Kafka node pool patching when API keys are enabled
- Bootstrap Server URL: Removed redundant HTTP scheme in generated
bootstrapServers
Runtime and Controller Fixes
- Served GVK Registration: Registered GVKs to the runtime only when they are served by the API server
- Istio Watch Logic: Removed static Istio resource owner watch logic
- Missing Gateway Handling: Fixed panic when Istio gateway is not configured
- Coordinator CRD Short Name: Fixed the short name of the
CoordinatorCRD
Authentication and Config Fixes
- Mounted Token Retrieval: Fixed
SetupBrokerConfigtoken retrieval from mounted files - Compaction Secret: Fixed compaction service
authv2secret handling - Oxia Networking: Fixed Oxia
VirtualServiceandGatewaygeneration - Certification Flag: Fixed the
--certification-project-idunknown flag issue
📦 Dependencies
Updated Dependencies
- Kubernetes Libraries: Upgraded controller and client dependencies to Kubernetes v1.31
- jose2go: Upgraded
jose2godependency and related images - Container Images: Refreshed Docker and Alpine-based images
Generated Assets
- CRD Refresh: Regenerated CRDs to reflect the new Kafka, schema registry, coordinator, and API key APIs
- RBAC Updates: Added and refreshed RBAC manifests for the new resources
🚨 Breaking Changes
Resource and API Changes
- Coordinator Rename:
GeneralCoordinatorhas been renamed toCoordinator - New CRDs:
KafkaCluster,KafkaRestProxy,SNSchemaRegistry,Coordinator, and API key related CRDs are introduced or significantly expanded - KafkaCluster Default Enablement:
KafkaClusteris now enabled by default, which changes the default operator feature set
Manifest Changes
- Coordinator Manifests: Existing manifests that reference
GeneralCoordinatormust be updated - CRD Reapplication: Cluster operators should re-apply CRDs and RBAC before rolling out v0.15
🔄 Migration Notes
From v0.14.8 to v0.15.0
- Update Coordinator Resources: Replace
GeneralCoordinatorreferences in manifests and automation withCoordinator - Apply New CRDs First: Apply the updated CRDs and RBAC for
KafkaCluster,KafkaRestProxy,SNSchemaRegistry,Coordinator, and API key resources before upgrading the operator - Review KafkaCluster Rollout: If you previously relied on the KafkaCluster feature gate being disabled, review your deployment assumptions because it is now enabled by default
- Review Istio Configuration: If you expose Kafka or Kafka REST Proxy through Istio, review listener and port mappings after upgrade
- Review Broker Auth Config: If broker auth tokens are mounted from files, validate the corrected token resolution behavior after upgrade
📋 Upgrade Instructions
- Backup: Create a backup of your current configuration and state
- Update CRDs: Apply the latest CRDs and RBAC manifests before upgrading the operator
- Update Manifests: Replace
GeneralCoordinatorwithCoordinatorin your manifests and automation - Deploy Operator: Upgrade the operator to v0.15.0
- Review Kafka Resources: Validate
KafkaCluster,KafkaRestProxy, andSNSchemaRegistryresources if you use Kafka workloads - Verify Networking: Check Istio gateways, listeners, and generated service endpoints after rollout
- Monitor: Monitor controller logs, workload readiness, and metrics after the upgrade
🎯 Performance Improvements
- Kafka Exposure Path: Improved Kafka listener and Istio generation for more consistent exposure behavior
- Broker Readiness: Enabled
publishNotReadyAddressesfor broker headless services to improve cluster startup coordination - Load Balancing Tuning: Added finer control for modular load manager bundle distribution
📚 Documentation
- Added design proposal for exposing Kafka clusters by using Istio ingress gateway
- Refreshed generated CRD documentation for new Kafka-related resources
- Updated API surface for
Coordinator,KafkaCluster, API key configuration, and schema registry support