Skip to main content
StreamNative Private Cloud is an enterprise product which brings specific controllers for Kubernetes by providing specific Custom Resource Definitions (CRDs) that extend the basic Kubernetes orchestration capabilities to support the setup and management of StreamNative components. This release note summarizes the operator changes introduced between v0.15.0 and v0.16.1, including the v0.16.0 release on January 26, 2026 and the v0.16.1 follow-up release on February 10, 2026.

What’s Changed

🚀 New Features

Workspace and Connection Support

  • Connection CRD: Added a new Connection CRD for Workspace-related integration flows
  • Connection Controller: Added a dedicated controller and reconciler for Connection resources
  • Generated Config Support: Added connection-specific config generation and end-to-end tests

Schema Registry Enhancements

  • Schema Registry Auth Config: Added new auth configuration support for schema registry
  • Oxia Integration: Added Oxia-related schema registry configuration, including oxiaSchemaRegistryUrl
  • Oxia Auth Support: Added Oxia authentication configuration support in v0.16.1

Kafka and Functions Improvements

  • Kafka REST Proxy OIDC: Added OIDC support for KafkaRestProxy with configuration derived from KafkaCluster
  • Functions Worker Istio Reconciliation: Added support for Istio gateway reconciliation in functions worker deployments
  • Cruise Control and Entity Operator Wiring: Moved more Kafka-side cruise control and entity operator logic into the operator

Broker Networking

  • Per-Broker Service: Added support for per-broker services
  • Istio Decoupling: Decoupled per-pod service generation from Istio installation requirements

🔧 Enhancements

Broker and Runtime Defaults

  • Broker Environment Handling: Improved POD_ID environment handling for broker pods
  • Message Size Defaults: Improved default values for bookkeeper.nettyMaxFrameSizeBytes and broker.maxMessageSize
  • HPA Metric Targeting: Scoped broker HPA metrics to the pulsar-broker container only

Authentication and Metrics

  • FullMetrics AuthConfig: Added AuthConfig support to decouple FullMetrics from the API key service
  • Webhook Feature Flag: Added the master webhook feature flag SN_OPERATOR_WEBHOOK_ENABLE

🐛 Bug Fixes

Schema Registry and Status Handling

  • Status Conflict Handling: Improved handling of update status conflict errors in controllers
  • Schema Registry Stateful Validation: Fixed schema registry required field handling for stateful deployment settings
  • Schema Registry Oxia Auth: Fixed and completed Oxia authentication wiring for schema registry in v0.16.1

Networking and Deployment Behavior

  • Per-Pod Service Deployment: Fixed the dependency between per-pod service generation and Istio installation
  • Functions Worker Istio Resources: Improved reconciliation behavior for functions worker Istio gateway resources

📦 Dependencies

Updated Generated Assets

  • CRD Refresh: Regenerated CRDs for Connection, schema registry, Kafka, and broker-related API updates
  • RBAC Updates: Updated RBAC manifests to support the new Connection controller and related reconciler logic

🚨 Breaking Changes

Resource and Deployment Changes

  • New Connection CRD: Connection is introduced as a new API surface and requires updated CRDs and RBAC manifests
  • Per-Broker Service Behavior: Networking behavior changes for broker per-pod services, especially in environments that do not install Istio
  • Schema Registry Config Surface: Schema registry configuration is expanded to include new auth and Oxia-related options

🔄 Migration Notes

From v0.15.0 to v0.16.1

  • Apply Updated CRDs First: Apply the latest CRDs and RBAC manifests before upgrading the operator, especially for the new Connection CRD
  • Review Workspace Integrations: If you use Workspace-related workflows, validate any manifests or automation that now depend on Connection
  • Review Schema Registry Config: If you use schema registry with Oxia or custom authentication, review and validate the new configuration fields after the upgrade
  • Review Kafka REST Proxy Auth: If you expose Kafka REST Proxy with OIDC, validate the generated auth configuration derived from KafkaCluster
  • Review Broker Networking: If you rely on per-broker services, verify behavior both with and without Istio installed
  • Review Webhook Operations: If your deployment toggles admission webhook behavior, review the new SN_OPERATOR_WEBHOOK_ENABLE flag before rollout

📋 Upgrade Instructions

  1. Backup: Create a backup of your current configuration and state
  2. Update CRDs: Apply the latest CRDs and RBAC manifests before upgrading the operator
  3. Deploy Operator: Upgrade the operator to v0.16.1
  4. Validate Schema Registry: Verify schema registry startup and authentication behavior if you use Oxia-backed or auth-enabled deployments
  5. Validate Workspace Resources: Check Connection reconciliation if you use Workspace-related features
  6. Validate Networking: Verify per-broker services, Kafka REST Proxy auth, and functions worker Istio resources after rollout
  7. Monitor: Monitor controller logs, reconciliation status, and workload readiness after the upgrade

🎯 Performance Improvements

  • Broker HPA Accuracy: Reduced noisy HPA metrics by targeting the pulsar-broker container directly
  • Broker Startup Defaults: Improved broker defaults for larger frame sizes and message sizes
  • Per-Broker Networking: Improved operator-managed broker service generation for more flexible networking topologies

📚 Documentation

  • Added generated API and CRD coverage for the new Connection resource
  • Added proposal and implementation artifacts for broker per-pod service support
  • Refreshed operator API surface for schema registry auth, Oxia integration, Kafka REST Proxy OIDC, and webhook feature flag support