diff --git a/CHANGELOG.md b/CHANGELOG.md index c502f8bf9a7..cdbb9c34321 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,8 @@ Kubernetes 1.23 and 1.24 are not supported anymore. * When finalizers are enabled (default), the Topic Operator will no longer restore finalizers on unmanaged `KafkaTopic` resources if they are removed, aligning the behavior with paused topics, where finalizers are also not restored. This change matches user expectations. +* The External Configuration Volumes (`.spec.externalConfiguration.volumes`) in `KafkaConnect` and `KafkaMirrorMaker2` resources are deprecated and will be removed in the future. + Please use the additional volumes and volume mounts in Pod and container templates instead to mount additional Secrets or ConfigMaps. ## 0.43.0 diff --git a/api/src/main/java/io/strimzi/api/kafka/model/connect/ExternalConfiguration.java b/api/src/main/java/io/strimzi/api/kafka/model/connect/ExternalConfiguration.java index ad0c109c2df..4085f1948a1 100644 --- a/api/src/main/java/io/strimzi/api/kafka/model/connect/ExternalConfiguration.java +++ b/api/src/main/java/io/strimzi/api/kafka/model/connect/ExternalConfiguration.java @@ -6,6 +6,7 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import io.strimzi.api.annotations.DeprecatedProperty; import io.strimzi.api.kafka.model.common.Constants; import io.strimzi.api.kafka.model.common.UnknownPropertyPreserving; import io.strimzi.crdgenerator.annotations.Description; @@ -47,6 +48,9 @@ public void setEnv(List env) { @Description("Makes data from a Secret or ConfigMap available in the Kafka Connect pods as volumes.") @JsonInclude(value = JsonInclude.Include.NON_NULL) + @Deprecated + @DeprecatedProperty(description = "The external configuration volumes are deprecated and will be removed in the future. " + + "Please use the additional volumes and volume mounts in pod and container templates instead to mount additional secrets or config maps.") public List getVolumes() { return volumes; } diff --git a/api/src/main/java/io/strimzi/api/kafka/model/connect/ExternalConfigurationVolumeSource.java b/api/src/main/java/io/strimzi/api/kafka/model/connect/ExternalConfigurationVolumeSource.java index ef1b3ac606f..3d660f7f5eb 100644 --- a/api/src/main/java/io/strimzi/api/kafka/model/connect/ExternalConfigurationVolumeSource.java +++ b/api/src/main/java/io/strimzi/api/kafka/model/connect/ExternalConfigurationVolumeSource.java @@ -9,8 +9,10 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import io.fabric8.kubernetes.api.model.ConfigMapVolumeSource; import io.fabric8.kubernetes.api.model.SecretVolumeSource; +import io.strimzi.api.annotations.DeprecatedType; import io.strimzi.api.kafka.model.common.Constants; import io.strimzi.api.kafka.model.common.UnknownPropertyPreserving; +import io.strimzi.api.kafka.model.common.template.AdditionalVolume; import io.strimzi.crdgenerator.annotations.Description; import io.strimzi.crdgenerator.annotations.KubeLink; import io.strimzi.crdgenerator.annotations.OneOf; @@ -31,6 +33,8 @@ @JsonInclude(JsonInclude.Include.NON_DEFAULT) @JsonPropertyOrder({"name", "secret", "configMap"}) @OneOf({@OneOf.Alternative(@OneOf.Alternative.Property("secret")), @OneOf.Alternative(@OneOf.Alternative.Property("configMap"))}) +@Deprecated +@DeprecatedType(replacedWithType = AdditionalVolume.class) @EqualsAndHashCode @ToString public class ExternalConfigurationVolumeSource implements UnknownPropertyPreserving { diff --git a/cluster-operator/src/main/java/io/strimzi/operator/cluster/model/KafkaConnectCluster.java b/cluster-operator/src/main/java/io/strimzi/operator/cluster/model/KafkaConnectCluster.java index 375dc57de4a..4316016a75b 100644 --- a/cluster-operator/src/main/java/io/strimzi/operator/cluster/model/KafkaConnectCluster.java +++ b/cluster-operator/src/main/java/io/strimzi/operator/cluster/model/KafkaConnectCluster.java @@ -133,6 +133,8 @@ public class KafkaConnectCluster extends AbstractModel implements SupportsMetric protected String bootstrapServers; protected List externalEnvs = Collections.emptyList(); + + @SuppressWarnings("deprecation") // External Configuration volumes are deprecated protected List externalVolumes = Collections.emptyList(); protected Tracing tracing; protected JmxModel jmx; @@ -384,6 +386,7 @@ protected List getVolumes(boolean isOpenShift) { return volumeList; } + @SuppressWarnings("deprecation") // External Configuration volumes are deprecated private List getExternalConfigurationVolumes(boolean isOpenShift) { int mode = 0444; if (isOpenShift) { @@ -454,6 +457,7 @@ private List getInitContainerVolumeMounts() { return volumeMountList; } + @SuppressWarnings("deprecation") // External Configuration volumes are deprecated private List getExternalConfigurationVolumeMounts() { List volumeMountList = new ArrayList<>(0); diff --git a/cluster-operator/src/test/java/io/strimzi/operator/cluster/model/KafkaConnectClusterTest.java b/cluster-operator/src/test/java/io/strimzi/operator/cluster/model/KafkaConnectClusterTest.java index a680c27658b..88b1a57990d 100644 --- a/cluster-operator/src/test/java/io/strimzi/operator/cluster/model/KafkaConnectClusterTest.java +++ b/cluster-operator/src/test/java/io/strimzi/operator/cluster/model/KafkaConnectClusterTest.java @@ -980,6 +980,7 @@ public void testExternalConfigurationConfigEnvs() { } @ParallelTest + @SuppressWarnings("deprecation") // External Configuration volumes are deprecated public void testExternalConfigurationSecretVolumes() { ExternalConfigurationVolumeSource volume = new ExternalConfigurationVolumeSourceBuilder() .withName("my-volume") @@ -1013,6 +1014,7 @@ public void testExternalConfigurationSecretVolumes() { } @ParallelTest + @SuppressWarnings("deprecation") // External Configuration volumes are deprecated public void testExternalConfigurationSecretVolumesWithDots() { ExternalConfigurationVolumeSource volume = new ExternalConfigurationVolumeSourceBuilder() .withName("my.volume") @@ -1046,6 +1048,7 @@ public void testExternalConfigurationSecretVolumesWithDots() { } @ParallelTest + @SuppressWarnings("deprecation") // External Configuration volumes are deprecated public void testExternalConfigurationConfigVolumes() { ExternalConfigurationVolumeSource volume = new ExternalConfigurationVolumeSourceBuilder() .withName("my-volume") @@ -1079,6 +1082,7 @@ public void testExternalConfigurationConfigVolumes() { } @ParallelTest + @SuppressWarnings("deprecation") // External Configuration volumes are deprecated public void testExternalConfigurationConfigVolumesWithDots() { ExternalConfigurationVolumeSource volume = new ExternalConfigurationVolumeSourceBuilder() .withName("my.volume") @@ -1112,6 +1116,7 @@ public void testExternalConfigurationConfigVolumesWithDots() { } @ParallelTest + @SuppressWarnings("deprecation") // External Configuration volumes are deprecated public void testExternalConfigurationInvalidVolumes() { ExternalConfigurationVolumeSource volume = new ExternalConfigurationVolumeSourceBuilder() .withName("my-volume") @@ -1142,6 +1147,7 @@ public void testExternalConfigurationInvalidVolumes() { } @ParallelTest + @SuppressWarnings("deprecation") // External Configuration volumes are deprecated public void testNoExternalConfigurationVolumes() { ExternalConfigurationVolumeSource volume = new ExternalConfigurationVolumeSourceBuilder() .withName("my-volume") diff --git a/cluster-operator/src/test/java/io/strimzi/operator/cluster/model/KafkaMirrorMaker2ClusterTest.java b/cluster-operator/src/test/java/io/strimzi/operator/cluster/model/KafkaMirrorMaker2ClusterTest.java index 34c30c04db7..10a091cc068 100644 --- a/cluster-operator/src/test/java/io/strimzi/operator/cluster/model/KafkaMirrorMaker2ClusterTest.java +++ b/cluster-operator/src/test/java/io/strimzi/operator/cluster/model/KafkaMirrorMaker2ClusterTest.java @@ -1124,6 +1124,7 @@ public void testExternalConfigurationConfigEnvs() { } @ParallelTest + @SuppressWarnings("deprecation") // External Configuration volumes are deprecated public void testExternalConfigurationSecretVolumes() { ExternalConfigurationVolumeSource volume = new ExternalConfigurationVolumeSourceBuilder() .withName("my-volume") @@ -1157,6 +1158,7 @@ public void testExternalConfigurationSecretVolumes() { } @ParallelTest + @SuppressWarnings("deprecation") // External Configuration volumes are deprecated public void