build(deps): bump io.strimzi:api from 0.51.0 to 1.0.0

[dependabot]

Bumps io.strimzi:api from 0.51.0 to 1.0.0.

Release notes

Sourced from io.strimzi:api's releases.

1.0.0

⚠️ ⚠️ ⚠️ Important: Strimzi 1.0.0 supports only the new v1 CRD API. The older v1beta2, v1beta1, and v1alpha1 APIs are no longer supported. Before upgrading to Strimzi 1.0.0, make sure to convert all custom resources and upgrade the CRDs.

---

Main changes since 0.51

This release contains the following new features and improvements:

• Remove support for the v1beta2 API (and v1alpha1 and v1beta2 for KafkaTopic and KafkaUser) and fully move to the v1 API
• Add support for Kafka 4.1.2
• Add support for advertisedPortTemplate in listener configuration to add more flexibility when configuring advertised ports.
• Support for type: environment-variable rack awareness based on environment variables that do not require ClusterRoleBindings
• Add support for TLS/SSL on the HTTP Bridge
• Add support for force-renewal of KafkaUser certificates via strimzi.io/force-renew annotation
• The UseConnectBuildWithBuildah feature gate moves to the beta stage and is enabled by default
• And many more ...

All changes can be found under the 1.0.0 milestone or in the CHANGELOG.md.

Upgrading from Strimzi 0.51.0

See the documentation for upgrade instructions. Make sure to follow the CRD upgrade instructions!

Container images

The following container images are part of this release:

Name	Image
Operators	quay.io/strimzi/operator@sha256:fe09836e37ed891a5931292701ec7c81ccb3b0b26599f7d2326ea4af891247aa
Apache Kafka 4.1.0	quay.io/strimzi/kafka@sha256:70a7368438d1c5e0d5272848d588c812c53e3b853c68424c017b548039c23596
Apache Kafka 4.1.1	quay.io/strimzi/kafka@sha256:d48bbc220e28246c76342f6b77f9be53b07ac4909240ebfa4a6139d61a951bd4
Apache Kafka 4.1.2	quay.io/strimzi/kafka@sha256:6a52c514833a91ac08ee6cf10609b60961580170661caadec0a6992a7208c2a2
Apache Kafka 4.2.0	quay.io/strimzi/kafka@sha256:87c6b1c1081bfc25f88a0490d580f5696f5e419482d686df612cdfdf04711059
Strimzi Bridge	quay.io/strimzi/kafka-bridge@sha256:dcec1c978f4174c101b78fd290a698fad89f83439c9a868bbbd9c9750b146fdf
Kaniko executor	quay.io/strimzi/kaniko-executor@sha256:ca8838eb04f394cd3ae6268d70dd9bc7852c5c603aa30ae6aff407c2c5a29639
Maven Builder	quay.io/strimzi/maven-builder@sha256:326a67a6d60820e04757e40d3c9651046108e06aff2346256b772982d86d4b0e
Buildah builder	quay.io/strimzi/buildah@sha256:3ac4d8fde6eca2ad837dc5258390f5ea704949b0539c77a394eb33a63c806b97

New Contributors

• @​marvin-roesch made their first contribution in strimzi/strimzi-kafka-operator#12477
• @​Paramesh324 made their first contribution in strimzi/strimzi-kafka-operator#12509
• @​marcelojscosta made their first contribution in strimzi/strimzi-kafka-operator#12527
• @​QuentinBisson made their first contribution in strimzi/strimzi-kafka-operator#12560
• @​guancioul made their first contribution in strimzi/strimzi-kafka-operator#12631
• @​mamccorm made their first contribution in strimzi/strimzi-kafka-operator#12506

1.0.0-rc2

... (truncated)

Changelog

Sourced from io.strimzi:api's changelog.

1.0.0

• Use the v1 API in the Cluster Operator
• Use the v1 API as the stored API version
• Remove the v1beta2 API (and v1alpha1 and v1beta2 for KafkaTopic and KafkaUser) from the CRDs and fully move to the v1 API
• Allow upgrading from unknown Apache Kafka versions (that might be used in Strimzi patch releases)
• Add support for Kafka 4.1.2
• Add support for advertisedPortTemplate in listener configuration to add more flexibility when configuring advertised ports.
• In-place Pod resizing support for Kafka brokers and controllers, Connect nodes, and MirrorMaker 2 nodes
• Remove PreferredLeaderElectionGoal from Cruise Control's default.goals list
• Support for type: environment-variable rack awareness based on environment variables that do not require ClusterRoleBindings
• Add topologySpreadConstraints support to the Strimzi Helm chart operator Deployment
• Update HTTP bridge to 1.0.0.
• Enable configuring allowList of Strimzi Metrics Reporter dynamically
• Add support for TLS/SSL on the HTTP Bridge Set spec.http.tls.certificateAndKey configuration to enable it and provide the certificate and key via Secret.
• Add support force-renewal of KafkaUser certificates via strimzi.io/force-renew annotation

