Skip to main content
Version: 2.14

Ververica Platform 2.14.0

Release Date: 2024-11-21

Changelog

Ververica Platform 2.14.0 supports the following versions:

  • Apache Flink® 1.19
  • Apache Flink® 1.18
  • Apache Flink® 1.17

Ververica Platform 2.14.0 supports Apache Flink® 1.19, Apache Flink® 1.18, and Apache Flink® 1.17 under SLA.

For Stream Edition the following Apache Flink® Docker images are available. Please check Ververica Platform Docker Images for all available Apache Flink® images and additional tags.

  • 1.17.2-stream5-scala_2.12-java8
  • 1.17.2-stream5-scala_2.12-java11
  • 1.18.1-stream5-scala_2.12-java8
  • 1.18.1-stream5-scala_2.12-java11
  • 1.18.1-stream5-scala_2.12-java17
  • 1.19.0-stream3-scala_2.12-java8
  • 1.19.0-stream3-scala_2.12-java11
  • 1.19.0-stream3-scala_2.12-java17

For Spring Edition the following archives are available:

Features

Added Support for openAPIV3Schema in CRD YAML Definitions

We enhanced Custom Resource Definitions (CRDs) by adding openAPIV3Schema details to their YAML, enabling more thorough schema validation. This allows tools that rely on openAPIV3Schema to perform local validation and catch schema errors early in development. Developers can now enforce schema constraints directly in CRDs, improving validation and reducing post-deployment errors.

Ability to Customize Pod Names for Applications Managed by Ververica Platform

We introduced a feature that lets you customize Kubernetes pod names for applications managed by Ververica Platform. You can now configure pod names to include identifiers like the Flink job name or a custom string, simplifying pod identification and management in monitoring tools and incident response, especially when Kubernetes labels are unavailable. With more readable pod names, you can streamline operations and enhance efficiency in monitoring and troubleshooting.

Kubernetes Operator Enhancements for Restart and Savepoint Triggers

We extended our Kubernetes operator with two new features for enhanced deployment control:

  1. Restart without Change using restartNonce: You can now restart a deployment by updating the restartNonce field to any new value, triggering a seamless restart without modifying the deployment configuration.

  2. Trigger Manual Savepoint using savepointTriggerNonce: You can initiate a savepoint for a running job by changing the savepointTriggerNonce field to a new value, enabling state snapshots without interrupting job execution.

These features offer flexible deployment management, allowing efficient restarts and easy state preservation.

We improved integration between Ververica Platform and Kubernetes-native tools by enhancing resource tracking. The Ververica Kubernetes Operator now sets metadata.ownerReferences and allows you to add custom metadata.labels and metadata.annotations to Kubernetes deployments created by the VvpDeployment resource. This enables tools like ArgoCD to more effectively track and manage all resources associated with Ververica Flink deployments.

Improvements

Support for Passing Secret Values via Entry Point Main Arguments in Deployments

We introduced a secure way to pass sensitive configurations through entry point main arguments in deployments submitted to session clusters. The platform automatically replaces placeholders with actual secret values at deployment time, keeping sensitive information hidden from the user interface. This enhancement enables safe injection of secrets and credentials into applications without compromising security.

Improved UI Consistency for Resource Configurations with Pod Templates

We improved the user interface to accurately display effective CPU resource configurations when using jobManagerPodTemplate and taskManagerPodTemplate. Resource limits set in pod templates override the CPU settings in the UI, and previously, the UI didn't reflect these changes, causing confusion. Now, the UI clearly shows both the configured CPU resources and any overrides from pod templates, providing transparency into the actual resource allocations for deployments. This update helps you better understand and track effective CPU settings.

Expanded Access to Resource Usage Tracking Endpoint

We updated permission requirements for accessing the Resource Usage Tracking GET endpoint (/api/v1/status/resourceusage). Previously restricted to Admins, this endpoint is now accessible by authenticated users. This change enables non-admin users and tenants to programmatically monitor resource and quota usage, integrating this data into automation tools and job scheduling for improved resource management and operational efficiency.

Corrected CPU Resource Configuration to Reflect Deployment Defaults

We fixed an issue where default CPU resources for the Job Manager and Task Manager were not properly applied in deployment configurations. Previously, when you cleared the CPU fields to use default values, the zero remained, blocking the default from applying. Now, when you clear these fields, the system correctly applies the default CPU values, ensuring accurate resource configuration and enhancing the user experience in deployment setup.

We enhanced the Flink UI to support two-factor authentication (2FA) mechanisms for an extra security layer. With this improvement, you can define your own 2FA solution based on their your environment and third party services.

Bug fixes

Improved Error message when deleting deployment targets

We haved fixed an issue from version 2.12 where attempting to delete a deployment target that is still in use resulted in a generic "409 OK" error without meaningful information. Now, a clear message, "Cannot delete deployment targer because it is currently referenced by one or more resources (Deployments, Session Clusters, or Deployment Defaults)" is displayed.

Fixed NullPointerException when deploying SQL jobs with custom Kafka catalog

We have resolved an issue where SQL jobs deployed via the Gateway using a custom Kafka catalog and connecter gave a NullPointerException response, preventing created job graphs. This fix ensures successful SQL job deployments with custom catalogs through the Gateway.

In version 2.12.3, when accessing the Flink UI, a user could see a "503 Service Unavailable" error following an upgrade from version 2.11.2. The problem was due to improper proxying requests to the Job Manager and has been fixed.

Corrected Error message for invalid characters in Secret names

We have fixed an issue where entering a secret name containing a dot character, ".", incorrectly gave a "Duplicate Name" warning. The system now correctly identifies that the secret name contains invalid characters and indicates the valid patterns to use.

  • Upgraded dnsjava to 3.6.2 to address CVE-2023-50387, CVE-2024-25638, CVE-2023-50868
  • Upgraded libexpat to libexpat1 2.4.7-1ubuntu0.4 to address CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
  • Upgraded glibc to 2.35-0ubuntu3.8 to address CVE-2024-2961
  • Upgraded apparmor to 3.0.4-2ubuntu2.4 to address CVE-2016-1585
  • Upgraded nginx to 1.27.2 to address CVE-2024-45492, CVE-2024-45491, CVE-2024-45490, CVE-2024-50602, CVE-2024-5535, CVE-2024-6119, CVE-2024-4741, CVE-2024-9143, CVE-2024-6197, CVE-2024-2398, CVE-2024-6874, CVE-2024-2466, CVE-2024-0853, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2023-44487
  • Upgraded tomcat to 10.1.33 to address CVE-2024-52316
  • Upgraded to pip 23.3 to resolve CVE-2023-5752, CVE-2021-3572
  • Upgraded to wheel 0.38.1 to resolve CVE-2022-40898

Upgrade

As always, we recommend upgrading via Helm using the following commands:

$ helm repo add ververica https://charts.ververica.com
$ helm repo update
$ helm upgrade [RELEASE] ververica/ververica-platform --version 5.10.0 --values custom-values.yaml