- Add
ClickhousefielduserConfig.recovery_basebackup_name, typestring: Name of the basebackup to restore in forked service - Add
GrafanafielduserConfig.auth_generic_oauth.use_refresh_token, typeboolean: Set to true to use refresh token and check access token expiration - Add
KafkafielduserConfig.schema_registry_config.retriable_errors_silenced, typeboolean: If enabled, kafka errors which can be retried or custom errors specified for the service will not be raised, instead, a warning log is emitted - Add
KafkafielduserConfig.schema_registry_config.schema_reader_strict_mode, typeboolean: If enabled, causes the Karapace schema-registry service to shutdown when there are invalid schema records in the_schemastopic - Add
KafkafielduserConfig.single_zone, typeobject: Single-zone configuration - Change
KafkafielduserConfig.kafka_version: enum[3.4, 3.5, 3.6, 3.7][3.5, 3.6, 3.7, 3.8] - Add
MySQLfielduserConfig.mysql.log_output, typestring: The slow log output destination when slow_query_log is ON - Add
OpenSearchfielduserConfig.azure_migration.indices, typestring: A comma-delimited list of indices to restore from the snapshot. Multi-index syntax is supported - Add
OpenSearchfielduserConfig.gcs_migration.indices, typestring: A comma-delimited list of indices to restore from the snapshot. Multi-index syntax is supported - Add
OpenSearchfielduserConfig.s3_migration.indices, typestring: A comma-delimited list of indices to restore from the snapshot. Multi-index syntax is supported - Change
PostgreSQLfielduserConfig.additional_backup_regions: deprecated - Add
OpenSearchfielduserConfig.azure_migration.restore_global_state, typeboolean: If true, restore the cluster state. Defaults to false - Add
OpenSearchfielduserConfig.gcs_migration.restore_global_state, typeboolean: If true, restore the cluster state. Defaults to false - Add
OpenSearchfielduserConfig.opensearch.search_backpressure, typeobject: Search Backpressure Settings - Add
OpenSearchfielduserConfig.opensearch.shard_indexing_pressure, typeobject: Shard indexing back pressure settings - Add
OpenSearchfielduserConfig.s3_migration.restore_global_state, typeboolean: If true, restore the cluster state. Defaults to false - Change
RedisfielduserConfig.redis_timeout: maximum315360002073600 - Add
OpenSearchfielduserConfig.azure_migration.include_aliases, typeboolean: Whether to restore aliases alongside their associated indexes. Default is true - Add
OpenSearchfielduserConfig.gcs_migration.include_aliases, typeboolean: Whether to restore aliases alongside their associated indexes. Default is true - Add
OpenSearchfielduserConfig.s3_migration.include_aliases, typeboolean: Whether to restore aliases alongside their associated indexes. Default is true - Add
ServiceIntegrationfieldautoscaler, typeobject: Autoscaler specific user configuration options - Add
ServiceIntegrationEndpointfieldautoscaler, typeobject: Autoscaler configuration values - Change
GrafanafielduserConfig.alerting_enabled: deprecated - Change
OpenSearchfielduserConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.allowed_tries: minimum01 - Change
OpenSearchfielduserConfig.opensearch.auth_failure_listeners.ip_rate_limiting.block_expiry_seconds: minimum10 - Change
OpenSearchfielduserConfig.opensearch.auth_failure_listeners.ip_rate_limiting.time_window_seconds: minimum10
- Fix
KafkaTopic: fails to create a topic with the replication factor set more than running Kafka nodes - Fix
ServiceIntegration: sends empty source and destination projects - Fix
KafkaSchema: poll resource availability - Add
KafkaSchemafieldschemaType, typestring: Schema type - Add
KafkafielduserConfig.follower_fetching, typeobject: Enable follower fetching - Add
