Release Notes for AMQ Streams 2.3 on RHEL
Highlights of what's new and what's changed with this release of AMQ Streams on Red Hat Enterprise Linux
Abstract
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Chapter 1. Features
AMQ Streams 2.3 introduces the features described in this section.
AMQ Streams 2.3 on RHEL is based on Kafka 3.3.1.
To view all the enhancements and bugs that are resolved in this release, see the AMQ Streams Jira project.
1.1. Kafka 3.3.1 support
AMQ Streams now supports Apache Kafka version 3.3.1.
AMQ Streams uses Kafka 3.3.1. Only Kafka distributions built by Red Hat are supported.
For upgrade instructions, see AMQ Streams and Kafka upgrades.
Refer to the Kafka 3.3.0 and Kafka 3.3.1 Release Notes for additional information.
Kafka 3.2.x is supported only for the purpose of upgrading to AMQ Streams 2.3.
For more information on supported versions, see the AMQ Streams Component Details.
Kafka 3.3.1 uses ZooKeeper version 3.6.3, which is the same version as Kafka 3.2.x. We recommend that you perform a rolling update to use the new binaries.
Kafka 3.3.1 provides access to KRaft mode, where Kafka runs without ZooKeeper by utilizing the Raft protocol. KRaft mode is available as a Technology Preview.
1.2. Support for IBM Z and LinuxONE architecture
AMQ Streams 2.3 is enabled to run on IBM Z and LinuxONE s390x architecture.
IBM Z and LinuxONE are tested for Kafka and Open JDK 11, on Red Hat Enterprise Linux 8 and later.
1.2.1. Requirements for IBM Z and LinuxONE
- Red Hat Enterprise Linux 8 and later
- Open JDK 11
1.2.2. Unsupported on IBM Z and LinuxONE
- Red Hat Enterprise Linux 7
- Open JDK 8, Oracle JDK 8 & 11, IBM JDK 8
1.3. Support for IBM Power architecture
AMQ Streams 2.3 is enabled to run on IBM Power ppc64le architecture.
IBM Power is tested for Kafka and Open JDK 11, on Red Hat Enterprise Linux 8 and later.
1.3.1. Requirements for IBM Power
- Red Hat Enterprise Linux 8 and later
- Open JDK 11
1.3.2. Unsupported on IBM Power
- Red Hat Enterprise Linux 7
- Open JDK 8, Oracle JDK 8 & 11, IBM JDK 8
Chapter 2. Enhancements
AMQ Streams 2.3 adds a number of enhancements.
2.1. Kafka 3.3.1 enhancements
For an overview of the enhancements introduced with Kafka 3.3.0 and 3.3.1, refer to the Kafka 3.3.0 and Kafka 3.3.1 Release Notes.
2.2. OAuth password grants for Kafka clients
You can now configure Kafka clients to use the OAuth password grants mechanism for interaction with Kafka brokers.
Password grants mechanism properties
security.protocol=SASL_SSL sasl.mechanism=OAUTHBEARER sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \ oauth.token.endpoint.uri="<token_endpoint_url>" \ oauth.client.id="<client_id>" \ 1 oauth.client.secret="<client_secret>" \ 2 oauth.password.grant.username="<username>" \ 3 oauth.password.grant.password="<password>" \ 4 oauth.scope="<scope>" \ oauth.audience="<audience>" ; # ...
- 1
- Client ID, which is the name used when creating the client in the authorization server.
- 2
- (Optional) Client secret created when creating the client in the authorization server.
- 3
- Username for password grant authentication. OAuth password grant configuration (username and password) uses the OAuth 2.0 password grant method. To use password grants, create a user account for a client on your authorization server with limited permissions. The account should act like a service account. Use in environments where user accounts are required for authentication, but consider using a refresh token first.
- 4
- Password for password grant authentication.
Chapter 3. Technology Previews
Technology Preview features included with AMQ Streams 2.3.
Technology Preview features are not supported with Red Hat production service-level agreements (SLAs) and might not be functionally complete; therefore, Red Hat does not recommend implementing any Technology Preview features in production environments. This Technology Preview feature provides early access to upcoming product innovations, enabling you to test functionality and provide feedback during the development process. For more information about the support scope, see Technology Preview Features Support Scope.
3.1. OpenTelemetry for distributed tracing
This release introduces OpenTelemetry for distributed tracing as a technology preview. You can use OpenTelemetry with a specified tracing system. OpenTelemetry is replacing OpenTracing for distributed tracing. Support for OpenTracing is deprecated.
By Default, OpenTelemetry uses the OTLP (OpenTelemetry Protocol) exporter for tracing. AMQ Streams with OpenTelemetry is distributed for use with the Jaeger exporter, but you can specify other tracing systems supported by OpenTelemetry. AMQ Streams plans to migrate to using OpenTelemetry with the OTLP exporter by default, and is phasing out support for the Jaeger exporter.
3.2. KRaft mode
Apache Kafka is in the process of phasing out the need for ZooKeeper. You can now try deploying a Kafka cluster in KRaft (Kafka Raft metadata) mode without ZooKeeper as a technology preview.
