Chapter 2. Enhancements
AMQ Streams 2.4 adds a number of enhancements.
2.1. Kafka 3.4.0 enhancements
For an overview of the enhancements introduced with Kafka 3.4.0, refer to the Kafka 3.4.0 Release Notes.
2.2. OAuth 2.0 configuration for HTTP requests
You can now use configuration to control HTTP requests to an OAuth 2.0 authorization server.
If you are creating a listener for your Kafka brokers that uses OAuth 2.0 authentication or authorization, you can add the following properties to the listener configuration:
-
httpRetries
to control the maximum number of times to retry a failed HTTP request to the authorization server. -
httpRetryPauseMs
to control the time to wait in milliseconds before attempting another retry of a failed HTTP request to the authorization server.
You can also use the properties when configuring OAuth 2.0 authentication for Kafka components.
Example listener configuration
apiVersion: kafka.strimzi.io/v1beta2 kind: Kafka metadata: name: my-cluster spec: kafka: replicas: 3 version: 3.4.0 # ... listeners: - name: external port: 9094 type: loadbalancer tls: true authentication: type: oauth # ... httpRetries: 2 httpRetryPauseMs: 300 # ...
See the following:
2.3. Support for encrypted connection to Open Policy Agent (OPA) server
If you are using OPA for authorized access to your Kafka brokers, you can now configure an encrypted HTTPS connection to access the OPA server. Add trusted certificates to your OPA configuration using the tlsTrustedCertificates
property.
Example Open Policy Agent configuration
apiVersion: kafka.strimzi.io/v1beta2 kind: Kafka metadata: name: my-cluster namespace: myproject spec: kafka: # ... authorization: type: opa # ... tlsTrustedCertificates: - secretName: opa-server-ca certificate: tls.crt # ...