KafkafielduserConfig.kafka_sasl_mechanisms, typeobject: Kafka SASL mechanisms - Change
KafkafielduserConfig.kafka.sasl_oauthbearer_sub_claim_name: pattern^[^\r\n]*$^[^\r\n]*\S[^\r\n]*$ - Add
MySQLfielduserConfig.migration.ignore_roles, typestring: Comma-separated list of database roles, which should be ignored during migration (supported by PostgreSQL only at the moment) - Add
PostgreSQLfielduserConfig.migration.ignore_roles, typestring: Comma-separated list of database roles, which should be ignored during migration (supported by PostgreSQL only at the moment) - Add
PostgreSQLfielduserConfig.pgbouncer.max_prepared_statements, typeinteger: PgBouncer tracks protocol-level named prepared statements related commands sent by the client in transaction and statement pooling modes when max_prepared_statements is set to a non-zero value - Add
RedisfielduserConfig.migration.ignore_roles, typestring: Comma-separated list of database roles, which should be ignored during migration (supported by PostgreSQL only at the moment) - Add
RedisfielduserConfig.backup_hour, typeinteger: The hour of day (in UTC) when backup for the service is started - Add
RedisfielduserConfig.backup_minute, typeinteger: The minute of an hour when backup for the service is started - Add
GrafanafielduserConfig.wal, typeboolean: Setting to enable/disable Write-Ahead Logging. The default value is false (disabled) - Add
OpenSearchfielduserConfig.azure_migration, typeobject: Azure migration settings - Add
OpenSearchfielduserConfig.gcs_migration, typeobject: Google Cloud Storage migration settings - Add
OpenSearchfielduserConfig.index_rollup, typeobject: Index rollup settings - Add
OpenSearchfielduserConfig.s3_migration, typeobject: AWS S3 / AWS S3 compatible migration settings - Change
OpenSearchfielduserConfig.openid.connect_url: pattern^[^\r\n]*$ - Change
OpenSearchfielduserConfig.opensearch.script_max_compilations_rate: pattern^[^\r\n]*$ - Change
OpenSearchfielduserConfig.saml.idp_metadata_url: pattern^[^\r\n]*$
- Fix
PostgreSQL: wait for a valid backup to create read replica - Fix
ClickhouseGrant: grant privileges for an unknown table (Clickhouse can do that) - Fix
ClickhouseGrant: track the state to revoke only known privileges - Add
CassandrafielduserConfig.cassandra.read_request_timeout_in_ms, typeinteger: How long the coordinator waits for read operations to complete before timing it out - Add
CassandrafielduserConfig.cassandra.write_request_timeout_in_ms, typeinteger: How long the coordinator waits for write requests to complete with at least one node in the local datacenter - Add
OpenSearchfielduserConfig.opensearch.knn_memory_circuit_breaker_enabled, typeboolean: Enable or disable KNN memory circuit breaker. Defaults to true - Add
OpenSearchfielduserConfig.opensearch.knn_memory_circuit_breaker_limit, typeinteger: Maximum amount of memory that can be used for KNN index. Defaults to 50% of the JVM heap size - Change
PostgreSQLfielduserConfig.pg.log_line_prefix: enum['%m [%p] %q[user=%u,db=%d,app=%a] ', '%t [%p]: [%l-1] user=%u,db=%d,app=%a,client=%h ', 'pid=%p,user=%u,db=%d,app=%a,client=%h ']['%m [%p] %q[user=%u,db=%d,app=%a] ', '%t [%p]: [%l-1] user=%u,db=%d,app=%a,client=%h ', 'pid=%p,user=%u,db=%d,app=%a,client=%h ', 'pid=%p,user=%u,db=%d,app=%a,client=%h,txid=%x,qid=%Q ']
- Ignore
http.StatusBadRequestonClickhouseGrantdeletion - Retry conflict error when k8s object saved to the storage
- Fix
ClickhouseGrantinvalid remote and local privileges comparison - Fix
ClickhouseGrant: doesn't escape role name to grant - Fix
ClickhouseUser: password was reset due to an incorrect processing cycle
- Ignore
ClickhouseRoledeletion error (missing database) - Ignore
