diff --git a/.checksums b/.checksums
index aa4463ec851..875bbd04940 100644
--- a/.checksums
+++ b/.checksums
@@ -6,7 +6,7 @@
# if this checksum has changed as part of any non-release specific changes, please apply your changes to the
# development version of the helm charts in ./packaging/helm-charts
### IMPORTANT ###
-HELM_CHART_CHECKSUM="9c360dbc87edc9f202f4a474ea054a8d381800e7 -"
+HELM_CHART_CHECKSUM="13e73bf2a1d62c49f5a0de796e4d2f8017eead71 -"
### IMPORTANT ###
# if the below line has changed, this means the ./install directory has changed
@@ -14,7 +14,7 @@ HELM_CHART_CHECKSUM="9c360dbc87edc9f202f4a474ea054a8d381800e7 -"
# if this checksum has changed as part of any non-release specific changes, please apply your changes to the
# development version of the helm charts in ./packaging/install
### IMPORTANT ###
-INSTALL_CHECKSUM="a69e0450f7de8e5af0710e3d2ac9ad78d97cf0e3 -"
+INSTALL_CHECKSUM="df8e4258ed54685af342c95cfa443259713eedde -"
### IMPORTANT ###
# if the below line has changed, this means the ./examples directory has changed
@@ -22,4 +22,4 @@ INSTALL_CHECKSUM="a69e0450f7de8e5af0710e3d2ac9ad78d97cf0e3 -"
# if this checksum has changed as part of any non-release specific changes, please apply your changes to the
# development version of the helm charts in ./packaging/examples
### IMPORTANT ###
-EXAMPLES_CHECKSUM="65ddcbf2f091cc451f1e11473a42f69fcd40d8fd -"
+EXAMPLES_CHECKSUM="c2b690e654f2c65905e01720c19105ed75d46709 -"
diff --git a/api/pom.xml b/api/pom.xml
index 71921d5b9f9..7687cb686ab 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -4,7 +4,7 @@
io.strimzi
strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
api
diff --git a/certificate-manager/pom.xml b/certificate-manager/pom.xml
index a0e3d6eb2db..fd593111531 100644
--- a/certificate-manager/pom.xml
+++ b/certificate-manager/pom.xml
@@ -5,7 +5,7 @@
strimzi
io.strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
certificate-manager
diff --git a/cluster-operator/pom.xml b/cluster-operator/pom.xml
index 18540e0b31a..f0f73bb2ecc 100644
--- a/cluster-operator/pom.xml
+++ b/cluster-operator/pom.xml
@@ -4,7 +4,7 @@
io.strimzi
strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
cluster-operator
diff --git a/config-model-generator/pom.xml b/config-model-generator/pom.xml
index 9cbff1c066d..28febaa7117 100644
--- a/config-model-generator/pom.xml
+++ b/config-model-generator/pom.xml
@@ -5,7 +5,7 @@
strimzi
io.strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
diff --git a/config-model/pom.xml b/config-model/pom.xml
index 8ea9a3c91d6..c5c3693b171 100644
--- a/config-model/pom.xml
+++ b/config-model/pom.xml
@@ -5,7 +5,7 @@
strimzi
io.strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
diff --git a/crd-annotations/pom.xml b/crd-annotations/pom.xml
index aa77ebfe155..ac3b12b5305 100644
--- a/crd-annotations/pom.xml
+++ b/crd-annotations/pom.xml
@@ -5,7 +5,7 @@
strimzi
io.strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
diff --git a/crd-generator/pom.xml b/crd-generator/pom.xml
index 3a7293cac0d..1b757e29eab 100644
--- a/crd-generator/pom.xml
+++ b/crd-generator/pom.xml
@@ -5,7 +5,7 @@
strimzi
io.strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
crd-generator
diff --git a/examples/cruise-control/kafka-cruise-control-with-goals.yaml b/examples/cruise-control/kafka-cruise-control-with-goals.yaml
new file mode 100644
index 00000000000..24877492edb
--- /dev/null
+++ b/examples/cruise-control/kafka-cruise-control-with-goals.yaml
@@ -0,0 +1,63 @@
+apiVersion: kafka.strimzi.io/v1beta2
+kind: Kafka
+metadata:
+ name: my-cluster
+spec:
+ kafka:
+ version: 3.4.0
+ replicas: 3
+ listeners:
+ - name: plain
+ port: 9092
+ type: internal
+ tls: false
+ - name: tls
+ port: 9093
+ type: internal
+ tls: true
+ config:
+ offsets.topic.replication.factor: 3
+ transaction.state.log.replication.factor: 3
+ transaction.state.log.min.isr: 2
+ default.replication.factor: 3
+ min.insync.replicas: 2
+ inter.broker.protocol.version: "3.4"
+ storage:
+ type: ephemeral
+ zookeeper:
+ replicas: 3
+ storage:
+ type: ephemeral
+ entityOperator:
+ topicOperator: {}
+ userOperator: {}
+ cruiseControl:
+ config:
+ # Note that `goals` must be a superset of `default.goals` and `hard.goals`
+ goals: >
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.RackAwareGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.MinTopicLeadersPerBrokerGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaCapacityGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskCapacityGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkInboundCapacityGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkOutboundCapacityGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.CpuCapacityGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaDistributionGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.PotentialNwOutGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskUsageDistributionGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkInboundUsageDistributionGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkOutboundUsageDistributionGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.CpuUsageDistributionGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.TopicReplicaDistributionGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.LeaderReplicaDistributionGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.LeaderBytesInDistributionGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.PreferredLeaderElectionGoal
+ # Note that `default.goals` must be a superset `hard.goals`
+ default.goals: >
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.RackAwareGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaCapacityGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskCapacityGoal
+ hard.goals: >
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.RackAwareGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaCapacityGoal,
+ com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskCapacityGoal
diff --git a/examples/metrics/kafka-metrics.yaml b/examples/metrics/kafka-metrics.yaml
index 985ca188652..4a64d3717d2 100644
--- a/examples/metrics/kafka-metrics.yaml
+++ b/examples/metrics/kafka-metrics.yaml
@@ -197,6 +197,27 @@ data:
type: GAUGE
labels:
quantile: "0.$4"
+ # KRaft mode: uncomment the following lines to export KRaft related metrics
+ # KRaft overall related metrics
+ # distinguish between always increasing COUNTER (total and max) and variable GAUGE (all others) metrics
+ #- pattern: "kafka.server<>(.+-total|.+-max):"
+ # name: kafka_server_raftmetrics_$1
+ # type: COUNTER
+ #- pattern: "kafka.server<>(.+):"
+ # name: kafka_server_raftmetrics_$1
+ # type: GAUGE
+ # KRaft "low level" channels related metrics
+ # distinguish between always increasing COUNTER (total and max) and variable GAUGE (all others) metrics
+ #- pattern: "kafka.server<>(.+-total|.+-max):"
+ # name: kafka_server_raftchannelmetrics_$1
+ # type: COUNTER
+ #- pattern: "kafka.server<>(.+):"
+ # name: kafka_server_raftchannelmetrics_$1
+ # type: GAUGE
+ # Broker metrics related to fetching metadata topic records in KRaft mode
+ #- pattern: "kafka.server<>(.+):"
+ # name: kafka_server_brokermetadatametrics_$1
+ # type: GAUGE
zookeeper-metrics-config.yml: |
# See https://github.com/prometheus/jmx_exporter for more info about JMX Prometheus Exporter metrics
lowercaseOutputName: true
diff --git a/examples/mirror-maker/kafka-mirror-maker-2-custom-replication-policy.yaml b/examples/mirror-maker/kafka-mirror-maker-2-custom-replication-policy.yaml
index 2a586e57761..add286a30e2 100644
--- a/examples/mirror-maker/kafka-mirror-maker-2-custom-replication-policy.yaml
+++ b/examples/mirror-maker/kafka-mirror-maker-2-custom-replication-policy.yaml
@@ -24,7 +24,6 @@ spec:
replication.factor: 1
offset-syncs.topic.replication.factor: 1
sync.topic.acls.enabled: "false"
- replication.policy.separator: ""
replication.policy.class: "org.apache.kafka.connect.mirror.IdentityReplicationPolicy"
heartbeatConnector:
config:
@@ -32,7 +31,6 @@ spec:
checkpointConnector:
config:
checkpoints.topic.replication.factor: 1
- replication.policy.separator: ""
replication.policy.class: "org.apache.kafka.connect.mirror.IdentityReplicationPolicy"
topicsPattern: ".*"
groupsPattern: ".*"
diff --git a/examples/security/keycloak-authorization/README.md b/examples/security/keycloak-authorization/README.md
index 0d4857295fd..6b647486e61 100644
--- a/examples/security/keycloak-authorization/README.md
+++ b/examples/security/keycloak-authorization/README.md
@@ -7,13 +7,13 @@ This folder contains an example `Kafka` custom resource configured for OAuth 2.0
The folder also contains a Keycloak realm export to import into your Keycloak instance to support the example.
-Full instructions for the example are available in the [Strimzi Documentation](https://strimzi.io/docs/operators/0.33.2/configuring.html#proc-oauth-authorization-keycloak-example_str).
+Full instructions for the example are available in the [Strimzi Documentation](https://strimzi.io/docs/operators/0.34.0/configuring.html#proc-oauth-authorization-keycloak-example_str).
- [kafka-authz-realm.json](./kafka-authz-realm.json)
- The Keycloak realm export file
- [kafka-ephemeral-oauth-single-keycloak-authz.yaml](./kafka-ephemeral-oauth-single-keycloak-authz.yaml)
- The Kafka CR that defines a single-node Kafka cluster with `oauth` authentication and `keycloak` authorization,
- using the `kafka-authz` realm. See [full example instructions](https://strimzi.io/docs/operators/0.33.2/configuring.html#proc-oauth-authorization-keycloak-example_str) for proper preparation and deployment.
+ using the `kafka-authz` realm. See [full example instructions](https://strimzi.io/docs/operators/0.34.0/configuring.html#proc-oauth-authorization-keycloak-example_str) for proper preparation and deployment.
- [kafka-ephemeral-oauth-single-keycloak-authz-metrics.yaml](./kafka-ephemeral-oauth-single-keycloak-authz-metrics.yaml)
- The Kafka CR that defines a single-node Kafka cluster with `oauth` authentication and `keycloak` authorization,
with included configuration for exporting the OAuth metrics using Prometheus JMX exporter.
diff --git a/helm-charts/helm3/strimzi-kafka-operator/README.md b/helm-charts/helm3/strimzi-kafka-operator/README.md
index 05c125d61db..2c91d0c8f3b 100644
--- a/helm-charts/helm3/strimzi-kafka-operator/README.md
+++ b/helm-charts/helm3/strimzi-kafka-operator/README.md
@@ -99,11 +99,12 @@ the documentation for more details.
| `watchAnyNamespace` | Watch the whole Kubernetes cluster (all namespaces) | `false` |
| `defaultImageRegistry` | Default image registry for all the images | `quay.io` |
| `defaultImageRepository` | Default image registry for all the images | `strimzi` |
-| `defaultImageTag` | Default image tag for all the images except Kafka Bridge | `0.33.2` |
+| `defaultImageTag` | Default image tag for all the images except Kafka Bridge | `0.34.0` |
| `image.registry` | Override default Cluster Operator image registry | `nil` |
| `image.repository` | Override default Cluster Operator image repository | `nil` |
| `image.name` | Cluster Operator image name | `cluster-operator` |
| `image.tag` | Override default Cluster Operator image tag | `nil` |
+| `image.digest` | Override Cluster Operator image tag with digest | `nil` |
| `image.imagePullPolicy` | Image pull policy for all pods deployed by Cluster Operator | `IfNotPresent` |
| `image.imagePullSecrets` | Docker registry pull secret | `nil` |
| `fullReconciliationIntervalMs` | Full reconciliation interval in milliseconds | 120000 |
@@ -120,46 +121,74 @@ the documentation for more details.
| `jmxtrans.image.repository` | Override default JmxTrans image repository | `nil` |
| `jmxtrans.image.name` | JmxTrans image name | `jmxtrans` |
| `jmxtrans.image.tag` | Override default JmxTrans image tag prefix | `nil` |
+| `jmxtrans.image.digest` | Override JmxTrans image tag with digest | `nil` |
| `kafka.image.registry` | Override default Kafka image registry | `nil` |
| `kafka.image.repository` | Override default Kafka image repository | `nil` |
| `kafka.image.name` | Kafka image name | `kafka` |
| `kafka.image.tagPrefix` | Override default Kafka image tag prefix | `nil` |
+| `kafka.image.tag` | Override default Kafka image tag and ignore suffix | `nil` |
+| `kafka.image.digest` | Override Kafka image tag with digest | `nil` |
| `kafkaConnect.image.registry` | Override default Kafka Connect image registry | `nil` |
| `kafkaConnect.image.repository` | Override default Kafka Connect image repository | `nil` |
| `kafkaConnect.image.name` | Kafka Connect image name | `kafka` |
| `kafkaConnect.image.tagPrefix` | Override default Kafka Connect image tag prefix | `nil` |
+| `kafkaConnect.image.tag` | Override default Kafka Connect image tag and ignore suffix | `nil` |
+| `kafkaConnect.image.digest` | Override Kafka Connect image tag with digest | `nil` |
| `kafkaMirrorMaker.image.registry` | Override default Kafka Mirror Maker image registry | `nil` |
| `kafkaMirrorMaker.image.repository` | Override default Kafka Mirror Maker image repository | `nil` |
| `kafkaMirrorMaker.image.name` | Kafka Mirror Maker image name | `kafka` |
| `kafkaMirrorMaker.image.tagPrefix` | Override default Kafka Mirror Maker image tag prefix | `nil` |
+| `kafkaMirrorMaker.image.tag` | Override default Kafka Mirror Maker image tag and ignore suffix | `nil` |
+| `kafkaMirrorMaker.image.digest` | Override Kafka Mirror Maker image tag with digest | `nil` |
| `cruiseControl.image.registry` | Override default Cruise Control image registry | `nil` |
| `cruiseControl.image.repository` | Override default Cruise Control image repository | `nil` |
| `cruiseControl.image.name` | Cruise Control image name | `kafka` |
-| `cruiseControl.image.tag` | Override default Cruise Control image tag prefix | `nil` |
+| `cruiseControl.image.tagPrefix` | Override default Cruise Control image tag prefix | `nil` |
+| `cruiseControl.image.tag` | Override default Cruise Control image tag and ignore suffix | `nil` |
+| `cruiseControl.image.digest` | Override Cruise Control image tag with digest | `nil` |
| `topicOperator.image.registry` | Override default Topic Operator image registry | `nil` |
| `topicOperator.image.repository` | Override default Topic Operator image repository | `nil` |
| `topicOperator.image.name` | Topic Operator image name | `operator` |
| `topicOperator.image.tag` | Override default Topic Operator image tag | `nil` |
+| `topicOperator.image.digest` | Override Topic Operator image tag with digest | `nil` |
| `userOperator.image.registry` | Override default User Operator image registry | `nil` |
| `userOperator.image.repository` | Override default User Operator image repository | `nil` |
| `userOperator.image.name` | User Operator image name | `operator` |
| `userOperator.image.tag` | Override default User Operator image tag | `nil` |
+| `userOperator.image.digest` | Override User Operator image tag with digest | `nil` |
| `kafkaInit.image.registry` | Override default Init Kafka image registry | `nil` |
| `kafkaInit.image.repository` | Override default Init Kafka image repository | `nil` |
| `kafkaInit.image.name` | Init Kafka image name | `operator` |
| `kafkaInit.image.tag` | Override default Init Kafka image tag | `nil` |
-| `tlsSidecarTopicOperator.image.registry` | Override default TLS Sidecar for Topic Operator image registry | `nil` |
-| `tlsSidecarTopicOperator.image.repository` | Override default TLS Sidecar for Topic Operator image repository | `nil` |
-| `tlsSidecarTopicOperator.image.name` | TLS Sidecar for Topic Operator image name | `kafka` |
-| `tlsSidecarTopicOperator.image.tag` | Override default TLS Sidecar for Topic Operator image tag prefix | `nil` |
+| `kafkaInit.image.digest` | Override Init Kafka image tag with digest | `nil` |
+| `tlsSidecarEntityOperator.image.registry` | Override default TLS Sidecar Entity Operator image registry | `nil` |
+| `tlsSidecarEntityOperator.image.repository` | Override default TLS Sidecar Entity Operator image repository | `nil` |
+| `tlsSidecarEntityOperator.image.name` | TLS Sidecar Entity Operator image name | `kafka` |
+| `tlsSidecarEntityOperator.image.tagPrefix` | Override default TLS Sidecar Entity Operator image tag prefix | `nil` |
+| `tlsSidecarEntityOperator.image.tag` | Override default TLS Sidecar Entity Operator image tag and ignore suffix | `nil` |
+| `tlsSidecarEntityOperator.image.digest` | Override TLS Sidecar Entity Operator image tag with digest | `nil` |
| `kafkaBridge.image.registry` | Override default Kafka Bridge image registry | `quay.io` |
| `kafkaBridge.image.repository` | Override default Kafka Bridge image repository | `strimzi` |
| `kafkaBridge.image.name` | Kafka Bridge image name | `kafka-bridge` |
-| `kafkaBridge.image.tag` | Override default Kafka Bridge image tag | `0.24.0` |
+| `kafkaBridge.image.tag` | Override default Kafka Bridge image tag | `0.25.0` |
+| `kafkaBridge.image.digest` | Override Kafka Bridge image tag with digest | `nil` |
+| `kafkaExporter.image.registry` | Override default Kafka Exporter image registry | `nil` |
+| `kafkaExporter.image.repository` | Override default Kafka Exporter image repository | `nil` |
+| `kafkaExporter.image.name` | Kafka Exporter image name | `kafka` |
+| `kafkaExporter.image.tagPrefix` | Override default Kafka Exporter image tag prefix | `nil` |
+| `kafkaExporter.image.tag` | Override default Kafka Exporter image tag and ignore suffix | `nil` |
+| `kafkaExporter.image.digest` | Override Kafka Exporter image tag with digest | `nil` |
+| `kafkaMirrorMaker2.image.registry` | Override default Kafka Mirror Maker 2 image registry | `nil` |
+| `kafkaMirrorMaker2.image.repository` | Override default Kafka Mirror Maker 2 image repository | `nil` |
+| `kafkaMirrorMaker2.image.name` | Kafka Mirror Maker 2 image name | `kafka` |
+| `kafkaMirrorMaker2.image.tagPrefix` | Override default Kafka Mirror Maker 2 image tag prefix | `nil` |
+| `kafkaMirrorMaker2.image.tag` | Override default Kafka Mirror Maker 2 image tag and ignore suffix | `nil` |
+| `kafkaMirrorMaker2.image.digest` | Override Kafka Mirror Maker 2 image tag with digest | `nil` |
| `kanikoExecutor.image.registry` | Override default Kaniko Executor image registry | `nil` |
| `kanikoExecutor.image.repository` | Override default Kaniko Executor image repository | `nil` |
| `kanikoExecutor.image.name` | Kaniko Executor image name | `kaniko-executor` |
| `kanikoExecutor.image.tag` | Override default Kaniko Executor image tag | `nil` |
+| `kanikoExecutor.image.digest` | Override Kaniko Executor image tag with digest | `nil` |
| `resources.limits.memory` | Memory constraint for limits | `256Mi` |
| `resources.limits.cpu` | CPU constraint for limits | `1000m` |
| `resources.requests.memory` | Memory constraint for requests | `256Mi` |
@@ -184,10 +213,11 @@ the documentation for more details.
| `mavenBuilder.image.repository` | Maven Builder image repository | `nil` |
| `mavenBuilder.image.name` | Override default Maven Builder image name | `maven-builder` |
| `mavenBuilder.image.tag` | Override default Maven Builder image tag | `nil` |
+| `mavenBuilder.image.digest` | Override Maven Builder image tag with digest | `nil` |
| `logConfiguration` | Override default `log4j.properties` content | `nil` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
-$ helm install --name my-release --set logLevel=DEBUG,fullReconciliationIntervalMs=240000 strimzi/strimzi-kafka-operator
+$ helm install my-release --set logLevel=DEBUG,fullReconciliationIntervalMs=240000 strimzi/strimzi-kafka-operator
```
diff --git a/helm-charts/helm3/strimzi-kafka-operator/crds/040-Crd-kafka.yaml b/helm-charts/helm3/strimzi-kafka-operator/crds/040-Crd-kafka.yaml
index 558f1c8ea9d..7f59734d77e 100644
--- a/helm-charts/helm3/strimzi-kafka-operator/crds/040-Crd-kafka.yaml
+++ b/helm-charts/helm3/strimzi-kafka-operator/crds/040-Crd-kafka.yaml
@@ -163,6 +163,12 @@ spec:
groupsClaimDelimiter:
type: string
description: "A delimiter used to parse groups when they are extracted as a single String value rather than a JSON array. Default value is ',' (comma)."
+ httpRetries:
+ type: integer
+ description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries."
+ httpRetryPauseMs:
+ type: integer
+ description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request."
introspectionEndpointUri:
type: string
description: URI of the token introspection endpoint which can be used to validate opaque non-JWT tokens.
