chore(tracking): Release Notes for SDP 25.3.0

modules/ROOT/pages/release-notes.adoc

@@ -6,6 +6,7 @@
 The Stackable platform consists of multiple operators that work together. Periodically a platform release is made,
 including all components of the platform at a specific version.
 
+include::partial$release-notes/release-25.3.adoc[]
 include::partial$release-notes/release-24.11.adoc[]
 include::partial$release-notes/release-24.7.adoc[]
 include::partial$release-notes/release-24.3.adoc[]

modules/ROOT/partials/release-notes/release-25.3.adoc

@@ -0,0 +1,285 @@
+// Here are the headings you can use for the next release. Saves time checking indentation levels.
+// Take a look at release 24.11 to see how to structure patch releases.
+
+== Release 25.3
+
+=== 25.3.0
+
+Released on 2025-03-21.
+
+==== New platform features
+
+Security::
+
+* Additional trust roots can be specified in an `autoTls` SecretClass. See xref:secret-operator:secretclass.adoc[Documentation].
+* The Stackable Secret Operator's `experimentalCertManager` backend now supports specifying custom key lengths.
+  The `autoTls` backend has supported this since 24.11.
+* Users can now configure the lifetime of self-signed certificates directly in the product's custom resources which influences the frequency of pod restarts.
+  Details can be found at xref:concepts:operations/temporary_credentials_lifetime.adoc[].
+
+==== Platform improvements
+
+Authorization::
+
+OPA Rego rules no longer require the `future.keywords` import.
+They have been stabilised in OPA 1.0 and are now implicitly imported.
+
+Druid::
+
+The default memory limits have been increased for following roles:
+* Coordinator: From `512Mi` to `768Mi`
+* Middle Manager: From `1Gi` to `1500Mi`.
+
+NOTE: Upgrades to existing deployments could cause memory limits to be reached on the node/namespace.
+
+Bug fixes::
+
+* Previously, pods with a Listener volume were stuck in an "Unknown" state after their node was restarted.
+  With this release, Listener volumes are correctly republished and the pods restart as expected.
+
+==== Platform deprecations
+
+==== Product versions
+
+As with previous SDP releases, many product images have been updated to their latest versions.
+The LTS version has in many cases also been adjusted in line with our xref:ROOT:policies.adoc[support policy].
+
+Refer to the xref:operators:supported_versions.adoc[supported versions] documentation for a complete overview including LTS versions or deprecations.
+
+===== New versions
+
+The following new product versions are now supported:
+
+* Apache Airflow: https://github.com/stackabletech/docker-images/issues/1017[2.10.4]
+* Apache Druid: https://github.com/stackabletech/docker-images/issues/965[31.0.1], https://github.com/stackabletech/docker-images/issues/965[30.0.1 (LTS)]
+* Apache Hadoop: https://github.com/stackabletech/docker-images/issues/1018[3.4.1 (LTS)]
+* Apache HBase: https://github.com/stackabletech/docker-images/issues/972[2.6.1 (LTS)]
+* Apache Hive:  https://github.com/stackabletech/docker-images/issues/1019[4.0.0 (LTS)], https://github.com/stackabletech/docker-images/issues/1019[4.0.1 (experimental)]
+* Apache Kafka: https://github.com/stackabletech/docker-images/issues/968[3.7.2 (LTS)], https://github.com/stackabletech/docker-images/issues/968[3.9.0]
+* Apache NiFi: https://github.com/stackabletech/docker-images/issues/966[1.28.1], https://github.com/stackabletech/docker-images/issues/966[2.2.0 (experimental)]
+* Apache Spark: https://github.com/stackabletech/docker-images/issues/1016[3.5.5 (LTS)]
+* Apache Superset: https://github.com/stackabletech/docker-images/issues/970[4.1.1]
+* Apache ZooKeeper: https://github.com/stackabletech/docker-images/issues/1020[3.9.3 (LTS)]
+* Open Policy Agent: https://github.com/stackabletech/docker-images/issues/998[1.0.1]
+* Trino: https://github.com/stackabletech/docker-images/issues/971[470]
+
+===== Deprecated versions
+
+The following product versions are deprecated and will be removed in a later release:
+
+* Apache Druid: https://github.com/stackabletech/docker-images/issues/965[30.0.0]
+* Apache Hadoop: https://github.com/stackabletech/docker-images/issues/1018[3.4.0]
+* Apache HBase: https://github.com/stackabletech/docker-images/issues/972[2.4.18]
+* Apache Hive: https://github.com/stackabletech/docker-images/issues/1019[3.1.3]
+* Apache Kafka: https://github.com/stackabletech/docker-images/issues/968[3.8.0], https://github.com/stackabletech/docker-images/issues/968[3.7.1]
+* Apache Spark: https://github.com/stackabletech/docker-images/issues/1016[3.5.2]
+* Apache ZooKeeper: https://github.com/stackabletech/docker-images/issues/1020[3.9.2]
+* Open Policy Agent: https://github.com/stackabletech/docker-images/issues/969[0.67.1]
+* Trino: https://github.com/stackabletech/docker-images/issues/971[455]
+
+===== Removed versions
+
+The following product versions are no longer supported (although images for released product versions remain available https://repo.stackable.tech/#browse/browse:docker:v2%2Fstackable[here]):
+
+* Apache Airflow: https://github.com/stackabletech/docker-images/issues/1017[2.10.2], https://github.com/stackabletech/docker-images/issues/1017[2.9.2]
+* Apache Druid: https://github.com/stackabletech/docker-images/issues/965[26.0.0]
+* Apache HBase: https://github.com/stackabletech/docker-images/issues/972[2.6.0]
+* Apache NiFi: https://github.com/stackabletech/docker-images/issues/966[2.0.0]
+* Apache Spark: https://github.com/stackabletech/docker-images/issues/1016[3.5.1]
+* Open Policy Agent: https://github.com/stackabletech/docker-images/issues/969[0.66.0]
+
+==== stackablectl
+
+==== Supported Kubernetes versions
+
+This release supports the following Kubernetes versions:
+
+* `1.32`
+* `1.31`
+* `1.30`
+
+These Kubernetes versions are no longer supported:
+
+* `1.29`
+
+==== Supported OpenShift versions
+
+This release is available in the RedHat Certified Operator Catalog for the following OpenShift versions:
+
+* `4.17`
+* `4.16`
+* `4.15`
+* `4.14`
+
+==== Breaking changes
+
+Of the changes mentioned above, the following are breaking (or could lead to breaking behaviour), and you will need to adapt your existing CRDs accordingly:
+
+===== General
+
+S3 bucket `region` can now be configured for `S3Connection`, `S3Bucket`, and inline S3 references. It defaults to `us-east-1`.
+
+NOTE: Products that use the Hadoop S3 implementation previously defaulted to `us-east-2`, so if there are bucket connectivity problems, you will need to set the region `us-east-2` explicitly.
+
+===== Druid operator
+
+NOTE: All Druid versions are affected.
+
+If druid-opa-authorizer is used, `input.user` needs to be replaced by `input.authenticationResult.identity` in applicable Rego rules.
+Change in https://github.com/stackabletech/druid-opa-authorizer/pull/85[Add authenticationResponse context to OpaInput].
+
+===== OPA operator
+
+* Using `if` for all rules and `contains` for multi-value rules is now mandatory.
+* `strict` mode is now enabled by default. For more upgrade information, read the https://www.openpolicyagent.org/docs/latest/v0-upgrade/#upgrading-rego[Upgrading Rego] section of the official documentation.
+
+===== Trino operator
+
+Trino now uses the native S3 implementation which has the following requirements for S3 connections:
+
+* TLS is always enabled and cannot be disabled.
+* Client-side encryption is not supported. Server-side encryption (SSE) is the recommended alternative.
+* Multipart (non-streaming) writes and upload are not supported.
+
+Legacy S3 support (via Hadoop) has been disabled and will be removed in a future version of Trino.
+
+===== Stackable Operator for Example Product
+
+* Description of the change 1
+* Description of the change 2
+
+.Breaking changes details
+[%collapsible]
+====
+* `spec.a`: This field has been removed.
+* `spec.b`: This field has been changed to a number.
+====
+
+==== Upgrade from 24.11
+
+===== Using stackablectl
+
+Uninstall the `24.11` release
+
+[source,console]
+----
+$ stackablectl release uninstall 24.11
+
+Uninstalled release '24.11'
+
+Use "stackablectl release list" to list available releases.
+# ...
+----
+
+Afterwards you will need to upgrade the CustomResourceDefinitions (CRDs) installed by the Stackable Platform.
+The reason for this is that helm will uninstall the operators but not the CRDs.
+This can be done using `kubectl replace`.
+
+[source]
+----
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/airflow-operator/25.3.0/deploy/helm/airflow-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/commons-operator/25.3.0/deploy/helm/commons-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/druid-operator/25.3.0/deploy/helm/druid-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/hbase-operator/25.3.0/deploy/helm/hbase-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/hdfs-operator/25.3.0/deploy/helm/hdfs-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/hive-operator/25.3.0/deploy/helm/hive-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/kafka-operator/25.3.0/deploy/helm/kafka-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/listener-operator/25.3.0/deploy/helm/listener-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/nifi-operator/25.3.0/deploy/helm/nifi-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/opa-operator/25.3.0/deploy/helm/opa-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/secret-operator/25.3.0/deploy/helm/secret-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/spark-k8s-operator/25.3.0/deploy/helm/spark-k8s-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/superset-operator/25.3.0/deploy/helm/superset-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/trino-operator/25.3.0/deploy/helm/trino-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/zookeeper-operator/25.3.0/deploy/helm/zookeeper-operator/crds/crds.yaml