ClickhouseGrantdeletion errors (missing database, service, role) - Do not block service operations in
REBALANCINGstate
- Add kind:
ClickhouseGrant - Add
KafkaConnectfielduserConfig.secret_providers, typearray: Configure external secret providers in order to reference external secrets in connector configuration - Add
KafkafielduserConfig.kafka_connect_secret_providers, typearray: Configure external secret providers in order to reference external secrets in connector configuration - Add
KafkafielduserConfig.letsencrypt_sasl_privatelink, typeboolean: Use Letsencrypt CA for Kafka SASL via Privatelink - Add
ServiceIntegrationfielddatadog.mirrormaker_custom_metrics, typearray: List of custom metrics - Add
ServiceIntegrationfieldkafkaMirrormaker.kafka_mirrormaker.consumer_auto_offset_reset, typestring: Set where consumer starts to consume data - Add
ServiceIntegrationfieldkafkaMirrormaker.kafka_mirrormaker.consumer_max_poll_records, typeinteger: Set consumer max.poll.records. The default is 500 - Change
PostgreSQLfielduserConfig.pgaudit: deprecated - Breaking change
ServiceIntegrationEndpointfieldexternalPostgresql.ssl_mode: enum[allow, disable, prefer, require, verify-ca, verify-full][require, verify-ca, verify-full]
- Add kind:
ServiceIntegrationEndpoint - Add
ServiceIntegrationflink_external_postgresqltype - Add
ServiceIntegrationfielddatadog.datadog_pgbouncer_enabled, typeboolean: Enable Datadog PgBouncer Metric Tracking - Fix
ServiceIntegrationdeletion when instance has no id set - Fix service types
disk_spacefield validation - Fix resources
project,serviceNamefields validation - Fix
ConnectionPooldoesn't check service user precondition - Remove
CA_CERTsecret key forGrafana,OpenSearch,Redis, andClickhouse. Can't be used with these service types ddog-gov.com, us3.datadoghq.com, us5.datadoghq.com]` - Change
ServiceIntegrationEndpointfieldexternalKafka.ssl_endpoint_identification_algorithm: enum[, https][https] - Remove
ClickhouseUserwebhook. Doesn't do any validation or mutation - Change
KafkafielduserConfig.kafka_version: enum[3.4, 3.5, 3.6][3.4, 3.5, 3.6, 3.7] - Change
ServiceIntegrationEndpointfielddatadog.site: enum[datadoghq.com, datadoghq.eu, ddog-gov.com, us3.datadoghq.com, us5.datadoghq.com] - Move immutable fields validation from webhooks to CRD validation rules
- Add kind:
ClickhouseRole - Unified User-Agent format with the Terraform Provider
- Unify cluster role permissions
- Add missing role permissions to
KafkaACL
- Add
KafkaSchemaRegistryACLkind - Add
ClickhouseDatabasekind - Fix secret creation for kinds with no secrets
- Include the Kubernetes version in the Go client's user agent
- Replace
Databasekind validations and default values with CRD validation rules - Perform upgrade tasks to check if PG service can be upgraded before updating the service
- Expose project CA certificate to service secrets:
REDIS_CA_CERT,MYSQL_CA_CERT, etc. - Add
KafkaTopicfieldconfig.local_retention_bytes, typeinteger: local.retention.bytes value - Add
KafkaTopicfieldconfig.local_retention_ms, typeinteger: local.retention.ms value - Add
KafkaTopicfieldconfig.remote_storage_enable, typeboolean: remote_storage_enable - Change
CassandrafielduserConfig.cassandra_version: pattern^[0-9]+(\.[0-9]+)?$ - Change
CassandrafielduserConfig.project_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Change
CassandrafielduserConfig.service_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Change
CassandrafielduserConfig.service_to_join_with: pattern^[a-z][-a-z0-9]{0,63}$ - Change
ClickhousefielduserConfig.project_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Change
ClickhousefielduserConfig.service_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Change