@@ -590,6 +596,10 @@ spec:
type: integer
minimum: 1
description: "The number of threads to use to refresh grants for active sessions. The more threads, the more parallelism, so the sooner the job completes. However, using more threads places a heavier load on the authorization server. The default value is 5."
+ httpRetries:
+ type: integer
+ minimum: 0
+ description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries."
initialCacheCapacity:
type: integer
description: Initial capacity of the local cache used by the authorizer to avoid querying the Open Policy Agent for every request Defaults to `5000`.
@@ -3049,6 +3059,12 @@ spec:
type: object
description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
description: Metadata applied to the resource.
+ deploymentStrategy:
+ type: string
+ enum:
+ - RollingUpdate
+ - Recreate
+ description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`.
description: Template for Entity Operator `Deployment`.
pod:
type: object
@@ -4061,6 +4077,12 @@ spec:
type: object
description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
description: Metadata applied to the resource.
+ deploymentStrategy:
+ type: string
+ enum:
+ - RollingUpdate
+ - Recreate
+ description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`.
description: Template for Cruise Control `Deployment`.
pod:
type: object
@@ -4903,6 +4925,12 @@ spec:
type: object
description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
description: Metadata applied to the resource.
+ deploymentStrategy:
+ type: string
+ enum:
+ - RollingUpdate
+ - Recreate
+ description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`.
description: Template for JmxTrans `Deployment`.
pod:
type: object
diff --git a/helm-charts/helm3/strimzi-kafka-operator/crds/041-Crd-kafkaconnect.yaml b/helm-charts/helm3/strimzi-kafka-operator/crds/041-Crd-kafkaconnect.yaml
index 6931ce3de2a..9529d0855a6 100644
--- a/helm-charts/helm3/strimzi-kafka-operator/crds/041-Crd-kafkaconnect.yaml
+++ b/helm-charts/helm3/strimzi-kafka-operator/crds/041-Crd-kafkaconnect.yaml
@@ -141,6 +141,12 @@ spec:
enableMetrics:
type: boolean
description: Enable or disable OAuth metrics. Default value is `false`.
+ httpRetries:
+ type: integer
+ description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries."
+ httpRetryPauseMs:
+ type: integer
+ description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request."
maxTokenExpirySeconds:
type: integer
description: Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens.
@@ -397,6 +403,22 @@ spec:
- Recreate
description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`.
description: Template for Kafka Connect `Deployment`.
+ podSet:
+ type: object
+ properties:
+ metadata:
+ type: object
+ properties:
+ labels:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ annotations:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ description: Metadata applied to the resource.
+ description: Template for Kafka Connect `StrimziPodSet` resource.
pod:
type: object
properties:
@@ -883,6 +905,37 @@ spec:
- IPv6
description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer."
description: Template for Kafka Connect API `Service`.
+ headlessService:
+ type: object
+ properties:
+ metadata:
+ type: object
+ properties:
+ labels:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ annotations:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ description: Metadata applied to the resource.
+ ipFamilyPolicy:
+ type: string
+ enum:
+ - SingleStack
+ - PreferDualStack
+ - RequireDualStack
+ description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer."
+ ipFamilies:
+ type: array
+ items:
+ type: string
+ enum:
+ - IPv4
+ - IPv6
+ description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer."
+ description: Template for Kafka Connect headless `Service`.
connectContainer:
type: object
properties:
diff --git a/helm-charts/helm3/strimzi-kafka-operator/crds/045-Crd-kafkamirrormaker.yaml b/helm-charts/helm3/strimzi-kafka-operator/crds/045-Crd-kafkamirrormaker.yaml
index 0be8b0ded20..08a49b72f47 100644
--- a/helm-charts/helm3/strimzi-kafka-operator/crds/045-Crd-kafkamirrormaker.yaml
+++ b/helm-charts/helm3/strimzi-kafka-operator/crds/045-Crd-kafkamirrormaker.yaml
@@ -146,6 +146,12 @@ spec:
enableMetrics:
type: boolean
description: Enable or disable OAuth metrics. Default value is `false`.
+ httpRetries:
+ type: integer
+ description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries."
+ httpRetryPauseMs:
+ type: integer
+ description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request."
maxTokenExpirySeconds:
type: integer
description: Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens.
@@ -314,6 +320,12 @@ spec:
enableMetrics:
type: boolean
description: Enable or disable OAuth metrics. Default value is `false`.
+ httpRetries:
+ type: integer
+ description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries."
+ httpRetryPauseMs:
+ type: integer
+ description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request."
maxTokenExpirySeconds:
type: integer
description: Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens.
diff --git a/helm-charts/helm3/strimzi-kafka-operator/crds/046-Crd-kafkabridge.yaml b/helm-charts/helm3/strimzi-kafka-operator/crds/046-Crd-kafkabridge.yaml
index c1c303b07ab..db5c8efa185 100644
--- a/helm-charts/helm3/strimzi-kafka-operator/crds/046-Crd-kafkabridge.yaml
+++ b/helm-charts/helm3/strimzi-kafka-operator/crds/046-Crd-kafkabridge.yaml
@@ -144,6 +144,12 @@ spec:
enableMetrics:
type: boolean
description: Enable or disable OAuth metrics. Default value is `false`.
+ httpRetries:
+ type: integer
+ description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries."
+ httpRetryPauseMs:
+ type: integer
+ description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request."
maxTokenExpirySeconds:
type: integer
description: Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens.
diff --git a/helm-charts/helm3/strimzi-kafka-operator/crds/048-Crd-kafkamirrormaker2.yaml b/helm-charts/helm3/strimzi-kafka-operator/crds/048-Crd-kafkamirrormaker2.yaml
index 95240e9adb2..397272fa57d 100644
--- a/helm-charts/helm3/strimzi-kafka-operator/crds/048-Crd-kafkamirrormaker2.yaml
+++ b/helm-charts/helm3/strimzi-kafka-operator/crds/048-Crd-kafkamirrormaker2.yaml
@@ -153,6 +153,12 @@ spec:
enableMetrics:
type: boolean
description: Enable or disable OAuth metrics. Default value is `false`.
+ httpRetries:
+ type: integer
+ description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries."
+ httpRetryPauseMs:
+ type: integer
+ description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request."
maxTokenExpirySeconds:
type: integer
description: Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens.
@@ -512,6 +518,22 @@ spec:
- Recreate
description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`.
description: Template for Kafka Connect `Deployment`.
+ podSet:
+ type: object
+ properties:
+ metadata:
+ type: object
+ properties:
+ labels:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ annotations:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ description: Metadata applied to the resource.
+ description: Template for Kafka Connect `StrimziPodSet` resource.
pod:
type: object
properties:
@@ -998,6 +1020,37 @@ spec:
- IPv6
description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer."
description: Template for Kafka Connect API `Service`.
+ headlessService:
+ type: object
+ properties:
+ metadata:
+ type: object
+ properties:
+ labels:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ annotations:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ description: Metadata applied to the resource.
+ ipFamilyPolicy:
+ type: string
+ enum:
+ - SingleStack
+ - PreferDualStack
+ - RequireDualStack
+ description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer."
+ ipFamilies:
+ type: array
+ items:
+ type: string
+ enum:
+ - IPv4
+ - IPv6
+ description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer."
+ description: Template for Kafka Connect headless `Service`.
connectContainer:
type: object
properties:
diff --git a/helm-charts/helm3/strimzi-kafka-operator/templates/060-Deployment-strimzi-cluster-operator.yaml b/helm-charts/helm3/strimzi-kafka-operator/templates/060-Deployment-strimzi-cluster-operator.yaml
index 041bfbc7741..d774c9ff08b 100644
--- a/helm-charts/helm3/strimzi-kafka-operator/templates/060-Deployment-strimzi-cluster-operator.yaml
+++ b/helm-charts/helm3/strimzi-kafka-operator/templates/060-Deployment-strimzi-cluster-operator.yaml
@@ -49,7 +49,7 @@ spec:
name: {{ .Values.logConfigMap }}
containers:
- name: strimzi-cluster-operator
- image: {{ default .Values.defaultImageRegistry .Values.image.registry }}/{{ default .Values.defaultImageRepository .Values.image.repository}}/{{ .Values.image.name }}:{{ default .Values.defaultImageTag .Values.image.tag }}
+ image: {{ template "strimzi.image" (set . "key" "") }}
ports:
- containerPort: 8080
name: http
@@ -84,19 +84,19 @@ spec:
value: {{ .Values.operationTimeoutMs | quote }}
{{- template "strimzi.kafka.image.map" . }}
- name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE
- value: {{ default .Values.defaultImageRegistry .Values.topicOperator.image.registry }}/{{ default .Values.defaultImageRepository .Values.topicOperator.image.repository }}/{{ .Values.topicOperator.image.name }}:{{ default .Values.defaultImageTag .Values.topicOperator.image.tag }}
+ value: {{ template "strimzi.image" (set . "key" "topicOperator") }}
- name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE
- value: {{ default .Values.defaultImageRegistry .Values.userOperator.image.registry }}/{{ default .Values.defaultImageRepository .Values.userOperator.image.repository }}/{{ .Values.userOperator.image.name }}:{{ default .Values.defaultImageTag .Values.userOperator.image.tag }}
+ value: {{ template "strimzi.image" (set . "key" "userOperator") }}
- name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE
- value: {{ default .Values.defaultImageRegistry .Values.kafkaInit.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaInit.image.repository }}/{{ .Values.kafkaInit.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaInit.image.tag }}
+ value: {{ template "strimzi.image" (set . "key" "kafkaInit") }}
- name: STRIMZI_DEFAULT_KAFKA_BRIDGE_IMAGE
- value: {{ default .Values.defaultImageRegistry .Values.kafkaBridge.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaBridge.image.repository }}/{{ .Values.kafkaBridge.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaBridge.image.tag }}
+ value: {{ template "strimzi.image" (set . "key" "kafkaBridge") }}
- name: STRIMZI_DEFAULT_JMXTRANS_IMAGE
- value: {{ default .Values.defaultImageRegistry .Values.jmxTrans.image.registry }}/{{ default .Values.defaultImageRepository .Values.jmxTrans.image.repository }}/{{ .Values.jmxTrans.image.name }}:{{ default .Values.defaultImageTag .Values.jmxTrans.image.tag }}
+ value: {{ template "strimzi.image" (set . "key" "jmxTrans") }}
- name: STRIMZI_DEFAULT_KANIKO_EXECUTOR_IMAGE
- value: {{ default .Values.defaultImageRegistry .Values.kanikoExecutor.image.registry }}/{{ default .Values.defaultImageRepository .Values.kanikoExecutor.image.repository }}/{{ .Values.kanikoExecutor.image.name }}:{{ default .Values.defaultImageTag .Values.kanikoExecutor.image.tag }}
+ value: {{ template "strimzi.image" (set . "key" "kanikoExecutor") }}
- name: STRIMZI_DEFAULT_MAVEN_BUILDER
- value: {{ default .Values.defaultImageRegistry .Values.mavenBuilder.image.registry }}/{{ default .Values.defaultImageRepository .Values.mavenBuilder.image.repository }}/{{ .Values.mavenBuilder.image.name }}:{{ default .Values.defaultImageTag .Values.mavenBuilder.image.tag }}
+ value: {{ template "strimzi.image" (set . "key" "mavenBuilder") }}
- name: STRIMZI_OPERATOR_NAMESPACE
valueFrom:
fieldRef:
diff --git a/helm-charts/helm3/strimzi-kafka-operator/templates/_helpers.tpl b/helm-charts/helm3/strimzi-kafka-operator/templates/_helpers.tpl
index d5de903513f..6d44a8d0f7a 100644
--- a/helm-charts/helm3/strimzi-kafka-operator/templates/_helpers.tpl
+++ b/helm-charts/helm3/strimzi-kafka-operator/templates/_helpers.tpl
@@ -30,3 +30,23 @@ Create chart name and version as used by the chart label.
{{- define "strimzi.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+
+{{/*
+Creates the image name from the registry, repository, image, tag, and digest
+- Priority is given to digests over tags
+- Registry, repository, and image will be joined with '/' if values are not blank
+- tagSuffix is added to tagPrefix or default tag. To ignore the suffix, use tag.
+- tagSuffix can be ignored by using tag instead of tagPrefix
+To use, add the following key/value pairs to the scope:
+- "key" [optional]: the key to lookup under .Values for the image map
+- "tagSuffix" [optional]: the suffix to add to tagPrefix or the default tag
+- Example: `template "strimzi.image" (merge . (dict "key" "tlsSidecarEntityOperator" "tagSuffix" "-kafka-3.1.0"))`
+*/}}
+{{- define "strimzi.image" -}}
+{{- $vals := ternary .Values.image (index .Values .key).image (empty .key) -}}
+{{- $ref := join "/" (compact (list (default .Values.defaultImageRegistry $vals.registry) (default .Values.defaultImageRepository $vals.repository) (default .Values.defaultImageName $vals.name))) -}}
+{{- $tag := join "" (compact (list (coalesce $vals.tag $vals.tagPrefix .Values.defaultImageTag) (ternary .tagSuffix "" (empty $vals.tag)))) -}}
+{{- join "" (compact (list $ref (ternary ":" "@" (empty $vals.digest)) (default $tag $vals.digest))) -}}
+{{- $_ := unset . "key" -}}
+{{- $_ := unset . "tagSuffix" -}}
+{{- end -}}
\ No newline at end of file
diff --git a/helm-charts/helm3/strimzi-kafka-operator/templates/_kafka_image_map.tpl b/helm-charts/helm3/strimzi-kafka-operator/templates/_kafka_image_map.tpl
index abe61c4efbd..864cc42a8bc 100644
--- a/helm-charts/helm3/strimzi-kafka-operator/templates/_kafka_image_map.tpl
+++ b/helm-charts/helm3/strimzi-kafka-operator/templates/_kafka_image_map.tpl
@@ -6,41 +6,29 @@
{{/* Generate the kafka image map */}}
{{- define "strimzi.kafka.image.map" }}
- name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE
- value: {{ default .Values.defaultImageRegistry .Values.tlsSidecarEntityOperator.image.registry }}/{{ default .Values.defaultImageRepository .Values.tlsSidecarEntityOperator.image.repository }}/{{ .Values.tlsSidecarEntityOperator.image.name }}:{{ default .Values.defaultImageTag .Values.tlsSidecarEntityOperator.image.tagPrefix }}-kafka-3.4.0
+ value: {{ template "strimzi.image" (merge . (dict "key" "tlsSidecarEntityOperator" "tagSuffix" "-kafka-3.4.0")) }}
- name: STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE
- value: {{ default .Values.defaultImageRegistry .Values.kafkaExporter.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaExporter.image.repository }}/{{ .Values.kafkaExporter.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaExporter.image.tagPrefix }}-kafka-3.4.0
+ value: {{ template "strimzi.image" (merge . (dict "key" "kafkaExporter" "tagSuffix" "-kafka-3.4.0")) }}
- name: STRIMZI_DEFAULT_CRUISE_CONTROL_IMAGE
- value: {{ default .Values.defaultImageRegistry .Values.cruiseControl.image.registry }}/{{ default .Values.defaultImageRepository .Values.cruiseControl.image.repository }}/{{ .Values.cruiseControl.image.name }}:{{ default .Values.defaultImageTag .Values.cruiseControl.image.tagPrefix }}-kafka-3.4.0
+ value: {{ template "strimzi.image" (merge . (dict "key" "cruiseControl" "tagSuffix" "-kafka-3.4.0")) }}
- name: STRIMZI_KAFKA_IMAGES
value: |
- 3.2.0={{ default .Values.defaultImageRegistry .Values.kafka.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafka.image.repository }}/{{ .Values.kafka.image.name }}:{{ default .Values.defaultImageTag .Values.kafka.image.tagPrefix }}-kafka-3.2.0
- 3.2.1={{ default .Values.defaultImageRegistry .Values.kafka.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafka.image.repository }}/{{ .Values.kafka.image.name }}:{{ default .Values.defaultImageTag .Values.kafka.image.tagPrefix }}-kafka-3.2.1
- 3.2.3={{ default .Values.defaultImageRegistry .Values.kafka.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafka.image.repository }}/{{ .Values.kafka.image.name }}:{{ default .Values.defaultImageTag .Values.kafka.image.tagPrefix }}-kafka-3.2.3
- 3.3.1={{ default .Values.defaultImageRegistry .Values.kafka.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafka.image.repository }}/{{ .Values.kafka.image.name }}:{{ default .Values.defaultImageTag .Values.kafka.image.tagPrefix }}-kafka-3.3.1
- 3.3.2={{ default .Values.defaultImageRegistry .Values.kafka.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafka.image.repository }}/{{ .Values.kafka.image.name }}:{{ default .Values.defaultImageTag .Values.kafka.image.tagPrefix }}-kafka-3.3.2
- 3.4.0={{ default .Values.defaultImageRegistry .Values.kafka.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafka.image.repository }}/{{ .Values.kafka.image.name }}:{{ default .Values.defaultImageTag .Values.kafka.image.tagPrefix }}-kafka-3.4.0
+ 3.3.1={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.3.1")) }}
+ 3.3.2={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.3.2")) }}
+ 3.4.0={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.4.0")) }}
- name: STRIMZI_KAFKA_CONNECT_IMAGES
value: |
- 3.2.0={{ default .Values.defaultImageRegistry .Values.kafkaConnect.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaConnect.image.repository }}/{{ .Values.kafkaConnect.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaConnect.image.tagPrefix }}-kafka-3.2.0
- 3.2.1={{ default .Values.defaultImageRegistry .Values.kafkaConnect.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaConnect.image.repository }}/{{ .Values.kafkaConnect.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaConnect.image.tagPrefix }}-kafka-3.2.1
- 3.2.3={{ default .Values.defaultImageRegistry .Values.kafkaConnect.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaConnect.image.repository }}/{{ .Values.kafkaConnect.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaConnect.image.tagPrefix }}-kafka-3.2.3
- 3.3.1={{ default .Values.defaultImageRegistry .Values.kafkaConnect.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaConnect.image.repository }}/{{ .Values.kafkaConnect.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaConnect.image.tagPrefix }}-kafka-3.3.1
- 3.3.2={{ default .Values.defaultImageRegistry .Values.kafkaConnect.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaConnect.image.repository }}/{{ .Values.kafkaConnect.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaConnect.image.tagPrefix }}-kafka-3.3.2
- 3.4.0={{ default .Values.defaultImageRegistry .Values.kafkaConnect.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaConnect.image.repository }}/{{ .Values.kafkaConnect.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaConnect.image.tagPrefix }}-kafka-3.4.0
+ 3.3.1={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.3.1")) }}
+ 3.3.2={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.3.2")) }}
+ 3.4.0={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.4.0")) }}
- name: STRIMZI_KAFKA_MIRROR_MAKER_IMAGES
value: |
- 3.2.0={{ default .Values.defaultImageRegistry .Values.kafkaMirrorMaker.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaMirrorMaker.image.repository }}/{{ .Values.kafkaMirrorMaker.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaMirrorMaker.image.tagPrefix }}-kafka-3.2.0
- 3.2.1={{ default .Values.defaultImageRegistry .Values.kafkaMirrorMaker.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaMirrorMaker.image.repository }}/{{ .Values.kafkaMirrorMaker.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaMirrorMaker.image.tagPrefix }}-kafka-3.2.1
- 3.2.3={{ default .Values.defaultImageRegistry .Values.kafkaMirrorMaker.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaMirrorMaker.image.repository }}/{{ .Values.kafkaMirrorMaker.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaMirrorMaker.image.tagPrefix }}-kafka-3.2.3
- 3.3.1={{ default .Values.defaultImageRegistry .Values.kafkaMirrorMaker.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaMirrorMaker.image.repository }}/{{ .Values.kafkaMirrorMaker.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaMirrorMaker.image.tagPrefix }}-kafka-3.3.1
- 3.3.2={{ default .Values.defaultImageRegistry .Values.kafkaMirrorMaker.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaMirrorMaker.image.repository }}/{{ .Values.kafkaMirrorMaker.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaMirrorMaker.image.tagPrefix }}-kafka-3.3.2
- 3.4.0={{ default .Values.defaultImageRegistry .Values.kafkaMirrorMaker.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaMirrorMaker.image.repository }}/{{ .Values.kafkaMirrorMaker.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaMirrorMaker.image.tagPrefix }}-kafka-3.4.0
+ 3.3.1={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.3.1")) }}
+ 3.3.2={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.3.2")) }}
+ 3.4.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.4.0")) }}
- name: STRIMZI_KAFKA_MIRROR_MAKER_2_IMAGES
value: |
- 3.2.0={{ default .Values.defaultImageRegistry .Values.kafkaMirrorMaker2.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaMirrorMaker2.image.repository }}/{{ .Values.kafkaMirrorMaker2.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaMirrorMaker2.image.tagPrefix }}-kafka-3.2.0
- 3.2.1={{ default .Values.defaultImageRegistry .Values.kafkaMirrorMaker2.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaMirrorMaker2.image.repository }}/{{ .Values.kafkaMirrorMaker2.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaMirrorMaker2.image.tagPrefix }}-kafka-3.2.1
- 3.2.3={{ default .Values.defaultImageRegistry .Values.kafkaMirrorMaker2.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaMirrorMaker2.image.repository }}/{{ .Values.kafkaMirrorMaker2.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaMirrorMaker2.image.tagPrefix }}-kafka-3.2.3
- 3.3.1={{ default .Values.defaultImageRegistry .Values.kafkaMirrorMaker2.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaMirrorMaker2.image.repository }}/{{ .Values.kafkaMirrorMaker2.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaMirrorMaker2.image.tagPrefix }}-kafka-3.3.1
- 3.3.2={{ default .Values.defaultImageRegistry .Values.kafkaMirrorMaker2.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaMirrorMaker2.image.repository }}/{{ .Values.kafkaMirrorMaker2.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaMirrorMaker2.image.tagPrefix }}-kafka-3.3.2
- 3.4.0={{ default .Values.defaultImageRegistry .Values.kafkaMirrorMaker2.image.registry }}/{{ default .Values.defaultImageRepository .Values.kafkaMirrorMaker2.image.repository }}/{{ .Values.kafkaMirrorMaker2.image.name }}:{{ default .Values.defaultImageTag .Values.kafkaMirrorMaker2.image.tagPrefix }}-kafka-3.4.0
+ 3.3.1={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.3.1")) }}
+ 3.3.2={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.3.2")) }}
+ 3.4.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.4.0")) }}
{{- end -}}
diff --git a/helm-charts/helm3/strimzi-kafka-operator/values.yaml b/helm-charts/helm3/strimzi-kafka-operator/values.yaml
index 75673aa7c53..1e50454fcda 100644
--- a/helm-charts/helm3/strimzi-kafka-operator/values.yaml
+++ b/helm-charts/helm3/strimzi-kafka-operator/values.yaml
@@ -10,7 +10,7 @@ watchAnyNamespace: false
defaultImageRegistry: quay.io
defaultImageRepository: strimzi
-defaultImageTag: 0.33.2
+defaultImageTag: 0.34.0
image:
registry: ""
@@ -98,7 +98,7 @@ kafkaBridge:
registry: ""
repository:
name: kafka-bridge
- tag: 0.24.0
+ tag: 0.25.0
kafkaExporter:
image:
registry: ""
diff --git a/install/cluster-operator/040-Crd-kafka.yaml b/install/cluster-operator/040-Crd-kafka.yaml
index bec7c8bddde..71b59172512 100644
--- a/install/cluster-operator/040-Crd-kafka.yaml
+++ b/install/cluster-operator/040-Crd-kafka.yaml
@@ -162,6 +162,12 @@ spec:
groupsClaimDelimiter:
type: string
description: "A delimiter used to parse groups when they are extracted as a single String value rather than a JSON array. Default value is ',' (comma)."