+----
+
+[source,console]
+----
+customresourcedefinition.apiextensions.k8s.io "airflowclusters.airflow.stackable.tech" replaced
+customresourcedefinition.apiextensions.k8s.io "airflowdbs.airflow.stackable.tech" replaced
+customresourcedefinition.apiextensions.k8s.io "authenticationclasses.authentication.stackable.tech" replaced
+customresourcedefinition.apiextensions.k8s.io "s3connections.s3.stackable.tech" replaced
+...
+----
+
+Install the `25.3` release
+
+[source,console]
+----
+$ stackablectl release install 25.3
+
+Installed release '25.3'
+
+Use "stackablectl operator installed" to list installed operators.
+----
+
+===== Using Helm
+
+Use `helm list` to list the currently installed operators.
+
+You can use the following command to uninstall all operators that are part of the `24.11` release:
+
+[source,console]
+----
+$ helm uninstall airflow-operator commons-operator druid-operator hbase-operator hdfs-operator hive-operator kafka-operator listener-operator nifi-operator opa-operator secret-operator spark-k8s-operator superset-operator trino-operator zookeeper-operator
+release "airflow-operator" uninstalled
+release "commons-operator" uninstalled
+...
+----
+
+Afterward you will need to upgrade the CustomResourceDefinitions (CRDs) installed by the Stackable Platform.
+The reason for this is that helm will uninstall the operators but not the CRDs. This can be done using `kubectl replace`:
+
+[source]
+----
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/airflow-operator/25.3.0/deploy/helm/airflow-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/commons-operator/25.3.0/deploy/helm/commons-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/druid-operator/25.3.0/deploy/helm/druid-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/hbase-operator/25.3.0/deploy/helm/hbase-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/hdfs-operator/25.3.0/deploy/helm/hdfs-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/hive-operator/25.3.0/deploy/helm/hive-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/kafka-operator/25.3.0/deploy/helm/kafka-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/listener-operator/25.3.0/deploy/helm/listener-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/nifi-operator/25.3.0/deploy/helm/nifi-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/opa-operator/25.3.0/deploy/helm/opa-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/secret-operator/25.3.0/deploy/helm/secret-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/spark-k8s-operator/25.3.0/deploy/helm/spark-k8s-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/superset-operator/25.3.0/deploy/helm/superset-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/trino-operator/25.3.0/deploy/helm/trino-operator/crds/crds.yaml
+kubectl replace -f https://raw.githubusercontent.com/stackabletech/zookeeper-operator/25.3.0/deploy/helm/zookeeper-operator/crds/crds.yaml
+----
+
+[source,console]
+----
+customresourcedefinition.apiextensions.k8s.io "airflowclusters.airflow.stackable.tech" replaced
+customresourcedefinition.apiextensions.k8s.io "airflowdbs.airflow.stackable.tech" replaced
+customresourcedefinition.apiextensions.k8s.io "authenticationclasses.authentication.stackable.tech" replaced
+customresourcedefinition.apiextensions.k8s.io "s3connections.s3.stackable.tech" replaced
+...
+----
+
+Install the `25.3` release
+
+[source,console]
+----
+helm repo add stackable-stable https://repo.stackable.tech/repository/helm-stable/
+helm repo update stackable-stable
+helm install --wait airflow-operator stackable-stable/airflow-operator --version 25.3.0
+helm install --wait commons-operator stackable-stable/commons-operator --version 25.3.0
+helm install --wait druid-operator stackable-stable/druid-operator --version 25.3.0
+helm install --wait hbase-operator stackable-stable/hbase-operator --version 25.3.0
+helm install --wait hdfs-operator stackable-stable/hdfs-operator --version 25.3.0
+helm install --wait hive-operator stackable-stable/hive-operator --version 25.3.0
+helm install --wait kafka-operator stackable-stable/kafka-operator --version 25.3.0
+helm install --wait listener-operator stackable-stable/listener-operator --version 25.3.0
+helm install --wait nifi-operator stackable-stable/nifi-operator --version 25.3.0
+helm install --wait opa-operator stackable-stable/opa-operator --version 25.3.0
+helm install --wait secret-operator stackable-stable/secret-operator --version 25.3.0
+helm install --wait spark-k8s-operator stackable-stable/spark-k8s-operator --version 25.3.0
+helm install --wait superset-operator stackable-stable/superset-operator --version 25.3.0
+helm install --wait trino-operator stackable-stable/trino-operator --version 25.3.0
+helm install --wait zookeeper-operator stackable-stable/zookeeper-operator --version 25.3.0
+----
+
+==== Known issues