date:20231022

Re: [DISCUSS] KIP-975 Docker Image for Apache Kafka

2023-10-22 Thread Vedarth Sharma

Hi Mickael,
Thanks for going through the KIP and providing valuable feedback.

   1. We will support the latest LTS version of Java supported by Apache
   Kafka.
   2. We will provide support for the last three releases. We've added a
   detailed example of this in the KIP under our EOL policy.
   3. We can establish a nightly cron job using GitHub Actions and leverage
   an open-source vulnerability scanning tool like trivy (
   https://github.com/aquasecurity/trivy), to get vulnerability reports on
   all supported images. This tool offers a straightforward way to integrate
   vulnerability checks directly into our GitHub Actions workflow.
   4. That's a good suggestion to have a GitHub Actions workflow. We will
   implement a GitHub Actions workflow to automate the build and testing
   process.
   5. Regarding the release process, we observed that there isn't an
   existing CI/CD pipeline. We can consider the addition of a GitHub workflow
   to facilitate the release process.

Please let us know your thoughts on the above.

Thanks and regards,
Vedarth

On Fri, Oct 20, 2023 at 7:34 PM Mickael Maison 
wrote:

> Hi Krishna,
>
> Overall I'm supportive of having an official docker image.
> I have a few questions:
> - Can you clarify the process of selecting the Java version? Is the
> proposal to only pick LTS versions? or to pick the highest version
> supported by Kafka?
> - Once a new Kafka version is released, what happens to the image
> containing the previous release? Do we expect to still update it in
> case of CVEs? If so for how long?
> - How will we get notified that the base image has a CVE?
> - Rather than having scripts PMC members have to run from their
> machines, would it e possible to have a Jenkins job or GitHub action?
>
> Thanks,
> Mickael
>
>
>
> On Fri, Oct 20, 2023 at 12:51 PM Vedarth Sharma
>  wrote:
> >
> > Hi Manikumar,
> >
> > Thanks for the feedback!
> >
> > 1. We propose the addition of a new directory named "docker" at the root
> of
> > the repository, where all Docker-related code will be stored. A detailed
> > directory structure has been added in the KIP.
> > 2. We request the creation of an Apache Kafka repository (apache/kafka)
> on
> > DockerHub, to be administered under the The Apache Software Foundation
> > . The PMC members should have the
> > necessary permissions for pushing updates to the docker repo.
> >
> > Thanks and regards,
> > Vedarth
> >
> >
> > On Fri, Oct 20, 2023 at 2:44 PM Manikumar 
> wrote:
> >
> > > Hi Krishna, Vedarth,
> > >
> > > Thanks for the KIP.
> > >
> > > 1. Can we add directory structure of Docker Image related files in
> Kafka
> > > repo.
> > >
> > > 2. > Steps for the Docker image release will be included in the Release
> > > Process doc of Apache Kafka
> > >
> > > Can we list down the requirements (repos, accounts) for releasing
> images to
> > > docker hub. I am mainly asking because PMC needs to request docker hub
> > > access/repos.
> > > I can help in getting required repos/accounts.
> > > https://infra.apache.org/docker-hub-policy.html
> > >
> > >
> > > Thanks,
> > > Manikumar
> > >
> > > On Thu, Oct 19, 2023 at 8:22 PM Krishna Agarwal <
> > > krishna0608agar...@gmail.com> wrote:
> > >
> > > > Hi Viktor,
> > > >
> > > > I've noticed there are two types of custom jar configurations:
> > > >
> > > >1. *Type 1*: In this case, only the class name is required(e.g
> > > > *authorizer.class.name
> > > >**)* This can be configured by the
> > > >following steps:
> > > >   - Mount the jar in the container.
> > > >   - Configure the *CLASSPATH* environment variable (used by
> > > >   *kafka-run-class.sh*) by providing the mounted path to it.
> This can
> > > >   be passed as an environment variable to the docker container.
> > > >2. *Type 2*: Here, in addition to the class name, classpath can
> also
> > > be
> > > >configured (eg *remote.log.metadata.manager.class.name
> > > > *and
> > > >*remote.log.metadata.manager.class.path*). This can be configured
> by
> > > the
> > > >following steps:
> > > >   - Mount the jar in the container.
> > > >   - Configure the respective *class.path* property.
> > > >
> > > > Regards,
> > > > Krishna
> > > >
> > > > On Mon, Sep 25, 2023 at 11:41 PM Krishna Agarwal <
> > > > krishna0608agar...@gmail.com> wrote:
> > > >
> > > > > Hi Viktor,
> > > > > Thanks for the questions.
> > > > >
> > > > >1. While the docker image outlined in KIP-975 is designed for
> > > > >production environments, it is equally suitable for development
> and
> > > > testing
> > > > >purposes. We will furnish the docker image, allowing users the
> > > > flexibility
> > > > >to employ it according to their specific needs.
> > > > >2. The configs will be injected into the docker container
> through
> > > > >environment variables. These environment variables wi

