Ververica Platform 2.14.0
Release Date: 2024-11-21
Changelog
Apache Flink®
Ververica Platform 2.14.0 supports the following versions:
- Apache Flink® 1.19
- Apache Flink® 1.18
- Apache Flink® 1.17
Ververica Platform 2.14.0 supports Apache Flink® 1.19, Apache Flink® 1.18, and Apache Flink® 1.17 under SLA.
For Stream Edition the following Apache Flink® Docker images are available. Please check Ververica Platform Docker Images for all available Apache Flink® images and additional tags.
- 1.17.2-stream5-scala_2.12-java8
- 1.17.2-stream5-scala_2.12-java11
- 1.18.1-stream5-scala_2.12-java8
- 1.18.1-stream5-scala_2.12-java11
- 1.18.1-stream5-scala_2.12-java17
- 1.19.0-stream3-scala_2.12-java8
- 1.19.0-stream3-scala_2.12-java11
- 1.19.0-stream3-scala_2.12-java17
For Spring Edition the following archives are available:
Features
Added Support for openAPIV3Schema in CRD YAML Definitions
We enhanced Custom Resource Definitions (CRDs) by adding openAPIV3Schema details to their YAML, enabling more thorough schema validation. This allows tools that rely on openAPIV3Schema to perform local validation and catch schema errors early in development. Developers can now enforce schema constraints directly in CRDs, improving validation and reducing post-deployment errors.
Ability to Customize Pod Names for Applications Managed by Ververica Platform
We introduced a feature that lets you customize Kubernetes pod names for applications managed by Ververica Platform. You can now configure pod names to include identifiers like the Flink job name or a custom string, simplifying pod identification and management in monitoring tools and incident response, especially when Kubernetes labels are unavailable. With more readable pod names, you can streamline operations and enhance efficiency in monitoring and troubleshooting.
Kubernetes Operator Enhancements for Restart and Savepoint Triggers
We extended our Kubernetes operator with two new features for enhanced deployment control:
-
Restart without Change using
restartNonce
: You can now restart a deployment by updating therestartNonce
field to any new value, triggering a seamless restart without modifying the deployment configuration. -
Trigger Manual Savepoint using
savepointTriggerNonce
: You can initiate a savepoint for a running job by changing thesavepointTriggerNonce
field to a new value, enabling state snapshots without interrupting job execution.
These features offer flexible deployment management, allowing efficient restarts and easy state preservation.
Enhanced Kubernetes Resource Tracking for Ververica Flink Deployments
We improved integration between Ververica Platform and Kubernetes-native tools by enhancing resource tracking.
The Ververica Kubernetes Operator now sets metadata.ownerReferences
and allows you to add custom metadata.labels
and metadata.annotations
to Kubernetes deployments created by the VvpDeployment
resource.
This enables tools like ArgoCD to more effectively track and manage all resources associated with Ververica Flink deployments.
Improvements
Support for Passing Secret Values via Entry Point Main Arguments in Deployments
We introduced a secure way to pass sensitive configurations through entry point main arguments in deployments submitted to session clusters. The platform automatically replaces placeholders with actual secret values at deployment time, keeping sensitive information hidden from the user interface. This enhancement enables safe injection of secrets and credentials into applications without compromising security.
Improved UI Consistency for Resource Configurations with Pod Templates
We improved the user interface to accurately display effective CPU resource configurations when using jobManagerPodTemplate
and taskManagerPodTemplate
.
Resource limits set in pod templates override the CPU settings in the UI, and previously, the UI didn't reflect these changes, causing confusion.
Now, the UI clearly shows both the configured CPU resources and any overrides from pod templates, providing transparency into the actual resource allocations for deployments.
This update helps you better understand and track effective CPU settings.
Expanded Access to Resource Usage Tracking Endpoint
We updated permission requirements for accessing the Resource Usage Tracking GET endpoint (/api/v1/status/resourceusage
).
