Whatβs Changed
π Major New Features
Oxia Cluster Management (Brand New Feature)
- New OxiaCluster CRD: Complete support for deploying and managing Oxia clusters
- New OxiaNamespace CRD: Support for creating and managing namespaces within Oxia clusters
- Coordinator & Server Components: Independent configuration for coordinator and server components
- Istio Integration: Full service mesh support for Oxia clusters
- Monitoring Support: Integrated Prometheus ServiceMonitor for observability
- Debug Capabilities: Support for enabling debug log levels
- Notification Management: Ability to disable notifications
- ConfigMap Watching: Coordinator can watch ConfigMap changes
- Block Cache Configuration: Support for RocksDB block cache size configuration
- OIDC Authentication: Built-in OIDC authentication support
Graceful Rollout System (Major Enhancement)
- PulsarBrokerRevision CRD: New revision-based deployment model
- Multi-Version Management: Support for managing multiple broker versions simultaneously
- Zero-Downtime Upgrades: Gradual pod replacement for seamless upgrades
- Pause/Resume: Ability to pause and resume rollout processes
- Event Source Management: Improved event source handling
- Ordinal Prefix Support: Support for ordinal prefix in revision-based deployments
API Keys Authentication System (Brand New Feature)
- ApiKeys CRD: Complete API keys management system
- OIDC Integration: Full OpenID Connect authentication support
- Custom Authenticators: Support for custom OIDC authenticators
- Revocation List Management: API keys revocation list support
- Scope Claims: OIDC scope claim configuration
- Istio Integration: Full service mesh integration for API keys
- Authentication Policies: Istio authorization policies for API keys
Horizontal Pod Autoscaling (HPA)
- Default HPA Policies: Auto-generated HPA policies for Pulsar Broker
- Multi-Metric Support: CPU, memory, and network-based scaling
- Scaling Behaviors: Configurable scaling speed and policies
- Component Support: HPA support for Broker, Proxy, and Functions Worker
- Fast Scaling: Support for fast scaling up capabilities
Istio Service Mesh Enhancements
- Static Service Entries: Support for Istio static service entries
- Gateway Redirection: Automatic redirection at gateway level
- mTLS Configuration: Enhanced mTLS configuration support
- Trust Domain Configuration: Custom trust domain support
- Authorization Policies: Improved authorization policy management
- Service Mesh Detection: Better service mesh readiness detection
- No-Sidecar Mode: Automatic redirection in no-sidecar mode
π§ Feature Improvements
Console Management Interface
- Secret References: Support for secret references in Console
- Pod Field Support: New pod-related configuration fields
- Image Pull Secrets: Support for image pull secret configuration
Toolset Enhancements
- Default Enabled: Toolset is now enabled by default
- Pulsar Proxy Support: Support for using toolset with Pulsar Proxy
- Image Pull Secrets: Support for image pull secret configuration
- Read-only Filesystem: Fixed read-only filesystem issues
Storage and Configuration
- Storage Class Validation: New storage class validation feature
- Config V2: Support for new configuration format
- Dynamic Config Compatibility: Improved dynamic configuration compatibility
- RocksDB Optimization: Better RocksDB configuration management
Security Enhancements
- JWT Authentication: Enhanced JWT authentication configuration
- OIDC Scope Claims: Support for OIDC scope claims
- RBAC Improvements: Better role-based access control
- Auth0 Integration: Custom scope claim configuration for Auth0
π Bug Fixes
Controller Fixes
- Fixed PulsarBroker controller pod watching issues
- Fixed ZooKeeper service entry update problems
- Fixed graceful rollout event source issues
- Fixed Oxia cluster compatibility issues
- Fixed console NPE (Null Pointer Exception) issues
Health Checks and Probes
- Fixed Oxia cluster startup and readiness probe configurations
- Fixed BookKeeper and ZooKeeper ready condition checks
- Fixed Broker ready condition checks
- Enhanced probe configurations
Configuration and Deployment
- Fixed TLS configuration issues
- Fixed dynamic configuration compatibility problems
- Fixed interceptor patch strategy
- Fixed toleration configuration issues
- Fixed graceful rollout gateway issues
π Performance Optimizations
Scaling Optimizations
- Fast Scaling: Support for fast scaling up capabilities
- Scaling Policies: Optimized scaling policy configurations
- Resource Management: Improved resource request and limit configurations
Network and Load Balancing
- New Load Balancer: Support for new load balancer configurations
- System Topic Migration: Moved system topics to Oxia for serverless
- Topology-Aware Gateway: Support for AWS topology-aware gateway
- Load Manager Configuration: Added loadManagerServiceUnitStateTableViewClassName config
Storage Optimizations
- RocksDB Configuration: Optimized RocksDB block cache size configuration
- Compaction Service: Improved compaction service configuration
- Block Cache Management: Better block cache size management
π Dependencies and Infrastructure
Go Version Upgrade
- Upgraded to Go 1.23.12 to fix CVE-2024-24789 and CVE-2024-24790
Base Image Updates
- Updated base images to fix security vulnerabilities
- Using public ECR registry for downloading Trivy databases
CI/CD Improvements
- Enhanced GitHub Actions workflows
- Improved end-to-end testing
- Better release processes
- CVE blocking for releases
π Configuration Changes
New Configuration Options
- loadManagerServiceUnitStateTableViewClassName: Load balancer configuration
- additionalSystemCursorNames: Broker configuration
- ordinalPrefix: Revision-based deployment mode
- secretRef: Console configuration
- imagePullSecrets: Toolset configuration
Feature Gates
- DEFAULT_ENABLE_TOOLSET: Default enable toolset (now true)
- ISTIO_STATIC_SERVICE_ENTRY: Istio static service entries (now GA)
- DEFAULT_ENABLE_JSON_FORMAT_LOG: JSON log format
- REDIRECT_ON_GATEWAY: Gateway redirection
- FAST_SCALING_UP: Fast scaling up (now true)
- CHECK_STORAGE_CLASS: Storage class validation
β οΈ Breaking Changes
- Oxia Cluster Configuration: Some Oxia configuration options may not be compatible with older versions
- HPA Policies: Default HPA policies may conflict with existing configurations
- Istio Configuration: Istio-related configurations may need updates
- Toolset Default: Toolset is now enabled by default, which may affect existing deployments
π Documentation and Examples
- New Oxia cluster configuration examples
- Updated API Keys authentication configuration examples
- Added HPA configuration documentation and examples
- Updated Istio integration configuration guides
- Enhanced troubleshooting documentation