Release Notes for AMQ Streams 2.1 on RHEL
Highlights of what's new and what's changed with this release of AMQ Streams on Red Hat Enterprise Linux
Abstract
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Chapter 1. Features
AMQ Streams 2.1 introduces the features described in this section.
AMQ Streams version 2.1 is based on Strimzi 0.28.x.
To view all the enhancements and bugs that are resolved in this release, see the AMQ Streams Jira project.
1.1. Kafka 3.1.0 support
AMQ Streams now supports Apache Kafka version 3.1.0.
AMQ Streams uses Kafka 3.1.0. Only Kafka distributions built by Red Hat are supported.
For upgrade instructions, see AMQ Streams and Kafka upgrades.
Refer to the Kafka 3.0.0 and Kafka 3.1.0 Release Notes for additional information.
Kafka 3.0.x is supported only for the purpose of upgrading to AMQ Streams 2.1.
For more information on supported versions, see the AMQ Streams Component Details.
Kafka 3.1.0 requires ZooKeeper version 3.6.3, which is the same version as Kafka 3.0.0. Therefore, you will not need to upgrade ZooKeeper when upgrading from AMQ Streams 2.0 to AMQ Streams 2.1.
Kafka 3.1.0 provides access to self-managed mode, where Kafka runs without ZooKeeper by utilizing the Raft protocol. Note that self-managed mode is not supported in AMQ Streams.
1.2. Support for IBM Power architecture
AMQ Streams 2.1 is enabled to run on IBM Power ppc64le architecture.
Support for IBM Power applies to AMQ Streams running with Kafka 3.0.0 and later, and Open JDK 11, on Red Hat Enterprise Linux 8. The Kafka versions shipped with AMQ Streams 1.8 and earlier versions do not contain the ppc64le binaries.
1.2.1. Requirements for IBM Power
- Red Hat Enterprise Linux 8
- Open JDK 11
- Kafka 3.0.0 and later
1.2.2. Unsupported on IBM Power
- Red Hat Enterprise Linux 7
- Kafka 2.8.0 and earlier
- Open JDK 8, Oracle JDK 8 & 11, IBM JDK 8
Chapter 2. Enhancements
AMQ Streams 2.1 adds a number of enhancements.
2.1. Kafka 3.1.0 enhancements
For an overview of the enhancements introduced with Kafka 3.1.0, refer to the Kafka 3.1.0 Release Notes.
2.2. OAuth configuration options
New OAuth configuration properties have been introduced to the OAuth authentication configuration.
The properties related to timeouts and extracting groups information.
Timout properties
-
oauth.connect.timeout.secondsspecifies the maximum time in seconds to connect to an authorization server before a timeout. -
oauth.read.timeout.secondsspecifies the maximum time in seconds to read from an authorization server before a timeout.
The default is sixty seconds for both.
Groups properties
-
oauth.groups.claimspecifies a JsonPath query to extract groups information from a JWT token or introspection endpoint response. Not set by default. -
oauth.groups.claim.delimiterspecifies a delimiter to parse groups information when returned as a single delimited string. The default value is ',' (comma).
Example OAuth configuration for a Kafka broker listener
listener.name.client.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \ # ... oauth.connect.timeout.seconds=60 oauth.read.timeout.seconds=60 oauth.groups.claim="$.groups" oauth.groups.claim.delimiter=","
Chapter 3. Technology Previews
Technology Preview features are not supported with Red Hat production service-level agreements (SLAs) and might not be functionally complete; therefore, Red Hat does not recommend implementing any Technology Preview features in production environments. This Technology Preview feature provides early access to upcoming product innovations, enabling you to test functionality and provide feedback during the development process. For more information about support scope, see Technology Preview Features Support Scope.
3.1. Kafka Static Quota plugin configuration
Use the Kafka Static Quota plugin to set throughput and storage limits on brokers in your Kafka cluster. You can set a byte-rate threshold and storage quotas to put limits on the clients interacting with your brokers.
Example Kafka Static Quota plugin configuration
client.quota.callback.class= io.strimzi.kafka.quotas.StaticQuotaCallback client.quota.callback.static.produce= 1000000 client.quota.callback.static.fetch= 1000000 client.quota.callback.static.storage.soft= 400000000000 client.quota.callback.static.storage.hard= 500000000000 client.quota.callback.static.storage.check-interval= 5
See Setting limits on brokers using the Kafka Static Quota plugin.