testExternalConfigurationConfigVolumes() { ExternalConfigurationVolumeSource volume = new ExternalConfigurationVolumeSourceBuilder() .withName("my-volume") @@ -1190,6 +1192,7 @@ public void testExternalConfigurationConfigVolumes() { } @ParallelTest + @SuppressWarnings("deprecation") // External Configuration volumes are deprecated public void testExternalConfigurationInvalidVolumes() { ExternalConfigurationVolumeSource volume = new ExternalConfigurationVolumeSourceBuilder() .withName("my-volume") @@ -1220,6 +1223,7 @@ public void testExternalConfigurationInvalidVolumes() { } @ParallelTest + @SuppressWarnings("deprecation") // External Configuration volumes are deprecated public void testNoExternalConfigurationVolumes() { ExternalConfigurationVolumeSource volume = new ExternalConfigurationVolumeSourceBuilder() .withName("my-volume") diff --git a/documentation/modules/appendix_crds.adoc b/documentation/modules/appendix_crds.adoc index c12a813ca9c..099ba4223cf 100644 --- a/documentation/modules/appendix_crds.adoc +++ b/documentation/modules/appendix_crds.adoc @@ -2754,7 +2754,7 @@ include::../api/io.strimzi.api.kafka.model.connect.ExternalConfiguration.adoc[le |Makes data from a Secret or ConfigMap available in the Kafka Connect pods as environment variables. |volumes |xref:type-ExternalConfigurationVolumeSource-{context}[`ExternalConfigurationVolumeSource`] array -|Makes data from a Secret or ConfigMap available in the Kafka Connect pods as volumes. +|**The `volumes` property has been deprecated.** The external configuration volumes are deprecated and will be removed in the future. Please use the additional volumes and volume mounts in pod and container templates instead to mount additional secrets or config maps. Makes data from a Secret or ConfigMap available in the Kafka Connect pods as volumes. |==== [id='type-ExternalConfigurationEnv-{context}'] @@ -2794,6 +2794,9 @@ Used in: xref:type-ExternalConfigurationEnv-{context}[`ExternalConfigurationEnv` [id='type-ExternalConfigurationVolumeSource-{context}'] = `ExternalConfigurationVolumeSource` schema reference +*The type `ExternalConfigurationVolumeSource` has been deprecated.* +Please use xref:type-AdditionalVolume-{context}[`AdditionalVolume`] instead. + Used in: xref:type-ExternalConfiguration-{context}[`ExternalConfiguration`] diff --git a/documentation/modules/configuring/proc-loading-config-from-file.adoc b/documentation/modules/configuring/proc-loading-config-from-file.adoc index 117f66a1592..4fa720a543e 100644 --- a/documentation/modules/configuring/proc-loading-config-from-file.adoc +++ b/documentation/modules/configuring/proc-loading-config-from-file.adoc @@ -7,12 +7,12 @@ [role="_abstract"] Use the `FileConfigProvider` to provide configuration properties from a file within a directory. -Files can be config maps or secrets. +Files can be stored in config maps or secrets. In this procedure, a file provides configuration properties for a connector. A database name and password are specified as properties of a secret. The secret is mounted to the Kafka Connect pod as a volume. -Volumes are mounted on the path `/opt/kafka/external-configuration/`. +Volumes are mounted on the path `/mnt/`. .Prerequisites @@ -42,7 +42,7 @@ stringData: + -- * Enable the `FileConfigProvider` -* Specify the file using the `externalConfiguration` property. +* Specify the additional volume using the `template` property. -- + .Example Kafka Connect configuration to use an external property file @@ -58,17 +58,24 @@ spec: config.providers: file # <1> config.providers.file.class: org.apache.kafka.common.config.provider.FileConfigProvider # <2> #... - externalConfiguration: - volumes: - - name: connector-config # <3> - secret: - secretName: mysecret # <4> + template: + pod: + volumes: + - name: connector-config-volume # <3> + secret: + secretName: mysecret # <4> + kafkaContainer: + volumeMounts: + - name: connector-config-volume # <5> + mountPath: /mnt/mysecret # <6> ---- <1> The alias for the configuration provider is used to define other configuration parameters. <2> `FileConfigProvider` provides values from properties files. The parameter uses the alias from `config.providers`, taking the form `config.providers.