Re: [DISCUSS] KIP-975 Docker Image for Apache Kafka

2023-10-22 Thread Ismael Juma

Hi Vedarth,

I think we shouldn't introduce any new release process that is docker
specific. We should consider the software in the docker image in the same
way as consider third party dependencies today - if there is a high
severity CVE affecting any of them, we aim to release a new version of
Kafka for the affected branch. It would include the latest Kafka code from
the branch.

Additionally, we should specify the EOL policy in this KIP - we are not
changing it as part of it. One interesting detail is that the release
document claims we support the last 3 releases, but the reality has been a
bit different - we tend to support the 2 most recent releases unless it's a
high severity CVE in Kafka itself (these tend to be much rarer, thankfully).

Ismael

On Sun, Oct 22, 2023, 10:19 AM Vedarth Sharma 
wrote:

> Hi Mickael,
> Thanks for going through the KIP and providing valuable feedback.
>
>1. We will support the latest LTS version of Java supported by Apache
>Kafka.
>2. We will provide support for the last three releases. We've added a
>detailed example of this in the KIP under our EOL policy.
>3. We can establish a nightly cron job using GitHub Actions and leverage
>an open-source vulnerability scanning tool like trivy (
>https://github.com/aquasecurity/trivy), to get vulnerability reports on
>all supported images. This tool offers a straightforward way to
> integrate
>vulnerability checks directly into our GitHub Actions workflow.
>4. That's a good suggestion to have a GitHub Actions workflow. We will
>implement a GitHub Actions workflow to automate the build and testing
>process.
>5. Regarding the release process, we observed that there isn't an
>existing CI/CD pipeline. We can consider the addition of a GitHub
> workflow
>to facilitate the release process.
>
> Please let us know your thoughts on the above.
>
> Thanks and regards,
> Vedarth
>
> On Fri, Oct 20, 2023 at 7:34 PM Mickael Maison 
> wrote:
>
> > Hi Krishna,
> >
> > Overall I'm supportive of having an official docker image.
> > I have a few questions:
> > - Can you clarify the process of selecting the Java version? Is the
> > proposal to only pick LTS versions? or to pick the highest version
> > supported by Kafka?
> > - Once a new Kafka version is released, what happens to the image
> > containing the previous release? Do we expect to still update it in
> > case of CVEs? If so for how long?
> > - How will we get notified that the base image has a CVE?
> > - Rather than having scripts PMC members have to run from their
> > machines, would it e possible to have a Jenkins job or GitHub action?
> >
> > Thanks,
> > Mickael
> >
> >
> >
> > On Fri, Oct 20, 2023 at 12:51 PM Vedarth Sharma
> >  wrote:
> > >
> > > Hi Manikumar,
> > >
> > > Thanks for the feedback!
> > >
> > > 1. We propose the addition of a new directory named "docker" at the
> root
> > of
> > > the repository, where all Docker-related code will be stored. A
> detailed
> > > directory structure has been added in the KIP.
> > > 2. We request the creation of an Apache Kafka repository (apache/kafka)
> > on
> > > DockerHub, to be administered under the The Apache Software Foundation
> > > . The PMC members should have the
> > > necessary permissions for pushing updates to the docker repo.
> > >
> > > Thanks and regards,
> > > Vedarth
> > >
> > >
> > > On Fri, Oct 20, 2023 at 2:44 PM Manikumar 
> > wrote:
> > >
> > > > Hi Krishna, Vedarth,
> > > >
> > > > Thanks for the KIP.
> > > >
> > > > 1. Can we add directory structure of Docker Image related files in
> > Kafka
> > > > repo.
> > > >
> > > > 2. > Steps for the Docker image release will be included in the
> Release
> > > > Process doc of Apache Kafka
> > > >
> > > > Can we list down the requirements (repos, accounts) for releasing
> > images to
> > > > docker hub. I am mainly asking because PMC needs to request docker
> hub
> > > > access/repos.
> > > > I can help in getting required repos/accounts.
> > > > https://infra.apache.org/docker-hub-policy.html
> > > >
> > > >
> > > > Thanks,
> > > > Manikumar
> > > >
> > > > On Thu, Oct 19, 2023 at 8:22 PM Krishna Agarwal <
> > > > krishna0608agar...@gmail.com> wrote:
> > > >
> > > > > Hi Viktor,
> > > > >
> > > > > I've noticed there are two types of custom jar configurations:
> > > > >
> > > > >1. *Type 1*: In this case, only the class name is required(e.g
> > > > > *authorizer.class.name
> > > > >**)* This can be configured by
> the
> > > > >following steps:
> > > > >   - Mount the jar in the container.
> > > > >   - Configure the *CLASSPATH* environment variable (used by
> > > > >   *kafka-run-class.sh*) by providing the mounted path to it.
> > This can
> > > > >   be passed as an environment variable to the docker container.
> > > > >2. *Type 2*: Here, in addition to the class name, classpath can
> > also
> > > > be
> > > > >config

