generated from onedr0p/cluster-template
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(container): update image public.ecr.aws/emqx/emqx ( 5.7.2 → 5.8.1 ) #263
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- kubernetes/main/apps/database/emqx/cluster Kustomization: flux-system/emqx-cluster EMQX: database/emqx
+++ kubernetes/main/apps/database/emqx/cluster Kustomization: flux-system/emqx-cluster EMQX: database/emqx
@@ -57,8 +57,8 @@
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: local-generic
- image: public.ecr.aws/emqx/emqx:5.7.2
+ image: public.ecr.aws/emqx/emqx:5.8.1
|
--- HelmRelease: storage/openebs ServiceAccount: storage/openebs-zfs-controller-sa
+++ HelmRelease: storage/openebs ServiceAccount: storage/openebs-zfs-controller-sa
@@ -3,13 +3,13 @@
apiVersion: v1
metadata:
name: openebs-zfs-controller-sa
namespace: storage
labels:
heritage: Helm
- openebs.io/version: 2.6.2
+ openebs.io/version: 2.6.1
role: openebs-zfs
app: openebs-zfs-controller
release: openebs
component: openebs-zfs-controller
openebs.io/component-name: openebs-zfs-controller
--- HelmRelease: storage/openebs ServiceAccount: storage/openebs-zfs-node-sa
+++ HelmRelease: storage/openebs ServiceAccount: storage/openebs-zfs-node-sa
@@ -3,12 +3,12 @@
kind: ServiceAccount
metadata:
name: openebs-zfs-node-sa
namespace: storage
labels:
heritage: Helm
- openebs.io/version: 2.6.2
+ openebs.io/version: 2.6.1
role: openebs-zfs
name: openebs-zfs-node
release: openebs
openebs.io/component-name: openebs-zfs-node
--- HelmRelease: storage/openebs ConfigMap: storage/openebs-zfspv-bin
+++ HelmRelease: storage/openebs ConfigMap: storage/openebs-zfspv-bin
@@ -3,13 +3,13 @@
apiVersion: v1
metadata:
name: openebs-zfspv-bin
namespace: storage
labels:
heritage: Helm
- openebs.io/version: 2.6.2
+ openebs.io/version: 2.6.1
role: openebs-zfs
name: openebs-zfs-node
release: openebs
openebs.io/component-name: openebs-zfs-node
data:
zfs: |
--- HelmRelease: storage/openebs ClusterRole: storage/openebs-zfs-provisioner-role
+++ HelmRelease: storage/openebs ClusterRole: storage/openebs-zfs-provisioner-role
@@ -2,13 +2,13 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-zfs-provisioner-role
labels:
heritage: Helm
- openebs.io/version: 2.6.2
+ openebs.io/version: 2.6.1
role: openebs-zfs
app: openebs-zfs-controller
release: openebs
component: openebs-zfs-controller
openebs.io/component-name: openebs-zfs-controller
rules:
--- HelmRelease: storage/openebs ClusterRole: storage/openebs-zfs-snapshotter-role
+++ HelmRelease: storage/openebs ClusterRole: storage/openebs-zfs-snapshotter-role
@@ -2,13 +2,13 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-zfs-snapshotter-role
labels:
heritage: Helm
- openebs.io/version: 2.6.2
+ openebs.io/version: 2.6.1
role: openebs-zfs
app: openebs-zfs-controller
release: openebs
component: openebs-zfs-controller
openebs.io/component-name: openebs-zfs-controller
rules:
--- HelmRelease: storage/openebs ClusterRole: storage/openebs-zfs-driver-registrar-role
+++ HelmRelease: storage/openebs ClusterRole: storage/openebs-zfs-driver-registrar-role
@@ -2,13 +2,13 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-zfs-driver-registrar-role
labels:
heritage: Helm
- openebs.io/version: 2.6.2
+ openebs.io/version: 2.6.1
role: openebs-zfs
name: openebs-zfs-node
release: openebs
openebs.io/component-name: openebs-zfs-node
rules:
- apiGroups:
--- HelmRelease: storage/openebs ClusterRoleBinding: storage/openebs-zfs-provisioner-binding
+++ HelmRelease: storage/openebs ClusterRoleBinding: storage/openebs-zfs-provisioner-binding
@@ -2,13 +2,13 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-zfs-provisioner-binding
labels:
heritage: Helm
- openebs.io/version: 2.6.2
+ openebs.io/version: 2.6.1
role: openebs-zfs
app: openebs-zfs-controller
release: openebs
component: openebs-zfs-controller
