Chapter 2. Enhancements
The enhancements added in this release are outlined below.
2.1. Kafka 2.4.0 enhancements
For an overview of the enhancements introduced with Kafka 2.4.0, refer to the Kafka 2.4.0 Release Notes.
2.2. Kafka Bridge now supports distributed tracing
Distributed tracing using Jaeger is now supported for the Kafka Bridge component of AMQ Streams on OpenShift.
The Kafka Bridge generates traces when it sends and receives messages to and from HTTP clients, and when HTTP clients send requests to the Kafka Bridge REST API to create a consumer, retrieve messages, and so on. You can view these traces in the Jaeger user interface.
To enable tracing for the Kafka Bridge, configure the KafkaBridge custom resource for Jaeger tracing. For example:
apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaBridge
metadata:
name: my-bridge
spec:
#...
template:
bridgeContainer:
env:
- name: JAEGER_SERVICE_NAME
value: my-jaeger-service
- name: JAEGER_AGENT_HOST
value: jaeger-agent-name
- name: JAEGER_AGENT_PORT
value: "6831"
tracing:
type: jaeger
#...
Use kubectl apply to update the resource in your Kafka cluster. When the resource is updated, a Jaeger tracer based on your configuration is initialized by the Kafka Bridge.
See Distributed tracing and Enabling tracing in Mirror Maker, Kafka Connect, and Kafka Bridge resources.
2.3. User quotas
User quotas prevent users from exceeding a defined level of access to Kafka brokers. You can now set two types of user quotas on the KafkaUser resource:
- Network usage quotas, based on a byte threshold
- CPU utilization quotas, based on a time limit of CPU utilization
To set a user quota, edit the KafkaUser.spec.quotas property of the KafkaUser resource.
See Kafka User resource, KafkaUser schema reference, and Quotas in the Apache Kafka documentation.
2.4. PKCS #12 storage
AMQ Streams uses Secrets to store private keys and certificates for Kafka cluster components and clients. Secrets are used for establishing TLS encrypted connections between Kafka brokers, and between brokers and clients. They are also used for mutual TLS authentication.
PKCS #12 defines an archive file format (.p12) for storing cryptography objects into a single file with password protection. You can now use PKCS #12 to manage certificates and keys in one place.
See PKCS #12 storage.
2.5. Dockerfile user for Kafka Connect base image
The USER specified in the Dockerfile when creating a Docker image from the Kafka Connect base image has changed.
| AMQ Streams version | Value of USER instruction in Dockerfile |
|---|---|
| 1.3 |
|
| 1.4 |
|
See Creating a Docker image from the Kafka Connect base image.