GrafanafielduserConfig.project_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Change
GrafanafielduserConfig.service_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Change
KafkafielduserConfig.kafka.sasl_oauthbearer_expected_audience: pattern^[^\r\n]*$ - Change
KafkafielduserConfig.kafka.sasl_oauthbearer_expected_issuer: pattern^[^\r\n]*$ - Change
KafkafielduserConfig.kafka.sasl_oauthbearer_sub_claim_name: pattern^[^\r\n]*$ - Change
MySQLfielduserConfig.mysql.default_time_zone: pattern^([-+][\d:]*|[\w/]*)$ - Change
MySQLfielduserConfig.project_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Change
MySQLfielduserConfig.service_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Change
OpenSearchfielduserConfig.openid.client_id: pattern^[^\r\n]*$ - Change
OpenSearchfielduserConfig.openid.client_secret: pattern^[^\r\n]*$ - Change
OpenSearchfielduserConfig.openid.header: pattern^[^\r\n]*$ - Change
OpenSearchfielduserConfig.openid.jwt_header: pattern^[^\r\n]*$ - Change
OpenSearchfielduserConfig.openid.jwt_url_parameter: pattern^[^\r\n]*$ - Change
OpenSearchfielduserConfig.openid.roles_key: pattern^[^\r\n]*$ - Change
OpenSearchfielduserConfig.openid.scope: pattern^[^\r\n]*$ - Change
OpenSearchfielduserConfig.openid.subject_key: pattern^[^\r\n]*$ - Change
OpenSearchfielduserConfig.project_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Change
OpenSearchfielduserConfig.saml.idp_entity_id: pattern^[^\r\n]*$ - Change
OpenSearchfielduserConfig.saml.roles_key: pattern^[^\r\n]*$ - Change
OpenSearchfielduserConfig.saml.sp_entity_id: pattern^[^\r\n]*$ - Change
OpenSearchfielduserConfig.saml.subject_key: pattern^[^\r\n]*$ - Change
OpenSearchfielduserConfig.service_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Change
PostgreSQLfielduserConfig.pg.timezone: pattern^[\w/]*$ - Change
PostgreSQLfielduserConfig.pg_service_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Change
PostgreSQLfielduserConfig.project_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Change
PostgreSQLfielduserConfig.service_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Change
RedisfielduserConfig.project_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Change
RedisfielduserConfig.service_to_fork_from: pattern^[a-z][-a-z0-9]{0,63}$|^$ - Add
OpenSearchfielduserConfig.opensearch.plugins_alerting_filter_by_backend_roles, typeboolean: Enable or disable filtering of alerting by backend roles. Requires Security plugin - Change
RedisfielduserConfig.redis_notify_keyspace_events: pattern^[KEg\$lshzxeA]*$^[KEg\$lshzxentdmA]*$ - Add
PostgreSQLfielduserConfig.pgaudit, typeobject: System-wide settings for the pgaudit extension - Add
ServiceIntegrationfielddatadog.opensearch.cluster_stats_enabled, typeboolean: Enable Datadog Opensearch Cluster Monitoring
- Bump k8s deps to 1.26.13
- Add
OpenSearchfielduserConfig.opensearch.enable_security_audit, typeboolean: Enable/Disable security audit - Add
KafkafielduserConfig.kafka_rest_config.name_strategy, typestring: Name strategy to use when selecting subject for storing schemas - Add
RedisfielduserConfig.redis_version, typestring: Redis major version - Add
GrafanafielduserConfig.auth_github.auto_login, typeboolean: Allow users to bypass the login screen and automatically log in - Add
GrafanafielduserConfig.auth_github.skip_org_role_sync, typeboolean: Stop automatically syncing user roles - Change
ClickhousefielduserConfig.additional_backup_regions: deprecated - Change
GrafanafielduserConfig.additional_backup_regions: deprecated - Change
KafkaConnectfielduserConfig.additional_backup_regions: deprecated - Change
KafkafielduserConfig.additional_backup_regions: deprecated - Change
OpenSearchfielduserConfig.additional_backup_regions: deprecated - Change