openebs.io/component-name: openebs-zfs-controller
subjects:
--- HelmRelease: storage/openebs ClusterRoleBinding: storage/openebs-zfs-snapshotter-binding
+++ HelmRelease: storage/openebs ClusterRoleBinding: storage/openebs-zfs-snapshotter-binding
@@ -2,13 +2,13 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-zfs-snapshotter-binding
labels:
heritage: Helm
- openebs.io/version: 2.6.2
+ openebs.io/version: 2.6.1
role: openebs-zfs
app: openebs-zfs-controller
release: openebs
component: openebs-zfs-controller
openebs.io/component-name: openebs-zfs-controller
subjects:
--- HelmRelease: storage/openebs ClusterRoleBinding: storage/openebs-zfs-driver-registrar-binding
+++ HelmRelease: storage/openebs ClusterRoleBinding: storage/openebs-zfs-driver-registrar-binding
@@ -2,13 +2,13 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-zfs-driver-registrar-binding
labels:
heritage: Helm
- openebs.io/version: 2.6.2
+ openebs.io/version: 2.6.1
role: openebs-zfs
name: openebs-zfs-node
release: openebs
openebs.io/component-name: openebs-zfs-node
subjects:
- kind: ServiceAccount
--- HelmRelease: storage/openebs DaemonSet: storage/openebs-zfs-localpv-node
+++ HelmRelease: storage/openebs DaemonSet: storage/openebs-zfs-localpv-node
@@ -3,13 +3,13 @@
apiVersion: apps/v1
metadata:
name: openebs-zfs-localpv-node
namespace: storage
labels:
heritage: Helm
- openebs.io/version: 2.6.2
+ openebs.io/version: 2.6.1
role: openebs-zfs
name: openebs-zfs-node
release: openebs
openebs.io/component-name: openebs-zfs-node
spec:
selector:
@@ -21,13 +21,13 @@
maxUnavailable: 100%
type: RollingUpdate
template:
metadata:
labels:
heritage: Helm
- openebs.io/version: 2.6.2
+ openebs.io/version: 2.6.1
role: openebs-zfs
name: openebs-zfs-node
release: openebs
openebs.io/component-name: openebs-zfs-node
spec:
priorityClassName: openebs-zfs-csi-node-critical
@@ -65,13 +65,13 @@
- name: registration-dir
mountPath: /registration
- name: openebs-zfs-plugin
securityContext:
privileged: true
allowPrivilegeEscalation: true
- image: openebs/zfs-driver:2.6.2
+ image: openebs/zfs-driver:2.6.1
imagePullPolicy: IfNotPresent
args:
- --nodename=$(OPENEBS_NODE_NAME)
- --endpoint=$(OPENEBS_CSI_ENDPOINT)
- --plugin=$(OPENEBS_NODE_DRIVER)
env:
--- HelmRelease: storage/openebs Deployment: storage/openebs-zfs-localpv-controller
+++ HelmRelease: storage/openebs Deployment: storage/openebs-zfs-localpv-controller
@@ -3,13 +3,13 @@
kind: Deployment
metadata:
name: openebs-zfs-localpv-controller
namespace: storage
labels:
heritage: Helm
- openebs.io/version: 2.6.2
+ openebs.io/version: 2.6.1
role: openebs-zfs
app: openebs-zfs-controller
release: openebs
component: openebs-zfs-controller
openebs.io/component-name: openebs-zfs-controller
spec:
@@ -20,20 +20,30 @@
component: openebs-zfs-controller
replicas: 1
template:
metadata:
labels:
heritage: Helm
- openebs.io/version: 2.6.2
+ openebs.io/version: 2.6.1
role: openebs-zfs
app: openebs-zfs-controller
release: openebs
component: openebs-zfs-controller
openebs.io/component-name: openebs-zfs-controller
name: openebs-zfs-controller
spec:
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - openebs-zfs-controller
+ topologyKey: kubernetes.io/hostname
priorityClassName: openebs-zfs-csi-controller-critical
serviceAccountName: openebs-zfs-controller-sa
containers:
- name: csi-resizer
image: registry.k8s.io/sig-storage/csi-resizer:v1.8.0
args:
@@ -85,13 +95,13 @@
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: openebs-zfs-plugin
- image: openebs/zfs-driver:2.6.2
+ image: openebs/zfs-driver:2.6.1
imagePullPolicy: IfNotPresent
env:
- name: OPENEBS_CONTROLLER_DRIVER
value: controller
- name: OPENEBS_CSI_ENDPOINT
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock |
renovate
bot
force-pushed
the
renovate/main-public.ecr.aws-emqx-emqx-5.x
branch
from
October 2, 2024 21:32
5d827cb
to
11891f1
Compare
Wait for 5.8.1 - See emqx/emqx#13754 |