This mode is intended only for development and testing, and must not be enabled for a production environment.
Currently, the KRaft mode in AMQ Streams has the following major limitations:
- Moving from Kafka clusters with ZooKeeper to KRaft clusters or the other way around is not supported.
- Upgrades and downgrades of Apache Kafka versions are not supported.
- SCRAM-SHA-512 authentication is not supported.
- JBOD storage with multiple disks is not supported.
- Many configuration options are still in development.
3.3. Kafka Static Quota plugin configuration
Use the Kafka Static Quota plugin to set throughput and storage limits on brokers in your Kafka cluster. You can set a byte-rate threshold and storage quotas to put limits on the clients interacting with your brokers.
Example Kafka Static Quota plugin configuration
client.quota.callback.class= io.strimzi.kafka.quotas.StaticQuotaCallback client.quota.callback.static.produce= 1000000 client.quota.callback.static.fetch= 1000000 client.quota.callback.static.storage.soft= 400000000000 client.quota.callback.static.storage.hard= 500000000000 client.quota.callback.static.storage.check-interval= 5
See Setting limits on brokers using the Kafka Static Quota plugin.
Chapter 4. Deprecated features
The features deprecated in this release, and that were supported in previous releases of AMQ Streams, are outlined below.
4.1. Java 8 support removed in AMQ Streams 2.4.0
Support for Java 8 was deprecated in Kafka 3.0.0 and AMQ Streams 2.0. Support for Java 8 will be removed in AMQ Streams 2.4.0. This applies to all AMQ Streams components, including clients.
AMQ Streams supports Java 11. Use Java 11 when developing new applications. Plan to migrate any applications that currently use Java 8 to Java 11.
If you want to continue using Java 8 for the time being, AMQ Streams 2.2 provides Long Term Support (LTS). For information on the LTS terms and dates, see the AMQ Streams LTS Support Policy.
4.2. OpenTracing
Support for OpenTracing is deprecated.
The Jaeger clients are now retired and the OpenTracing project archived. As such, we cannot guarantee their support for future Kafka versions. We are introducing a new tracing implementation based on the OpenTelemetry project.
4.3. Kafka MirrorMaker 1
Kafka MirrorMaker replicates data between two or more active Kafka clusters, within or across data centers. Kafka MirrorMaker 1 is deprecated for Kafka 3.3.1 and will be removed in Kafka 4.0.0. MirrorMaker 2.0 will be the only version available. MirrorMaker 2.0 is based on the Kafka Connect framework, connectors managing the transfer of data between clusters.
As a consequence, the AMQ Streams KafkaMirrorMaker
custom resource which is used to deploy Kafka MirrorMaker 1 has been deprecated. The KafkaMirrorMaker
resource will be removed from AMQ Streams when Kafka 4.0.0 is adopted.
If you are using MirrorMaker 1 (referred to as just MirrorMaker in the AMQ Streams documentation), use the KafkaMirrorMaker2
custom resource with the IdentityReplicationPolicy
. MirrorMaker 2.0 renames topics replicated to a target cluster. IdentityReplicationPolicy
configuration overrides the automatic renaming. Use it to produce the same active/passive unidirectional replication as MirrorMaker 1.
4.4. Identity replication policy
Identity replication policy is used with MirrorMaker 2.0 to override the automatic renaming of remote topics. Instead of prepending the name with the name of the source cluster, the topic retains its original name. This optional setting is useful for active/passive backups and data migration.
The AMQ Streams Identity Replication Policy class (io.strimzi.kafka.connect.mirror.IdentityReplicationPolicy
) is now deprecated and will be removed in the future. You can update to use Kafka’s own Identity Replication Policy (class org.apache.kafka.connect.mirror.IdentityReplicationPolicy
).
Chapter 5. Fixed issues
The issues fixed in AMQ Streams 2.3 on RHEL.
For details of the issues fixed in Kafka 3.3.0 and 3.3.1, refer to the Kafka 3.3.0 and Kafka 3.3.1 Release Notes.
Table 5.1. Fixed issues
Issue Number | Description |
---|---|
[KAFKA] |
Table 5.2. Fixed common vulnerabilities and exposures (CVEs)
Issue Number | Description |
---|---|
CVE-2022-42004 jackson-databind: use of deeply nested arrays | |
CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS | |
CVE-2022-38752 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode | |
CVE-2022-2047 jetty-http: improver hostname input handling |
Chapter 6. Known issues
There are no known issues for AMQ Streams 2.3 on RHEL.
Chapter 7. Supported integration with Red Hat products
AMQ Streams 2.3 supports integration with the following Red Hat products.
- Red Hat Single Sign-On
- Provides OAuth 2.0 authentication and OAuth 2.0 authorization.
For information on the functionality these products can introduce to your AMQ Streams deployment, refer to the product documentation.
Additional resources
Chapter 8. Important links
Revised on 2023-01-16 17:54:34 UTC