Operator: v2.3.10-24.3.14

Changed

• Bootstrap expansion in the v2 operator's initContainer now uses CEL-patching for its expansion, much like the v1 operator.

• It is not the case that the OperatorQuiescent condition for the v1 operator cannot be True unless the ClusterConfigured condition is also True.

The status.observedGeneration will only update when the cluster reaches the OperatorQuiescent state.

Fixed

• Fields with embedded structs, such as auth.sasl.bootstrapUser.secretKeyRef and listeners.internal.tls.truststore.configMapKeyRef, are no longer discarded during rendering of resources.
• The operator now unconditionally produces statefulsets that have environment variables available to the initContainer that are used for CEL-based config patching.

Previously it attempted to leave existing sts resources unpatched if it seemed like they had already been bootstrapped. With the adoption of CEL patching for node configuration, that left sts pods unable to restart.

• The operator now unconditionally produces an environment for the initContainer that supports CEL-based patching.

This is required to ensure that a pre-existing sts can roll over to new configuration correctly.

• Improved support for multi-STSes (e.g., multiple NodePools) in the ghost broker decommissioning logic.

• Desired replicas were previously fetched from a single STS, leading to incorrect broker count decisions when multiple STSes were present. Now, the logic accounts for all STSes.
• Fixed incorrect broker map keying: previously used pod ordinal, which is not unique across STSes (e.g., blue-0 and green-0 both mapped to 0). Switched to using the pod name as the key to correctly distinguish brokers.
• Disabled ordinal-based broker deletion logic in Operator v1 mode, as it doesn't work reliably in a multi-STS setup.

• Setting serviceAccount.create to false no longer prevents the Kubernetes ServiceAccountToken volume from being mounted to the operator Pod.