+ httpRetries:
+ type: integer
+ description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries."
+ httpRetryPauseMs:
+ type: integer
+ description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request."
introspectionEndpointUri:
type: string
description: URI of the token introspection endpoint which can be used to validate opaque non-JWT tokens.
@@ -589,6 +595,10 @@ spec:
type: integer
minimum: 1
description: "The number of threads to use to refresh grants for active sessions. The more threads, the more parallelism, so the sooner the job completes. However, using more threads places a heavier load on the authorization server. The default value is 5."
+ httpRetries:
+ type: integer
+ minimum: 0
+ description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries."
initialCacheCapacity:
type: integer
description: Initial capacity of the local cache used by the authorizer to avoid querying the Open Policy Agent for every request Defaults to `5000`.
@@ -3048,6 +3058,12 @@ spec:
type: object
description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
description: Metadata applied to the resource.
+ deploymentStrategy:
+ type: string
+ enum:
+ - RollingUpdate
+ - Recreate
+ description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`.
description: Template for Entity Operator `Deployment`.
pod:
type: object
@@ -4060,6 +4076,12 @@ spec:
type: object
description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
description: Metadata applied to the resource.
+ deploymentStrategy:
+ type: string
+ enum:
+ - RollingUpdate
+ - Recreate
+ description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`.
description: Template for Cruise Control `Deployment`.
pod:
type: object
@@ -4902,6 +4924,12 @@ spec:
type: object
description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
description: Metadata applied to the resource.
+ deploymentStrategy:
+ type: string
+ enum:
+ - RollingUpdate
+ - Recreate
+ description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`.
description: Template for JmxTrans `Deployment`.
pod:
type: object
diff --git a/install/cluster-operator/041-Crd-kafkaconnect.yaml b/install/cluster-operator/041-Crd-kafkaconnect.yaml
index e013a1b7919..bb047f497ef 100644
--- a/install/cluster-operator/041-Crd-kafkaconnect.yaml
+++ b/install/cluster-operator/041-Crd-kafkaconnect.yaml
@@ -140,6 +140,12 @@ spec:
enableMetrics:
type: boolean
description: Enable or disable OAuth metrics. Default value is `false`.
+ httpRetries:
+ type: integer
+ description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries."
+ httpRetryPauseMs:
+ type: integer
+ description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request."
maxTokenExpirySeconds:
type: integer
description: Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens.
@@ -396,6 +402,22 @@ spec:
- Recreate
description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`.
description: Template for Kafka Connect `Deployment`.
+ podSet:
+ type: object
+ properties:
+ metadata:
+ type: object
+ properties:
+ labels:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ annotations:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ description: Metadata applied to the resource.
+ description: Template for Kafka Connect `StrimziPodSet` resource.
pod:
type: object
properties:
@@ -882,6 +904,37 @@ spec:
- IPv6
description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer."
description: Template for Kafka Connect API `Service`.
+ headlessService:
+ type: object
+ properties:
+ metadata:
+ type: object
+ properties:
+ labels:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ annotations:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ description: Metadata applied to the resource.
+ ipFamilyPolicy:
+ type: string
+ enum:
+ - SingleStack
+ - PreferDualStack
+ - RequireDualStack
+ description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer."
+ ipFamilies:
+ type: array
+ items:
+ type: string
+ enum:
+ - IPv4
+ - IPv6
+ description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer."
+ description: Template for Kafka Connect headless `Service`.
connectContainer:
type: object
properties:
diff --git a/install/cluster-operator/045-Crd-kafkamirrormaker.yaml b/install/cluster-operator/045-Crd-kafkamirrormaker.yaml
index ebc90e42c4f..1fe5fd4436d 100644
--- a/install/cluster-operator/045-Crd-kafkamirrormaker.yaml
+++ b/install/cluster-operator/045-Crd-kafkamirrormaker.yaml
@@ -145,6 +145,12 @@ spec:
enableMetrics:
type: boolean
description: Enable or disable OAuth metrics. Default value is `false`.
+ httpRetries:
+ type: integer
+ description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries."
+ httpRetryPauseMs:
+ type: integer
+ description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request."
maxTokenExpirySeconds:
type: integer
description: Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens.
@@ -313,6 +319,12 @@ spec:
enableMetrics:
type: boolean
description: Enable or disable OAuth metrics. Default value is `false`.
+ httpRetries:
+ type: integer
+ description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries."
+ httpRetryPauseMs:
+ type: integer
+ description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request."
maxTokenExpirySeconds:
type: integer
description: Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens.
diff --git a/install/cluster-operator/046-Crd-kafkabridge.yaml b/install/cluster-operator/046-Crd-kafkabridge.yaml
index 93a77a4f97c..24edcb78c58 100644
--- a/install/cluster-operator/046-Crd-kafkabridge.yaml
+++ b/install/cluster-operator/046-Crd-kafkabridge.yaml
@@ -143,6 +143,12 @@ spec:
enableMetrics:
type: boolean
description: Enable or disable OAuth metrics. Default value is `false`.
+ httpRetries:
+ type: integer
+ description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries."
+ httpRetryPauseMs:
+ type: integer
+ description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request."
maxTokenExpirySeconds:
type: integer
description: Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens.
diff --git a/install/cluster-operator/048-Crd-kafkamirrormaker2.yaml b/install/cluster-operator/048-Crd-kafkamirrormaker2.yaml
index fe8e844c04b..d73e7f51f47 100644
--- a/install/cluster-operator/048-Crd-kafkamirrormaker2.yaml
+++ b/install/cluster-operator/048-Crd-kafkamirrormaker2.yaml
@@ -152,6 +152,12 @@ spec:
enableMetrics:
type: boolean
description: Enable or disable OAuth metrics. Default value is `false`.
+ httpRetries:
+ type: integer
+ description: "The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries."
+ httpRetryPauseMs:
+ type: integer
+ description: "The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request."
maxTokenExpirySeconds:
type: integer
description: Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens.
@@ -511,6 +517,22 @@ spec:
- Recreate
description: Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`.
description: Template for Kafka Connect `Deployment`.
+ podSet:
+ type: object
+ properties:
+ metadata:
+ type: object
+ properties:
+ labels:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ annotations:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ description: Metadata applied to the resource.
+ description: Template for Kafka Connect `StrimziPodSet` resource.
pod:
type: object
properties:
@@ -997,6 +1019,37 @@ spec:
- IPv6
description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer."
description: Template for Kafka Connect API `Service`.
+ headlessService:
+ type: object
+ properties:
+ metadata:
+ type: object
+ properties:
+ labels:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Labels added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ annotations:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ description: "Annotations added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`."
+ description: Metadata applied to the resource.
+ ipFamilyPolicy:
+ type: string
+ enum:
+ - SingleStack
+ - PreferDualStack
+ - RequireDualStack
+ description: "Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type. Available on Kubernetes 1.20 and newer."
+ ipFamilies:
+ type: array
+ items:
+ type: string
+ enum:
+ - IPv4
+ - IPv6
+ description: "Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting. Available on Kubernetes 1.20 and newer."
+ description: Template for Kafka Connect headless `Service`.
connectContainer:
type: object
properties:
diff --git a/install/cluster-operator/060-Deployment-strimzi-cluster-operator.yaml b/install/cluster-operator/060-Deployment-strimzi-cluster-operator.yaml
index 0c4b8520118..11f923cfc62 100644
--- a/install/cluster-operator/060-Deployment-strimzi-cluster-operator.yaml
+++ b/install/cluster-operator/060-Deployment-strimzi-cluster-operator.yaml
@@ -27,7 +27,7 @@ spec:
name: strimzi-cluster-operator
containers:
- name: strimzi-cluster-operator
- image: quay.io/strimzi/operator:0.33.2
+ image: quay.io/strimzi/operator:0.34.0
ports:
- containerPort: 8080
name: http
@@ -48,57 +48,45 @@ spec:
- name: STRIMZI_OPERATION_TIMEOUT_MS
value: "300000"
- name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE
- value: quay.io/strimzi/kafka:0.33.2-kafka-3.4.0
+ value: quay.io/strimzi/kafka:0.34.0-kafka-3.4.0
- name: STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE
- value: quay.io/strimzi/kafka:0.33.2-kafka-3.4.0
+ value: quay.io/strimzi/kafka:0.34.0-kafka-3.4.0
- name: STRIMZI_DEFAULT_CRUISE_CONTROL_IMAGE
- value: quay.io/strimzi/kafka:0.33.2-kafka-3.4.0
+ value: quay.io/strimzi/kafka:0.34.0-kafka-3.4.0
- name: STRIMZI_KAFKA_IMAGES
value: |
- 3.2.0=quay.io/strimzi/kafka:0.33.2-kafka-3.2.0
- 3.2.1=quay.io/strimzi/kafka:0.33.2-kafka-3.2.1
- 3.2.3=quay.io/strimzi/kafka:0.33.2-kafka-3.2.3
- 3.3.1=quay.io/strimzi/kafka:0.33.2-kafka-3.3.1
- 3.3.2=quay.io/strimzi/kafka:0.33.2-kafka-3.3.2
- 3.4.0=quay.io/strimzi/kafka:0.33.2-kafka-3.4.0
+ 3.3.1=quay.io/strimzi/kafka:0.34.0-kafka-3.3.1
+ 3.3.2=quay.io/strimzi/kafka:0.34.0-kafka-3.3.2
+ 3.4.0=quay.io/strimzi/kafka:0.34.0-kafka-3.4.0
- name: STRIMZI_KAFKA_CONNECT_IMAGES
value: |
- 3.2.0=quay.io/strimzi/kafka:0.33.2-kafka-3.2.0
- 3.2.1=quay.io/strimzi/kafka:0.33.2-kafka-3.2.1
- 3.2.3=quay.io/strimzi/kafka:0.33.2-kafka-3.2.3
- 3.3.1=quay.io/strimzi/kafka:0.33.2-kafka-3.3.1
- 3.3.2=quay.io/strimzi/kafka:0.33.2-kafka-3.3.2
- 3.4.0=quay.io/strimzi/kafka:0.33.2-kafka-3.4.0
+ 3.3.1=quay.io/strimzi/kafka:0.34.0-kafka-3.3.1
+ 3.3.2=quay.io/strimzi/kafka:0.34.0-kafka-3.3.2
+ 3.4.0=quay.io/strimzi/kafka:0.34.0-kafka-3.4.0
- name: STRIMZI_KAFKA_MIRROR_MAKER_IMAGES
value: |
- 3.2.0=quay.io/strimzi/kafka:0.33.2-kafka-3.2.0
- 3.2.1=quay.io/strimzi/kafka:0.33.2-kafka-3.2.1
- 3.2.3=quay.io/strimzi/kafka:0.33.2-kafka-3.2.3
- 3.3.1=quay.io/strimzi/kafka:0.33.2-kafka-3.3.1
- 3.3.2=quay.io/strimzi/kafka:0.33.2-kafka-3.3.2
- 3.4.0=quay.io/strimzi/kafka:0.33.2-kafka-3.4.0
+ 3.3.1=quay.io/strimzi/kafka:0.34.0-kafka-3.3.1
+ 3.3.2=quay.io/strimzi/kafka:0.34.0-kafka-3.3.2
+ 3.4.0=quay.io/strimzi/kafka:0.34.0-kafka-3.4.0
- name: STRIMZI_KAFKA_MIRROR_MAKER_2_IMAGES
value: |
- 3.2.0=quay.io/strimzi/kafka:0.33.2-kafka-3.2.0
- 3.2.1=quay.io/strimzi/kafka:0.33.2-kafka-3.2.1
- 3.2.3=quay.io/strimzi/kafka:0.33.2-kafka-3.2.3
- 3.3.1=quay.io/strimzi/kafka:0.33.2-kafka-3.3.1
- 3.3.2=quay.io/strimzi/kafka:0.33.2-kafka-3.3.2
- 3.4.0=quay.io/strimzi/kafka:0.33.2-kafka-3.4.0
+ 3.3.1=quay.io/strimzi/kafka:0.34.0-kafka-3.3.1
+ 3.3.2=quay.io/strimzi/kafka:0.34.0-kafka-3.3.2
+ 3.4.0=quay.io/strimzi/kafka:0.34.0-kafka-3.4.0
- name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE
- value: quay.io/strimzi/operator:0.33.2
+ value: quay.io/strimzi/operator:0.34.0
- name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE
- value: quay.io/strimzi/operator:0.33.2
+ value: quay.io/strimzi/operator:0.34.0
- name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE
- value: quay.io/strimzi/operator:0.33.2
+ value: quay.io/strimzi/operator:0.34.0
- name: STRIMZI_DEFAULT_KAFKA_BRIDGE_IMAGE
- value: quay.io/strimzi/kafka-bridge:0.24.0
+ value: quay.io/strimzi/kafka-bridge:0.25.0
- name: STRIMZI_DEFAULT_JMXTRANS_IMAGE
- value: quay.io/strimzi/jmxtrans:0.33.2
+ value: quay.io/strimzi/jmxtrans:0.34.0
- name: STRIMZI_DEFAULT_KANIKO_EXECUTOR_IMAGE
- value: quay.io/strimzi/kaniko-executor:0.33.2
+ value: quay.io/strimzi/kaniko-executor:0.34.0
- name: STRIMZI_DEFAULT_MAVEN_BUILDER
- value: quay.io/strimzi/maven-builder:0.33.2
+ value: quay.io/strimzi/maven-builder:0.34.0
- name: STRIMZI_OPERATOR_NAMESPACE
valueFrom:
fieldRef:
diff --git a/install/drain-cleaner/certmanager/000-Namespace.yaml b/install/drain-cleaner/certmanager/000-Namespace.yaml
index 9a9d13ac980..1aae5735aca 100644
--- a/install/drain-cleaner/certmanager/000-Namespace.yaml
+++ b/install/drain-cleaner/certmanager/000-Namespace.yaml
@@ -3,4 +3,4 @@ kind: Namespace
metadata:
name: strimzi-drain-cleaner
labels:
- app: strimzi-drain-cleaner
\ No newline at end of file
+ app: strimzi-drain-cleaner
diff --git a/install/drain-cleaner/certmanager/020-ClusterRole.yaml b/install/drain-cleaner/certmanager/020-ClusterRole.yaml
index 743eea84c7b..d6ef6f2534a 100644
--- a/install/drain-cleaner/certmanager/020-ClusterRole.yaml
+++ b/install/drain-cleaner/certmanager/020-ClusterRole.yaml
@@ -5,6 +5,8 @@ metadata:
labels:
app: strimzi-drain-cleaner
rules:
+ # Drain Cleaner needs to be able to get the Kafka or ZooKeeper pods that are being evicted and patch them with the
+ # annotation which tells Strimzi Cluster Operator to roll the Pod
- apiGroups:
- ""
resources:
diff --git a/install/drain-cleaner/certmanager/021-Role.yaml b/install/drain-cleaner/certmanager/021-Role.yaml
new file mode 100644
index 00000000000..d1787c571b9
--- /dev/null
+++ b/install/drain-cleaner/certmanager/021-Role.yaml
@@ -0,0 +1,29 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: strimzi-drain-cleaner
+ labels:
+ app: strimzi-drain-cleaner
+ namespace: strimzi-drain-cleaner
+rules:
+ # When certificate reloading is enabled, Drain Cleaner will delete itself to reload the certificates. Therefore it
+ # needs the right to delete the pods in its own namespace.
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - delete
+ # When certificate reloading is enabled, Strimzi needs to be able to get, list and watch the Secret with the
+ # certificate to detect any changes to it. The RBAC allows it to watch only one Secret with given name. If your
+ # certificate Secret has a custom name, you need to modify this Role accordingly.
