-
Notifications
You must be signed in to change notification settings - Fork 12
docs: add 0.22.0 release blog post #266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,132 @@ | ||
| --- | ||
| layout: post | ||
| title: "Kroxylicious release 0.22.0" | ||
| date: 2026-07-03 00:00:00 +0000 | ||
| author: "Rob Young" | ||
| author_url: "https://github.com/robobario" | ||
| # noinspection YAMLSchemaValidation | ||
| categories: blog kroxylicious-proxy releases | ||
| tags: [ "releases", "kroxylicious-proxy" ] | ||
| --- | ||
|
|
||
|
|
||
| Kroxylicious 0.22.0 has been released! | ||
| This release brings a new Record Encryption KMS implementation for Thales CipherTrust Manager, bumps the minimum Java version to 21, and improves operator resilience. | ||
| We've also been busy building the foundations for hot reload of virtual clusters. | ||
| We've taken our first steps towards routing a single client connection to multiple upstream clusters. | ||
| Thanks to everyone who contributed! | ||
| Check out the full [Changelog](https://github.com/kroxylicious/kroxylicious/blob/main/CHANGELOG.md#0220) for everything including deprecations, changes, and removals. | ||
|
|
||
| Here are the highlights: | ||
|
|
||
| ### Thales CipherTrust Manager KMS | ||
|
|
||
| Keith Wall added a new KMS provider for Record Encryption backed by [Thales CipherTrust Manager](https://cpl.thalesgroup.com/encryption/ciphertrust-manager). | ||
| Supported authentication mechanisms are username/password and client certificate authentication. | ||
|
|
||
| ```yaml | ||
| kms: CipherTrustKmsService | ||
| kmsConfig: | ||
| endpointUrl: https://ctm.example.com | ||
| userCredentials: | ||
| username: myuser | ||
| password: | ||
| passwordFile: /path/to/password | ||
| ``` | ||
|
|
||
| ### Named Cluster Definitions (`clusterDefinitions`) | ||
|
|
||
| Previously each virtual cluster had its own inline `targetCluster`, duplicating connection details across virtual clusters that share the same upstream. | ||
| Now you define the target cluster once under the top-level `clusterDefinitions` list and reference it with `target: { cluster: "<name>" }` from any virtual cluster. | ||
|
|
||
| **Before:** | ||
| ```yaml | ||
| virtualClusters: | ||
| - name: dev | ||
| targetCluster: | ||
| bootstrapServers: broker1:9092,broker2:9092 | ||
| - name: test | ||
| targetCluster: | ||
| bootstrapServers: broker1:9092,broker2:9092 | ||
| ``` | ||
|
|
||
| **After:** | ||
| ```yaml | ||
| clusterDefinitions: | ||
| - name: my-cluster | ||
| bootstrapServers: broker1:9092,broker2:9092 | ||
|
|
||
| virtualClusters: | ||
| - name: dev | ||
| target: | ||
| cluster: my-cluster | ||
| - name: test | ||
| target: | ||
| cluster: my-cluster | ||
| ``` | ||
|
|
||
| The `targetCluster` field is deprecated and will be removed in a future release, but continues to work unchanged for now. | ||
|
|
||
| ### KafkaProxyIngress Infrastructure Annotations | ||
|
|
||
| We added `KafkaProxyIngress.spec.infrastructure.annotations` to the KafkaProxyIngress custom resource. | ||
| The operator now propagates these custom annotations to the Services and Routes it manages. | ||
| For example, on AWS you can request a Network Load Balancer instead of the default Classic Load Balancer: | ||
|
|
||
| ```yaml | ||
| spec: | ||
| infrastructure: | ||
| annotations: | ||
| service.beta.kubernetes.io/aws-load-balancer-type: "nlb" | ||
| ``` | ||
|
|
||
| ### Java 21 Now Required | ||
|
|
||
| Java 17 support has been removed. **Java 21 is now the minimum runtime required.** | ||
|
|
||
| ### Operator Resilience | ||
|
|
||
| Sam Barker fixed a class of operator bugs where `KafkaProxy`, `KafkaService`, and `VirtualKafkaCluster` resources could get stuck under API server load or transient unavailability. | ||
| The operator watches related resources (such as Secrets and ConfigMaps) and reconciles the owning primary resource when they change. | ||
| Previously, each such event triggered a live API server lookup to find the primary resource; under pressure this could fail and leave the resource stuck. | ||
| The operator now reads from its local cache instead. | ||
|
|
||
| ### Foundations for What's Next | ||
|
|
||
| #### Hot Reload | ||
|
|
||
| [Urjit Patel](https://github.com/Uzziee) completed the hot-reload engine! | ||
| What this means is users that embed Kroxylicious can implement their own mechanism for dynamically reloading individual Virtual Clusters without restarting the whole proxy process. | ||
| Note that the standalone binary distribution and operator do not yet take advantage of this engine, we are currently shaping this in design proposal [#117](https://github.com/kroxylicious/design/pull/117). | ||
| Embedders today can use: | ||
| - The `KafkaProxy.reconfigure()` API to push a new configuration while the proxy is running. | ||
| - Add, remove, or replace the filter chains of individual virtual clusters. | ||
| - New metrics tracking lifecycle state: `kroxylicious_virtual_cluster_state`, `kroxylicious_virtual_cluster_transitions_total`, `kroxylicious_reconfigure_total` and `kroxylicious_reconfigure_duration_seconds`. | ||
|
|
||
| Big thank you to Urjit for driving this implementation. | ||
|
|
||
| #### Routing API | ||
|
|
||
| We have taken our first steps towards implementing the [Routing API](https://github.com/kroxylicious/design/blob/main/proposals/070-routing-api.md)! | ||
| We recently accepted this proposal which adds powerful capabilities to Kroxylicious. | ||
| Currently when a client connects to Kroxylicious, the proxy establishes a single connection to an upstream node. | ||
| The Routing API decouples things so that messages received on a single client connection can be routed to multiple upstream nodes. | ||
| The new features are not yet user facing, we have published the routing interfaces, enabling developers to start building Router implementations, and have begun implementing the Routing engine. | ||
|
|
||
|
|
||
| ### Community Contributions | ||
|
|
||
| This release included commits from: | ||
|
|
||
| [Dahyun Woo](https://github.com/dahyvuun), [DeCluttered](https://github.com/Decluttered), [Devendra Reddy Pennabadi](https://github.com/devareddy05), [DragonFSKY](https://github.com/DragonFSKY), Francisco Vila, Keith Wall, [mapan1984](https://github.com/mapan1984), PaulRMellor, [Piotr Płaczek](https://github.com/piotrpdev), [polachandu](https://github.com/polachandu), Robert Young, [Roshni R](https://github.com/Roshr2211), Sam Barker, Tom Bentley, [Urjit Patel](https://github.com/Uzziee) | ||
|
|
||
| Thank you all! | ||
|
|
||
| ### Artefacts | ||
|
|
||
| Binary distributions and container images are available on the [download](https://kroxylicious.io/download/0.22.0/) page. | ||
|
|
||
| ### Feedback | ||
|
|
||
| We'd love to hear from you! Whether you're kicking the tyres, running Kroxylicious in production, or just find the project interesting — drop by and say hello. | ||
| You can reach us through [Slack](https://kroxylicious.slack.com), [GitHub](https://github.com/kroxylicious/kroxylicious/issues) or even [bsky](https://bsky.app/profile/kroxylicious.io), or tell us in person on one of our upcoming [community calls]({% link join-us/community-call/index.md %}). | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
figured this would be at least something given we don't have docs yet