renovate
bot
force-pushed
the
renovate/main-public.ecr.aws-emqx-emqx-5.x
branch
from
October 14, 2024 19:42
11891f1
to
3cc1de6
Compare
renovate
bot
changed the title
feat(container): update image public.ecr.aws/emqx/emqx ( 5.7.2 → 5.8.0 )
feat(container): update image public.ecr.aws/emqx/emqx ( 5.7.2 → 5.8.1 )
Oct 14, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
5.7.2
->5.8.1
Release Notes
emqx/emqx (public.ecr.aws/emqx/emqx)
v5.8.1
: EMQX v5.8.1Compare Source
5.8.1
Release Date: 2024-10-14
Make sure to check the breaking changes and known issues before upgrading to EMQX 5.8.1.
Important Changes
gen_rpc
library to version 3.4.1, which includes a node crash issue.Previously, if a node is force shutdown down while RPC channels are being established, it may cause a cluster peer node to crash.
Enhancements
Core MQTT Functionalities
#13525 Added new configuration item
shared_subscription_initial_sticky_pick
to specify the strategy for making the initial pick whenshared_subscription_strategy
is set tosticky
.#13942 The HTTP client now automatically reconnects if no activity is detected for 10 seconds after the latest request has expired.
Previously, it would wait indefinitely for a server response, causing timeouts if the server dropped requests.
This change impacts below components.
Authentication and Authorization
#13863 EMQX now supports
${cert_common_name}
placeholder in topic name templates for raw ACL rules.#13792 The banned-clients API
GET /banned
supports querying the rules using filters in the query string.The available filters are:
When adding a new banned client entry, the default expiration time for entries without the
until
parameter specified has been changed from 1 year toinfinite
.Rule Engine
#13773 Disabled rule actions now do not trigger
out_of_service
warnings.Previously, if an action is disabled, there would be a warning log with
msg: out_of_service
,and the
actions.failed
counter was incremented for the rule.After this enhancement, disabled action will result in a
debug
level log withmsg: discarded
,and the newly introduced counter
actions.discarded
will be incremented.MQTT over QUIC
#13814 Connection Scope Keepalive for MQTT over QUIC Multi-Stream:
This update introduces a new feature to maintain MQTT connections over QUIC multi-streams, even when the control stream is idle but other data streams are active.
Previously, clients had to send
MQTT.PINGREQ
on idle control streams to keep the connection alive. Now, a shared state is maintained for each connection, monitoring activity across all streams. This shared state helps determine if the connection is still active, reducing the risk of keepalive timeouts caused by Head-of-Line (HOL) blocking and improving overall connection stability.Bug Fixes
Core MQTT Functions
#13702 Clean up the corresponding exclusive subscriptions when a node goes down.
#13708 Fixed an issue which may cause shared subscription 'sticky' strategy to degrade to 'random'.
#13733 Made
cacertfile
optional when configuring https listener fromemqx ctl conf load
command.#13742 Fixed when subscribing with
+
as the first level, or#
as a wildcard, retained messages with topics starting with$
are incorrectly received.#13754 Fixed an issue when websocket connection would break consistently on its own.
#13756 Introduced more randomness to broker assigned client IDs.
#13790 The default heartbeat interval for the MQTT connector has been reduced from 300 seconds to 160 seconds.
This change helps maintain the underlying TCP connection by preventing timeouts due to the idle limits
imposed by load balancers or firewalls, which typically range from 3 to 5 minutes depending on the cloud provider.
#13832 Fixed that the
Publish
endpoint would have a 500 error when persistent session were enabled.#13842 Fixed a UTF-8 string validation exception.