Build failed in Jenkins: Kafka » Kafka Branch Builder » trunk #2318

2023-10-22 Thread Apache Jenkins Server

See 


Changes:


--
[...truncated 317239 lines...]

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testReadMigrateAndWriteProducerId() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testExistingKRaftControllerClaim() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testExistingKRaftControllerClaim() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testMigrateTopicConfigs() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testMigrateTopicConfigs() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testNonIncreasingKRaftEpoch() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testNonIncreasingKRaftEpoch() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testMigrateEmptyZk() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testMigrateEmptyZk() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testTopicAndBrokerConfigsMigrationWithSnapshots() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testTopicAndBrokerConfigsMigrationWithSnapshots() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testClaimAndReleaseExistingController() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testClaimAndReleaseExistingController() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testClaimAbsentController() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testClaimAbsentController() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testIdempotentCreateTopics() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testIdempotentCreateTopics() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testCreateNewTopic() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testCreateNewTopic() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testUpdateExistingTopicWithNewAndChangedPartitions() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZkMigrationClientTest > 
testUpdateExistingTopicWithNewAndChangedPartitions() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testZNodeChangeHandlerForDataChange() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testZNodeChangeHandlerForDataChange() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testZooKeeperSessionStateMetric() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testZooKeeperSessionStateMetric() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testExceptionInBeforeInitializingSession() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testExceptionInBeforeInitializingSession() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testGetChildrenExistingZNode() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testGetChildrenExistingZNode() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testConnection() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testConnection() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testZNodeChangeHandlerForCreation() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testZNodeChangeHandlerForCreation() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testGetAclExistingZNode() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testGetAclExistingZNode() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testSessionExpiryDuringClose() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testSessionExpiryDuringClose() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testReinitializeAfterAuthFailure() STARTED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testReinitializeAfterAuthFailure() PASSED

Gradle Test Run :core:test > Gradle Test Executor 89 > ZooKeeperClientTest > 
testSetAclNonExistentZNode() STARTED

Gradle Te

[jira] [Resolved] (KAFKA-15566) Flaky tests in FetchRequestTest.scala in KRaft mode

2023-10-22 Thread Luke Chen (Jira)



 [ 
https://issues.apache.org/jira/browse/KAFKA-15566?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Luke Chen resolved KAFKA-15566.
---
Fix Version/s: 3.7.0
   Resolution: Fixed