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - watch
+ - list
+ resourceNames:
+ - strimzi-drain-cleaner
diff --git a/install/drain-cleaner/certmanager/031-RoleBinding.yaml b/install/drain-cleaner/certmanager/031-RoleBinding.yaml
new file mode 100644
index 00000000000..b1e4c9d2636
--- /dev/null
+++ b/install/drain-cleaner/certmanager/031-RoleBinding.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: strimzi-drain-cleaner
+ labels:
+ app: strimzi-drain-cleaner
+ namespace: strimzi-drain-cleaner
+subjects:
+ - kind: ServiceAccount
+ name: strimzi-drain-cleaner
+ namespace: strimzi-drain-cleaner
+roleRef:
+ kind: Role
+ name: strimzi-drain-cleaner
+ apiGroup: rbac.authorization.k8s.io
diff --git a/install/drain-cleaner/certmanager/040-Issuer.yaml b/install/drain-cleaner/certmanager/040-Issuer.yaml
index 5a1f4ad596b..5e4e4c985cb 100644
--- a/install/drain-cleaner/certmanager/040-Issuer.yaml
+++ b/install/drain-cleaner/certmanager/040-Issuer.yaml
@@ -6,4 +6,4 @@ metadata:
app: strimzi-drain-cleaner
namespace: strimzi-drain-cleaner
spec:
- selfSigned: {}
\ No newline at end of file
+ selfSigned: {}
diff --git a/install/drain-cleaner/certmanager/041-Certificate.yaml b/install/drain-cleaner/certmanager/041-Certificate.yaml
index 4a2c69c6388..5ec2cf16a07 100644
--- a/install/drain-cleaner/certmanager/041-Certificate.yaml
+++ b/install/drain-cleaner/certmanager/041-Certificate.yaml
@@ -9,8 +9,8 @@ spec:
secretName: strimzi-drain-cleaner
commonName: strimzi-drain-cleaner
dnsNames:
- - strimzi-drain-cleaner.strimzi-drain-cleaner.svc
- - strimzi-drain-cleaner.strimzi-drain-cleaner
- - strimzi-drain-cleaner
+ - strimzi-drain-cleaner.strimzi-drain-cleaner.svc
+ - strimzi-drain-cleaner.strimzi-drain-cleaner
+ - strimzi-drain-cleaner
issuerRef:
- name: strimzi-drain-cleaner
\ No newline at end of file
+ name: strimzi-drain-cleaner
diff --git a/install/drain-cleaner/certmanager/050-Service.yaml b/install/drain-cleaner/certmanager/050-Service.yaml
index 877ae8db3d7..dbb07f7e5ad 100644
--- a/install/drain-cleaner/certmanager/050-Service.yaml
+++ b/install/drain-cleaner/certmanager/050-Service.yaml
@@ -16,4 +16,4 @@ spec:
protocol: TCP
targetPort: 8443
selector:
- app: strimzi-drain-cleaner
\ No newline at end of file
+ app: strimzi-drain-cleaner
diff --git a/install/drain-cleaner/certmanager/060-Deployment.yaml b/install/drain-cleaner/certmanager/060-Deployment.yaml
index 658878e7465..dac38f14988 100644
--- a/install/drain-cleaner/certmanager/060-Deployment.yaml
+++ b/install/drain-cleaner/certmanager/060-Deployment.yaml
@@ -18,21 +18,35 @@ spec:
serviceAccountName: strimzi-drain-cleaner
containers:
- name: strimzi-drain-cleaner
- image: quay.io/strimzi/drain-cleaner:0.3.1
+ image: quay.io/strimzi/drain-cleaner:0.4.2
ports:
- containerPort: 8080
name: http
- containerPort: 8443
name: https
- command:
- - "/application"
- - "-Dquarkus.http.host=0.0.0.0"
- - "--kafka"
- - "--zookeeper"
+ env:
+ - name: STRIMZI_DRAIN_KAFKA
+ value: "true"
+ - name: STRIMZI_DRAIN_ZOOKEEPER
+ value: "true"
+ - name: STRIMZI_CERTIFICATE_WATCH_ENABLED
+ value: "true"
+ - name: STRIMZI_CERTIFICATE_WATCH_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: STRIMZI_CERTIFICATE_WATCH_POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ args:
+ - /opt/strimzi/bin/drain_cleaner_run.sh
volumeMounts:
- name: webhook-certificates
mountPath: "/etc/webhook-certificates"
readOnly: true
+ - name: tmp-dir
+ mountPath: "/tmp"
livenessProbe:
httpGet:
path: /health
@@ -49,5 +63,7 @@ spec:
- name: webhook-certificates
secret:
secretName: strimzi-drain-cleaner
+ - name: tmp-dir
+ emptyDir: {}
strategy:
type: RollingUpdate
diff --git a/install/drain-cleaner/certmanager/070-ValidatingWebhookConfiguration.yaml b/install/drain-cleaner/certmanager/070-ValidatingWebhookConfiguration.yaml
index 97b9fdf384b..6208bbc1c3c 100644
--- a/install/drain-cleaner/certmanager/070-ValidatingWebhookConfiguration.yaml
+++ b/install/drain-cleaner/certmanager/070-ValidatingWebhookConfiguration.yaml
@@ -9,11 +9,11 @@ metadata:
webhooks:
- name: strimzi-drain-cleaner.strimzi.io
rules:
- - apiGroups: [""]
+ - apiGroups: [""]
apiVersions: ["v1"]
- operations: ["CREATE"]
- resources: ["pods/eviction"]
- scope: "Namespaced"
+ operations: ["CREATE"]
+ resources: ["pods/eviction"]
+ scope: "Namespaced"
clientConfig:
service:
namespace: "strimzi-drain-cleaner"
@@ -24,4 +24,4 @@ webhooks:
admissionReviewVersions: ["v1"]
sideEffects: None
failurePolicy: Ignore
- timeoutSeconds: 5
\ No newline at end of file
+ timeoutSeconds: 5
diff --git a/install/drain-cleaner/kubernetes/000-Namespace.yaml b/install/drain-cleaner/kubernetes/000-Namespace.yaml
index 9a9d13ac980..1aae5735aca 100644
--- a/install/drain-cleaner/kubernetes/000-Namespace.yaml
+++ b/install/drain-cleaner/kubernetes/000-Namespace.yaml
@@ -3,4 +3,4 @@ kind: Namespace
metadata:
name: strimzi-drain-cleaner
labels:
- app: strimzi-drain-cleaner
\ No newline at end of file
+ app: strimzi-drain-cleaner
diff --git a/install/drain-cleaner/kubernetes/020-ClusterRole.yaml b/install/drain-cleaner/kubernetes/020-ClusterRole.yaml
index 743eea84c7b..d6ef6f2534a 100644
--- a/install/drain-cleaner/kubernetes/020-ClusterRole.yaml
+++ b/install/drain-cleaner/kubernetes/020-ClusterRole.yaml
@@ -5,6 +5,8 @@ metadata:
labels:
app: strimzi-drain-cleaner
rules:
+ # Drain Cleaner needs to be able to get the Kafka or ZooKeeper pods that are being evicted and patch them with the
+ # annotation which tells Strimzi Cluster Operator to roll the Pod
- apiGroups:
- ""
resources:
diff --git a/install/drain-cleaner/kubernetes/021-Role.yaml b/install/drain-cleaner/kubernetes/021-Role.yaml
new file mode 100644
index 00000000000..d1787c571b9
--- /dev/null
+++ b/install/drain-cleaner/kubernetes/021-Role.yaml
@@ -0,0 +1,29 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: strimzi-drain-cleaner
+ labels:
+ app: strimzi-drain-cleaner
+ namespace: strimzi-drain-cleaner
+rules:
+ # When certificate reloading is enabled, Drain Cleaner will delete itself to reload the certificates. Therefore it
+ # needs the right to delete the pods in its own namespace.
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - delete
+ # When certificate reloading is enabled, Strimzi needs to be able to get, list and watch the Secret with the
+ # certificate to detect any changes to it. The RBAC allows it to watch only one Secret with given name. If your
+ # certificate Secret has a custom name, you need to modify this Role accordingly.
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - watch
+ - list
+ resourceNames:
+ - strimzi-drain-cleaner
diff --git a/install/drain-cleaner/kubernetes/031-RoleBinding.yaml b/install/drain-cleaner/kubernetes/031-RoleBinding.yaml
new file mode 100644
index 00000000000..b1e4c9d2636
--- /dev/null
+++ b/install/drain-cleaner/kubernetes/031-RoleBinding.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: strimzi-drain-cleaner
+ labels:
+ app: strimzi-drain-cleaner
+ namespace: strimzi-drain-cleaner
+subjects:
+ - kind: ServiceAccount
+ name: strimzi-drain-cleaner
+ namespace: strimzi-drain-cleaner
+roleRef:
+ kind: Role
+ name: strimzi-drain-cleaner
+ apiGroup: rbac.authorization.k8s.io
diff --git a/install/drain-cleaner/kubernetes/040-Secret.yaml b/install/drain-cleaner/kubernetes/040-Secret.yaml
index 834b943476c..7c6ba129534 100644
--- a/install/drain-cleaner/kubernetes/040-Secret.yaml
+++ b/install/drain-cleaner/kubernetes/040-Secret.yaml
@@ -1,11 +1,14 @@
-kind: Secret
-apiVersion: v1
-metadata:
- name: strimzi-drain-cleaner
- labels:
- app: strimzi-drain-cleaner
- namespace: strimzi-drain-cleaner
-type: kubernetes.io/tls
-data:
- tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVsVENDQTMyZ0F3SUJBZ0lVZFVFeFR3UjFXQkFKc29YQzhaeWdkd1gySGV3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1hqRUxNQWtHQTFVRUJoTUNRMW94RHpBTkJnTlZCQWNUQmxCeVlXZDFaVEVlTUJ3R0ExVUVDaE1WVTNSeQphVzE2YVNCRWNtRnBiaUJEYkdWaGJtVnlNUjR3SEFZRFZRUURFeFZUZEhKcGJYcHBSSEpoYVc1RGJHVmhibVZ5ClEwRXdIaGNOTWpFd01USXpNakF6TkRBd1doY05NekF3TXpFeE1EUXpOREF3V2pCa01Rc3dDUVlEVlFRR0V3SkQKV2pFUE1BMEdBMVVFQnhNR1VISmhaM1ZsTVNFd0h3WURWUVFLRXhoVGRISnBiWHBwSUVWMmFXTjBhVzl1SUZkbApZbWh2YjJzeElUQWZCZ05WQkFNVEdGTjBjbWx0ZW1rZ1JYWnBZM1JwYjI0Z1YyVmlTRzl2YXpDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxZRWRiazBkbHBnZmNiUzhyUVRPNW84ME8rb2NrNVoKbTl4UGhkVlNjbUZMTTViSFhXZC9LemtSY09wdHR0V3M1bGJlamFIUThScmNYVEt3S2FiT2FQVUhDOHI1SEZiZApac2dzemRBUUFJN1lIbDNmYlhTMlJRZDg1TTU4TWo4RXAzVDZ1ajByM2tRZllUdWpKWEZyNXhxTHo4ZEdJTnZsCjVBUUM3V3RmVHpBM0tZVmtsVEdRYnU0enAydS9wdGNkRnJBSVFrRGxWdW5CaDlpZHMrZWEwL1FwZTV0QXhoTkMKNmZOck1IT3pRZzlhNHRxKzFyeFZYQVVHc1IvRHhRRkhvSTUvcFFmWU55c3NKS3pyeXBXNi9lT0hqb2xvNklCYQpDRzRzZUIwUXZXVnR4OW9pU3Raai9palpvSDZSVUtjb3BTOHVsNEhFd2Q1Q3Y0NXFJVmY2YS9VQ0F3RUFBYU9DCkFVTXdnZ0UvTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUIKQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBZEJnTlZIUTRFRmdRVUFFak9KSDduQWZZcE1BUG5qb3l5ZDdiQgpETUV3SHdZRFZSMGpCQmd3Rm9BVW9ybzJ6WnRDSzVpZjdNbFkzb2o4SEcwTmJIUXdnYjhHQTFVZEVRU0J0ekNCCnRJSVZjM1J5YVcxNmFTMWtjbUZwYmkxamJHVmhibVZ5Z2l0emRISnBiWHBwTFdSeVlXbHVMV05zWldGdVpYSXUKYzNSeWFXMTZhUzFrY21GcGJpMWpiR1ZoYm1WeWdpOXpkSEpwYlhwcExXUnlZV2x1TFdOc1pXRnVaWEl1YzNSeQphVzE2YVMxa2NtRnBiaTFqYkdWaGJtVnlMbk4yWTRJOWMzUnlhVzE2YVMxa2NtRnBiaTFqYkdWaGJtVnlMbk4wCmNtbHRlbWt0WkhKaGFXNHRZMnhsWVc1bGNpNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJEQU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBUUVBaGxNcEFHdThIOVRhMCtkbzVOWXBDU0Z5b1c1QW9SbUQvYnhlaGlxSGFxUFBwVi9EYlBRRwpvNXpMMWYzaWU2bkwwaTAvZy9vUGdCaW8rSjRKazBWOW14NGpKS0lsVzdZYmRid3p6aGpyVGJIV1lRRU5TeWdYCjFIRnY3QUNyNm5ZMU9tSnQ4MDdGK0xaS1RITnVrRGRnMFBJSU5jN1JlRmphQTlVaWM1WmY0NFdYc2NqS0RJQlcKK2VwcmVPelFFaHc1SUVYTHJSTUU3UGRCMURHRVk5NVhSWkpiZ05tNlpQcElidGdHSUpSWmd0UDFtcTZnVDRrTgpDZzNvRkQ3V2dSanU2cS9iNzJRd0hvYW84WXBYSFhlV1lBVWxvaTYrRDZYU0ZObHNrVk0wZmFxQTVKclFGN0NTCnJKcmhjSDJDUlFoRUlDODc4elZMNXBhampFQ3JhQ1ZyUmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlEakRDQ0FuU2dBd0lCQWdJVVpLSDkwOEE4ZG5JRHgrWTA4eHd5Y1hPNURvRXdEUVlKS29aSWh2Y05BUUVMCkJRQXdYakVMTUFrR0ExVUVCaE1DUTFveER6QU5CZ05WQkFjVEJsQnlZV2QxWlRFZU1Cd0dBMVVFQ2hNVlUzUnkKYVcxNmFTQkVjbUZwYmlCRGJHVmhibVZ5TVI0d0hBWURWUVFERXhWVGRISnBiWHBwUkhKaGFXNURiR1ZoYm1WeQpRMEV3SGhjTk1qRXdNVEl6TWpBek5EQXdXaGNOTWpZd01USXlNakF6TkRBd1dqQmVNUXN3Q1FZRFZRUUdFd0pECldqRVBNQTBHQTFVRUJ4TUdVSEpoWjNWbE1SNHdIQVlEVlFRS0V4VlRkSEpwYlhwcElFUnlZV2x1SUVOc1pXRnUKWlhJeEhqQWNCZ05WQkFNVEZWTjBjbWx0ZW1sRWNtRnBia05zWldGdVpYSkRRVENDQVNJd0RRWUpLb1pJaHZjTgpBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTk9GK0U2SWV5RXFUYWU1U1FOVTlSbGcxUkQ4b3Q3OTdXK0g1Uml6CkxXK2FVZmZrbDBBMjRGMW5iTTd2QU5ld01taHRFSW94eEhUeU5oNDJEaGtCZC9OWnAwcHRQQlNxZ2dpdDMzR1cKUVRuMUdrd1E4eWtaN1FTTHNTcVdYb3Fkd0t3RU5xaEJOWUhiUWhMRFVDTjNPdFlueVlZZ1p1UUVoN2ZOQ2lxaQpnZWt5NGJTK1kvckdFK3pBK05CbU9lc0k0WnBMVlZ3N3AzcVczV005enFqL2JKN25qQTgyd3d3NlhXUENPczJXCmhzMnZyNncraXVmR3dlQWVtOVVGOWFjbkplRGlWM1dIWGcxS2hiSVV3YTNWcTQ2dFRJNnhyWlgvUkNjdHFCbGoKTzJPN0s4eDRFQUJhK2c4MWZqRzRPeGtma3habkg5Ym1YZ0RjbmhsQndERkJZSkVDQXdFQUFhTkNNRUF3RGdZRApWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRktLNk5zMmJRaXVZCm4rekpXTjZJL0J4dERXeDBNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNxZU1ZUlcvRE00bFV4Q00weE82WnIKVkxkdnpvVXR6UE9ONDhzMkRRcnI2MFo5eXI1ejhsMkI5by83cU5oSXZicDkzcTFCY3JYcWQrUm04RnpOUEVWdApSRWNVOEVRZVZpZW1KaGE5VzR2bXlwLzdleEdkeWVVS2NMS0FHQSs0aXVzNUdieG8xcVA5cU9YRzlYSnVhMG9VCnI0T3VlM3J5UTZZV1dlbWUybk1QT3BNKzdGQ1lFTERpNGZvTXNnZDZPbCtWb1FUUUd3R3Q2QlU5VnJ3ZzM2dWQKUlhHZUtWcEYwaVlIR2NvQ1ltTEoraFhqT0JoL094Q1dmSzdMajFRUEJGay9pQXNOaEh5YXMvK1Ayd25taGFxUApFSFlUbG1QdW4wcmZwUHRSaWlNUE0xNEh4QUJRZmd0NytuZUQvcDZScGpmeml2aTZXT0dDc0RQVkY2RkJXaDFMCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
- tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzJCSFc1TkhaYVlIM0cKMHZLMEV6dWFQTkR2cUhKT1dadmNUNFhWVW5KaFN6T1d4MTFuZnlzNUVYRHFiYmJWck9aVzNvMmgwUEVhM0YweQpzQ21tem1qMUJ3dksrUnhXM1diSUxNM1FFQUNPMkI1ZDMyMTB0a1VIZk9UT2ZESS9CS2QwK3JvOUs5NUVIMkU3Cm95VnhhK2NhaTgvSFJpRGI1ZVFFQXUxclgwOHdOeW1GWkpVeGtHN3VNNmRydjZiWEhSYXdDRUpBNVZicHdZZlkKbmJQbm10UDBLWHViUU1ZVFF1bnphekJ6czBJUFd1TGF2dGE4VlZ3RkJyRWZ3OFVCUjZDT2Y2VUgyRGNyTENTcwo2OHFWdXYzamg0NkphT2lBV2dodUxIZ2RFTDFsYmNmYUlrcldZLzRvMmFCK2tWQ25LS1V2THBlQnhNSGVRcitPCmFpRlgrbXYxQWdNQkFBRUNnZ0VCQUlyMGZLc1hVZ05OQnJoeThyWm11R25YWStxU1BqRnlWM3FwZXhLUURxSVkKTnhvMHVTbjUrNVZscXo1TTQvZmNOenk2U29YdWJTS0VlT0hwZXVMTlVYTStIZEttdXV2VnVsRzNZcWdrajBoOQoxVEQxRVNxNHU1b3J6c0dVTHdmTkZjcElYMFd6NThzNTZaRU55OWY2K0VOYjJSUFloZDFhYytoY0U4U1V6bStQClk0c0NISEppR1g0Y3dLRUVoUnlCVWZqYm95MHJsTkVDUm5XVWFvWThYdjIwaW91dVpaSkkySklCaHNnRUpwSm8KZHNjYnNZOUJ6c3BBZnI2em02d0g2K2thM2lKMzhBb3gzeE9yY3AwczhHNUNjNDBYb2JyK1h3QW9ITjRRK2M3VApvZ3NqTU1DKzRrK2k4V0dQU1FkVlR2eWk5ay9ITUlYQXdUK0pWVFRhT1VFQ2dZRUEzRVlBUFdJYnJlV2QxS2UyCndEWWxzazFadDdYamJwSkpqVlJ3VjgyaUFRVXM5NWxyd0xkS3c3U1d2RHVXcnFVamMzck0wYlRodVhsRDBRcUcKVGwvczg2TFJBWGtqNFh0eFVaL2ZIS2R4bnNIU1JTa3JhVExSVWJ5ZDErMUxHbHJqMVkwaVJxbkhRVU1Wa1E1Nwo1Y3VTTks1NEN1VWQveVg4RGJpVzI4Ri9CQk1DZ1lFQTA0b0d1dTNXSFovdExyYm8yL3NSMTlrOUF0ZmpNbk1GCmtrSTMxcHBPR204c1NMdmZGWkRJTTRqSlcxMU9NZUNGS1lzOW52ZE9laCtlSnhENGowWTNtSExQbURFRVRuaWYKZzl0TlVwcXp1dGtUcTdPR002VE43Q2toR2lOQjN5SU1SbmVMWUVGVG5VM2Y0OXg1RS9aZDZ5Rm93b3gwVkNIZworcklvb3E0NkFOY0NnWUJYSFh3MHlwdEYwQnoyb0ltL1JPcnR0SGU2Rno1bVdZYXJWV3pFM1Blb1RhSzJIY0FtCnpKYk9CWnJqd1BGY0NzV1ZnMGlEMjNTMlJNWlVZMFF3dFBGaWZjOEpOUjdDcTI1cXFMNjFkMmVSTVBoM0Q4d3kKWTcyekJOU3NOQlhTeTRWMXpNWjBpZXJhM2F3bTNVS1U1RWpqZXVqUTdrSkp5WDBBOURMOW9HNGFid0tCZ0JtNApEbGxyMFR5STFTMTR6NWJ2VDV3T3JYeExBelIvQjQ1Z3ZxazQyWVlkUGlVWnNtWE0xSXB2ZHd2RXJGMGtEd3llCkFUL3lrWGdIb0JMZjNWaU9FUFJZQVNWZjBFWTZKQ3JEM3dMTURFNExWbmpwdXNkTW9qeTBRM0lLRjFncHE1UmwKdEd4ZmhPcjdMTjFuVU5FOGd1NnpnU2ttS242UUgrcGEvdFhJbVFUQkFvR0FPcCt0Rnl5ZG16RFJVZWwxMlhEUApFaFB3bmxDdzNSVjhrUUpjRk00eXhCbC9wQmp5K29vNU1NSlZyOFpQKzc1d1FSWkU5d21PZjk2MUVtV2N0VFZMClNVaDl4R3ljN2diY01JRlVQdXlnenVJNkNjWVhsRCtiR1VpUngrb29hRkNKL0pGVkh6bnRHc0RZY0J4TW13OUcKRFY0U2ZtZnlMeTRyRlFYdSsyRGVvY0k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+#
+# Follow the README.md file to generate a Secret with the actual certificates
+#
+#kind: Secret
+#apiVersion: v1
+#metadata:
+# name: strimzi-drain-cleaner
+# labels:
+# app: strimzi-drain-cleaner
+# namespace: strimzi-drain-cleaner
+#type: kubernetes.io/tls
+#data:
+# tls.crt: Cg==
+# tls.key: Cg==
diff --git a/install/drain-cleaner/kubernetes/050-Service.yaml b/install/drain-cleaner/kubernetes/050-Service.yaml
index 877ae8db3d7..dbb07f7e5ad 100644
--- a/install/drain-cleaner/kubernetes/050-Service.yaml
+++ b/install/drain-cleaner/kubernetes/050-Service.yaml
@@ -16,4 +16,4 @@ spec:
protocol: TCP
targetPort: 8443
selector:
- app: strimzi-drain-cleaner
\ No newline at end of file
+ app: strimzi-drain-cleaner
diff --git a/install/drain-cleaner/kubernetes/060-Deployment.yaml b/install/drain-cleaner/kubernetes/060-Deployment.yaml
index 658878e7465..dac38f14988 100644
--- a/install/drain-cleaner/kubernetes/060-Deployment.yaml
+++ b/install/drain-cleaner/kubernetes/060-Deployment.yaml
@@ -18,21 +18,35 @@ spec:
serviceAccountName: strimzi-drain-cleaner
containers:
- name: strimzi-drain-cleaner
- image: quay.io/strimzi/drain-cleaner:0.3.1
+ image: quay.io/strimzi/drain-cleaner:0.4.2
ports:
- containerPort: 8080
name: http
- containerPort: 8443
name: https
- command:
- - "/application"
- - "-Dquarkus.http.host=0.0.0.0"
- - "--kafka"
- - "--zookeeper"
+ env:
+ - name: STRIMZI_DRAIN_KAFKA
+ value: "true"
+ - name: STRIMZI_DRAIN_ZOOKEEPER
+ value: "true"
+ - name: STRIMZI_CERTIFICATE_WATCH_ENABLED
+ value: "true"
+ - name: STRIMZI_CERTIFICATE_WATCH_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: STRIMZI_CERTIFICATE_WATCH_POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ args:
+ - /opt/strimzi/bin/drain_cleaner_run.sh
volumeMounts:
- name: webhook-certificates
mountPath: "/etc/webhook-certificates"
readOnly: true
+ - name: tmp-dir
+ mountPath: "/tmp"
livenessProbe:
httpGet:
path: /health
@@ -49,5 +63,7 @@ spec:
- name: webhook-certificates
secret:
secretName: strimzi-drain-cleaner
+ - name: tmp-dir
+ emptyDir: {}
strategy:
type: RollingUpdate
diff --git a/install/drain-cleaner/kubernetes/070-ValidatingWebhookConfiguration.yaml b/install/drain-cleaner/kubernetes/070-ValidatingWebhookConfiguration.yaml
index 6a1b2a8880d..85107b9692c 100644
--- a/install/drain-cleaner/kubernetes/070-ValidatingWebhookConfiguration.yaml
+++ b/install/drain-cleaner/kubernetes/070-ValidatingWebhookConfiguration.yaml
@@ -7,19 +7,19 @@ metadata:
webhooks:
- name: strimzi-drain-cleaner.strimzi.io
rules:
- - apiGroups: [""]
+ - apiGroups: [""]
apiVersions: ["v1"]
- operations: ["CREATE"]
- resources: ["pods/eviction"]
- scope: "Namespaced"
+ operations: ["CREATE"]
+ resources: ["pods/eviction"]
+ scope: "Namespaced"
clientConfig:
service:
namespace: "strimzi-drain-cleaner"
name: "strimzi-drain-cleaner"
path: /drainer
port: 443
- caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqRENDQW5TZ0F3SUJBZ0lVWktIOTA4QThkbklEeCtZMDh4d3ljWE81RG9Fd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1hqRUxNQWtHQTFVRUJoTUNRMW94RHpBTkJnTlZCQWNUQmxCeVlXZDFaVEVlTUJ3R0ExVUVDaE1WVTNSeQphVzE2YVNCRWNtRnBiaUJEYkdWaGJtVnlNUjR3SEFZRFZRUURFeFZUZEhKcGJYcHBSSEpoYVc1RGJHVmhibVZ5ClEwRXdIaGNOTWpFd01USXpNakF6TkRBd1doY05Nall3TVRJeU1qQXpOREF3V2pCZU1Rc3dDUVlEVlFRR0V3SkQKV2pFUE1BMEdBMVVFQnhNR1VISmhaM1ZsTVI0d0hBWURWUVFLRXhWVGRISnBiWHBwSUVSeVlXbHVJRU5zWldGdQpaWEl4SGpBY0JnTlZCQU1URlZOMGNtbHRlbWxFY21GcGJrTnNaV0Z1WlhKRFFUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOT0YrRTZJZXlFcVRhZTVTUU5VOVJsZzFSRDhvdDc5N1crSDVSaXoKTFcrYVVmZmtsMEEyNEYxbmJNN3ZBTmV3TW1odEVJb3h4SFR5Tmg0MkRoa0JkL05acDBwdFBCU3FnZ2l0MzNHVwpRVG4xR2t3UTh5a1o3UVNMc1NxV1hvcWR3S3dFTnFoQk5ZSGJRaExEVUNOM090WW55WVlnWnVRRWg3Zk5DaXFpCmdla3k0YlMrWS9yR0UrekErTkJtT2VzSTRacExWVnc3cDNxVzNXTTl6cWovYko3bmpBODJ3d3c2WFdQQ09zMlcKaHMydnI2dytpdWZHd2VBZW05VUY5YWNuSmVEaVYzV0hYZzFLaGJJVXdhM1ZxNDZ0VEk2eHJaWC9SQ2N0cUJsagpPMk83Szh4NEVBQmErZzgxZmpHNE94a2ZreFpuSDlibVhnRGNuaGxCd0RGQllKRUNBd0VBQWFOQ01FQXdEZ1lEClZSMFBBUUgvQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGS0s2TnMyYlFpdVkKbit6SldONkkvQnh0RFd4ME1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ3FlTVlSVy9ETTRsVXhDTTB4TzZacgpWTGR2em9VdHpQT040OHMyRFFycjYwWjl5cjV6OGwyQjlvLzdxTmhJdmJwOTNxMUJjclhxZCtSbThGek5QRVZ0ClJFY1U4RVFlVmllbUpoYTlXNHZteXAvN2V4R2R5ZVVLY0xLQUdBKzRpdXM1R2J4bzFxUDlxT1hHOVhKdWEwb1UKcjRPdWUzcnlRNllXV2VtZTJuTVBPcE0rN0ZDWUVMRGk0Zm9Nc2dkNk9sK1ZvUVRRR3dHdDZCVTlWcndnMzZ1ZApSWEdlS1ZwRjBpWUhHY29DWW1MSitoWGpPQmgvT3hDV2ZLN0xqMVFQQkZrL2lBc05oSHlhcy8rUDJ3bm1oYXFQCkVIWVRsbVB1bjByZnBQdFJpaU1QTTE0SHhBQlFmZ3Q3K25lRC9wNlJwamZ6aXZpNldPR0NzRFBWRjZGQldoMUwKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
+ caBundle: Cg== # Add the generated certificate here
admissionReviewVersions: ["v1"]
sideEffects: None
failurePolicy: Ignore
- timeoutSeconds: 5
\ No newline at end of file
+ timeoutSeconds: 5
diff --git a/install/drain-cleaner/kubernetes/README.md b/install/drain-cleaner/kubernetes/README.md
index 1b3636179f2..296acc53caf 100644
--- a/install/drain-cleaner/kubernetes/README.md
+++ b/install/drain-cleaner/kubernetes/README.md
@@ -5,9 +5,113 @@ Kubernetes requires that `ValidationWebhooks` are secured using TLS.
So the web-hook service needs to have HTTPS support.
And the CA of the certificate used for this service needs to be specified in the `ValidatingWebhookConfiguration` resource.
-This directory contains sample files with pre-generated certificates.
-As long as you don't change the namespace name or any service / pod names, you can just install them.
+This directory contains sample installation files without certificates.
+The following procedures describe how to generate certificates and add them to installation files.
-Additionally, in the `webhook-certificates` subdirectory, you have files which you can use to generate your own certificates using the [`cfssl` tool](https://github.com/cloudflare/cfssl).
-In case you decide to generate your own certificates, you can use the script to generate them and then you have to update the `040-Secret.yaml` and `070-ValidatingWebhookConfiguration.yaml`.
-Remember, that both resources contain the certificates encoded in base64.
\ No newline at end of file
+## Generating certificates using OpenSSL
+
+Use the OpenSSL TLS management tool to generate the TLS certificate for the Strimzi Drain Cleaner webhook.
+The steps below have been tested with OpenSSL 1.1.1 and should work on Linux, MacOS, or in the Windows Subsystem for Linux.
+
+1) Create and navigate to a subdirectory called `tls-certificate`:
+
+ ```
+ mkdir tls-certificate
+ cd tls-certificate
+ ```
+2) Generate a CA public certificate and private key in the `tls-certificate` directory:
+ ```
+ openssl req -nodes -new -x509 -keyout ca.key -out ca.crt -subj "/CN=Strimzi Drain Cleaner CA"
+ ```
+ A `ca.crt` and `ca.key` file is created.
+3) Generate the private TLS key for the Strimzi Drain Cleaner:
+
+ ```
+ openssl genrsa -out tls.key 2048
+ ```
+
+ A `tls.key` file is created.
+4) Generate a Certificate Signing Request and sign it by adding the CA public certificate (`ca.crt`) you generated:
+
+ ```
+ openssl req -new -key tls.key -subj "/CN=strimzi-drain-cleaner.strimzi-drain-cleaner.svc" \
+ | openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -extfile <(printf "subjectAltName=DNS:strimzi-drain-cleaner.strimzi-drain-cleaner.svc") -out tls.crt
+ ```
+
+ A `tls.crt` file is created.
+ If you plan to change the name of the Strimzi Drain Cleaner service or install it into a different namespace, you have to change the Subject Alternative Name (SAN) of the certificate.
+ The SAN must follow the pattern `..svc`.
+5) The `tls-certificate` directory should now contain several certificate files which we will use in the installation files.
+ You can exit the `tls-certificate` directory now.
+
+ ```
+ cd ..
+ ```
+
+## Updating the installation files with the generated certificates
+
+After you have generated the certificates you need, update the installation files.
+This procedure assumes that you used the previous procedure to generate the certificate files.
+If you generated your certificates in a different way or on a different path, you should update the path in the commands.
+
+1) Edit the `caBundle` field in the [`070-ValidatingWebhookConfiguration.yaml`](070-ValidatingWebhookConfiguration.yaml) installation file to specify a Base64 encoded public key of your CA.
+ You can use the `base64` utility to get the Base64 encoded public key:
+
+ ```
+ base64 tls-certificate/ca.crt
+ ```
+
+ After adding the Base64 encoded public key, your YAML should look similar to this:
+
+ ```yaml
+ # ...
+ clientConfig:
+ service:
+ namespace: "strimzi-drain-cleaner"
+ name: "strimzi-drain-cleaner"
+ path: /drainer
+ port: 443
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKekNDQWcrZ0F3SUJBZ0lVSUNSMmtCRDlwdHFGTzhrRndtSEc5VVlhQTFJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0l6RWhNQjhHQTFVRUF3d1lVM1J5YVcxNmFTQkVjbUZwYmlCRGJHVmhibVZ5SUVOQk1CNFhEVEl5TURneQpPVEV6TkRJME1sb1hEVEl5TURreU9ERXpOREkwTWxvd0l6RWhNQjhHQTFVRUF3d1lVM1J5YVcxNmFTQkVjbUZwCmJpQkRiR1ZoYm1WeUlFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXFjUU8KbFRkV0V5SWliNGhwcmFUR3F6RUVham5pK0x2eERSTmEwY2lFcnY1MjNDdEVjOHNxMzliNGVoTFhpaEMrOTdwRQpCajJXTmQzVmszdlIzWGEvNk9LeU0yK21NdXlhaFprb0UyVThMRkpoS1JLdFU2bGg1QlFERU1TMkdrdWhZUWhhClNrM2J2NzVsVk1Bd3hldkEvY1J0RGRGK2dlUFN2c1NoZHhTSEtyZWxPSXdIeldkdnFkU2FUUW40cHFDdmdxMU0KRmJ0bmk0eTlMckVQOFYwSDNrWjJYM0pWUm01RVRkVlVDbU9yYm9lTHp6d0lXRWttNTZ6MFd0R0grcDRJNFhPeApHQzhvemViUDlTZkpNN2JRSzZPdCtVaStSY3puZ1gxQTlJWlFHbnlJR0Z3RDJvVmVFT3NIRzJHQlBxeGttZkIwCkI0bU92bXlnWjBtenVaOVl4UUlEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVL2FtZEY1ZUppNDRLQ1NybnJtaDUKVkd6Z054NHdId1lEVlIwakJCZ3dGb0FVL2FtZEY1ZUppNDRLQ1NybnJtaDVWR3pnTng0d0R3WURWUjBUQVFILwpCQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFtWG5hVTFGRVkrd25KbGcwQTNDM0NEMmlCTUNlCk9UemorTWtrdWZrdFM3OWhneG84VWh0bU80MjhZSitXbnhTaEcwcHN5SlZCdHFQYmdQeGJYR3pKbnpsbFUzYm0KQjUzdFNFZ2RYem9Md3pCQk1zNStzek9jSVZUK2VRT3NVREZheEFIZlh5ODFUdE96bXFoTVRQTGtiWkptY29DUwpYWFlobnFqZlhDVi9RdGYvUHB0RzlLRXBWZytsdDl4QWV1MzkvTi91TFZKQlBSc2psQ3dBQ0dIWUFSL3g2MnlvClJRR1dZZjJGOSs4dVIzN0VhK2QwaXpVTzVyUlBrb21uaml6V3Myc1Q0YkFTckZJMkhTQnF2S1VNTzVJeVZrVmYKSm1MWU9nZU9iTzhlZjFPRll5U1JheFgzUU5OUTR5UzRjR1R5WHVPbnEvMStTUGp4YTF2amJHRnFFUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+ # ...
+ ```
+2) Create the `strimzi-drain-cleaner` namespace:
+
+ ```
+ kubectl create ns strimzi-drain-cleaner
+ ```
+3) Use `kubectl` to create a secret named `strimzi-drain-cleaner` with the `tls.crt` and `tls.key` files you generated:
+
+ ```
+ kubectl create secret tls strimzi-drain-cleaner \
+ -n strimzi-drain-cleaner \
+ --cert=tls-certificate/tls.crt \
+ --key=tls-certificate/tls.key
+ ```
+
+ This secret is used by the Strimzi Drain Cleaner deployment.
+ The resulting Secret should look similar to this:
+
+ ```yaml
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ creationTimestamp: "2022-08-29T13:57:14Z"
+ name: strimzi-drain-cleaner
+ namespace: strimzi-drain-cleaner
+ resourceVersion: "224173"
+ uid: 10583b09-b8e1-4d34-bf35-10d4f247026d
+ type: kubernetes.io/tls
+ data:
+ tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1RENDQWN3Q0ZCUlJsaERKU0dKWkZtbHYwWFd6RWtSVkxUWjNNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1DTXgKSVRBZkJnTlZCQU1NR0ZOMGNtbHRlbWtnUkhKaGFXNGdRMnhsWVc1bGNpQkRRVEFlRncweU1qQTRNamt4TXpVegpNVGxhRncweU1qQTVNamd4TXpVek1UbGFNRG94T0RBMkJnTlZCQU1NTDNOMGNtbHRlbWt0WkhKaGFXNHRZMnhsCllXNWxjaTV6ZEhKcGJYcHBMV1J5WVdsdUxXTnNaV0Z1WlhJdWMzWmpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUYKQUFPQ0FROEFNSUlCQ2dLQ0FRRUEzTWRJSW1PWnVKU09xZ3hEdDdyVEZ2bnVSeS9RY25heGhldVJRcWMwQ05oNQpGTmRkWXYzZ3ZvNUQrNjlqSmwyRFMzOVgyNXhKSXF6eW5GR0NhdUd3SUk5dVE1ME53OVJBeHpldDNsQytDNDVYClMyc3p5UzA4OW91b1d1R1ZaYVZ4QzJlbkRuZCtYOXdzMWp5eEdqN093SVJvdG5CK096WFJsdFpIb001Z3dRcEUKVFVpR0VUdTRzQUtVeWZMbUNKVjVSWEtoZm1mNWNQT2E0ck13cTdPY2VRMzBmdGZSQWdVdGtOWm4wczNOZHQzUApzZjNUOXhXbHVkUlJVQzZ2VnNHZ2RZWmFpSDFOaHNSWkxVQ2JKT1Zic0kyMEh3NnFpOHUvT0JCZjU3bG83SUFLClZRSGhQRXB2NkI5cFRaR3kxR0NUcUxGdHhzUkRPYmt3eFJwWFVPWStxd0lEQVFBQk1BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUJBUUI1aTFWVkc0alFzb1pRSnRXeFA3c3FvWlRSNHdBejdWWlp2ME4xZkpFL1hlWng1bGNpRzdhagpKYkgxdjhuT3ZJc2FpaVNsWUJKNTJHRThmem5EZDJXTFZNczZ0d3VNc0hXa215dFZxT0VEY01GWmErSjN6eklKCnRpSHhGVHIrV2wrTmlOUCtDTzNOMmp3VWNIV0hwTm9TOUNBU01oNStnYjlHV2RxUFRKRCtSZmRTRk80aTFQNDkKcUlCOW8wRkJ3Nkc3L0ZXeG1jRHY3TmgzS2RiVzdwZDhPeCtCdjJlanZ2WXRzUzNBUmx2c0ZpWEh2N0lTdmV6aQphRnJMaElFcURFcHBMcmZTRU85VmR6N1VvV3NKV1BjdmwwQmJxRVNrakh3S2JJaFBrNzdRRU95QWFkRE5YTUFoCmJUUHg2czZLbStMUTQzWVhxTHMwODBjNWR4a01IbWJxCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+ tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBM01kSUltT1p1SlNPcWd4RHQ3clRGdm51UnkvUWNuYXhoZXVSUXFjMENOaDVGTmRkCll2M2d2bzVEKzY5akpsMkRTMzlYMjV4SklxenluRkdDYXVHd0lJOXVRNTBOdzlSQXh6ZXQzbEMrQzQ1WFMyc3oKeVMwODlvdW9XdUdWWmFWeEMyZW5EbmQrWDl3czFqeXhHajdPd0lSb3RuQitPelhSbHRaSG9NNWd3UXBFVFVpRwpFVHU0c0FLVXlmTG1DSlY1UlhLaGZtZjVjUE9hNHJNd3E3T2NlUTMwZnRmUkFnVXRrTlpuMHMzTmR0M1BzZjNUCjl4V2x1ZFJSVUM2dlZzR2dkWVphaUgxTmhzUlpMVUNiSk9WYnNJMjBIdzZxaTh1L09CQmY1N2xvN0lBS1ZRSGgKUEVwdjZCOXBUWkd5MUdDVHFMRnR4c1JET2Jrd3hScFhVT1krcXdJREFRQUJBb0lCQVFDM05xRkQrSWV1eDRtRQowRnk1OGM0UE9TVmw2ZVgvdDBRbXNKQ0JVYVE2MnZuUU05RUp2MGxzbVQ4TmRFVEJwOFMzT0Z3K29QbUlUeUdlClczM3hHSTFDMkFSWEU5UkNlTGV4R3lHc1pqRHdBaFdyUHJGZzk2dXBwY2YyYzFHNVlvdm5QUU5EWENLQmhvT20KM2dMU2x1Q1luc2tPN1ZlejV6dWhBdjI2RXNuMEp2ZnZqNEVlN0tKdmd0Wkc1cGZYbTh3TGcrNmFNUlFPWFNTTQpCaC9TN2dvVjEvcjJLemRXUUF4bmEvSXE4Q01pQVZCZDZkNFo2SUx1a056cE1iZkpQOTl0eVIybEdxYlJWS25hCnZkRkZmWE9jVElKNWFEWmxEblJVTzVWdDRuZ2FoV1pPVm1YTFdtdURzOUNTS1k5V2FUcmJMbThMdmVSTUcwTm8KcmJVRVp1bGhBb0dCQVBtVG8yU3R1cFNheHVjeGlPWThSSGZ0REhEbHgrNkQwbExzamRzeVkrbEkzUTZCcVM2WQpDUitNSUFNRDNlb3lSQnI0VjQ2K01lVEt5WklJUnUxOTNyamZhWEFOOWIxcUpuVWhxK1FOMkxsQzhhUlNuNlVOCkxhdS8vZCtYUWxoQ3BKZnNCUjl2U2Q3eCswQ1lZdk9rUmM1TkZ1eE1sTGh3N21OVFJMYnU4WTZaQW9HQkFPSjEKNXpiK0F1R0JUN2pQRkFHcnEzTHdySHdwellmbStoWG1tWS9waFFrMHkxTXU5cXRla1cwMUx6b1FVNW85ejRqWApBdUN3YlpvRkZPRWJGTlpQSVZGSDlDeUwzbndJQ2krZ0NPZXdlQTM2SGFUMUZMWkw1alhmNlVKZkdHQ1RiUEIxCk9QTmk4T00yY1h4aGt4aFNVbzJ1TGNDRGpHVGlBV1hOM01Fa3ZGWGpBb0dCQUx1cHp4L0NIbHpsY1JDZ3g1N1AKekhBYzE5RUFodkNMUUpoSDlYYlFFaDUxUW50STllenFOMW40WkkyLzE1cmxSeDY4aENINlU4d0V5OEs1NUpOcApwUktBTTJrbHBoVlNmeTV1TGpFaVZFY2gxazlJTFhEUFV2c2xONEZyM0dBL1pFSTBIN24rVlo2RmQvYWZYekJ5CjRtWjR3dmJWc3JKcGdHZEJVcGIzWHIxcEFvR0Fmelo2UnpNVHpUZkYzK3c3c2VDTXRFbXNxeWNVZFFaMGIvOFYKUG5tUXFTWkdIWmxoS2MwNjVsMGRCWUlNWkxYYU1tV09FVWdxbVgzSFI5amRzTEhNNW9zRUNFNGVFaEMySUNESApQOWVxNlRjYWxnS3l1dUVTRml1TkxpS2JZQTBSQWxiblFoblBkZU9zaHBHTmZ2a250TDBtcUdGOWFXSm9KSmNyCkxqaURyNzhDZ1lFQXY4V2ZqWGZqa3pTYlpTZVFWQTh2S0NrNG5hYkVpRjJqeWh6amtCODhlNDFLUHBnOUFrdGsKd0o3WEppVnlJaW5CMytHNjl0NWQzbGJ3NWVMNkp5bVhBVEtOdyttaE9jQVlLZ0Y2MFlxejg2KzdtUno1R0M3egpLM3NUaC9lVlNJVnJVdXJzSkltVk9EbHk2WkpqSXRBYitSOGNaOXFydEFtN1Q0eUVHTlFPdHJJPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
+ ```
+4) With the installation files prepared, deploy Strimzi Drain Cleaner:
+
+ ```
+ kubectl apply -f ./
+ ```
+
+## Certificate renewals
+
+Users are responsible for renewing the certificates before they expire.