Major changes, deprecations, and removals

• The Strimzi Access Operator 0.2.0 does not support the Strimzi v1 CRD API and is not compatible with Strimzi 1.0.0. The Strimzi v1 CRD API will be supported in Strimzi Access Operator 0.3.0 release that will follow shortly after the Strimzi 1.0.0 release. Please check the Access Operator repository for the latest updates on the Access Operator releases and compatibility with Strimzi 1.0.0.
• The api, test, crd-annotations, and crd-generator modules now use Java 21 as their Java language level. If you use one of these modules as a dependency in your Java project, you will need to upgrade to Java 21 as well.
• Open Policy Agent (OPA) authorizer plugin is not bundled as part of the Strimzi Container images anymore. If you want to continue use the OPA Authorizer, you have to add it as a custom plugin by building a custom Kafka container image or using additional volumes. Once added, you can continue to use OPA using the type: custom authorization.
• The UseConnectBuildWithBuildah feature gate moves to beta stage and is enabled by default. If needed, UseConnectBuildWithBuildah can be disabled in the feature gates configuration in the Cluster Operator.
• Update HTTP bridge to 1.0.0.
  • /metrics endpoint is no longer available on the regular HTTP interface (port 8080 by default). It is now available on the HTTP management interface, 8081. Users upgrading to Strimzi 1.0.0+ should check all monitoring configurations that scrape Kafka Bridge metrics and update them to use port 8081 instead of 8080 or any other non-default port before or immediately after the upgrade to avoid metrics collection failures.
• Standalone Topic Operator now reads certificates directly from the Kubernetes Secrets in PEM format instead of using JKS/P12 keystore and truststore files. If you use the standalone Topic Operator and you have any custom configuration related to TLS certificates, you might need to update it during the upgrade to Strimzi 1.0.0.
  • Make sure the Topic Operator has the Kubernetes RBAC rights to read the certificate Secrets
  • Use the environment variable STRIMZI_TLS_TRUSTED_CERTS_SECRET_NAME to configure the CA certificates for TLS encryption when connecting to the Apache Kafka cluster.
  • Use the environment variables STRIMZI_TLS_SECRET_NAME, STRIMZI_TLS_KEY_NAME, and STRIMZI_TLS_CERT_NAME to configure client certificate for the mTLS authentication when connecting to the Apache Kafka cluster.
  • Use the environment variable STRIMZI_CLUSTER_NAMESPACE to define the namespace where the TLS Secrets are.
  • If you want to use TLS encryption with an Apache Kafka cluster using server certificates signed by a public CA, you just need to use the STRIMZI_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM variable and set it to TLS.
  • The STRIMZI_TLS_ENABLED, STRIMZI_TLS_AUTH_ENABLED, STRIMZI_PUBLIC_CA, STRIMZI_TRUSTSTORE_LOCATION, STRIMZI_TRUSTSTORE_PASSWORD, STRIMZI_KEYSTORE_LOCATION, and STRIMZI_KEYSTORE_PASSWORD environment variables are not used anymore and will be ignored if set.

Commits

• 4836c7d Fix default Kafka Connetor state (#12666)
• 34ca797 Bump strimzi/github-actions version to v1 and pass build-id for containers pu...
• 9110784 Prepare for 1.0.0 release
• dff2c25 Use defaut keystore type in TO Cruise Control client (#12657)
• a35b49b Replace ResourceAnnotations with Annotations in CaReconciler (#12647)
• ab7e0d9 Simplify SystemTestCertBundle construction with factory methods for Cluster a...
• 7421b9e Stop using PKCS12 files in Topic Operator (#12627)
• 83e26d5 Remove unused Vert.x parameter from CaReconciler class (#12654)
• ac9f75a [ST] Refactor our certification handling and make it centralize and more read...
• 5b8ca2e [ST] Add mention about system test documentation in TESTING.md (#12638)
• Additional commits viewable in compare view

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud