charts/redpanda: v5.9.27

Changed

• Bump Redpanda operator sidecar container tag to v2.3.13-24.3.17.

charts/redpanda: v5.9.26

Changed

• Bump appVersion version to v24.3.17.

Fixed

• Crashes from the Sidecar container (e.g. due to a temporary API Server outage) no longer forcefully restart the redpanda container.

charts/redpanda: v5.10.3

Changed

• The generated bootstrap user password secret is now immutable. It was always intended to be a single-time generation, and now that is enforced at the Kubernetes API layer.
• Bump Redpanda operator side car container tag to v2.4.3.
• Bump Redpanda version in helm chart metadata and appVersion to v25.1.7.

Removed

• The unrespectedkafkaEndpoint listener parameter has been removed from values.yaml

Fixed

• authentication_method is no longer set on http_api as redpanda itself does not support authentication on the http API.
• Corrected naming of Roles to use Fullname instead of Name, which ensures they are unique within their namespace.
• Updated naming of ClusterRoles to include the release namespace. This ensures that they are unique per release and permits installing the chart with the same name across different namespaces.
• Crashes from the Sidecar container (e.g. due to a temporary API Server outage) no longer forcefully restart the redpanda container.

operator: v2.4.3

Added

• Added noGenerate to Password. When true, it prevents the operator from generating non-existent Secrets and non-existent Secret keys that are specified via valueFrom in User custom resource

Changed

• It is not the case that the OperatorQuiescent condition for the v1 operator cannot be True unless the ClusterConfigured condition is also True.

  The status.observedGeneration will only update when the cluster reaches the OperatorQuiescent state.

• The operator will try stripping off a layer of quotation from configuration values when interpreting numeric and boolean values. These may be accidentally introduced upstream of the CR, but where the intent is obvious we don't need to be strict about it.

Fixed

• The operator now unconditionally produces statefulsets that have environment variables available to the initContainer that are used for CEL-based config patching.

  Previously it attempted to leave existing sts resources unpatched if it seemed like they had already been bootstrapped. With the adoption of CEL patching for node configuration, that left sts pods unable to restart.

• Improved support for multi-STSes (e.g., multiple NodePools) in the ghost broker decommissioning logic.

  • Desired replicas were previously fetched from a single STS, leading to incorrect broker count decisions when multiple STSes were present. Now, the logic accounts for all STSes.
  • Fixed incorrect broker map keying: previously used pod ordinal, which is not unique across STSes (e.g., blue-0 and green-0 both mapped to 0). Switched to using the pod name as the key to correctly distinguish brokers.
  • Disabled ordinal-based broker deletion logic in Operator v1 mode, as it doesn't work reliably in a multi-STS setup.

• Setting serviceAccount.create to false no longer prevents the Kubernetes ServiceAccountToken volume from being mounted to the operator Pod.

• updated operator v1 to ignore "cluster.redpanda.com/node-pool-spec" annotation for pod rolls. previously, under certain conditions, the operator started rolling pods if this annotation changed - but there is no need to do so.

• Added the missing https port to the operator Pod that was referenced by the ServiceMonitor

• Empty Redpanda specs (i.e. clusterSpec: null or otherwise unspecified) no longer causes the operator to panic

• get permissions on Node resources is now correctly configured by default.

  --set rbac.createAdditionalControllerCRs=true is no longer required for rack awareness to work.

• Crashes from the Sidecar container (e.g. due to a temporary API Server outage) no longer forcefully restart the redpanda container.

operator: v2.3.12-24.3.17

Changed

• The operator will try stripping off a layer of quotation from configuration values when interpreting numeric and boolean values. These may be accidentally introduced upstream of the CR, but where the intent is obvious we don't need to be strict about it.

Fixed

• Added the missing https port to the operator Pod that was referenced by the ServiceMonitor

• Empty Redpanda specs (i.e. clusterSpec: null or otherwise unspecified) no longer causes the operator to panic

• get permissions on Node resources is now correctly configured by default.

  --set rbac.createAdditionalControllerCRs=true is no longer required for rackawareness to work.

• Crashes from the Sidecar container (e.g. due to a temporary API Server outage) no longer forcefully restart the redpanda container.

charts/redpanda: v5.9.25

Changed

• Bumped appVersion to v24.3.16.
• The generated bootstrap user password secret is now immutable. It was always intended to be a single-time generation, and now that is enforced at the Kubernetes API layer.

Removed

• Removed regex validation of all image tags.

Fixed

• Corrected naming of Roles to use Fullname instead of Name, which ensures they are unique within their namespace.
• Updated naming of ClusterRoles to include the release namespace. This ensures that they are unique per release and permits installing the chart with the same name across different namespaces.

Operator: v2.3.11-24.3.14

Changed

• Bump helm chart dependency to 5.9.23
• The v2 operator now uses a templated bootstrap.yaml file, like v1.

For the 2.3.* release only, the statefulset.initContainers.configurator.additionalCLIArgs entry on the CR is not populated by the operator; this must be done manually to resolve external secrets.

Fixed

• updated operator v1 to ignore "cluster.redpanda.com/node-pool-spec" annotation for pod rolls. previously, under certain conditions, the operator started rolling pods if this annotation changed - but there is no need to do so.

charts/redpanda: v5.9.24

Changed

• Bump Redpanda operator side car container tag to v2.3.11-24.3.14.

Operator: v2.3.10-24.3.14

Changed

• Bootstrap expansion in the v2 operator's initContainer now uses CEL-patching for its expansion, much like the v1 operator.

• It is not the case that the OperatorQuiescent condition for the v1 operator cannot be True unless the ClusterConfigured condition is also True.

The status.observedGeneration will only update when the cluster reaches the OperatorQuiescent state.

Fixed

• Fields with embedded structs, such as auth.sasl.bootstrapUser.secretKeyRef and listeners.internal.tls.truststore.configMapKeyRef, are no longer discarded during rendering of resources.
• The operator now unconditionally produces statefulsets that have environment variables available to the initContainer that are used for CEL-based config patching.

Previously it attempted to leave existing sts resources unpatched if it seemed like they had already been bootstrapped. With the adoption of CEL patching for node configuration, that left sts pods unable to restart.

• The operator now unconditionally produces an environment for the initContainer that supports CEL-based patching.

This is required to ensure that a pre-existing sts can roll over to new configuration correctly.

• Improved support for multi-STSes (e.g., multiple NodePools) in the ghost broker decommissioning logic.

• Desired replicas were previously fetched from a single STS, leading to incorrect broker count decisions when multiple STSes were present. Now, the logic accounts for all STSes.
• Fixed incorrect broker map keying: previously used pod ordinal, which is not unique across STSes (e.g., blue-0 and green-0 both mapped to 0). Switched to using the pod name as the key to correctly distinguish brokers.
• Disabled ordinal-based broker deletion logic in Operator v1 mode, as it doesn't work reliably in a multi-STS setup.

• Setting serviceAccount.create to false no longer prevents the Kubernetes ServiceAccountToken volume from being mounted to the operator Pod.

charts/redpanda: v5.9.18

Changed

• Bump Redpanda operator side car container tag to v2.3.10-24.3.14.

• The helm chart now uses the bootstrap operator command to apply fixups to bootstrap.yaml, just as the v1 operator does.

  Use of the redpanda chart requires setting statefulset.initContainers.configurator.additionalCLIArgs to specify a secret expander, if one is desired.