+The certificates can be renewed by just repeating the whole process and applying the updated YAML files.
\ No newline at end of file
diff --git a/install/drain-cleaner/kubernetes/webhook-certificates/build.sh b/install/drain-cleaner/kubernetes/webhook-certificates/build.sh
deleted file mode 100755
index cf1ba6097e3..00000000000
--- a/install/drain-cleaner/kubernetes/webhook-certificates/build.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/bin/env bash
-
-function check_command_present() {
- command -v "${1}" >/dev/null 2>&1 || { echo -e >&2 "${RED}${1} is required but it's not installed.${NO_COLOUR}"; exit 1; }
-}
-
-check_command_present cfssl
-check_command_present openssl
-
-# Generate CA
-cfssl genkey -initca ca.json | cfssljson -bare ca
-
-# Sign webhook certificate
-cfssl genkey webhook.json | cfssljson -bare webhook
-cfssl sign -config config.json -profile server -ca ca.pem -ca-key ca-key.pem webhook.csr webhook.json | cfssljson -bare webhook
-
-# Create CRT bundles
-cat webhook.pem > webhook-bundle.crt
-cat ca.pem >> webhook-bundle.crt
-
-# Convert keys to PKCS8
-openssl pkcs8 -topk8 -nocrypt -in ca-key.pem -out ca.key
-openssl pkcs8 -topk8 -nocrypt -in webhook-key.pem -out webhook.key
\ No newline at end of file
diff --git a/install/drain-cleaner/kubernetes/webhook-certificates/ca-key.pem b/install/drain-cleaner/kubernetes/webhook-certificates/ca-key.pem
deleted file mode 100644
index d10b14174dd..00000000000
--- a/install/drain-cleaner/kubernetes/webhook-certificates/ca-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA04X4Toh7ISpNp7lJA1T1GWDVEPyi3v3tb4flGLMtb5pR9+SX
-QDbgXWdszu8A17AyaG0QijHEdPI2HjYOGQF381mnSm08FKqCCK3fcZZBOfUaTBDz
-KRntBIuxKpZeip3ArAQ2qEE1gdtCEsNQI3c61ifJhiBm5ASHt80KKqKB6TLhtL5j
-+sYT7MD40GY56wjhmktVXDunepbdYz3OqP9snueMDzbDDDpdY8I6zZaGza+vrD6K
-58bB4B6b1QX1pycl4OJXdYdeDUqFshTBrdWrjq1MjrGtlf9EJy2oGWM7Y7srzHgQ
-AFr6DzV+Mbg7GR+TFmcf1uZeANyeGUHAMUFgkQIDAQABAoIBAHy87Imjgrk0MUdP
-xPbqCwBEUmIKGiJWrMaw5TGDuK+v2dbOP0PnGLj8XPZLi7umdJOQfciBQNGWZMO8
-LOQiMZKYtEb31A573uMvZi2d5ik/mZpyBHOgjl2342qx8l7cWNsYQQNIMT27B2P5
-OjEwBspz/CvUv9iHs2F40R4DZ4kVHdj/t+lhDoCBNnHY3zGvNlMImYe8JhHeZvKC
-KHVp/5Qn7rCf12Fzts1Vwh/t/ciUtbGPZFftkMTBGEa9BNUK04a0xYM6xTFcrmHz
-htBxV17OKgfQWEiyIcaEJMZYDyKaJ1al93/u2/PjjWJhXgbGx6MPNw/IrSRpGh3f
-souJvmECgYEA8JmQE6OTJIENeG7Ki+XloiM+mVYZBLz3mQb1/SbgoQ7oMjjtIx9f
-GMLmYza8LjfTOr2fF3nc+Iu3lKznhrqoDqv1VNniF7+0FTHEYTTc+g9aL5uj3+2z
-PUxaccUdtAI9Ev32gchxnrox55TRo+n80l6ccrW1xvC+z+OarjkxXwMCgYEA4Q/2
-gheM3KbJw8QEYh6woMt4wMp7kb5jK3LY8PziZ71O3yiyz9+kJ9jkpGpJYKZFmj/T
-E/8zweVEjOhIU1rTgG/ZlmZwz4XMffhTf41RqqkZFREwq7x4eE3vfNgHR+7PsLoR
-wa/JzSOGC0KPJw3TVGRWnJph1tSeekdJYRAys9sCgYEAuCiiWhXjQ5awK9WJnUlL
-2i3l9VIsdi75yZzFXo6Kc1zIp+Bgynhxvq83zwsPQMUkHhsUEdEKLQgsbVVnJf3r
-Mse2UcswPoNSoMJmEQ14csKbgkM8TONRRYMS23BISwdHnijbrP0y0o6sMhj72d34
-0UDvuPGTAII3W0JYnDBUtOcCgYEA4HxEnAQTe69dRsgIuznzYZ8yZdJRqNCnKBpY
-6x7CUUlRF2QH3zIqEZjUjm55nE6c1DtfNe3yWS9uzcGPCp1oow5tkQfC9Ct4Choc
-Zvi1ga1DGHFaA6Js40qRWww7TvOT86nUtkW52sTZGfgcw46VwPKINZIDjv3qyPq7
-5XX7rMsCgYEArsAl1lsOwaLvlYQ19LT2QpxdWAR47lygNK1c+2aCPaUTMjRdW2ps
-tBqNP0toPbwfU4rFl9COKMFjwpkIgdMsNVG//MCtl4TYHaQEDQHlt41C1IP9Xx/c
-yOv4eAf9wuxqw4nYTEw2A9Jmo3NFfCunltZwSDhx2AKBGiQ8PaW5N38=
------END RSA PRIVATE KEY-----
diff --git a/install/drain-cleaner/kubernetes/webhook-certificates/ca.csr b/install/drain-cleaner/kubernetes/webhook-certificates/ca.csr
deleted file mode 100644
index dc605c9bfaf..00000000000
--- a/install/drain-cleaner/kubernetes/webhook-certificates/ca.csr
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICozCCAYsCAQAwXjELMAkGA1UEBhMCQ1oxDzANBgNVBAcTBlByYWd1ZTEeMBwG
-A1UEChMVU3RyaW16aSBEcmFpbiBDbGVhbmVyMR4wHAYDVQQDExVTdHJpbXppRHJh
-aW5DbGVhbmVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDThfhO
-iHshKk2nuUkDVPUZYNUQ/KLe/e1vh+UYsy1vmlH35JdANuBdZ2zO7wDXsDJobRCK
-McR08jYeNg4ZAXfzWadKbTwUqoIIrd9xlkE59RpMEPMpGe0Ei7Eqll6KncCsBDao
-QTWB20ISw1AjdzrWJ8mGIGbkBIe3zQoqooHpMuG0vmP6xhPswPjQZjnrCOGaS1Vc
-O6d6lt1jPc6o/2ye54wPNsMMOl1jwjrNlobNr6+sPornxsHgHpvVBfWnJyXg4ld1
-h14NSoWyFMGt1auOrUyOsa2V/0QnLagZYztjuyvMeBAAWvoPNX4xuDsZH5MWZx/W
-5l4A3J4ZQcAxQWCRAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAdJeAyNmRgjjI
-2Acwn9ved9Hr0W7EbBCtjvENNRwnMY6qB6h30Os+xzNOaiPLqaVNcsd4JoOGbYeQ
-bkGv/mTNwPJogN/ALlU/6XbLjrOQShF+YVQ9JuHG8TbVbBc+8OYp9480FimyQVVj
-umYUPpUeDUmHE92ePZwjKLaGJWtG1gTwFU1ihfvd8hvvmSNnI/yqET1Ff1S/F0wM
-lB4W3jwZgNrrhv46yhytTTLL5Bdo4shcdsY2zvoT65DbqqW5kydbp8YVDZzf84lm
-tfnNKhRtiCFYNsPcwPmYkOBdkiajk7Z38eYpEbsdwt+dLDnNC2EMkbrwJcl4M653
-ekW9gq75qw==
------END CERTIFICATE REQUEST-----
diff --git a/install/drain-cleaner/kubernetes/webhook-certificates/ca.json b/install/drain-cleaner/kubernetes/webhook-certificates/ca.json
deleted file mode 100644
index e157c7a9233..00000000000
--- a/install/drain-cleaner/kubernetes/webhook-certificates/ca.json
+++ /dev/null
@@ -1,14 +0,0 @@
-{
- "CN": "StrimziDrainCleanerCA",
- "names": [
- {
- "C": "CZ",
- "L": "Prague",
- "O": "Strimzi Drain Cleaner"
- }
- ],
- "key": {
- "algo": "rsa",
- "size": 2048
- }
-}
diff --git a/install/drain-cleaner/kubernetes/webhook-certificates/ca.key b/install/drain-cleaner/kubernetes/webhook-certificates/ca.key
deleted file mode 100644
index 06f4d8fadda..00000000000
--- a/install/drain-cleaner/kubernetes/webhook-certificates/ca.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDThfhOiHshKk2n
-uUkDVPUZYNUQ/KLe/e1vh+UYsy1vmlH35JdANuBdZ2zO7wDXsDJobRCKMcR08jYe
-Ng4ZAXfzWadKbTwUqoIIrd9xlkE59RpMEPMpGe0Ei7Eqll6KncCsBDaoQTWB20IS
-w1AjdzrWJ8mGIGbkBIe3zQoqooHpMuG0vmP6xhPswPjQZjnrCOGaS1VcO6d6lt1j
-Pc6o/2ye54wPNsMMOl1jwjrNlobNr6+sPornxsHgHpvVBfWnJyXg4ld1h14NSoWy
-FMGt1auOrUyOsa2V/0QnLagZYztjuyvMeBAAWvoPNX4xuDsZH5MWZx/W5l4A3J4Z
-QcAxQWCRAgMBAAECggEAfLzsiaOCuTQxR0/E9uoLAERSYgoaIlasxrDlMYO4r6/Z
-1s4/Q+cYuPxc9kuLu6Z0k5B9yIFA0ZZkw7ws5CIxkpi0RvfUDnve4y9mLZ3mKT+Z
-mnIEc6COXbfjarHyXtxY2xhBA0gxPbsHY/k6MTAGynP8K9S/2IezYXjRHgNniRUd
-2P+36WEOgIE2cdjfMa82UwiZh7wmEd5m8oIodWn/lCfusJ/XYXO2zVXCH+39yJS1
-sY9kV+2QxMEYRr0E1QrThrTFgzrFMVyuYfOG0HFXXs4qB9BYSLIhxoQkxlgPIpon
-VqX3f+7b8+ONYmFeBsbHow83D8itJGkaHd+yi4m+YQKBgQDwmZATo5MkgQ14bsqL
-5eWiIz6ZVhkEvPeZBvX9JuChDugyOO0jH18YwuZjNrwuN9M6vZ8Xedz4i7eUrOeG
-uqgOq/VU2eIXv7QVMcRhNNz6D1ovm6Pf7bM9TFpxxR20Aj0S/faByHGeujHnlNGj
-6fzSXpxytbXG8L7P45quOTFfAwKBgQDhD/aCF4zcpsnDxARiHrCgy3jAynuRvmMr
-ctjw/OJnvU7fKLLP36Qn2OSkaklgpkWaP9MT/zPB5USM6EhTWtOAb9mWZnDPhcx9
-+FN/jVGqqRkVETCrvHh4Te982AdH7s+wuhHBr8nNI4YLQo8nDdNUZFacmmHW1J56
-R0lhEDKz2wKBgQC4KKJaFeNDlrAr1YmdSUvaLeX1Uix2LvnJnMVejopzXMin4GDK
-eHG+rzfPCw9AxSQeGxQR0QotCCxtVWcl/esyx7ZRyzA+g1KgwmYRDXhywpuCQzxM
-41FFgxLbcEhLB0eeKNus/TLSjqwyGPvZ3fjRQO+48ZMAgjdbQlicMFS05wKBgQDg
-fEScBBN7r11GyAi7OfNhnzJl0lGo0KcoGljrHsJRSVEXZAffMioRmNSObnmcTpzU
-O1817fJZL27NwY8KnWijDm2RB8L0K3gKGhxm+LWBrUMYcVoDomzjSpFbDDtO85Pz
-qdS2RbnaxNkZ+BzDjpXA8og1kgOO/erI+rvldfusywKBgQCuwCXWWw7Bou+VhDX0
-tPZCnF1YBHjuXKA0rVz7ZoI9pRMyNF1bamy0Go0/S2g9vB9TisWX0I4owWPCmQiB
-0yw1Ub/8wK2XhNgdpAQNAeW3jULUg/1fH9zI6/h4B/3C7GrDidhMTDYD0majc0V8
-K6eW1nBIOHHYAoEaJDw9pbk3fw==
------END PRIVATE KEY-----
diff --git a/install/drain-cleaner/kubernetes/webhook-certificates/ca.pem b/install/drain-cleaner/kubernetes/webhook-certificates/ca.pem
deleted file mode 100644
index b452b64cb79..00000000000
--- a/install/drain-cleaner/kubernetes/webhook-certificates/ca.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDjDCCAnSgAwIBAgIUZKH908A8dnIDx+Y08xwycXO5DoEwDQYJKoZIhvcNAQEL
-BQAwXjELMAkGA1UEBhMCQ1oxDzANBgNVBAcTBlByYWd1ZTEeMBwGA1UEChMVU3Ry
-aW16aSBEcmFpbiBDbGVhbmVyMR4wHAYDVQQDExVTdHJpbXppRHJhaW5DbGVhbmVy
-Q0EwHhcNMjEwMTIzMjAzNDAwWhcNMjYwMTIyMjAzNDAwWjBeMQswCQYDVQQGEwJD
-WjEPMA0GA1UEBxMGUHJhZ3VlMR4wHAYDVQQKExVTdHJpbXppIERyYWluIENsZWFu
-ZXIxHjAcBgNVBAMTFVN0cmltemlEcmFpbkNsZWFuZXJDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANOF+E6IeyEqTae5SQNU9Rlg1RD8ot797W+H5Riz
-LW+aUffkl0A24F1nbM7vANewMmhtEIoxxHTyNh42DhkBd/NZp0ptPBSqggit33GW
-QTn1GkwQ8ykZ7QSLsSqWXoqdwKwENqhBNYHbQhLDUCN3OtYnyYYgZuQEh7fNCiqi
-geky4bS+Y/rGE+zA+NBmOesI4ZpLVVw7p3qW3WM9zqj/bJ7njA82www6XWPCOs2W
-hs2vr6w+iufGweAem9UF9acnJeDiV3WHXg1KhbIUwa3Vq46tTI6xrZX/RCctqBlj
-O2O7K8x4EABa+g81fjG4OxkfkxZnH9bmXgDcnhlBwDFBYJECAwEAAaNCMEAwDgYD
-VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKK6Ns2bQiuY
-n+zJWN6I/BxtDWx0MA0GCSqGSIb3DQEBCwUAA4IBAQCqeMYRW/DM4lUxCM0xO6Zr
-VLdvzoUtzPON48s2DQrr60Z9yr5z8l2B9o/7qNhIvbp93q1BcrXqd+Rm8FzNPEVt
-REcU8EQeViemJha9W4vmyp/7exGdyeUKcLKAGA+4ius5Gbxo1qP9qOXG9XJua0oU
-r4Oue3ryQ6YWWeme2nMPOpM+7FCYELDi4foMsgd6Ol+VoQTQGwGt6BU9Vrwg36ud
-RXGeKVpF0iYHGcoCYmLJ+hXjOBh/OxCWfK7Lj1QPBFk/iAsNhHyas/+P2wnmhaqP
-EHYTlmPun0rfpPtRiiMPM14HxABQfgt7+neD/p6Rpjfzivi6WOGCsDPVF6FBWh1L
------END CERTIFICATE-----
diff --git a/install/drain-cleaner/kubernetes/webhook-certificates/clean.sh b/install/drain-cleaner/kubernetes/webhook-certificates/clean.sh
deleted file mode 100755
index 0aed3cc2ffc..00000000000
--- a/install/drain-cleaner/kubernetes/webhook-certificates/clean.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/usr/bin/env bash
-
-rm -f *.pem
-rm -f *.key
-rm -f *.crt
-rm -f *.csr
\ No newline at end of file
diff --git a/install/drain-cleaner/kubernetes/webhook-certificates/config.json b/install/drain-cleaner/kubernetes/webhook-certificates/config.json
deleted file mode 100644
index 521a9969e96..00000000000
--- a/install/drain-cleaner/kubernetes/webhook-certificates/config.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
- "signing": {
- "profiles": {
- "CA": {
- "usages": ["cert sign"],
- "ca_constraint": { "is_ca": true, "max_path_len": 0 },
- "expiry": "80000h"
- },
- "server": {
- "usages": ["server auth", "client auth", "signing", "key encipherment"],
- "expiry": "80000h"
- },
- "email": {
- "usages": ["s/mime"],
- "expiry": "80000h"
- }
- },
- "default": {
- "usages": ["digital signature", "email protection"],
- "expiry": "80000h"
- }
- },
- "auth_key": {
- "garbage": {
- "type":"standard",
- "key":"0123456789ABCDEF0123456789ABCDEF"
- }
- }
-}
diff --git a/install/drain-cleaner/kubernetes/webhook-certificates/webhook-bundle.crt b/install/drain-cleaner/kubernetes/webhook-certificates/webhook-bundle.crt
deleted file mode 100644
index 3989042df56..00000000000
--- a/install/drain-cleaner/kubernetes/webhook-certificates/webhook-bundle.crt
+++ /dev/null
@@ -1,48 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIElTCCA32gAwIBAgIUdUExTwR1WBAJsoXC8ZygdwX2HewwDQYJKoZIhvcNAQEL
-BQAwXjELMAkGA1UEBhMCQ1oxDzANBgNVBAcTBlByYWd1ZTEeMBwGA1UEChMVU3Ry
-aW16aSBEcmFpbiBDbGVhbmVyMR4wHAYDVQQDExVTdHJpbXppRHJhaW5DbGVhbmVy
-Q0EwHhcNMjEwMTIzMjAzNDAwWhcNMzAwMzExMDQzNDAwWjBkMQswCQYDVQQGEwJD
-WjEPMA0GA1UEBxMGUHJhZ3VlMSEwHwYDVQQKExhTdHJpbXppIEV2aWN0aW9uIFdl
-Ymhvb2sxITAfBgNVBAMTGFN0cmltemkgRXZpY3Rpb24gV2ViSG9vazCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBALYEdbk0dlpgfcbS8rQTO5o80O+ock5Z
-m9xPhdVScmFLM5bHXWd/KzkRcOptttWs5lbejaHQ8RrcXTKwKabOaPUHC8r5HFbd
-ZsgszdAQAI7YHl3fbXS2RQd85M58Mj8Ep3T6uj0r3kQfYTujJXFr5xqLz8dGINvl
-5AQC7WtfTzA3KYVklTGQbu4zp2u/ptcdFrAIQkDlVunBh9ids+ea0/Qpe5tAxhNC
-6fNrMHOzQg9a4tq+1rxVXAUGsR/DxQFHoI5/pQfYNyssJKzrypW6/eOHjolo6IBa
-CG4seB0QvWVtx9oiStZj/ijZoH6RUKcopS8ul4HEwd5Cv45qIVf6a/UCAwEAAaOC
-AUMwggE/MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
-BQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUAEjOJH7nAfYpMAPnjoyyd7bB
-DMEwHwYDVR0jBBgwFoAUoro2zZtCK5if7MlY3oj8HG0NbHQwgb8GA1UdEQSBtzCB
-tIIVc3RyaW16aS1kcmFpbi1jbGVhbmVygitzdHJpbXppLWRyYWluLWNsZWFuZXIu
-c3RyaW16aS1kcmFpbi1jbGVhbmVygi9zdHJpbXppLWRyYWluLWNsZWFuZXIuc3Ry
-aW16aS1kcmFpbi1jbGVhbmVyLnN2Y4I9c3RyaW16aS1kcmFpbi1jbGVhbmVyLnN0
-cmltemktZHJhaW4tY2xlYW5lci5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0B
-AQsFAAOCAQEAhlMpAGu8H9Ta0+do5NYpCSFyoW5AoRmD/bxehiqHaqPPpV/DbPQG
-o5zL1f3ie6nL0i0/g/oPgBio+J4Jk0V9mx4jJKIlW7YbdbwzzhjrTbHWYQENSygX
-1HFv7ACr6nY1OmJt807F+LZKTHNukDdg0PIINc7ReFjaA9Uic5Zf44WXscjKDIBW