Upgrade and Migration
Breaking Changes
#13792 The default expiration time for a banned item that is created without an
until
value is nowinfinity
(previsouly capped at 1 year limit).#13742 Fixed an issue when a client would receive retained messages for a topic starting with
$
when it subscribed to topic#
or+
.This fix satisfies the requirement of MQTT-4.7.2-1.
v5.8.0
: EMQX v5.8.0Compare Source
Enhancements
Core MQTT Functionality
debug
towarning
. The log messagesocket_receive_paused_by_rate_limit
is throttled to avoid excessive logging.Authentication and Authorization
#12418 Enhanced JWT authentication to support claims verification using a list of objects:
Expected values are now treated as templates, consistent with other authenticators, allowing for arbitrary expressions such as
${username}
and${clientid}
. Previousy, only fixed"${username}"
"${clientid}"
values were supported for interpolation.Improved the documentation for the
verify_claims
parameter.#13229 Added support for
${cert_pem}
placeholder in authentication templates.#13534 Added trace logging to indicate when the superuser bypasses the authorization check.
Data Integrations
#13144 Changed the log level to
warning
and added throttling for the log messagedata_bridge_buffer_overflow
when bridge buffers overflow and messages are dropped. Previously, these events were logged at theinfo
level and were not visible with the default log settings.#13492 Enhanced the
GET /connectors
andGET /connectors/:id
APIs to include lists of actions and sources that depend on a specific connector. Additionally, theGET /actions
,GET /sources
,GET /actions/:id
, andGET /sources/:id
APIs now return the list of rules associated with a specific action or source.#13505 Added the ability to filter rules in the HTTP API based on the IDs of data integration actions or sources used.
#13506 Introduced the
peername
field to all rule engine events that already include thepeerhost
field. Thepeername
field is a string formatted asIP:PORT
.#13516 Added a
direct_dispatch
argument to therepublish
action.When
direct_dispatch
is set totrue
(or rendered astrue
from template) the message is dispatched directly to subscribers. This feature helps prevent the triggering of additional rules or the recursive activation of the same rule.#13573 Introduced
client_attrs
to the SQL context for client connectivity events and the messagepublish
event.Users can now access client attributes within rule SQL statements, such as
SELECT client_attrs.attr1 AS attribute1
, and utilize${attribute1}
in data integration actions.#13640 Added two new SQL functions for rules:
coalesce/2
andcoalesce_ne/2
.These functions simplify handling null values in rule SQL expressions. For instance, instead of using:
you can now write a more concise expression:
SELECT coalesce(payload.path.to.value, 0) AS my_value
.Operations
#13202 Introduced the
emqx ctl conf cluster_sync fix
command to address cluster configuration inconsistencies. This command synchronizes the configuration of all nodes with the configuration of the node that has the highesttnx_id
, ensuring consistency across the cluster.#13250 Added a new value for
cluster.discovery_strategy
:singleton
. By choosing this option, there will be effectively no clustering, and the node will reject connection attempts to and from other nodes.#13370 Added a new version of
wildcard_optimized
storage layout for durable storage, offering the following improvements:The new layout does not have an inherent latency.
MQTT messages are serialized into a more space-efficient format.
#13524 Added the
emqx ctl exclusive
CLI interface to manage exclusive topics more effectively. It allows administrators to better manage and troubleshoot exclusive topic subscriptions, ensuring that subscription states are accurately reflected and preventing unexpected failures.#13597 Added thin wrapper functions for plugins to store and manage the certificate files used by the plugins themselves. This fix prevents plugin certificates from being inadvertently deleted by the certificate garbage collection (GC) function.
#13626 Added a new command
emqx ctl listeners enable <Identifier> <Bool>
to enable/disable a listener.#13493 Upgraded the RPC library
gen_rpc
to version 3.4.0. This update changes the default RPC server socket option fromtrue
toactive-100
, which introduces back-pressure to peer nodes when the RPC server experiences heavy load.#13665 Added a new metric
emqx_actions_count
to the prometheus endpoint. It contains the number of all actions added by all rules, including Republish actions and Console Output actions.Bug Fixes
Core MQTT Functionality
#12944 Fixed an issue that caused a crash when clients with non-UTF8 client IDs attempted to connect with
strict_mode=false
.#13006 Improved the validation of retained, delayed, and taken-over session messages to ensure they comply with banned client ID rules implemented through regular expression matching. Previously, certain messages, such as those delayed due to network issues or taken over by another session, could bypass the client ID bans set by regular expressions.
