Release notes

Learn about the new features and notable changes in this release of CSM Operator.

Learn about the known issues in this release of CSM Operator.

CSMDS-334: ZooKeeper pods are running but Kafka pods are not created

Under certain circumstances, ZooKeeper pods might not be able to form a quorum. In a case like this, the creation of the Kafka cluster gets stuck in a state where ZooKeeper pods are running, but Kafka pods are not created.

If you encounter this issue, at least one of the ZooKeeper pods logs a WARN entry similar to the following:

2024-02-23 18:45:00,311 WARN Unexpected exception (org.apache.zookeeper.server.quorum.QuorumPeer) [QuorumPeer[myid=3](plain=127.0.0.1:12181)(secure=[0:0:0:0:0:0:0:0]:2181)]
java.lang.InterruptedException: Timeout while waiting for epoch from quorum
	at org.apache.zookeeper.server.quorum.Leader.getEpochToPropose(Leader.java:1443)
	at org.apache.zookeeper.server.quorum.Leader.lead(Leader.java:606)
	at org.apache.zookeeper.server.quorum.QuorumPeer.run(QuorumPeer.java:1552)

This is caused by a race condition issue in ZooKeeper. ZooKeeper is unable to recover from this state automatically.

Delete the ZooKeeper pods that are unable to form a quorum.

kubectl delete pod [***ZOOKEEPER POD***] -n [***NAMESPACE***]

The Strimzi Cluster Operator automatically recreates the ZooKeeper pods that are deleted. The newly created ZooKeeper pods are less likely to encounter the issue.

CSMDS-953: Kafka and ZooKeeper might experience downtime during upgrades

Under certain circumstances, ZooKeeper pods might not be able to form a quorum during an upgrade. This results in both ZooKeeper and Kafka becoming unavailable for several minutes during an upgrade.

After a certain amount of time, failed ZooKeeper pods are automatically recreated by the Strimzi Cluster Operator, and the upgrade succeeds.

If you encounter this issue, at least one of the ZooKeeper pods will log the following error:

java.net.BindException: Cannot assign requested address

This issue affects ZooKeeper-based deployments only.

CSMDS-644: Kafka CLI commands fail with a TLS handshake error when using kafka_shell.sh

If an mTLS listener is configured for the Kafka cluster targeted by the kafka_shell.sh tool, the tool generates the client configuration incorrectly. As a result, Kafka CLI commands that you run using the tool fail with a TLS handshake error.

#...
ERROR org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Run the following command in the interactive shell that the tool opens.

sed -i '8,/name=CONTROLPLANE-9090/d' /tmp/client.properties

CSMDS-721: Some alerts are triggered when deploying the prometheus-rules.yaml example

When deploying the prometheus-rules.yaml example, the following alerts are triggered.

• BridgeContainersDown
• EntityOperatorTlsSidecarContainerDown
• KafkaBrokerContainersDown
• MirrorMakerContainerDown

These are false positive results. KafkaBrokerContainersDown has an incorrect expression. The other three alerts are for cluster components that are not supported or are not used in CSM Operator.

CSMDS-805: The kafka_shell.sh and connect_shell.sh tools do not propagate command return code

The kafka_shell.sh and connect_shell.sh tools do not propagate the return code of the last command which ran inside the shell.

None.

Learn what features are unsupported in this release of CSM Operator.

The following Strimzi features are unsupported in CSM Operator:

• Kafka Connect
• Kafka MirrorMaker
• Kafka MirrorMaker 2
• Kafka Bridge
• Kafka cluster creation without using KafkaNodePool resources