build(deps): bump api from 0.32.0 to 0.33.0

[dependabot]

Bumps api from 0.32.0 to 0.33.0.

Release notes

Sourced from api's releases.

0.33.0

Main changes since 0.32

⚠️ Important: Strimzi 0.33.0 supports only Kubernetes 1.19 and newer! Kubernetes versions 1.16, 1.17 and 1.18 are not supported anymore since Strimzi 0.32.

⚠️ Important: Direct upgrade from Strimzi 0.22 or earlier is not supported anymore!

New features and improvements

• Add support for Kafka 3.3.2
• Support loadBalancerClass attribute in listeners with type loadbalancer
• Support for automatically restarting failed Connect or Mirror Maker 2 connectors
• Redesign of Strimzi User Operator to improve its scalability
• Use Java 17 as the runtime for all containers and language level for all modules except api, crd-generator, crd-annotations, and test
• Improved FIPS (Federal Information Processing Standards) support
• Moved from using the Jaeger exporter to OTLP exporter by default
• Kafka Exporter support for Recreate deployment strategy
• ImageStream validation for Kafka Connect builds on OpenShift
• Support for configuring the metadata for the Role / RoleBinding of Entity Operator
• Add liveness and readiness probes specifically for nodes running in KRaft combined mode
• Upgrade HTTP bridge to latest 0.24.0 release

Known issues

• The TLS passthrough feature of the Ingress-NGINX Controller for Kubernetes is not compatible with some TLS features supported by Java 17 such as the session tickets extension. If you use type: ingress listener with enabled mTLS authentication, we recommend you to test if your clients are affected or not. If needed, you can also disable the session ticket extension in the Kafka brokers in your Kafka custom resource by setting the jdk.tls.server.enableSessionTicketExtension Java system property to false:

  apiVersion: kafka.strimzi.io/v1beta2
  kind: Kafka
  metadata:
    # ...
  spec:
    # ...
    kafka:
      jvmOptions:
        javaSystemProperties:
          - name: jdk.tls.server.enableSessionTicketExtension
            value: "false"
    # ...

  For more details, see kubernetes/ingress-nginx#9540.

Notable changes, deprecations, and removals

• The UseStrimziPodSet feature gate will move to GA in Strimzi 0.35. Support for StatefulSets will be removed from Strimzi right after the 0.34 release. Please use the Strimzi 0.33 release to test StrimziPodSets in your environment and report any major or blocking issues before the StatefulSet support is removed.
• The default length of any new SCRAM-SHA-512 passwords will be 32 characters instead of 12 characters used in the previous Strimzi versions. Existing passwords will not be affected by this change until they are regenerated (for example because the user secret is deleted). If you want to keep using the original password length, you can set it using the STRIMZI_SCRAM_SHA_PASSWORD_LENGTH environment variable in .spec.entityOperator.template.userOperatorContainer.env in the Kafka custom resource or in the Deployment of the standalone User Operator.

  userOperatorContainer:

... (truncated)

Changelog

Sourced from api's changelog.

0.33.0

• Add support for Kafka 3.3.2
• Support loadBalancerClass attribute in service with type loadBalancer
• Support for automatically restarting failed Connect or Mirror Maker 2 connectors
• Redesign of Strimzi User Operator to improve its scalability
• Use Java 17 as the runtime for all containers and language level for all modules except api, crd-generator, crd-annotations, and test
• Improved FIPS (Federal Information Processing Standards) support
• Upgrade Vert.x to 4.3.5
• Moved from using the Jaeger exporter to OTLP exporter by default
• Kafka Exporter support for Recreate deployment strategy
• ImageStream validation for Kafka Connect builds on OpenShift
• Support for configuring the metadata for the Role / RoleBinding of Entity Operator
• Add liveness and readiness probes specifically for nodes running in KRaft combined mode
• Upgrade HTTP bridge to latest 0.24.0 release

Known issues

• The TLS passthrough feature of the Ingress-NGINX Controller for Kubernetes is not compatible with some new TLS features supported by Java 17 such as the session tickets extension. If you use type: ingress listener with enabled mTLS authentication, we recommend you to test if your clients are affected or not. If needed, you can also disable the session ticket extension in the Kafka brokers in your Kafka custom resource by setting the jdk.tls.server.enableSessionTicketExtension Java system property to false:

  apiVersion: kafka.strimzi.io/v1beta2
  kind: Kafka
  metadata:
    # ...
  spec:
    # ...
    kafka:
      jvmOptions:
        javaSystemProperties:
          - name: jdk.tls.server.enableSessionTicketExtension
            value: "false"
    # ...

  For more details, see kubernetes/ingress-nginx#9540.

Changes, deprecations and removals

• The UseStrimziPodSet feature gate will move to GA in Strimzi 0.35. Support for StatefulSets will be removed from Strimzi right after the 0.34 release. Please use the Strimzi 0.33 release to test StrimziPodSets in your environment and report any major or blocking issues before the StatefulSet support is removed.
• The default length of any new SCRAM-SHA-512 passwords will be 32 characters instead of 12 characters used in the previous Strimzi versions. Existing passwords will not be affected by this change until they are regenerated (for example because the user secret is deleted). If you want to keep using the original password length, you can set it using the STRIMZI_SCRAM_SHA_PASSWORD_LENGTH environment variable in .spec.entityOperator.template.userOperatorContainer.env in the Kafka custom resource or in the Deployment of the standalone User Operator.

  userOperatorContainer:
    env:
      - name: STRIMZI_SCRAM_SHA_PASSWORD_LENGTH
        value: "12"

... (truncated)

Commits

• b3229f9 Add the Ingress TLS issues to CHANGELOG (#7966)
• 1dd15f0 Push test module to Maven
• fa5331c Update Sonatype Nexus Staging plugin
• c5a302c Prepare for 0.33.0
• 3e369f0 Add support for Kafka 3.3.2 (#7817)
• 496f6ad [systemtest] Disable testKafkaWithVersion when running tests with KRaft (#7937)
• c5041e0 Updated CHANGELOG with bridge release (#7932)
• bbe8186 Improve log dump script with short flags and klog support (#7919)
• 4082b18 docs(connectors): Updates connector content and adds auto-restart config (#7909)
• e81edac Updated bridge to 0.24.0 (#7925)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[apicurio-bot]

Thank you for creating a pull request!

Pinging @jsenko, @EricWittmann to respond or triage.