${alias}.class`. <3> The name of the volume containing the secret. <4> The name of the secret. +<5> The name of the mounted volume, which must match the volume name in the `volumes` list. +<6> The path where the secret is mounted, which must start with `/mnt/`. . Create or update the resource to enable the provider. + @@ -94,8 +101,8 @@ spec: config: database.hostname: 192.168.99.1 database.port: "3306" - database.user: "${file:/opt/kafka/external-configuration/connector-config/mysecret:dbUsername}" - database.password: "${file:/opt/kafka/external-configuration/connector-config/mysecret:dbPassword}" + database.user: "${file:/mnt/mysecret/connector.properties:dbUsername}" + database.password: "${file:/mnt/mysecret/connector.properties:dbPassword}" database.server.id: "184054" #... ---- diff --git a/documentation/modules/configuring/proc-loading-config-from-files.adoc b/documentation/modules/configuring/proc-loading-config-from-files.adoc index e3343ce1eea..30d91a96fbd 100644 --- a/documentation/modules/configuring/proc-loading-config-from-files.adoc +++ b/documentation/modules/configuring/proc-loading-config-from-files.adoc @@ -11,8 +11,8 @@ Files can be config maps or secrets. In this procedure, a secret provides the TLS keystore and truststore user credentials for a connector. The credentials are in separate files. -The secrets are mounted into the Kafka Connect pod as volumes. -Volumes are mounted on the path `/opt/kafka/external-configuration/`. +The secrets are mounted into the Kafka Connect pod as volumes. +Volumes are mounted on the path `/mnt/`. .Prerequisites @@ -49,7 +49,7 @@ The `-cluster-ca-cert` secret generated when deploying the Kafka c + -- * Enable the `DirectoryConfigProvider` -* Specify the files using the `externalConfiguration` property. +* Specify the additional volume using the `template` property. -- + .Example Kafka Connect configuration to use external property files @@ -65,6 +65,21 @@ spec: config.providers: directory # <1> config.providers.directory.class: org.apache.kafka.common.config.provider.DirectoryConfigProvider # <2> #... + template: + pod: + volumes: + - name: my-user-volume # <3> + secret: + secretName: my-user # <4> + - name: cluster-ca-volume + secret: + secretName: my-cluster-cluster-ca-cert + kafkaContainer: + volumeMounts: + - name: my-user-volume # <5> + mountPath: /mnt/my-user # <6> + - name: cluster-ca-volume + mountPath: /mnt/cluster-ca externalConfiguration: volumes: # <3> - name: cluster-ca # <4> @@ -76,9 +91,10 @@ spec: ---- <1> The alias for the configuration provider is used to define other configuration parameters. <2> `DirectoryConfigProvider` provides values from files in a directory. The parameter uses the alias from `config.providers`, taking the form `config.providers.${alias}.class`. -<3> The names of the volumes containing the secrets. -<4> The name of the secret for the cluster CA certificate to supply truststore configuration. -<5> The name of the secret for the user to supply keystore configuration. +<3> The name of the volume containing the secret. +<4> The name of the secret. +<5> The name of the mounted volume, which must match the volume name in the `volumes` list. +<6> The path where the secret is mounted, which must start with `/mnt/`. . Create or update the resource to enable the provider. + @@ -105,10 +121,10 @@ spec: # ... database.history.producer.security.protocol: SSL database.history.producer.ssl.truststore.type: PEM - database.history.producer.ssl.truststore.certificates: "${directory:/opt/kafka/external-configuration/cluster-ca:ca.crt}" + database.history.producer.ssl.truststore.certificates: "${directory:/mtn/cluster-ca:ca.crt}" database.history.producer.ssl.keystore.type: PEM - database.history.producer.ssl.keystore.certificate.chain: "${directory:/opt/kafka/external-configuration/my-user:user.crt}" - database.history.producer.ssl.keystore.key: "${directory:/opt/kafka/external-configuration/my-user:user.key}" + database.history.producer.ssl.keystore.certificate.chain: "${directory:/mnt/my-user:user.crt}" + database.history.producer.ssl.keystore.key: "${directory:/mnt/my-user:user.key}" #... ---- +