-+epreOzQEhw5IEXLrRME7PdB1DGEY95XRZJbgNm6ZPpIbtgGIJRZgtP1mq6gT4kN
-Cg3oFD7WgRju6q/b72QwHoao8YpXHXeWYAUloi6+D6XSFNlskVM0faqA5JrQF7CS
-rJrhcH2CRQhEIC878zVL5pajjECraCVrRg==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDjDCCAnSgAwIBAgIUZKH908A8dnIDx+Y08xwycXO5DoEwDQYJKoZIhvcNAQEL
-BQAwXjELMAkGA1UEBhMCQ1oxDzANBgNVBAcTBlByYWd1ZTEeMBwGA1UEChMVU3Ry
-aW16aSBEcmFpbiBDbGVhbmVyMR4wHAYDVQQDExVTdHJpbXppRHJhaW5DbGVhbmVy
-Q0EwHhcNMjEwMTIzMjAzNDAwWhcNMjYwMTIyMjAzNDAwWjBeMQswCQYDVQQGEwJD
-WjEPMA0GA1UEBxMGUHJhZ3VlMR4wHAYDVQQKExVTdHJpbXppIERyYWluIENsZWFu
-ZXIxHjAcBgNVBAMTFVN0cmltemlEcmFpbkNsZWFuZXJDQTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANOF+E6IeyEqTae5SQNU9Rlg1RD8ot797W+H5Riz
-LW+aUffkl0A24F1nbM7vANewMmhtEIoxxHTyNh42DhkBd/NZp0ptPBSqggit33GW
-QTn1GkwQ8ykZ7QSLsSqWXoqdwKwENqhBNYHbQhLDUCN3OtYnyYYgZuQEh7fNCiqi
-geky4bS+Y/rGE+zA+NBmOesI4ZpLVVw7p3qW3WM9zqj/bJ7njA82www6XWPCOs2W
-hs2vr6w+iufGweAem9UF9acnJeDiV3WHXg1KhbIUwa3Vq46tTI6xrZX/RCctqBlj
-O2O7K8x4EABa+g81fjG4OxkfkxZnH9bmXgDcnhlBwDFBYJECAwEAAaNCMEAwDgYD
-VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKK6Ns2bQiuY
-n+zJWN6I/BxtDWx0MA0GCSqGSIb3DQEBCwUAA4IBAQCqeMYRW/DM4lUxCM0xO6Zr
-VLdvzoUtzPON48s2DQrr60Z9yr5z8l2B9o/7qNhIvbp93q1BcrXqd+Rm8FzNPEVt
-REcU8EQeViemJha9W4vmyp/7exGdyeUKcLKAGA+4ius5Gbxo1qP9qOXG9XJua0oU
-r4Oue3ryQ6YWWeme2nMPOpM+7FCYELDi4foMsgd6Ol+VoQTQGwGt6BU9Vrwg36ud
-RXGeKVpF0iYHGcoCYmLJ+hXjOBh/OxCWfK7Lj1QPBFk/iAsNhHyas/+P2wnmhaqP
-EHYTlmPun0rfpPtRiiMPM14HxABQfgt7+neD/p6Rpjfzivi6WOGCsDPVF6FBWh1L
------END CERTIFICATE-----
diff --git a/install/drain-cleaner/kubernetes/webhook-certificates/webhook-key.pem b/install/drain-cleaner/kubernetes/webhook-certificates/webhook-key.pem
deleted file mode 100644
index 6d2520000f7..00000000000
--- a/install/drain-cleaner/kubernetes/webhook-certificates/webhook-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAtgR1uTR2WmB9xtLytBM7mjzQ76hyTlmb3E+F1VJyYUszlsdd
-Z38rORFw6m221azmVt6NodDxGtxdMrApps5o9QcLyvkcVt1myCzN0BAAjtgeXd9t
-dLZFB3zkznwyPwSndPq6PSveRB9hO6MlcWvnGovPx0Yg2+XkBALta19PMDcphWSV
-MZBu7jOna7+m1x0WsAhCQOVW6cGH2J2z55rT9Cl7m0DGE0Lp82swc7NCD1ri2r7W
-vFVcBQaxH8PFAUegjn+lB9g3KywkrOvKlbr944eOiWjogFoIbix4HRC9ZW3H2iJK
-1mP+KNmgfpFQpyilLy6XgcTB3kK/jmohV/pr9QIDAQABAoIBAQCK9HyrF1IDTQa4
-cvK2Zrhp12Pqkj4xcld6qXsSkA6iGDcaNLkp+fuVZas+TOP33Dc8ukqF7m0ihHjh
-6XrizVFzPh3Sprrr1bpRt2KoJI9IfdUw9REquLuaK87BlC8HzRXKSF9Fs+fLOemR
-DcvX+vhDW9kT2IXdWnPoXBPElM5vj2OLAhxyYhl+HMChBIUcgVH426MtK5TRAkZ1
-lGqGPF79tIqLrmWSSNiSAYbIBCaSaHbHG7GPQc7KQH6+s5usB+vpGt4id/AKMd8T
-q3KdLPBuQnONF6G6/l8AKBzeEPnO06ILIzDAvuJPovFhj0kHVU78ovZPxzCFwME/
-iVU02jlBAoGBANxGAD1iG63lndSntsA2JbJNWbe1426SSY1UcFfNogEFLPeZa8C3
-SsO0lrw7lq6lI3N6zNG04bl5Q9EKhk5f7POi0QF5I+F7cVGf3xyncZ7B0kUpK2ky
-0VG8ndftSxpa49WNIkapx0FDFZEOe+XLkjSueArlHf8l/A24ltvBfwQTAoGBANOK
-Brrt1h2f7S626Nv7EdfZPQLX4zJzBZJCN9aaThpvLEi73xWQyDOIyVtdTjHghSmL
-PZ73TnofnicQ+I9GN5hyz5gxBE54n4PbTVKas7rZE6uzhjOkzewpIRojQd8iDEZ3
-i2BBU51N3+PceRP2XeshaMKMdFQh4PqyKKKuOgDXAoGAVx18NMqbRdAc9qCJv0Tq
-7bR3uhc+ZlmGq1VsxNz3qE2ith3AJsyWzgWa48DxXArFlYNIg9t0tkTGVGNEMLTx
-Yn3PCTUewqtuaqi+tXdnkTD4dw/MMmO9swTUrDQV0suFdczGdInq2t2sJt1ClORI
-43ro0O5CScl9APQy/aBuGm8CgYAZuA5Za9E8iNUteM+W70+cDq18SwM0fweOYL6p
-ONmGHT4lGbJlzNSKb3cLxKxdJA8MngE/8pF4B6AS391YjhD0WAElX9BGOiQqw98C
-zAxOC1Z46brHTKI8tENyChdYKauUZbRsX4Tq+yzdZ1DRPILus4EpJip+kB/qWv7V
-yJkEwQKBgDqfrRcsnZsw0VHpddlwzxIT8J5QsN0VfJECXBTOMsQZf6QY8vqKOTDC
-Va/GT/u+cEEWRPcJjn/etRJlnLU1S0lIfcRsnO4G3DCBVD7soM7iOgnGF5Q/mxlI
-kcfqKGhQifyRVR857RrA2HAcTJsPRg1eEn5n8i8uKxUF7vtg3qHC
------END RSA PRIVATE KEY-----
diff --git a/install/drain-cleaner/kubernetes/webhook-certificates/webhook.csr b/install/drain-cleaner/kubernetes/webhook-certificates/webhook.csr
deleted file mode 100644
index d8884a2ced7..00000000000
--- a/install/drain-cleaner/kubernetes/webhook-certificates/webhook.csr
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIDgDCCAmgCAQAwZDELMAkGA1UEBhMCQ1oxDzANBgNVBAcTBlByYWd1ZTEhMB8G
-A1UEChMYU3RyaW16aSBFdmljdGlvbiBXZWJob29rMSEwHwYDVQQDExhTdHJpbXpp
-IEV2aWN0aW9uIFdlYkhvb2swggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQC2BHW5NHZaYH3G0vK0EzuaPNDvqHJOWZvcT4XVUnJhSzOWx11nfys5EXDqbbbV
-rOZW3o2h0PEa3F0ysCmmzmj1BwvK+RxW3WbILM3QEACO2B5d3210tkUHfOTOfDI/
-BKd0+ro9K95EH2E7oyVxa+cai8/HRiDb5eQEAu1rX08wNymFZJUxkG7uM6drv6bX
-HRawCEJA5VbpwYfYnbPnmtP0KXubQMYTQunzazBzs0IPWuLavta8VVwFBrEfw8UB
-R6COf6UH2DcrLCSs68qVuv3jh46JaOiAWghuLHgdEL1lbcfaIkrWY/4o2aB+kVCn
-KKUvLpeBxMHeQr+OaiFX+mv1AgMBAAGggdYwgdMGCSqGSIb3DQEJDjGBxTCBwjCB
-vwYDVR0RBIG3MIG0ghVzdHJpbXppLWRyYWluLWNsZWFuZXKCK3N0cmltemktZHJh
-aW4tY2xlYW5lci5zdHJpbXppLWRyYWluLWNsZWFuZXKCL3N0cmltemktZHJhaW4t
-Y2xlYW5lci5zdHJpbXppLWRyYWluLWNsZWFuZXIuc3Zjgj1zdHJpbXppLWRyYWlu
-LWNsZWFuZXIuc3RyaW16aS1kcmFpbi1jbGVhbmVyLnN2Yy5jbHVzdGVyLmxvY2Fs
-MA0GCSqGSIb3DQEBCwUAA4IBAQBzq4X5XZPJAz30RrzaUXGnB21Nqo7c5Af2Dqtc
-wwal+apYzHgPP+/r+7Df/TFnZJ4ThPkaQYCNLMpPeRdKcT9rWgC82WNSeQucpe2I
-Em4OMrLL5SY4MsK5TzP5ihcM9zV7KXZth9B5IAKuanluJUfOROReW4fSXvQZ767j
-qSRPm4iuRF/NYQVau5TH2PmN+gR8mITP5P5sMzdTiUCLpVrAp06qR+/WrIlMNj6g
-boN+/DYFFdjNHxlQq47D/oqVeeShcXcxQwJ76pMkSligdOOJcBuMvf1fuHl/5I0w
-oGFGjMPktFWsHAeIVkJmI+06Fa7YTdjppv0ELWEwA4fClZ/n
------END CERTIFICATE REQUEST-----
diff --git a/install/drain-cleaner/kubernetes/webhook-certificates/webhook.json b/install/drain-cleaner/kubernetes/webhook-certificates/webhook.json
deleted file mode 100644
index 421c597d98f..00000000000
--- a/install/drain-cleaner/kubernetes/webhook-certificates/webhook.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
- "CN": "Strimzi Eviction WebHook",
- "names": [
- {
- "C": "CZ",
- "L": "Prague",
- "O": "Strimzi Eviction Webhook"
- }
- ],
- "key": {
- "algo": "rsa",
- "size": 2048
- },
- "hosts": [
- "strimzi-drain-cleaner",
- "strimzi-drain-cleaner.strimzi-drain-cleaner",
- "strimzi-drain-cleaner.strimzi-drain-cleaner.svc",
- "strimzi-drain-cleaner.strimzi-drain-cleaner.svc.cluster.local"
- ]
-}
diff --git a/install/drain-cleaner/kubernetes/webhook-certificates/webhook.key b/install/drain-cleaner/kubernetes/webhook-certificates/webhook.key
deleted file mode 100644
index bbfe868204e..00000000000
--- a/install/drain-cleaner/kubernetes/webhook-certificates/webhook.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC2BHW5NHZaYH3G
-0vK0EzuaPNDvqHJOWZvcT4XVUnJhSzOWx11nfys5EXDqbbbVrOZW3o2h0PEa3F0y
-sCmmzmj1BwvK+RxW3WbILM3QEACO2B5d3210tkUHfOTOfDI/BKd0+ro9K95EH2E7
-oyVxa+cai8/HRiDb5eQEAu1rX08wNymFZJUxkG7uM6drv6bXHRawCEJA5VbpwYfY
-nbPnmtP0KXubQMYTQunzazBzs0IPWuLavta8VVwFBrEfw8UBR6COf6UH2DcrLCSs
-68qVuv3jh46JaOiAWghuLHgdEL1lbcfaIkrWY/4o2aB+kVCnKKUvLpeBxMHeQr+O
-aiFX+mv1AgMBAAECggEBAIr0fKsXUgNNBrhy8rZmuGnXY+qSPjFyV3qpexKQDqIY
-Nxo0uSn5+5Vlqz5M4/fcNzy6SoXubSKEeOHpeuLNUXM+HdKmuuvVulG3Yqgkj0h9
-1TD1ESq4u5orzsGULwfNFcpIX0Wz58s56ZENy9f6+ENb2RPYhd1ac+hcE8SUzm+P
-Y4sCHHJiGX4cwKEEhRyBUfjboy0rlNECRnWUaoY8Xv20iouuZZJI2JIBhsgEJpJo
-dscbsY9BzspAfr6zm6wH6+ka3iJ38Aox3xOrcp0s8G5Cc40Xobr+XwAoHN4Q+c7T
-ogsjMMC+4k+i8WGPSQdVTvyi9k/HMIXAwT+JVTTaOUECgYEA3EYAPWIbreWd1Ke2
-wDYlsk1Zt7XjbpJJjVRwV82iAQUs95lrwLdKw7SWvDuWrqUjc3rM0bThuXlD0QqG
-Tl/s86LRAXkj4XtxUZ/fHKdxnsHSRSkraTLRUbyd1+1LGlrj1Y0iRqnHQUMVkQ57
-5cuSNK54CuUd/yX8DbiW28F/BBMCgYEA04oGuu3WHZ/tLrbo2/sR19k9AtfjMnMF
-kkI31ppOGm8sSLvfFZDIM4jJW11OMeCFKYs9nvdOeh+eJxD4j0Y3mHLPmDEETnif
-g9tNUpqzutkTq7OGM6TN7CkhGiNB3yIMRneLYEFTnU3f49x5E/Zd6yFowox0VCHg
-+rIooq46ANcCgYBXHXw0yptF0Bz2oIm/ROrttHe6Fz5mWYarVWzE3PeoTaK2HcAm
-zJbOBZrjwPFcCsWVg0iD23S2RMZUY0QwtPFifc8JNR7Cq25qqL61d2eRMPh3D8wy
-Y72zBNSsNBXSy4V1zMZ0iera3awm3UKU5EjjeujQ7kJJyX0A9DL9oG4abwKBgBm4
-Dllr0TyI1S14z5bvT5wOrXxLAzR/B45gvqk42YYdPiUZsmXM1IpvdwvErF0kDwye
-AT/ykXgHoBLf3ViOEPRYASVf0EY6JCrD3wLMDE4LVnjpusdMojy0Q3IKF1gpq5Rl
-tGxfhOr7LN1nUNE8gu6zgSkmKn6QH+pa/tXImQTBAoGAOp+tFyydmzDRUel12XDP
-EhPwnlCw3RV8kQJcFM4yxBl/pBjy+oo5MMJVr8ZP+75wQRZE9wmOf961EmWctTVL
-SUh9xGyc7gbcMIFUPuygzuI6CcYXlD+bGUiRx+ooaFCJ/JFVHzntGsDYcBxMmw9G
-DV4SfmfyLy4rFQXu+2DeocI=
------END PRIVATE KEY-----
diff --git a/install/drain-cleaner/kubernetes/webhook-certificates/webhook.pem b/install/drain-cleaner/kubernetes/webhook-certificates/webhook.pem
deleted file mode 100644
index 974bd84381b..00000000000
--- a/install/drain-cleaner/kubernetes/webhook-certificates/webhook.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIElTCCA32gAwIBAgIUdUExTwR1WBAJsoXC8ZygdwX2HewwDQYJKoZIhvcNAQEL
-BQAwXjELMAkGA1UEBhMCQ1oxDzANBgNVBAcTBlByYWd1ZTEeMBwGA1UEChMVU3Ry
-aW16aSBEcmFpbiBDbGVhbmVyMR4wHAYDVQQDExVTdHJpbXppRHJhaW5DbGVhbmVy
-Q0EwHhcNMjEwMTIzMjAzNDAwWhcNMzAwMzExMDQzNDAwWjBkMQswCQYDVQQGEwJD
-WjEPMA0GA1UEBxMGUHJhZ3VlMSEwHwYDVQQKExhTdHJpbXppIEV2aWN0aW9uIFdl
-Ymhvb2sxITAfBgNVBAMTGFN0cmltemkgRXZpY3Rpb24gV2ViSG9vazCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBALYEdbk0dlpgfcbS8rQTO5o80O+ock5Z
-m9xPhdVScmFLM5bHXWd/KzkRcOptttWs5lbejaHQ8RrcXTKwKabOaPUHC8r5HFbd
-ZsgszdAQAI7YHl3fbXS2RQd85M58Mj8Ep3T6uj0r3kQfYTujJXFr5xqLz8dGINvl
-5AQC7WtfTzA3KYVklTGQbu4zp2u/ptcdFrAIQkDlVunBh9ids+ea0/Qpe5tAxhNC
-6fNrMHOzQg9a4tq+1rxVXAUGsR/DxQFHoI5/pQfYNyssJKzrypW6/eOHjolo6IBa
-CG4seB0QvWVtx9oiStZj/ijZoH6RUKcopS8ul4HEwd5Cv45qIVf6a/UCAwEAAaOC
-AUMwggE/MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
-BQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUAEjOJH7nAfYpMAPnjoyyd7bB
-DMEwHwYDVR0jBBgwFoAUoro2zZtCK5if7MlY3oj8HG0NbHQwgb8GA1UdEQSBtzCB
-tIIVc3RyaW16aS1kcmFpbi1jbGVhbmVygitzdHJpbXppLWRyYWluLWNsZWFuZXIu
-c3RyaW16aS1kcmFpbi1jbGVhbmVygi9zdHJpbXppLWRyYWluLWNsZWFuZXIuc3Ry
-aW16aS1kcmFpbi1jbGVhbmVyLnN2Y4I9c3RyaW16aS1kcmFpbi1jbGVhbmVyLnN0
-cmltemktZHJhaW4tY2xlYW5lci5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0B
-AQsFAAOCAQEAhlMpAGu8H9Ta0+do5NYpCSFyoW5AoRmD/bxehiqHaqPPpV/DbPQG
-o5zL1f3ie6nL0i0/g/oPgBio+J4Jk0V9mx4jJKIlW7YbdbwzzhjrTbHWYQENSygX
-1HFv7ACr6nY1OmJt807F+LZKTHNukDdg0PIINc7ReFjaA9Uic5Zf44WXscjKDIBW
-+epreOzQEhw5IEXLrRME7PdB1DGEY95XRZJbgNm6ZPpIbtgGIJRZgtP1mq6gT4kN
-Cg3oFD7WgRju6q/b72QwHoao8YpXHXeWYAUloi6+D6XSFNlskVM0faqA5JrQF7CS
-rJrhcH2CRQhEIC878zVL5pajjECraCVrRg==
------END CERTIFICATE-----
diff --git a/install/drain-cleaner/openshift/000-Namespace.yaml b/install/drain-cleaner/openshift/000-Namespace.yaml
index 9a9d13ac980..1aae5735aca 100644
--- a/install/drain-cleaner/openshift/000-Namespace.yaml
+++ b/install/drain-cleaner/openshift/000-Namespace.yaml
@@ -3,4 +3,4 @@ kind: Namespace
metadata:
name: strimzi-drain-cleaner
labels:
- app: strimzi-drain-cleaner
\ No newline at end of file
+ app: strimzi-drain-cleaner
diff --git a/install/drain-cleaner/openshift/020-ClusterRole.yaml b/install/drain-cleaner/openshift/020-ClusterRole.yaml
index 743eea84c7b..d6ef6f2534a 100644
--- a/install/drain-cleaner/openshift/020-ClusterRole.yaml
+++ b/install/drain-cleaner/openshift/020-ClusterRole.yaml
@@ -5,6 +5,8 @@ metadata:
labels:
app: strimzi-drain-cleaner
rules:
+ # Drain Cleaner needs to be able to get the Kafka or ZooKeeper pods that are being evicted and patch them with the
+ # annotation which tells Strimzi Cluster Operator to roll the Pod
- apiGroups:
- ""
resources:
diff --git a/install/drain-cleaner/openshift/021-Role.yaml b/install/drain-cleaner/openshift/021-Role.yaml
new file mode 100644
index 00000000000..d1787c571b9
--- /dev/null
+++ b/install/drain-cleaner/openshift/021-Role.yaml
@@ -0,0 +1,29 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: strimzi-drain-cleaner
+ labels:
+ app: strimzi-drain-cleaner
+ namespace: strimzi-drain-cleaner
+rules:
+ # When certificate reloading is enabled, Drain Cleaner will delete itself to reload the certificates. Therefore it
+ # needs the right to delete the pods in its own namespace.
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - delete
+ # When certificate reloading is enabled, Strimzi needs to be able to get, list and watch the Secret with the
+ # certificate to detect any changes to it. The RBAC allows it to watch only one Secret with given name. If your
+ # certificate Secret has a custom name, you need to modify this Role accordingly.
