- Single Sign-on Authentication with OpenID Connect
- Single sign-on is implemented through OpenID Connect. Common OpenID connect providers are Google Cloud, Microsoft Azure Active Directory, Keycloak or Dex. Through Dex, further identity providers such as LDAP or SAML 2.0 are available.
- API Tokens for Machine to Machine Authentication
- Application Manager now allows to create API tokens for services to authenticate. API tokens are revokable at any time. Access to the system can be restricted similarly to regular users singing on via SSO.
- Role-based Access Control
- This new feature allows to restrict access to API resources by defining roles and binding them to users or groups. The access control is based on API resources such as deployments, jobs, savepoints, or events and the HTTP method, such as GET, POST, PATCH.
- Namespaces now offer the ability to control visibility and access of API resources. This effectively introduces multi-tenancy into dA Platform, so that multiple teams can share a dA Platform setup, with strict separation of their resources.
- Secret Values
- This release introduces a new API object called “Secret Value”. A secret allows to manage passwords, authentication tokens or secret configuration parameters. In particular, this allows for separating knowledge of a secret from usage of a secret.
- Support for Apache Flink 1.6
- Credentials in the jar URL
- Logging improvements
- User Interface Improvements
- Visualization of Flink Streaming Applications with metrics
- YAML view of Deployments
- Improved “Savepoints” tab
- General API: Deployment and Job resources are expanded eagerly with default values for optional fields. Prior to this version, optional fields of resources were lazily expanded which made it hard to understand the full state of a given resource. With this change, resources will always be fully specified.
- Support for Flink 1.5: Flink 1.5 is the new default version for Deployments. You can specify which Flink version to deploy via the newly introduced
flinkVersion attribute in
Deployment.spec.template.spec.artifact. Note that the specified Flink version and Flink image have to match. If they do not match, deployed jobs will fail with a corresponding error message.
- Custom Kubernetes options: We allow to pass Kubernetes-specific options to created Flink pods via
Deployment.spec.template.spec.kubernetes. This gives you more control about deployed Flink jobs, for instance by attaching volume mounts or a node selector to deployed pods.
- Specify Flink image by digest: In addition to image tags we allow to specify Flink images by image digest in
Deployment.spec.template.spec.artifact.flinkImageTag. In order to specify a digest prefix the Flink image tag with
- Support for finite Flink jobs: Finite Flink jobs such streaming applications consuming from finite sources or batch jobs transition transition to a new terminal state FINISHED. Prior to this release, any terminated job was treated as a failure and led to a job recovery (re-running the finite job).
- Web UI: There have been additions to the web UI to support newly introduced features and multiple minor fixes.
- When modifying an existing Deployment resource, default values will be expanded eagerly as described above. The newly introduced
flinkVersion attribute will default to
1.5 which will lead to your Flink jobs to be upgraded to Flink 1.5. If you don’t want please update the Deployment accordingly with the first modifcation (PATCH) and set
- Volume mount annotations with key
alpha/k8s-volume-mounts have been deprecated with this release. Please migrate these annotations to the newly introduced Kubernetes options. Support for the annotations may be dropped in future versions.