RedisfielduserConfig.additional_backup_regions: deprecated - Change
CassandrafielduserConfig.cassandra_version: enum[3, 4, 4.1][4, 4.1] - Change
KafkafielduserConfig.kafka_version: enum[3.1, 3.3, 3.4, 3.5, 3.6][3.4, 3.5, 3.6] - Change
PostgreSQLfielduserConfig.pg_version: enum[11, 12, 13, 14, 15, 16][12, 13, 14, 15, 16] - Add
CassandrafieldtechnicalEmails, typearray: Defines the email addresses that will receive alerts about upcoming maintenance updates or warnings about service instability - Add
ClickhousefieldtechnicalEmails, typearray: Defines the email addresses that will receive alerts about upcoming maintenance updates or warnings about service instability - Add
GrafanafieldtechnicalEmails, typearray: Defines the email addresses that will receive alerts about upcoming maintenance updates or warnings about service instability - Add
KafkaConnectfieldtechnicalEmails, typearray: Defines the email addresses that will receive alerts about upcoming maintenance updates or warnings about service instability - Add
KafkafieldtechnicalEmails, typearray: Defines the email addresses that will receive alerts about upcoming maintenance updates or warnings about service instability - Add
MySQLfieldtechnicalEmails, typearray: Defines the email addresses that will receive alerts about upcoming maintenance updates or warnings about service instability - Add
OpenSearchfieldtechnicalEmails, typearray: Defines the email addresses that will receive alerts about upcoming maintenance updates or warnings about service instability - Add
PostgreSQLfieldtechnicalEmails, typearray: Defines the email addresses that will receive alerts about upcoming maintenance updates or warnings about service instability - Add
RedisfieldtechnicalEmails, typearray: Defines the email addresses that will receive alerts about upcoming maintenance updates or warnings about service instability - Add
CassandrafieldconnInfoSecretTargetDisabled, typeboolean: When true, the secret containing connection information will not be created, defaults to false - Add
ClickhousefieldconnInfoSecretTargetDisabled, typeboolean: When true, the secret containing connection information will not be created, defaults to false - Add
ClickhouseUserfieldconnInfoSecretTargetDisabled, typeboolean: When true, the secret containing connection information will not be created, defaults to false - Add
ConnectionPoolfieldconnInfoSecretTargetDisabled, typeboolean: When true, the secret containing connection information will not be created, defaults to false - Add
GrafanafieldconnInfoSecretTargetDisabled, typeboolean: When true, the secret containing connection information will not be created, defaults to false - Add
KafkafieldconnInfoSecretTargetDisabled, typeboolean: When true, the secret containing connection information will not be created, defaults to false - Add
MySQLfieldconnInfoSecretTargetDisabled, typeboolean: When true, the secret containing connection information will not be created, defaults to false - Add
OpenSearchfieldconnInfoSecretTargetDisabled, typeboolean: When true, the secret containing connection information will not be created, defaults to false - Add
PostgreSQLfieldconnInfoSecretTargetDisabled, typeboolean: When true, the secret containing connection information will not be created, defaults to false - Add
ProjectfieldconnInfoSecretTargetDisabled, typeboolean: When true, the secret containing connection information will not be created, defaults to false - Add
RedisfieldconnInfoSecretTargetDisabled, typeboolean: When true, the secret containing connection information will not be created, defaults to false - Add
ServiceUserfieldconnInfoSecretTargetDisabled, typeboolean: When true, the secret containing connection information will not be created, defaults to false
