You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Stackable Data Platform (SDP) Release 24.3 is now publicly available!
Highlights
This release focuses on the following security features:
Authorization
Authentication with Kerberos
OpenID Connect integration
Vulnerability management
New / extended platform features
The following new major platform features were added:
Authorization
The Open Policy Agent has been enhanced to include a new component called user-info-fetcher. This allows users to define authorization policies based on attributes such as organizational group membership and resource assignment. The first major identity provider supported by the user-info-fetcher is Keycloak, with plans for others to follow. Policy-based authorization with OPA can now be used with HDFS instead of relying on an internal HDFS mechanism. It requires a Kerberos-enabled cluster as well as an SDP-specific HDFS extension which provides an OPA authorizer and group mapper. This is already bundled in the Stackable image for HDFS.
Authentication with Kerberos
Kerberos is the most widely used authentication protocol in the enterprise world and Stackable now supports it for Apache Hive and Apache HBase as well as Apache HDFS. We have also provided examples for running Apache Spark applications in a Kerberos-enabled environment.
OpenID Connect integration
OpenID Connect is the de-facto authorization standard on the Web and is gaining ground in enterprise environments. Apache Superset and Trino are the first products to add support for it.
Building products from source
We have started building product binaries from source instead of packaging them from the official releases. This gives us greater control over the features and security aspects of each product. Apache Hadoop and Apache HBase are currently built from source and others will follow in subsequent releases.
Documentation
The CRD specifications are an important part of platform documentation and are now generated automatically. They can be found at https://crds.stackable.tech/.
Custom labels for Helm charts
Helm users can now assign custom labels to stacklets. This enables better component management with third party tools.
Important
With following releases we might enable TLS server verification and authentication by default. To ensure a smooth transition to future releases, we strongly encourage you to enable security features wherever possible in your stacklets.
New product-specific features
Additionally, there are some other individual product features that are noteworthy:
HDFS: support for rack-awareness
HDFS: support for exposing HDFS clusters to clients outside of Kubernetes
Trino: support for the Delta Lake connector
New Versions
The following new product versions are now supported:
Apache Airflow: 2.7.3, 2.8.1
Apache Druid: 28.0.1
Apache Kafka: 3.5.2, 3.6.1
Apache NiFi: 1.25.0
OpenPolicyAgent: 0.61.0
Apache Spark: 3.4.2, 3.5.1
Apache Superset: 2.1.3, 3.0.3, 3.1.0
Trino: 442
Apache ZooKeeper: 3.8.4, 3.9.2
Learning Stackable
Further details on our release and how to upgrade can be found in our release notes as well as in the change logs of the individual operators.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Stackable Data Platform (SDP) Release 24.3 is now publicly available!
Highlights
This release focuses on the following security features:
New / extended platform features
The following new major platform features were added:
Authorization
The Open Policy Agent has been enhanced to include a new component called
user-info-fetcher
. This allows users to define authorization policies based on attributes such as organizational group membership and resource assignment. The first major identity provider supported by theuser-info-fetcher
is Keycloak, with plans for others to follow. Policy-based authorization with OPA can now be used with HDFS instead of relying on an internal HDFS mechanism. It requires a Kerberos-enabled cluster as well as an SDP-specific HDFS extension which provides an OPA authorizer and group mapper. This is already bundled in the Stackable image for HDFS.Authentication with Kerberos
Kerberos is the most widely used authentication protocol in the enterprise world and Stackable now supports it for Apache Hive and Apache HBase as well as Apache HDFS. We have also provided examples for running Apache Spark applications in a Kerberos-enabled environment.
OpenID Connect integration
OpenID Connect is the de-facto authorization standard on the Web and is gaining ground in enterprise environments. Apache Superset and Trino are the first products to add support for it.
Building products from source
We have started building product binaries from source instead of packaging them from the official releases. This gives us greater control over the features and security aspects of each product. Apache Hadoop and Apache HBase are currently built from source and others will follow in subsequent releases.
Documentation
The CRD specifications are an important part of platform documentation and are now generated automatically. They can be found at https://crds.stackable.tech/.
Custom labels for Helm charts
Helm users can now assign custom labels to stacklets. This enables better component management with third party tools.
Important
With following releases we might enable TLS server verification and authentication by default. To ensure a smooth transition to future releases, we strongly encourage you to enable security features wherever possible in your stacklets.
New product-specific features
Additionally, there are some other individual product features that are noteworthy:
New Versions
The following new product versions are now supported:
Learning Stackable
Further details on our release and how to upgrade can be found in our release notes as well as in the change logs of the individual operators.
Beta Was this translation helpful? Give feedback.
All reactions