From 9a36180b18b98a61af9a3fb091cdec859d6cd896 Mon Sep 17 00:00:00 2001 From: Robert Young Date: Fri, 3 Jul 2026 10:46:19 +1200 Subject: [PATCH] docs: add 0.22.0 release blog post Assisted-by: Claude Sonnet 4.6 Signed-off-by: Robert Young --- _posts/2026-07-03-release-0_22_0.md | 132 ++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 _posts/2026-07-03-release-0_22_0.md diff --git a/_posts/2026-07-03-release-0_22_0.md b/_posts/2026-07-03-release-0_22_0.md new file mode 100644 index 0000000..ed00653 --- /dev/null +++ b/_posts/2026-07-03-release-0_22_0.md @@ -0,0 +1,132 @@ +--- +layout: post +title: "Kroxylicious release 0.22.0" +date: 2026-07-03 00:00:00 +0000 +author: "Rob Young" +author_url: "https://github.com/robobario" +# noinspection YAMLSchemaValidation +categories: blog kroxylicious-proxy releases +tags: [ "releases", "kroxylicious-proxy" ] +--- + + +Kroxylicious 0.22.0 has been released! +This release brings a new Record Encryption KMS implementation for Thales CipherTrust Manager, bumps the minimum Java version to 21, and improves operator resilience. +We've also been busy building the foundations for hot reload of virtual clusters. +We've taken our first steps towards routing a single client connection to multiple upstream clusters. +Thanks to everyone who contributed! +Check out the full [Changelog](https://github.com/kroxylicious/kroxylicious/blob/main/CHANGELOG.md#0220) for everything including deprecations, changes, and removals. + +Here are the highlights: + +### Thales CipherTrust Manager KMS + +Keith Wall added a new KMS provider for Record Encryption backed by [Thales CipherTrust Manager](https://cpl.thalesgroup.com/encryption/ciphertrust-manager). +Supported authentication mechanisms are username/password and client certificate authentication. + +```yaml +kms: CipherTrustKmsService +kmsConfig: + endpointUrl: https://ctm.example.com + userCredentials: + username: myuser + password: + passwordFile: /path/to/password +``` + +### Named Cluster Definitions (`clusterDefinitions`) + +Previously each virtual cluster had its own inline `targetCluster`, duplicating connection details across virtual clusters that share the same upstream. +Now you define the target cluster once under the top-level `clusterDefinitions` list and reference it with `target: { cluster: "" }` from any virtual cluster. + +**Before:** +```yaml +virtualClusters: + - name: dev + targetCluster: + bootstrapServers: broker1:9092,broker2:9092 + - name: test + targetCluster: + bootstrapServers: broker1:9092,broker2:9092 +``` + +**After:** +```yaml +clusterDefinitions: + - name: my-cluster + bootstrapServers: broker1:9092,broker2:9092 + +virtualClusters: + - name: dev + target: + cluster: my-cluster + - name: test + target: + cluster: my-cluster +``` + +The `targetCluster` field is deprecated and will be removed in a future release, but continues to work unchanged for now. + +### KafkaProxyIngress Infrastructure Annotations + +We added `KafkaProxyIngress.spec.infrastructure.annotations` to the KafkaProxyIngress custom resource. +The operator now propagates these custom annotations to the Services and Routes it manages. +For example, on AWS you can request a Network Load Balancer instead of the default Classic Load Balancer: + +```yaml +spec: + infrastructure: + annotations: + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" +``` + +### Java 21 Now Required + +Java 17 support has been removed. **Java 21 is now the minimum runtime required.** + +### Operator Resilience + +Sam Barker fixed a class of operator bugs where `KafkaProxy`, `KafkaService`, and `VirtualKafkaCluster` resources could get stuck under API server load or transient unavailability. +The operator watches related resources (such as Secrets and ConfigMaps) and reconciles the owning primary resource when they change. +Previously, each such event triggered a live API server lookup to find the primary resource; under pressure this could fail and leave the resource stuck. +The operator now reads from its local cache instead. + +### Foundations for What's Next + +#### Hot Reload + +[Urjit Patel](https://github.com/Uzziee) completed the hot-reload engine! +What this means is users that embed Kroxylicious can implement their own mechanism for dynamically reloading individual Virtual Clusters without restarting the whole proxy process. +Note that the standalone binary distribution and operator do not yet take advantage of this engine, we are currently shaping this in design proposal [#117](https://github.com/kroxylicious/design/pull/117). +Embedders today can use: +- The `KafkaProxy.reconfigure()` API to push a new configuration while the proxy is running. +- Add, remove, or replace the filter chains of individual virtual clusters. +- New metrics tracking lifecycle state: `kroxylicious_virtual_cluster_state`, `kroxylicious_virtual_cluster_transitions_total`, `kroxylicious_reconfigure_total` and `kroxylicious_reconfigure_duration_seconds`. + +Big thank you to Urjit for driving this implementation. + +#### Routing API + +We have taken our first steps towards implementing the [Routing API](https://github.com/kroxylicious/design/blob/main/proposals/070-routing-api.md)! +We recently accepted this proposal which adds powerful capabilities to Kroxylicious. +Currently when a client connects to Kroxylicious, the proxy establishes a single connection to an upstream node. +The Routing API decouples things so that messages received on a single client connection can be routed to multiple upstream nodes. +The new features are not yet user facing, we have published the routing interfaces, enabling developers to start building Router implementations, and have begun implementing the Routing engine. + + +### Community Contributions + +This release included commits from: + +[Dahyun Woo](https://github.com/dahyvuun), [DeCluttered](https://github.com/Decluttered), [Devendra Reddy Pennabadi](https://github.com/devareddy05), [DragonFSKY](https://github.com/DragonFSKY), Francisco Vila, Keith Wall, [mapan1984](https://github.com/mapan1984), PaulRMellor, [Piotr Płaczek](https://github.com/piotrpdev), [polachandu](https://github.com/polachandu), Robert Young, [Roshni R](https://github.com/Roshr2211), Sam Barker, Tom Bentley, [Urjit Patel](https://github.com/Uzziee) + +Thank you all! + +### Artefacts + +Binary distributions and container images are available on the [download](https://kroxylicious.io/download/0.22.0/) page. + +### Feedback + +We'd love to hear from you! Whether you're kicking the tyres, running Kroxylicious in production, or just find the project interesting — drop by and say hello. +You can reach us through [Slack](https://kroxylicious.slack.com), [GitHub](https://github.com/kroxylicious/kroxylicious/issues) or even [bsky](https://bsky.app/profile/kroxylicious.io), or tell us in person on one of our upcoming [community calls]({% link join-us/community-call/index.md %}).