Authentication and Authorization
#13024 Added a default ACL deny rule to reject subscriptions to the
+/#
topic pattern. Since EMQX by default rejects subscriptions to#
topic, for completeness, it should reject+/#
as well.#13040 Improved HTTP authentication:
Content-Type
header is missing or unrecognized, providing more detailed information.${password}
but receives a non-UTF8 password input, leading to better transparency and easier debugging for such scenarios.#13196 Added a limit to the built-in authorization database, restricting the number of Access Control List (ACL) rules per client or user to a default of 100.
#13584 Fixed an issue with creating HTTP authorization that resulted in errors when the HTTP header list was empty.
#13618 Improved the type specifications for the
authorization/sources
endpoint to provide clearer and more concise error messages.#13624 Fixed an issue in the built-in authorizer where updating rules for a client or user could result in the total number of rules exceeding the
max_rules
limit.#13678 Made the deletion of an authenticator in the chain an idempotent operation, ensuring that deleting a non-existing authenticator always succeeds.
Data Integrations
#13207 Improved the
republish
rule engine action to accurately reflect the success and failure of message publishing. Previously, the success metrics were incremented even when the republish action failed to deliver the message to any subscribers. Now, if the action detects that a message fails to reach any subscriber, the failure metrics are correctly incremented.#13425 Improved the MQTT connector error log messages to provide clearer and more detailed information.
#13589 Fixed an issue where creating a rule with a string
"null"
for ID via the HTTP API was allowed, which could lead to an inconsistent configuration.Operations
#13078 Improved validation and error handling in the EMQX Management API to ensure that requests with a JSON body include the
Content-Type: application/json
header. If the header is missing for APIs that expect JSON input, the server now correctly responds with a415 Unsupported Media Type
status code instead of400 Bad Request
.#13225 Enhanced security in authentication and authorization APIs by redacting sensitive data such as passwords. Previously, the APIs could return the original password values in responses. With this update, sensitive information is replaced with
******
to prevent accidental exposure and protect user credentials.Gateways
Breaking changes
#13526 Removed the Core-replicant feature from the Open-Source Edition. Starting from release 5.8, all nodes running the Open-Source Edition will operate in the Core role. This change does not impact Enterprise Edition users, who will continue to have access to the Core-replicant functionality. Additionally, the obsolete
cluster.core_nodes
configuration parameter has been removed as it is no longer needed.Dashboard Updates: The following features have been removed or restricted in the Open-Source Edition Dashboard:
#13080 Updated the default value of the
mqtt.retry_interval
configuration from 30 seconds toinfinity
.Previously, EMQX would automatically retry message deliveries every 30 seconds by default. With the new default set to
infinity
, EMQX will no longer retry message deliveries automatically. This change aligns with MQTT specification standards, which generally do not recommend in-session message delivery retries.We understand that some users rely on the retry feature, so the ability to configure a specific retry interval is still available for backward compatibility.
#13190 Discontinued support for releases on CentOS 7 and Ubuntu 18. EMQX will no longer provide builds for these operating systems due to their end-of-life status.
#13248 Replaced the
builtin
durable storage backend with two new backends to provide better flexibility and scalability:builtin_local
: A durable storage backend that does not support replication, making it suitable for single-node deployments. This backend is available in both the open-source and enterprise editions of EMQX but is not compatible with multi-node clusters.builtin_raft
: A durable storage backend utilizing the Raft consensus algorithm for data replication across multiple nodes. This backend is exclusively available in the enterprise edition of EMQX, providing enhanced data durability and fault tolerance.Additionally, several Prometheus metrics have been renamed to better reflect their functions:
emqx_ds_egress_batches
has been renamed toemqx_ds_buffer_batches
emqx_ds_egress_batches_retry
has been renamed toemqx_ds_buffer_batches_retry
emqx_ds_egress_batches_failed
has been renamed toemqx_ds_buffer_batches_failed
emqx_ds_egress_messages
has been renamed toemqx_ds_buffer_messages
emqx_ds_egress_bytes
has been renamed toemqx_ds_buffer_bytes
emqx_ds_egress_flush_time
has been renamed toemqx_ds_buffer_flush_time
Configuration
📅 Schedule: Branch creation - "on friday and saturday" in timezone Europe/Prague, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.