Ververica Platform 2.12.0
Release Date: 2023-12-22
IMPORTANT! Read before updating to Ververica Platform 2.12.0
Due to a known bug FLINK-33793, Apache Flink® 1.18 does not support Google Cloud Storage (GCS) for checkpointing temporarily. Flink 1.16 and 1.17 are not impacted.
We will address this issue in future 2.12 patch versions once the bug is fixed in Flink 1.18.
Due to spring boot version upgrade, upgrading to Ververica Platform version 2.12.0 requires changing clientAuthenticationMethod from basic to client_secret_basic in the helm chart values.yaml file.
Pluggable Certificates for Flink Internal / External communications
Customers can use their own certificates to enable SSL for Flink internal/external communications.
With pluggable certificates, users will be able to achieve the following:
- Generate Certificates for VVP and Flink Jobs
- Provide deployment with custom ssl Flink Configuration
- Provide configuration for VVP installation with custom keystore
See this topic for more information.
Changelog
Apache Flink®
Ververica Platform 2.12 supports the following versions:
- Apache Flink® 1.18
Ververica Platform 2.12.0 supports Apache Flink® 1.18, Apache Flink® 1.17 and Apache Flink® 1.16 under SLA. Apache Flink® 1.15 images are no longer provided in this version but are still supported on a best-effort basis.
For Stream Edition the following Apache Flink® Docker images are available. Please check Ververica Platform Docker Images for all available Apache Flink® images and additional tags.
- 1.16.2-stream1-scala_2.12-java8
- 1.16.2-stream1-scala_2.12-java11
- 1.17.2-stream1-scala_2.12-java8
- 1.17.2-stream1-scala_2.12-java11
- 1.18.0-stream1-scala_2.12-java8
- 1.18.0-stream1-scala_2.12-java11
For Spring Edition the following archives are available:
See Flink 1.18 release.
Java 17
Experimental support for Java 17 was added in Flink 1.18.0, which is now supported in Ververica Platform 2.12.0
Spring Boot
Ververica Platform 2.12.0 supports Spring Boot 3.1.6
Improvements
Enhanced Autopilot configurable properties
We have enhanced the Autopilot feature by introducing four new configurable properties. These additions enable more precise customization to suit specific use cases:
- Smoothing factor: Defines number of time windows that are taken into account to calculate various task metrics
- Minimum Consecutive Seen Changes: Number of consecutive recommendations of specific type that should occur before VVP Autopilot applies recommendation.
- Lag Threshold Seconds: Minimal number of seconds needed to catchup with lag given the throughput of the task, above which the recommendations can be applied.
- Minimum Workload Distribution: Difference (in percents) between minimal and maximal workload among tasks that VVP Autopilot requires to calculate the recommendation.
To learn more, see Advanced Autopilot configuration.
New features
Audit Logs
Audit logs now provide a record of events and activities that occur within the Ververica platform for the purposes of security, compliance, and troubleshooting.
- Users can filter and search audit logs based on specific criteria, such as time range, username and tokenId incase of API.
- Users can export audit logs for analysis or reporting purposes, in a format that can be easily processed like CSV, JSON etc.
- Audit logs can be also be fetched via API (swagger)
For more details, refer to Audit logs.
SQL templating
SQL templating provides a user-friendly interface to create SQL queries using predefined templates, reducing the need for manual query construction. It enables users to save and reuse commonly-used query templates, promoting consistency and reducing duplicated efforts.
SQL templating also allows dynamic input by parameterizing parts of the query templates, making queries adaptable to various use cases without requiring modification of the underlying template.
Most importantly, SQL templating allows an easier way to share SQL queries across different vvp instances within the same organization. Hence, multiple teams within the same organization can benefit from using the standardized defined queries and use and modify them for their own use cases.
See SQL templating for more information.
VVP themes
Our customers are using multiple instances of Ververica Platform for different teams & environments. To effectively differentiate these instances, we listened to customer feedback and created Themes that can be used for this purpose. With themes, you can set up a name for your environment/team and choose a color that makes it stand out and represent that particular environment. Currently, only system admins can access the Theme section and update the theme.
See Themes for more information.
Added support for Apache Derby and Oracle databases JDBC connector
Ververica Platform supports MariaDB, MySQL 5.5.3+, PostgresSQL 8.2+, Oracle, and Apache Derby out of the box. You can add a JDBC driver for any other DBMS by adding a JAR file with a matching JDBC driver to the connector as described in Customizing Packaged Connectors.
Helm charts to set readOnlyRootFilesystem per container
An immutable root filesystem can prevent malicious binaries being added to PATH and increase attack cost for hackers. An immutable root filesystem prevents applications from writing to their local disk. This is desirable in the event of an intrusion as the attacker will not be able to tamper with the filesystem or write foreign executables to disk.
Added Protobuf format to the list of packaged formats with VVP
There is a new format for Table API Connectors, which is Protobuf since Flink 1.16.
See Packaged formats for details.
Bug fixes
CPU limit is not reflected on the VVP UI properly
Previously, setting the resource limits for a jobManagerPodTemplate or taskManagerPodTemplate took precedence over CPU set up on the UI for the license usage as well as JM/TM CPU setting, but the UI still showed the configured CPU from the UI. This is now fixed.
Added missing "deletecollection" permission used in Flink HA
In Ververica Platform 2.12.0 we have extended permissions of the Kubernetes role (used by Ververica Platform for RBAC) with the “deletecollection” verb for the “configmaps” resource. This permission is then propagated to the Role used by Flink Job Managers where Kubernetes High Availability services are enabled.
Note: This permission is added to a Ververica Platform Role during the Ververica Platform Helm installation/update process as part of default RBAC setup. If you have a custom RBAC setup, please remember to adapt your custom Kubernetes Role with the following:
- apiGroups: [ "" ]
resources: [ "configmaps" ]
verbs: [ "deletecollection" ]
Prevent un-intended copying of deploymentName/deploymentId
Previously, copying a deployment name and ID was achievable by clicking anywhere on the line. Now, it is only possible by clicking on the designated icon.
Resource usage tracking api does generate reports for the current day
Fixed an error in usage reporting between two dates where "from" was set to "previous day".
Inconsistency in VVP Resource Usage tracking
Fixed bug where resource usage was incorrectly tracked.
Vulnerability Fixes (outside of Apache Flink®)
The following vulnerabilities are now removed:
- Removal of vulnerability SNYK-JAVA-ORG APACHE ZOOKEEPER-5961102 coming from org.apache.zookeeper:zookeeper dependency
- Removal of SNYK-JAVA-CHQOSLOGBACK-6094942 vulnerability coming from ch.qos.logback:logback dependency
- Updated Spring Boot version to 3.1.6 to resolve Improper Input Validation in org.apache.tomcat.embed:tomcat-embed-core | CVE-2023-46589 | Snyk vulnerability
Upgrade
As always, we recommend upgrading via Helm using the following commands:
helm repo add ververica https://charts.ververica.com
helm repo update
helm upgrade [RELEASE] ververica/ververica-platform --version 5.8.0 --values custom-values.yaml