Skip to main content
StreamNative Private Cloud is an enterprise product which brings specific controllers for Kubernetes by providing specific Custom Resource Definitions (CRDs) that extend the basic Kubernetes orchestration capabilities to support the setup and management of StreamNative components. This release note summarizes the operator changes introduced between v0.16.1 and v0.17.5, including the v0.17.0 release on March 9, 2026 and the v0.17.5 follow-up release on March 25, 2026.

What’s Changed

🚀 New Features

Kafka on Ursa and Compaction Scheduler

  • Ursa-backed KafkaCluster: Added support for running KafkaCluster with the Ursa engine
  • Compaction Scheduler: Added compaction scheduler support for Ursa clusters and Kafka workloads
  • Iceberg Catalog Integrations: Added cluster-level Iceberg catalog support for opencatalog, s3table, unity, and BigLake
  • Catalog Credentials: Added support for configuring catalog credentials for the Kafka compaction scheduler
  • Cluster Name Support: Added clusterName support to the Kafka compaction scheduler

Kafka Toolset and Resource Management

  • Kafka Toolset Support: Added dedicated Kafka cluster toolset support
  • Toolset Image Override: Added image override support and -kafka-toolset naming for Kafka toolsets
  • Kafka Resource Management: Expanded operator-side management of Kafka resources, including cruise control and entity operator handling
  • Custom Labels for Compaction: Added custom pod labels and KafkaCluster label propagation for compaction workloads

Functions Worker and Function Mesh

  • OrcaRegistry Mode: Added OrcaRegistry mode support for Pulsar Functions Worker
  • Function Mesh CR Labels: Added CRLabels support for Function Mesh custom resources
  • Detector and Toolset mTLS Auth: Added mTLS client authentication support for detector and toolset workloads

Networking and Service Exposure

  • ListenerName Support: Added ListenerName to pin gateway listener names
  • Oxia Namespace Flexibility: Added support for using a separate Oxia namespace for Kafka clusters
  • Pod Scrape Labels: Added scrape labels to generated pod templates

🔧 Enhancements

Kafka and Storage Defaults

  • Ursa Storage Defaults: Tuned default Ursa Kafka storage settings
  • Override Precedence: Ensured custom Kafka configuration overrides Ursa storage defaults
  • Compaction Defaults: Updated default configuration for the compaction scheduler
  • Config Reload Behavior: Restart compaction workloads when relevant ConfigMaps change

Istio and Service Generation

  • Oxia Istio Handling: Improved Istio resource handling for Oxia when mTLS is disabled
  • Zookeeper Istio FQDN: Updated Zookeeper Istio configuration for FQDN handling and mTLS none mode
  • gRPC-aware Routing: Updated Oxia routing to use gRPC-aware Istio behavior for port 6648

🐛 Bug Fixes

Kafka and Compaction Fixes

  • OIDC Issuer Cleanup: Cleaned up oidcIssuers dynamic configuration when annotations are removed
  • Schema Registry Header File: Fixed kopSchemaRegistryHttpHeaderAuthorizationFile handling
  • Metadata Store Namespace: Fixed Oxia namespace resolution for the Kafka compaction scheduler
  • Topic Compaction Guardrails: Blocked unsupported topic compaction scenarios for Kafka cluster compaction
  • Iceberg Config Prefix: Fixed the prefix for Kafka Iceberg configuration

Functions Worker and Core Platform Fixes

  • Catalog RBAC Ownership: Removed cross-namespace owner references for catalog RBAC resources
  • Custom Labels in Runtime Config: Corrected custom label handling in Functions Worker runtime configuration
  • BookKeeper OnDelete Updates: Allowed StatefulSet updates when BookKeeper uses the OnDelete strategy

Security and Image Fixes

  • OpenTelemetry CVE Fix: Upgraded OpenTelemetry dependency versions in v0.17.1
  • Base Image CVE Fix: Upgraded Dockerfile base images in v0.17.2
  • Image Correction: Included follow-up image fixes in the v0.17.3 release line

📦 Dependencies

Updated Generated Assets

  • CRD Refresh: Regenerated CRDs and deepcopy assets for Kafka, compaction scheduler, Functions Worker, coordinator, broker, and related APIs
  • Dependency Refresh: Updated test and build dependencies, default images, and supporting libraries across the operator

🚨 Breaking Changes

Resource and Configuration Changes

  • Expanded KafkaCluster API Surface: KafkaCluster gains substantial new compaction, catalog, networking, and Ursa-related configuration
  • Toolset Naming Changes: Kafka toolsets now use distinct -kafka-toolset naming and image handling
  • Functions Worker Modes: Functions Worker configuration now supports additional registry and label options that may affect generated resources
  • Istio Routing Behavior: Istio and Oxia routing behavior changed for mTLS none mode and gRPC-aware service exposure

🔄 Migration Notes

From v0.16.1 to v0.17.5

  • Apply Updated CRDs First: Apply the latest CRDs and RBAC manifests before upgrading the operator
  • Review KafkaCluster Specs: If you use KafkaCluster, review new Ursa, compaction scheduler, catalog, listener, and label-related fields before rollout
  • Review Toolset Deployments: If you use toolset workloads for Kafka, validate naming, image override behavior, and generated init containers after upgrade
  • Review Functions Worker Config: If you use Functions Worker, validate OrcaRegistry mode, catalog RBAC, and custom label behavior after upgrade
  • Review Istio and Oxia Behavior: If you expose Zookeeper, Oxia, or Kafka through Istio, verify routing behavior in mTLS none mode and confirm gRPC traffic handling on port 6648
  • Review Iceberg Integrations: If you use compaction with Iceberg catalogs, validate catalog mode, credentials, and provider-specific fields such as BigLake userProject
  • Review Security-related Images: If you pin images or scan CVEs, review the image and dependency updates shipped across v0.17.1 to v0.17.3

📋 Upgrade Instructions

  1. Backup: Create a backup of your current configuration and state
  2. Update CRDs: Apply the latest CRDs and RBAC manifests before upgrading the operator
  3. Deploy Operator: Upgrade the operator to v0.17.5
  4. Validate Kafka Workloads: Verify KafkaCluster, compaction scheduler, and toolset reconciliation if you use Kafka on Ursa or Iceberg integrations
  5. Validate Functions Worker: Check Functions Worker configuration, catalog RBAC, and runtime labels after rollout
  6. Validate Istio Paths: Verify Oxia, Zookeeper, and Kafka routing behavior after the Istio-related changes
  7. Monitor: Monitor controller logs, reconciliation status, StatefulSet updates, and workload readiness after the upgrade

🎯 Performance Improvements

  • Kafka Storage Tuning: Improved default storage-related tuning for Kafka on Ursa
  • Compaction Reliability: Improved compaction workload restart behavior when configuration changes
  • Observability Defaults: Added scrape labels and optional OTEL metrics enablement for compaction-related workloads

📚 Documentation

  • Added proposals and generated API updates for Functions Worker registry mode and BookKeeper StatefulSet update safety
  • Refreshed generated CRD surface for Kafka compaction, toolset, coordinator, broker, and Istio-related APIs
  • Expanded operator configuration support for Iceberg catalogs, BigLake, listener naming, mTLS client auth, and Kafka on Ursa