- Check VPC for running services before deletion. Prevents VPC from hanging in the DELETING state
- Expose
KAFKA_SCHEMA_REGISTRY_URIandKAFKA_REST_URItoKafkasecret - Expose
CONNECTIONPOOL_NAMEinConnectionPoolsecret - Fix
CONNECTIONPOOL_PORTexposes service port instead of pool port - Fix
SERVICEUSER_PORTwhensaslis the only authentication method - Change
PostgreSQLfielduserConfig.pg_qualstats.enabled: deprecated - Change
PostgreSQLfielduserConfig.pg_qualstats.min_err_estimate_num: deprecated - Change
PostgreSQLfielduserConfig.pg_qualstats.min_err_estimate_ratio: deprecated - Change
PostgreSQLfielduserConfig.pg_qualstats.track_constants: deprecated - Change
PostgreSQLfielduserConfig.pg_qualstats.track_pg_catalog: deprecated
- Set conditions on errors:
Preconditions,CreateOrUpdate,Delete. Thanks to @atarax - Fix object updates lost when reconciler exits before the object is committed
- Add
KafkafielduserConfig.kafka.transaction_partition_verification_enable, typeboolean: Enable verification that checks that the partition has been added to the transaction before writing transactional records to the partition - Add
CassandrafielduserConfig.service_log, typeboolean: Store logs for the service so that they are available in the HTTP API and console - Add
ClickhousefielduserConfig.service_log, typeboolean: Store logs for the service so that they are available in the HTTP API and console - Add
GrafanafielduserConfig.service_log, typeboolean: Store logs for the service so that they are available in the HTTP API and console - Add
KafkaConnectfielduserConfig.service_log, typeboolean: Store logs for the service so that they are available in the HTTP API and console - Add
KafkafielduserConfig.kafka_rest_config.name_strategy_validation, typeboolean: If true, validate that given schema is registered under expected subject name by the used name strategy when producing messages - Add
KafkafielduserConfig.service_log, typeboolean: Store logs for the service so that they are available in the HTTP API and console - Add
MySQLfielduserConfig.service_log, typeboolean: Store logs for the service so that they are available in the HTTP API and console - Add
OpenSearchfielduserConfig.service_log, typeboolean: Store logs for the service so that they are available in the HTTP API and console - Add
PostgreSQLfielduserConfig.pg_qualstats, typeobject: System-wide settings for the pg_qualstats extension - Add
PostgreSQLfielduserConfig.service_log, typeboolean: Store logs for the service so that they are available in the HTTP API and console - Add
RedisfielduserConfig.service_log, typeboolean: Store logs for the service so that they are available in the HTTP API and console
- Upgrade to Go 1.21
- Add option to orphan resources. Thanks to @atarax
- Fix
ServiceIntegration: do not send empty user config to the API - Add a format for
stringtype fields to the documentation - Generate CRDs changelog
- Add
ClickhousefielduserConfig.private_access.clickhouse_mysql, typeboolean: Allow clients to connect to clickhouse_mysql with a DNS name that always resolves to the service's private IP addresses - Add
ClickhousefielduserConfig.privatelink_access.clickhouse_mysql, typeboolean: Enable clickhouse_mysql - Add
ClickhousefielduserConfig.public_access.clickhouse_mysql, typeboolean: Allow clients to connect to clickhouse_mysql from the public internet for service nodes that are in a project VPC or another type of private network - Add
GrafanafielduserConfig.unified_alerting_enabled, typeboolean: Enable or disable Grafana unified alerting functionality - Add
KafkafielduserConfig.aiven_kafka_topic_messages, typeboolean: Allow access to read Kafka topic messages in the Aiven Console and REST API - Add