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - watch
+ - list
+ resourceNames:
+ - strimzi-drain-cleaner
diff --git a/install/drain-cleaner/openshift/031-RoleBinding.yaml b/install/drain-cleaner/openshift/031-RoleBinding.yaml
new file mode 100644
index 00000000000..b1e4c9d2636
--- /dev/null
+++ b/install/drain-cleaner/openshift/031-RoleBinding.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: strimzi-drain-cleaner
+ labels:
+ app: strimzi-drain-cleaner
+ namespace: strimzi-drain-cleaner
+subjects:
+ - kind: ServiceAccount
+ name: strimzi-drain-cleaner
+ namespace: strimzi-drain-cleaner
+roleRef:
+ kind: Role
+ name: strimzi-drain-cleaner
+ apiGroup: rbac.authorization.k8s.io
diff --git a/install/drain-cleaner/openshift/050-Service.yaml b/install/drain-cleaner/openshift/050-Service.yaml
index d4013d5a240..7e7d845766c 100644
--- a/install/drain-cleaner/openshift/050-Service.yaml
+++ b/install/drain-cleaner/openshift/050-Service.yaml
@@ -4,9 +4,9 @@ metadata:
name: strimzi-drain-cleaner
labels:
app: strimzi-drain-cleaner
+ namespace: strimzi-drain-cleaner
annotations:
service.beta.openshift.io/serving-cert-secret-name: strimzi-drain-cleaner
- namespace: strimzi-drain-cleaner
spec:
ports:
- port: 80
@@ -18,4 +18,4 @@ spec:
protocol: TCP
targetPort: 8443
selector:
- app: strimzi-drain-cleaner
\ No newline at end of file
+ app: strimzi-drain-cleaner
diff --git a/install/drain-cleaner/openshift/060-Deployment.yaml b/install/drain-cleaner/openshift/060-Deployment.yaml
index 658878e7465..dac38f14988 100644
--- a/install/drain-cleaner/openshift/060-Deployment.yaml
+++ b/install/drain-cleaner/openshift/060-Deployment.yaml
@@ -18,21 +18,35 @@ spec:
serviceAccountName: strimzi-drain-cleaner
containers:
- name: strimzi-drain-cleaner
- image: quay.io/strimzi/drain-cleaner:0.3.1
+ image: quay.io/strimzi/drain-cleaner:0.4.2
ports:
- containerPort: 8080
name: http
- containerPort: 8443
name: https
- command:
- - "/application"
- - "-Dquarkus.http.host=0.0.0.0"
- - "--kafka"
- - "--zookeeper"
+ env:
+ - name: STRIMZI_DRAIN_KAFKA
+ value: "true"
+ - name: STRIMZI_DRAIN_ZOOKEEPER
+ value: "true"
+ - name: STRIMZI_CERTIFICATE_WATCH_ENABLED
+ value: "true"
+ - name: STRIMZI_CERTIFICATE_WATCH_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: STRIMZI_CERTIFICATE_WATCH_POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ args:
+ - /opt/strimzi/bin/drain_cleaner_run.sh
volumeMounts:
- name: webhook-certificates
mountPath: "/etc/webhook-certificates"
readOnly: true
+ - name: tmp-dir
+ mountPath: "/tmp"
livenessProbe:
httpGet:
path: /health
@@ -49,5 +63,7 @@ spec:
- name: webhook-certificates
secret:
secretName: strimzi-drain-cleaner
+ - name: tmp-dir
+ emptyDir: {}
strategy:
type: RollingUpdate
diff --git a/install/drain-cleaner/openshift/070-ValidatingWebhookConfiguration.yaml b/install/drain-cleaner/openshift/070-ValidatingWebhookConfiguration.yaml
index e79848ddf73..0893663e09d 100644
--- a/install/drain-cleaner/openshift/070-ValidatingWebhookConfiguration.yaml
+++ b/install/drain-cleaner/openshift/070-ValidatingWebhookConfiguration.yaml
@@ -9,11 +9,11 @@ metadata:
webhooks:
- name: strimzi-drain-cleaner.strimzi.io
rules:
- - apiGroups: [""]
+ - apiGroups: [""]
apiVersions: ["v1"]
- operations: ["CREATE"]
- resources: ["pods/eviction"]
- scope: "Namespaced"
+ operations: ["CREATE"]
+ resources: ["pods/eviction"]
+ scope: "Namespaced"
clientConfig:
service:
namespace: "strimzi-drain-cleaner"
@@ -24,4 +24,4 @@ webhooks:
admissionReviewVersions: ["v1"]
sideEffects: None
failurePolicy: Ignore
- timeoutSeconds: 5
\ No newline at end of file
+ timeoutSeconds: 5
diff --git a/install/topic-operator/05-Deployment-strimzi-topic-operator.yaml b/install/topic-operator/05-Deployment-strimzi-topic-operator.yaml
index 210b7b70618..01bcaca3d42 100644
--- a/install/topic-operator/05-Deployment-strimzi-topic-operator.yaml
+++ b/install/topic-operator/05-Deployment-strimzi-topic-operator.yaml
@@ -22,7 +22,7 @@ spec:
sizeLimit: 5Mi
containers:
- name: strimzi-topic-operator
- image: quay.io/strimzi/operator:0.33.2
+ image: quay.io/strimzi/operator:0.34.0
args:
- /opt/strimzi/bin/topic_operator_run.sh
volumeMounts:
diff --git a/install/user-operator/05-Deployment-strimzi-user-operator.yaml b/install/user-operator/05-Deployment-strimzi-user-operator.yaml
index 4b9353133c9..f0aabca89da 100644
--- a/install/user-operator/05-Deployment-strimzi-user-operator.yaml
+++ b/install/user-operator/05-Deployment-strimzi-user-operator.yaml
@@ -22,7 +22,7 @@ spec:
sizeLimit: 5Mi
containers:
- name: strimzi-user-operator
- image: quay.io/strimzi/operator:0.33.2
+ image: quay.io/strimzi/operator:0.34.0
args:
- /opt/strimzi/bin/user_operator_run.sh
volumeMounts:
diff --git a/kafka-agent/pom.xml b/kafka-agent/pom.xml
index 66b9e96429b..5b550707c44 100644
--- a/kafka-agent/pom.xml
+++ b/kafka-agent/pom.xml
@@ -5,7 +5,7 @@
strimzi
io.strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
diff --git a/kafka-init/pom.xml b/kafka-init/pom.xml
index 232654726dc..dc32564cd02 100644
--- a/kafka-init/pom.xml
+++ b/kafka-init/pom.xml
@@ -5,7 +5,7 @@
strimzi
io.strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
kafka-init
diff --git a/mirror-maker-agent/pom.xml b/mirror-maker-agent/pom.xml
index b8bfdc7a0bb..f0e5368a2b6 100644
--- a/mirror-maker-agent/pom.xml
+++ b/mirror-maker-agent/pom.xml
@@ -5,7 +5,7 @@
strimzi
io.strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
diff --git a/mockkube/pom.xml b/mockkube/pom.xml
index 4f0a3903f42..4bc205ea20a 100644
--- a/mockkube/pom.xml
+++ b/mockkube/pom.xml
@@ -5,7 +5,7 @@
strimzi
io.strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
diff --git a/operator-common/pom.xml b/operator-common/pom.xml
index de2d1f5941d..64834dff785 100644
--- a/operator-common/pom.xml
+++ b/operator-common/pom.xml
@@ -4,7 +4,7 @@
io.strimzi
strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
operator-common
diff --git a/packaging/examples/security/keycloak-authorization/README.md b/packaging/examples/security/keycloak-authorization/README.md
index 02feafcddde..6b647486e61 100644
--- a/packaging/examples/security/keycloak-authorization/README.md
+++ b/packaging/examples/security/keycloak-authorization/README.md
@@ -7,13 +7,13 @@ This folder contains an example `Kafka` custom resource configured for OAuth 2.0
The folder also contains a Keycloak realm export to import into your Keycloak instance to support the example.
-Full instructions for the example are available in the [Strimzi Documentation](https://strimzi.io/docs/operators/in-development/configuring.html#proc-oauth-authorization-keycloak-example_str).
+Full instructions for the example are available in the [Strimzi Documentation](https://strimzi.io/docs/operators/0.34.0/configuring.html#proc-oauth-authorization-keycloak-example_str).
- [kafka-authz-realm.json](./kafka-authz-realm.json)
- The Keycloak realm export file
- [kafka-ephemeral-oauth-single-keycloak-authz.yaml](./kafka-ephemeral-oauth-single-keycloak-authz.yaml)
- The Kafka CR that defines a single-node Kafka cluster with `oauth` authentication and `keycloak` authorization,
- using the `kafka-authz` realm. See [full example instructions](https://strimzi.io/docs/operators/in-development/configuring.html#proc-oauth-authorization-keycloak-example_str) for proper preparation and deployment.
+ using the `kafka-authz` realm. See [full example instructions](https://strimzi.io/docs/operators/0.34.0/configuring.html#proc-oauth-authorization-keycloak-example_str) for proper preparation and deployment.
- [kafka-ephemeral-oauth-single-keycloak-authz-metrics.yaml](./kafka-ephemeral-oauth-single-keycloak-authz-metrics.yaml)
- The Kafka CR that defines a single-node Kafka cluster with `oauth` authentication and `keycloak` authorization,
with included configuration for exporting the OAuth metrics using Prometheus JMX exporter.
diff --git a/packaging/helm-charts/helm3/strimzi-kafka-operator/README.md b/packaging/helm-charts/helm3/strimzi-kafka-operator/README.md
index b808de347a6..2c91d0c8f3b 100644
--- a/packaging/helm-charts/helm3/strimzi-kafka-operator/README.md
+++ b/packaging/helm-charts/helm3/strimzi-kafka-operator/README.md
@@ -99,7 +99,7 @@ the documentation for more details.
| `watchAnyNamespace` | Watch the whole Kubernetes cluster (all namespaces) | `false` |
| `defaultImageRegistry` | Default image registry for all the images | `quay.io` |
| `defaultImageRepository` | Default image registry for all the images | `strimzi` |
-| `defaultImageTag` | Default image tag for all the images except Kafka Bridge | `latest` |
+| `defaultImageTag` | Default image tag for all the images except Kafka Bridge | `0.34.0` |
| `image.registry` | Override default Cluster Operator image registry | `nil` |
| `image.repository` | Override default Cluster Operator image repository | `nil` |
| `image.name` | Cluster Operator image name | `cluster-operator` |
diff --git a/packaging/helm-charts/helm3/strimzi-kafka-operator/values.yaml b/packaging/helm-charts/helm3/strimzi-kafka-operator/values.yaml
index 255192f9a69..1e50454fcda 100644
--- a/packaging/helm-charts/helm3/strimzi-kafka-operator/values.yaml
+++ b/packaging/helm-charts/helm3/strimzi-kafka-operator/values.yaml
@@ -10,7 +10,7 @@ watchAnyNamespace: false
defaultImageRegistry: quay.io
defaultImageRepository: strimzi
-defaultImageTag: latest
+defaultImageTag: 0.34.0
image:
registry: ""
diff --git a/packaging/helm-charts/index.yaml b/packaging/helm-charts/index.yaml
index 6b787884e80..d5f6bb53abf 100644
--- a/packaging/helm-charts/index.yaml
+++ b/packaging/helm-charts/index.yaml
@@ -44,6 +44,34 @@ entries:
- https://github.com/strimzi/drain-cleaner/releases/download/0.4.0/strimzi-drain-cleaner-helm-3-chart-0.4.0.tgz
version: 0.4.0
strimzi-kafka-operator:
+ - apiVersion: v2
+ appVersion: 0.34.0
+ created: "2023-03-15T20:56:43.352338+01:00"
+ description: 'Strimzi: Apache Kafka running on Kubernetes'
+ digest: 595211de0cbdf1bef509961340aee74eb74c57ad3a5560a9c5989879380f82d9
+ home: https://strimzi.io/
+ icon: https://raw.githubusercontent.com/strimzi/strimzi-kafka-operator/main/documentation/logo/strimzi_logo.png
+ keywords:
+ - kafka
+ - queue
+ - stream
+ - event
+ - messaging
+ - datastore
+ - topic
+ maintainers:
+ - name: Frawless
+ - name: ppatierno
+ - name: samuel-hawker
+ - name: scholzj
+ - name: tombentley
+ - name: sknot-rh
+ name: strimzi-kafka-operator
+ sources:
+ - https://github.com/strimzi/strimzi-kafka-operator
+ urls:
+ - https://github.com/strimzi/strimzi-kafka-operator/releases/download/0.34.0/strimzi-kafka-operator-helm-3-chart-0.34.0.tgz
+ version: 0.34.0
- apiVersion: v2
appVersion: 0.33.2
created: "2023-02-15T22:21:41.57966+01:00"
@@ -1260,4 +1288,4 @@ entries:
urls:
- https://github.com/strimzi/strimzi-kafka-operator/releases/download/0.6.0/strimzi-kafka-operator-0.6.0.tgz
version: 0.6.0
-generated: "2023-03-07T22:29:25.580043+01:00"
+generated: "2023-03-15T20:56:43.348657+01:00"
diff --git a/packaging/install/cluster-operator/060-Deployment-strimzi-cluster-operator.yaml b/packaging/install/cluster-operator/060-Deployment-strimzi-cluster-operator.yaml
index 46d1cdc52a0..11f923cfc62 100644
--- a/packaging/install/cluster-operator/060-Deployment-strimzi-cluster-operator.yaml
+++ b/packaging/install/cluster-operator/060-Deployment-strimzi-cluster-operator.yaml
@@ -27,7 +27,7 @@ spec:
name: strimzi-cluster-operator
containers:
- name: strimzi-cluster-operator
- image: quay.io/strimzi/operator:latest
+ image: quay.io/strimzi/operator:0.34.0
ports:
- containerPort: 8080
name: http
@@ -48,45 +48,45 @@ spec:
- name: STRIMZI_OPERATION_TIMEOUT_MS
value: "300000"
- name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE
- value: quay.io/strimzi/kafka:latest-kafka-3.4.0
+ value: quay.io/strimzi/kafka:0.34.0-kafka-3.4.0
- name: STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE
- value: quay.io/strimzi/kafka:latest-kafka-3.4.0
+ value: quay.io/strimzi/kafka:0.34.0-kafka-3.4.0
- name: STRIMZI_DEFAULT_CRUISE_CONTROL_IMAGE
- value: quay.io/strimzi/kafka:latest-kafka-3.4.0
+ value: quay.io/strimzi/kafka:0.34.0-kafka-3.4.0
- name: STRIMZI_KAFKA_IMAGES
value: |
- 3.3.1=quay.io/strimzi/kafka:latest-kafka-3.3.1
- 3.3.2=quay.io/strimzi/kafka:latest-kafka-3.3.2
- 3.4.0=quay.io/strimzi/kafka:latest-kafka-3.4.0
+ 3.3.1=quay.io/strimzi/kafka:0.34.0-kafka-3.3.1
+ 3.3.2=quay.io/strimzi/kafka:0.34.0-kafka-3.3.2
+ 3.4.0=quay.io/strimzi/kafka:0.34.0-kafka-3.4.0
- name: STRIMZI_KAFKA_CONNECT_IMAGES
value: |
- 3.3.1=quay.io/strimzi/kafka:latest-kafka-3.3.1
- 3.3.2=quay.io/strimzi/kafka:latest-kafka-3.3.2
- 3.4.0=quay.io/strimzi/kafka:latest-kafka-3.4.0
+ 3.3.1=quay.io/strimzi/kafka:0.34.0-kafka-3.3.1
+ 3.3.2=quay.io/strimzi/kafka:0.34.0-kafka-3.3.2
+ 3.4.0=quay.io/strimzi/kafka:0.34.0-kafka-3.4.0
- name: STRIMZI_KAFKA_MIRROR_MAKER_IMAGES
value: |
- 3.3.1=quay.io/strimzi/kafka:latest-kafka-3.3.1
- 3.3.2=quay.io/strimzi/kafka:latest-kafka-3.3.2
- 3.4.0=quay.io/strimzi/kafka:latest-kafka-3.4.0
+ 3.3.1=quay.io/strimzi/kafka:0.34.0-kafka-3.3.1
+ 3.3.2=quay.io/strimzi/kafka:0.34.0-kafka-3.3.2
+ 3.4.0=quay.io/strimzi/kafka:0.34.0-kafka-3.4.0
- name: STRIMZI_KAFKA_MIRROR_MAKER_2_IMAGES
value: |
- 3.3.1=quay.io/strimzi/kafka:latest-kafka-3.3.1
- 3.3.2=quay.io/strimzi/kafka:latest-kafka-3.3.2
- 3.4.0=quay.io/strimzi/kafka:latest-kafka-3.4.0
+ 3.3.1=quay.io/strimzi/kafka:0.34.0-kafka-3.3.1
+ 3.3.2=quay.io/strimzi/kafka:0.34.0-kafka-3.3.2
+ 3.4.0=quay.io/strimzi/kafka:0.34.0-kafka-3.4.0
- name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE
- value: quay.io/strimzi/operator:latest
+ value: quay.io/strimzi/operator:0.34.0
- name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE
- value: quay.io/strimzi/operator:latest
+ value: quay.io/strimzi/operator:0.34.0
- name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE
- value: quay.io/strimzi/operator:latest
+ value: quay.io/strimzi/operator:0.34.0
- name: STRIMZI_DEFAULT_KAFKA_BRIDGE_IMAGE
value: quay.io/strimzi/kafka-bridge:0.25.0
- name: STRIMZI_DEFAULT_JMXTRANS_IMAGE
- value: quay.io/strimzi/jmxtrans:latest
+ value: quay.io/strimzi/jmxtrans:0.34.0
- name: STRIMZI_DEFAULT_KANIKO_EXECUTOR_IMAGE
- value: quay.io/strimzi/kaniko-executor:latest
+ value: quay.io/strimzi/kaniko-executor:0.34.0
- name: STRIMZI_DEFAULT_MAVEN_BUILDER
- value: quay.io/strimzi/maven-builder:latest
+ value: quay.io/strimzi/maven-builder:0.34.0
- name: STRIMZI_OPERATOR_NAMESPACE
valueFrom:
fieldRef:
diff --git a/packaging/install/topic-operator/05-Deployment-strimzi-topic-operator.yaml b/packaging/install/topic-operator/05-Deployment-strimzi-topic-operator.yaml
index 46aca5d3304..01bcaca3d42 100644
--- a/packaging/install/topic-operator/05-Deployment-strimzi-topic-operator.yaml
+++ b/packaging/install/topic-operator/05-Deployment-strimzi-topic-operator.yaml
@@ -22,7 +22,7 @@ spec:
sizeLimit: 5Mi
containers:
- name: strimzi-topic-operator
- image: quay.io/strimzi/operator:latest
+ image: quay.io/strimzi/operator:0.34.0
args:
- /opt/strimzi/bin/topic_operator_run.sh
volumeMounts:
diff --git a/packaging/install/user-operator/05-Deployment-strimzi-user-operator.yaml b/packaging/install/user-operator/05-Deployment-strimzi-user-operator.yaml
index a45ad39226f..f0aabca89da 100644
--- a/packaging/install/user-operator/05-Deployment-strimzi-user-operator.yaml
+++ b/packaging/install/user-operator/05-Deployment-strimzi-user-operator.yaml
@@ -22,7 +22,7 @@ spec:
sizeLimit: 5Mi
containers:
- name: strimzi-user-operator
- image: quay.io/strimzi/operator:latest
+ image: quay.io/strimzi/operator:0.34.0
args:
- /opt/strimzi/bin/user_operator_run.sh
volumeMounts:
diff --git a/pom.xml b/pom.xml
index 99e2025604c..2683d0aeba3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
io.strimzi
strimzi
pom
- 0.34.0-SNAPSHOT
+ 0.34.0
diff --git a/release.version b/release.version
index 556fb9c6c8a..85e60ed180c 100644
--- a/release.version
+++ b/release.version
@@ -1 +1 @@
-0.34.0-SNAPSHOT
+0.34.0
diff --git a/systemtest/pom.xml b/systemtest/pom.xml
index 4a2449baf37..1a20e53d9aa 100644
--- a/systemtest/pom.xml
+++ b/systemtest/pom.xml
@@ -5,7 +5,7 @@
strimzi
io.strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
systemtest
diff --git a/test/pom.xml b/test/pom.xml
index 33cec62bbf4..b1bffbafd65 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -5,7 +5,7 @@
strimzi
io.strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
diff --git a/topic-operator/pom.xml b/topic-operator/pom.xml
index fdbc05f96ac..10b1b2039d7 100644
--- a/topic-operator/pom.xml
+++ b/topic-operator/pom.xml
@@ -5,7 +5,7 @@
io.strimzi
strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
topic-operator
diff --git a/tracing-agent/pom.xml b/tracing-agent/pom.xml
index 5e4639d2deb..eab17eaae27 100644
--- a/tracing-agent/pom.xml
+++ b/tracing-agent/pom.xml
@@ -5,7 +5,7 @@
strimzi
io.strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
diff --git a/user-operator/pom.xml b/user-operator/pom.xml
index 15936bce098..9127e81efad 100644
--- a/user-operator/pom.xml
+++ b/user-operator/pom.xml
@@ -4,7 +4,7 @@
io.strimzi
strimzi
- 0.34.0-SNAPSHOT
+ 0.34.0
4.0.0
user-operator