Previously restricted to Admins, this endpoint is now accessible by authenticated users.
This change enables non-admin users and tenants to programmatically monitor resource and quota usage, integrating this data into automation tools and job scheduling for improved resource management and operational efficiency.
Corrected CPU Resource Configuration to Reflect Deployment Defaults
We fixed an issue where default CPU resources for the Job Manager and Task Manager were not properly applied in deployment configurations. Previously, when you cleared the CPU fields to use default values, the zero remained, blocking the default from applying. Now, when you clear these fields, the system correctly applies the default CPU values, ensuring accurate resource configuration and enhancing the user experience in deployment setup.
Enhanced Flink UI to Support Two-Factor Authentication (2FA)
We enhanced the Flink UI to support two-factor authentication (2FA) mechanisms, adding an extra layer of security. With this improvement, Spring Edition customers can define and integrate their own 2FA solutions tailored to their environment and third-party services. Please note that this enhancement is not needed for Ververica Platform Stream Edition users as Ververica Platform can be seamlessly integrated with OIDC or SAML identify providers with 2FA support.
Bug fixes
Improved Error message when deleting deployment targets
We haved fixed an issue from version 2.12 where attempting to delete a deployment target that is still in use resulted in a generic "409 OK" error without meaningful information. Now, a clear message, "Cannot delete deployment targer because it is currently referenced by one or more resources (Deployments, Session Clusters, or Deployment Defaults)" is displayed.
Fixed NullPointerException when deploying SQL jobs with custom Kafka catalog
We have resolved an issue where SQL jobs deployed via the Gateway using a custom Kafka catalog and connecter gave a NullPointerException response, preventing created job graphs. This fix ensures successful SQL job deployments with custom catalogs through the Gateway.
Fixed Flink UI inaccessibility after upgrade from Ververica Platform 2.11.2
In version 2.12.3, when accessing the Flink UI, a user could see a "503 Service Unavailable" error following an upgrade from version 2.11.2. The problem was due to improper proxying requests to the Job Manager and has been fixed.
Corrected Error message for invalid characters in Secret names
We have fixed an issue where entering a secret name containing a dot character, ".", incorrectly gave a "Duplicate Name" warning. The system now correctly identifies that the secret name contains invalid characters and indicates the valid patterns to use.
Fixed UI bug when unregistering UDF Artifacts
We’ve fixed a UI issue that prevented the removal of UDF artifacts via the corresponding SQL/Artifacts Unregister button. The platform now successfully unregisters the artifact and informs the user accordingly about the result of the action.
Vulnerability Fixes (outside of Apache Flink®)
- Upgraded dnsjava to 3.6.2 to address CVE-2023-50387, CVE-2024-25638, CVE-2023-50868
- Upgraded libexpat to libexpat1 2.4.7-1ubuntu0.4 to address CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
- Upgraded glibc to 2.35-0ubuntu3.8 to address CVE-2024-2961
- Upgraded apparmor to 3.0.4-2ubuntu2.4 to address CVE-2016-1585
- Upgraded nginx to 1.27.2 to address CVE-2024-45492, CVE-2024-45491, CVE-2024-45490, CVE-2024-50602, CVE-2024-5535, CVE-2024-6119, CVE-2024-4741, CVE-2024-9143, CVE-2024-6197, CVE-2024-2398, CVE-2024-6874, CVE-2024-2466, CVE-2024-0853, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2023-44487
- Upgraded tomcat to 10.1.33 to address CVE-2024-52316
Vulnerability Fixes (inside of Apache Flink®)
- Upgraded to pip 23.3 to resolve CVE-2023-5752, CVE-2021-3572
- Upgraded to wheel 0.38.1 to resolve CVE-2022-40898
Upgrade
As always, we recommend upgrading via Helm using the following commands:
$ helm repo add ververica https://charts.ververica.com
$ helm repo update
$ helm upgrade [RELEASE] ververica/ververica-platform --version 5.10.0 --values custom-values.yaml