KafkafielduserConfig.kafka.sasl_oauthbearer_expected_audience, typestring: The (optional) comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences - Add
KafkafielduserConfig.kafka.sasl_oauthbearer_expected_issuer, typestring: Optional setting for the broker to use to verify that the JWT was created by the expected issuer - Add
KafkafielduserConfig.kafka.sasl_oauthbearer_jwks_endpoint_url, typestring: OIDC JWKS endpoint URL. By setting this the SASL SSL OAuth2/OIDC authentication is enabled - Add
KafkafielduserConfig.kafka.sasl_oauthbearer_sub_claim_name, typestring: Name of the scope from which to extract the subject claim from the JWT. Defaults to sub - Change
KafkafielduserConfig.kafka_version: enum[3.1, 3.3, 3.4, 3.5][3.1, 3.3, 3.4, 3.5, 3.6] - Change
KafkafielduserConfig.tiered_storage.local_cache.size: deprecated - Add
OpenSearchfielduserConfig.opensearch.indices_memory_max_index_buffer_size, typeinteger: Absolute value. Default is unbound. Doesn't work without indices.memory.index_buffer_size - Add
OpenSearchfielduserConfig.opensearch.indices_memory_min_index_buffer_size, typeinteger: Absolute value. Default is 48mb. Doesn't work without indices.memory.index_buffer_size - Change
OpenSearchfielduserConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.authentication_backend: enum[internal] - Change
OpenSearchfielduserConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.type: enum[username] - Change
OpenSearchfielduserConfig.opensearch.auth_failure_listeners.ip_rate_limiting.type: enum[ip] - Change
OpenSearchfielduserConfig.opensearch.search_max_buckets: maximum655361000000 - Change
ServiceIntegrationfieldkafkaMirrormaker.kafka_mirrormaker.producer_max_request_size: maximum67108864268435456
- Make
projectVpcIdandprojectVPCRefmutable - Fix panic on
niluser config conversion - Use aiven-go-client with context support
- Deprecate
Cassandrakind optionadditional_backup_regions - Add
Grafanakind optionauto_login - Add
Kafkakind propertieslog_local_retention_bytes,log_local_retention_ms - Remove
Kafkakind optionremote_log_storage_system_enable - Add
OpenSearchkind optionauth_failure_listeners - Add
OpenSearchkind Index State Management options
- Add TieredStorage support to
Kafka - Add
Kafkaversion3.5 - Add
Kafkaspec propertyscheduled_rebalance_max_delay_ms - Mark deprecated
Kafkaspec propertyremote_log_storage_system_enable - Add
KafkaConnectspec propertyscheduled_rebalance_max_delay_ms - Add
OpenSearchspec propertyopenid - Use updated go client with enhanced retries
- Expose
KAFKA_SCHEMA_REGISTRY_HOSTandKAFKA_SCHEMA_REGISTRY_PORTforKafka - Expose
KAFKA_CONNECT_HOST,KAFKA_CONNECT_PORT,KAFKA_REST_HOSTandKAFKA_REST_PORTforKafka. Thanks to @Dariusch
- Make conditions and state optional attributes of service status. Thanks to @mortenlj
- Remove deprecated
unclean_leader_election_enablefromKafkaTopickind config - Expose
KAFKA_SASL_PORTforKafkakind ifSASLauthentication method is enabled - Add
redisoptions to datadogServiceIntegration - Add
Cassandraversion3 - Add
Kafkaversions3.1and3.4 - Add
kafka_rest_config.producer_max_request_sizeoption - Add
kafka_mirrormaker.producer_compression_typeoption
- Fix service tags create/update. Thanks to @mortenlj
- Add prefix name option for secrets. Thanks to @jordiclariana
- Add
clusterRole.createoption to Helm chart. Thanks to @ryaneorth - Use kind name as default prefix for secrets to avoid collisions. Please migrate your applications before legacy names removed
- Fix secrets creation on openshift
- Add
OpenSearch.spec.userConfig.idp_pemtrustedcas_contentoption. Specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification.