3.2. Cruise Control for cluster rebalancing
You can install Cruise Control and use it to rebalance your Kafka cluster using optimization goals — defined constraints on CPU, disk, network load, and more. In a balanced Kafka cluster, the workload is more evenly distributed across the broker pods.
Cruise Control helps to reduce the time and effort involved in running an efficient and balanced Kafka cluster.
A zipped distribution of Cruise Control is available for download from the AMQ Streams software downloads page. To install Cruise Control, you configure each Kafka broker to use the provided Metrics Reporter. Then, you set Cruise Control properties, including optimization goals, and start Cruise Control using the provided script.
The Cruise Control server is hosted on a single machine for the whole Kafka cluster.
When Cruise Control is running, you can use the REST API to:
- Generate dry run optimization proposals from multiple optimization goals
- Initiate an optimization proposal to rebalance the Kafka cluster
Other Cruise Control features are not currently supported, including notifications, write-your-own goals, and changing the topic replication factor.
Chapter 4. Deprecated features
The features deprecated in this release, and that were supported in previous releases of AMQ Streams, are outlined below.
4.1. Java 8
Support for Java 8 was deprecated in Kafka 3.0.0 and AMQ Streams 2.0. Java 8 will be unsupported for all AMQ Streams components, including clients, in the future.
AMQ Streams supports Java 11. Use Java 11 when developing new applications. Plan to migrate any applications that currently use Java 8 to Java 11.
4.2. Kafka MirrorMaker 1
Kafka MirrorMaker replicates data between two or more active Kafka clusters, within or across data centers. Kafka MirrorMaker 1 is deprecated for Kafka 3.1.0 and will be removed in Kafka 4.0.0. MirrorMaker 2.0 will be the only version available. MirrorMaker 2.0 is based on the Kafka Connect framework, connectors managing the transfer of data between clusters.
As a consequence, the AMQ Streams KafkaMirrorMaker custom resource which is used to deploy Kafka MirrorMaker 1 has been deprecated. The KafkaMirrorMaker resource will be removed from AMQ Streams when Kafka 4.0.0 is adopted.
If you are using MirrorMaker 1 (referred to as just MirrorMaker in the AMQ Streams documentation), use the KafkaMirrorMaker2 custom resource with the IdentityReplicationPolicy. MirrorMaker 2.0 renames topics replicated to a target cluster. IdentityReplicationPolicy configuration overrides the automatic renaming. Use it to produce the same active/passive unidirectional replication as MirrorMaker 1.
4.3. Identity replication policy
Identity replication policy is used with MirrorMaker 2 to override the automatic renaming of remote topics. Instead of prepending the name with the name of the source cluster, the topic retains its original name. This optional setting is useful for active/passive backups and data migration.
The AMQ Streams Identity Replication Policy class (io.strimzi.kafka.connect.mirror.IdentityReplicationPolicy) is now deprecated and will be removed in the future. You can update to use Kafka’s own Identity Replication Policy (class org.apache.kafka.connect.mirror.IdentityReplicationPolicy).
Chapter 5. Fixed issues
The issues fixed in AMQ Streams 2.1 on RHEL are shown in the following table. For details of the issues fixed in Kafka 3.1.0, refer to the Kafka 3.1.0 Release Notes.
Table 5.1. Fixed common vulnerabilities and exposures (CVEs)
| Issue Number | Description |
|---|---|
| CVE-2021-3520 lz4: memory corruption due to an integer overflow bug caused by memmove argument | |
| CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling |
Chapter 6. Known issues
There are no known issues for AMQ Streams 2.1 on RHEL.
Chapter 7. Supported integration products
AMQ Streams 2.1 supports integration with the following Red Hat products.
- Red Hat Single Sign-On
- Provides OAuth 2.0 authentication and OAuth 2.0 authorization.
For information on the functionality these products can introduce to your AMQ Streams deployment, refer to the product documentation.
Additional resources
Chapter 8. Important links
Revised on 2022-06-07 09:00:36 UTC