SDP Release 24.3

[razvan]

Stackable Data Platform (SDP) Release 24.3 is now publicly available!

Highlights

This release focuses on the following security features:

• Authorization
• Authentication with Kerberos
• OpenID Connect integration
• Vulnerability management

New / extended platform features

The following new major platform features were added:

Authorization

The Open Policy Agent has been enhanced to include a new component called user-info-fetcher. This allows users to define authorization policies based on attributes such as organizational group membership and resource assignment. The first major identity provider supported by the user-info-fetcher is Keycloak, with plans for others to follow. Policy-based authorization with OPA can now be used with HDFS instead of relying on an internal HDFS mechanism. It requires a Kerberos-enabled cluster as well as an SDP-specific HDFS extension which provides an OPA authorizer and group mapper. This is already bundled in the Stackable image for HDFS.

Authentication with Kerberos

Kerberos is the most widely used authentication protocol in the enterprise world and Stackable now supports it for Apache Hive and Apache HBase as well as Apache HDFS. We have also provided examples for running Apache Spark applications in a Kerberos-enabled environment.

OpenID Connect integration

OpenID Connect is the de-facto authorization standard on the Web and is gaining ground in enterprise environments. Apache Superset and Trino are the first products to add support for it.

Building products from source

We have started building product binaries from source instead of packaging them from the official releases. This gives us greater control over the features and security aspects of each product. Apache Hadoop and Apache HBase are currently built from source and others will follow in subsequent releases.

Documentation

The CRD specifications are an important part of platform documentation and are now generated automatically. They can be found at https://crds.stackable.tech/.

Custom labels for Helm charts

Helm users can now assign custom labels to stacklets. This enables better component management with third party tools.

Important

With following releases we might enable TLS server verification and authentication by default. To ensure a smooth transition to future releases, we strongly encourage you to enable security features wherever possible in your stacklets.

New product-specific features

Additionally, there are some other individual product features that are noteworthy:

• HDFS: support for rack-awareness
• HDFS: support for exposing HDFS clusters to clients outside of Kubernetes
• Trino: support for the Delta Lake connector

New Versions

The following new product versions are now supported:

• Apache Airflow: 2.7.3, 2.8.1
• Apache Druid: 28.0.1
• Apache Kafka: 3.5.2, 3.6.1
• Apache NiFi: 1.25.0
• OpenPolicyAgent: 0.61.0
• Apache Spark: 3.4.2, 3.5.1
• Apache Superset: 2.1.3, 3.0.3, 3.1.0
• Trino: 442
• Apache ZooKeeper: 3.8.4, 3.9.2

Learning Stackable

Further details on our release and how to upgrade can be found in our release notes as well as in the change logs of the individual operators.