- Add
ServiceIntegrationkindSourceProjectNameandDestinationProjectNamefields - Add
ServiceIntegrationfieldsMaxLengthvalidation - Add
ServiceIntegrationvalidation: multiple user configs cannot be set - Fix
ServiceIntegration, should not requiredestinationServiceNameorsourceEndpointIDfield - Fix
ServiceIntegration, add missingexternal_aws_cloudwatch_metricstype config serialization - Update
ServiceIntegrationintegration type list - Add
annotationsandlabelsfields toconnInfoSecretTarget - Allow to disable capabilities check to install webhooks. Thanks to @amstee
- Set
OpenSearch.spec.userConfig.opensearch.search_max_bucketsmaximum to65536
- Mark service
planas a required field - Add
minumim,maximumvalidations fornumbertype - Move helm charts to the operator repository
- Add helm charts generator
- Remove
ip_filterbackward compatibility - Fix deletion errors omitted
- Add service integration
clickhouseKafka.tables.data_format-propertyenumRawBLOBvalue - Update OpenSearch
userConfig.opensearch.email_sender_usernamevalidation pattern - Add Kafka
log_cleaner_min_cleanable_ratiominimum and maximum validation rules - Remove Kafka version
3.2, reached EOL - Remove PostgreSQL version
10, reached EOL - Explicitly delete
ProjectVPCbyIDto avoid conflicts - Speed up
ProjectVPCdeletion by exiting onDELETINGstatus - Fix missing RBAC permissions to update finalizers for various controllers
- Refactor
ClickhouseUsercontroller - Mark
ClickhouseUser.spec.projectandClickhouseUser.spec.serviceNameas immutable - Remove deprecated service integration type
signalfx - Add build version to the Aiven client user-agent
AuthSecretReffields marked as required- Generate user configs for existing service integrations:
datadog,kafka_connect,kafka_logs,metrics - Add new service integrations:
clickhouse_postgresql,clickhouse_kafka,clickhouse_kafka,logs,external_aws_cloudwatch_metrics - Add
KafkaTopic.Spec.topicNamefield. Unlike themetadata.name, supports additional characters and has a longer length.KafkaTopic.Spec.topicNamereplacesmetadata.namein future releases and will be marked as required. - Accept
falsevalue fortermination_protectionproperty - Fix
min_cleanable_dirty_ratio. Thanks to @TV2rd
Important: This release brings breaking changes to the userConfig property.
After new charts are installed, update your existing instances manually using the kubectl edit command
according to the API reference.
Note: It is now recommended to disable webhooks for Kubernetes version 1.25 and higher, as native CRD validation rules are used.
- Breaking change:
ip_filterfield is now ofobjecttype - Breaking change: Update user configs for following kinds: PostgreSQL, Kafka, KafkaConnect, Redis, Clickhouse, OpenSearch
- Add CRD validation rules for immutable fields
- Add user config field validations (enum, minimum, maximum, minLength, and others)
- Add
serviceIntegrationson service types. Only theread_replicatype is available. - Add KafkaTopic
min_cleanable_dirty_ratioconfig field support - Add Clickhouse
spec.disk_spaceproperty - Use updated aiven-go-client with retries
- Add
linux/amd64build. Thanks to @christoffer-eide
- Add Cassandra Kind
- Add Grafana Kind
- Recreate Kafka ACL if modified. Note: Modification of ACL created prior to v0.5.1 won't delete existing instance at Aiven. It must be deleted manually.
- Fix MySQL webhook
- Remove
neverfrom choices of maintenance dow - Add
developmentflag to configure logger's behavior - Add user config generator (see
make generate-user-configs) - Add
genericServiceHandlerto generalize service management - Add MySQL Kind
- Fix deployment release manifest generation
- Fix
KafkaACLdeletion
- Add ability to link resources through the references
- Add
ProjectVPCRefproperty toKafka,OpenSearch,ClickhouseandRediskinds to getProjectVPCID when resource is ready - Improve
ProjectVPCdeletion, deletes by ID first if possible, then tries by name - Fix
client.Objectstorage update data loss
- Upgrade to Go 1.18
- Add support for connection pull incoming user
- Fix typo on config/samples/kafka disk_space
- Add tags support for project and service resources
- Enable termination protection
features:
- add Redis CRD
improvements:
- watch CRDs to reconcile token secrets
fixes:
- fix RBACs of KafkaACL CRD
improvements:
- update helm installation docs
fixes:
- fix typo in a kafka-connector kuttl test
features:
- initial release