> Flaky tests in FetchRequestTest.scala in KRaft mode
> ---
>
> Key: KAFKA-15566
> URL: https://issues.apache.org/jira/browse/KAFKA-15566
> Project: Kafka
>  Issue Type: Improvement
>Reporter: Deng Ziming
>Assignee: Gantigmaa Selenge
>Priority: Major
>  Labels: flaky-test
> Fix For: 3.7.0
>
>
> |[https://ci-builds.apache.org/job/Kafka/job/kafka-pr/job/PR-14295/4/#showFailuresLink]
> [Build / JDK 11 and Scala 2.13 /
> kafka.server.FetchRequestTest.testLastFetchedEpochValidation(String).quorum=kraft|https://ci-builds.apache.org/job/Kafka/job/kafka-pr/job/PR-14295/4/testReport/junit/kafka.server/FetchRequestTest/Build___JDK_11_and_Scala_2_13___testLastFetchedEpochValidation_String__quorum_kraft/]
> [Build / JDK 11 and Scala 2.13 / 
> kafka.server.FetchRequestTest.testLastFetchedEpochValidationV12(String).quorum=kraft|https://ci-builds.apache.org/job/Kafka/job/kafka-pr/job/PR-14295/4/testReport/junit/kafka.server/FetchRequestTest/Build___JDK_11_and_Scala_2_13___testLastFetchedEpochValidationV12_String__quorum_kraft/]
> [Build / JDK 11 and Scala 2.13 / 
> kafka.server.FetchRequestTest.testFetchWithPartitionsWithIdError(String).quorum=kraft|https://ci-builds.apache.org/job/Kafka/job/kafka-pr/job/PR-14295/4/testReport/junit/kafka.server/FetchRequestTest/Build___JDK_11_and_Scala_2_13___testFetchWithPartitionsWithIdError_String__quorum_kraft_2/]
> [Build / JDK 11 and Scala 2.13 / 
> kafka.server.FetchRequestTest.testLastFetchedEpochValidation(String).quorum=kraft|https://ci-builds.apache.org/job/Kafka/job/kafka-pr/job/PR-14295/4/testReport/junit/kafka.server/FetchRequestTest/Build___JDK_11_and_Scala_2_13___testLastFetchedEpochValidation_String__quorum_kraft_2/]
> [Build / JDK 11 and Scala 2.13 / 
> kafka.server.FetchRequestTest.testLastFetchedEpochValidationV12(String).quorum=kraft|https://ci-builds.apache.org/job/Kafka/job/kafka-pr/job/PR-14295/4/testReport/junit/kafka.server/FetchRequestTest/Build___JDK_11_and_Scala_2_13___testLastFetchedEpochValidationV12_String__quorum_kraft_2/]|
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [DISCUSS] KIP-975 Docker Image for Apache Kafka

2023-10-22 Thread Vedarth Sharma

Hi Ismael,
Thanks for the valuable feedback.

   1. No docker image specific release process: This was one of our
   considered approaches, but we thought that docker image shouldn't block AK
   release. Though I agree, treating docker image as another artifact for
   every AK release makes much more sense. Hence, releasing a new version of
   Kafka for the affected branch in such a scenario is a much cleaner
   approach. Added this as the accepted approach in the KIP.
   2. EOL policy: Updated in the KIP.

Thanks and regards,
Vedarth

On Sun, Oct 22, 2023 at 11:20 PM Ismael Juma  wrote:

> Hi Vedarth,
>
> I think we shouldn't introduce any new release process that is docker
> specific. We should consider the software in the docker image in the same
> way as consider third party dependencies today - if there is a high
> severity CVE affecting any of them, we aim to release a new version of
> Kafka for the affected branch. It would include the latest Kafka code from
> the branch.
>
> Additionally, we should specify the EOL policy in this KIP - we are not
> changing it as part of it. One interesting detail is that the release
> document claims we support the last 3 releases, but the reality has been a
> bit different - we tend to support the 2 most recent releases unless it's a
> high severity CVE in Kafka itself (these tend to be much rarer,
> thankfully).
>
> Ismael
>
> On Sun, Oct 22, 2023, 10:19 AM Vedarth Sharma 
> wrote:
>
> > Hi Mickael,
> > Thanks for going through the KIP and providing valuable feedback.
> >
> >1. We will support the latest LTS version of Java supported by Apache
> >Kafka.
> >2. We will provide support for the last three releases. We've added a
> >detailed example of this in the KIP under our EOL policy.
> >3. We can establish a nightly cron job using GitHub Actions and
> leverage
> >an open-source vulnerability scanning tool like trivy (
> >https://github.com/aquasecurity/trivy), to get vulnerability reports
> on
> >all supported images. This tool offers a straightforward way to
> > integrate
> >vulnerability checks directly into our GitHub Actions workflow.
> >4. That's a good suggestion to have a GitHub Actions workflow. We will
> >implement a GitHub Actions workflow to automate the build and testing
> >process.
> >5. Regarding the release process, we observed that there isn't an
> >existing CI/CD pipeline. We can consider the addition of a GitHub
> > workflow
> >to facilitate the release process.
> >
> > Please let us know your thoughts on the above.
> >
> > Thanks and regards,
> > Vedarth
> >
> > On Fri, Oct 20, 2023 at 7:34 PM Mickael Maison  >
> > wrote:
> >
> > > Hi Krishna,
> > >
> > > Overall I'm supportive of having an official docker image.
> > > I have a few questions:
> > > - Can you clarify the process of selecting the Java version? Is the
> > > proposal to only pick LTS versions? or to pick the highest version
> > > supported by Kafka?
> > > - Once a new Kafka version is released, what happens to the image
> > > containing the previous release? Do we expect to still update it in
> > > case of CVEs? If so for how long?
> > > - How will we get notified that the base image has a CVE?
> > > - Rather than having scripts PMC members have to run from their
> > > machines, would it e possible to have a Jenkins job or GitHub action?
> > >
> > > Thanks,
> > > Mickael
> > >
> > >
> > >
> > > On Fri, Oct 20, 2023 at 12:51 PM Vedarth Sharma
> > >  wrote:
> > > >
> > > > Hi Manikumar,
> > > >
> > > > Thanks for the feedback!
> > > >
> > > > 1. We propose the addition of a new directory named "docker" at the
> > root
> > > of
> > > > the repository, where all Docker-related code will be stored. A
> > detailed
> > > > directory structure has been added in the KIP.
> > > > 2. We request the creation of an Apache Kafka repository
> (apache/kafka)
> > > on
> > > > DockerHub, to be administered under the The Apache Software
> Foundation
> > > > . The PMC members should have the
> > > > necessary permissions for pushing updates to the docker repo.
> > > >
> > > > Thanks and regards,
> > > > Vedarth
> > > >
> > > >
> > > > On Fri, Oct 20, 2023 at 2:44 PM Manikumar  >
> > > wrote:
> > > >
> > > > > Hi Krishna, Vedarth,
> > > > >
> > > > > Thanks for the KIP.
> > > > >
> > > > > 1. Can we add directory structure of Docker Image related files in
> > > Kafka
> > > > > repo.
> > > > >
> > > > > 2. > Steps for the Docker image release will be included in the
> > Release
> > > > > Process doc of Apache Kafka
> > > > >
> > > > > Can we list down the requirements (repos, accounts) for releasing
> > > images to
> > > > > docker hub. I am mainly asking because PMC needs to request docker
> > hub
> > > > > access/repos.
> > > > > I can help in getting required repos/accounts.
> > > > > https://infra.apache.org/docker-hub-policy.html
> > > > >
> > > > >
> > > > > Thanks,
> > > > > Manikumar
> > > > >
> > > > >

Re: [DISCUSS] KIP-975 Docker Image for Apache Kafka

2023-10-22 Thread Ismael Juma

Sorry, I noticed a typo in my message. I meant "Additionally, we should not
specify the EOL policy in this KIP" since it doesn't propose changing it.

Ismael

On Sun, Oct 22, 2023 at 10:56 PM Vedarth Sharma 
wrote:

> Hi Ismael,
> Thanks for the valuable feedback.
>
>1. No docker image specific release process: This was one of our
>considered approaches, but we thought that docker image shouldn't block
> AK
>release. Though I agree, treating docker image as another artifact for
>every AK release makes much more sense. Hence, releasing a new version
> of
>Kafka for the affected branch in such a scenario is a much cleaner
>approach. Added this as the accepted approach in the KIP.
>2. EOL policy: Updated in the KIP.
>
> Thanks and regards,
> Vedarth
>
> On Sun, Oct 22, 2023 at 11:20 PM Ismael Juma  wrote:
>
> > Hi Vedarth,
> >
> > I think we shouldn't introduce any new release process that is docker
> > specific. We should consider the software in the docker image in the same
> > way as consider third party dependencies today - if there is a high
> > severity CVE affecting any of them, we aim to release a new version of
> > Kafka for the affected branch. It would include the latest Kafka code
> from
> > the branch.
> >
> > Additionally, we should specify the EOL policy in this KIP - we are not
> > changing it as part of it. One interesting detail is that the release
> > document claims we support the last 3 releases, but the reality has been
> a
> > bit different - we tend to support the 2 most recent releases unless
> it's a
> > high severity CVE in Kafka itself (these tend to be much rarer,
> > thankfully).
> >
> > Ismael
> >
> > On Sun, Oct 22, 2023, 10:19 AM Vedarth Sharma 
> > wrote:
> >
> > > Hi Mickael,
> > > Thanks for going through the KIP and providing valuable feedback.
> > >
> > >1. We will support the latest LTS version of Java supported by
> Apache
> > >Kafka.
> > >2. We will provide support for the last three releases. We've added
> a
> > >detailed example of this in the KIP under our EOL policy.
> > >3. We can establish a nightly cron job using GitHub Actions and
> > leverage
> > >an open-source vulnerability scanning tool like trivy (
> > >https://github.com/aquasecurity/trivy), to get vulnerability
> reports
> > on
> > >all supported images. This tool offers a straightforward way to
> > > integrate
> > >vulnerability checks directly into our GitHub Actions workflow.
> > >4. That's a good suggestion to have a GitHub Actions workflow. We
> will
> > >implement a GitHub Actions workflow to automate the build and
> testing
> > >process.
> > >5. Regarding the release process, we observed that there isn't an
> > >existing CI/CD pipeline. We can consider the addition of a GitHub
> > > workflow
> > >to facilitate the release process.
> > >
> > > Please let us know your thoughts on the above.
> > >
> > > Thanks and regards,
> > > Vedarth
> > >
> > > On Fri, Oct 20, 2023 at 7:34 PM Mickael Maison <
> mickael.mai...@gmail.com
> > >
> > > wrote:
> > >
> > > > Hi Krishna,
> > > >
> > > > Overall I'm supportive of having an official docker image.
> > > > I have a few questions:
> > > > - Can you clarify the process of selecting the Java version? Is the
> > > > proposal to only pick LTS versions? or to pick the highest version
> > > > supported by Kafka?
> > > > - Once a new Kafka version is released, what happens to the image
> > > > containing the previous release? Do we expect to still update it in
> > > > case of CVEs? If so for how long?
> > > > - How will we get notified that the base image has a CVE?
> > > > - Rather than having scripts PMC members have to run from their
> > > > machines, would it e possible to have a Jenkins job or GitHub action?
> > > >
> > > > Thanks,
> > > > Mickael
> > > >
> > > >
> > > >
> > > > On Fri, Oct 20, 2023 at 12:51 PM Vedarth Sharma
> > > >  wrote:
> > > > >
> > > > > Hi Manikumar,
> > > > >
> > > > > Thanks for the feedback!
> > > > >
> > > > > 1. We propose the addition of a new directory named "docker" at the
> > > root
> > > > of
> > > > > the repository, where all Docker-related code will be stored. A
> > > detailed
> > > > > directory structure has been added in the KIP.
> > > > > 2. We request the creation of an Apache Kafka repository
> > (apache/kafka)
> > > > on
> > > > > DockerHub, to be administered under the The Apache Software
> > Foundation
> > > > > . The PMC members should have the
> > > > > necessary permissions for pushing updates to the docker repo.
> > > > >
> > > > > Thanks and regards,
> > > > > Vedarth
> > > > >
> > > > >
> > > > > On Fri, Oct 20, 2023 at 2:44 PM Manikumar <
> manikumar.re...@gmail.com
> > >
> > > > wrote:
> > > > >
> > > > > > Hi Krishna, Vedarth,
> > > > > >
> > > > > > Thanks for the KIP.
> > > > > >
> > > > > > 1. Can we add directory structure of Docker Image related files
> in
> > > > Kafka
> > > > > >

Re: [DISCUSS] KIP-975 Docker Image for Apache Kafka

Re: [DISCUSS] KIP-975 Docker Image for Apache Kafka

Build failed in Jenkins: Kafka » Kafka Branch Builder » trunk #2318

[jira] [Resolved] (KAFKA-15566) Flaky tests in FetchRequestTest.scala in KRaft mode

Re: [DISCUSS] KIP-975 Docker Image for Apache Kafka

Re: [DISCUSS] KIP-975 Docker Image for Apache Kafka

6 matches

Site Navigation

Mail list logo

Footer information