helm-charts icon indicating copy to clipboard operation
helm-charts copied to clipboard

Published 20 hours ago verified publisher icon jaegertracing

[jaeger] Upgrade to Kafka 3.x

Open gburton1 opened this issue 2 years ago • 0 comments

Requirement - what kind of business use case are you trying to solve?

The Kafka Helm chart project has moved on to Kafka 3.x since about 6 months ago, and ideally the Jaeger project would stay current so that it can continue to pull in improvements to Kafka and the underlying Zookeeper dependency. Our main interest right now is CVEs and staying up to date on fixes, but there are other angles too, like new features introduced.

Problem - what in Jaeger blocks you from solving the requirement?

Not a trivial backwards-compatible upgrade.

Accounting of CVEs against current versions of Kafka (and underlying Zookeeper) specified by this Jaeger chart:

Repository | Tag | Distro | CVE ID | Type | Packages docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2019-13115 | OS | libssh2-1 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2019-17498 | OS | libssh2-1 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2020-11080 | OS | libnghttp2-14 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-37136 | java | io.netty_netty-codec docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-37137 | java | io.netty_netty-codec docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2019-17571 | java | log4j_log4j docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | PRISMA-2021-0213 | java | com.fasterxml.jackson.core_jackson-databind docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2020-36518 | java | com.fasterxml.jackson.core_jackson-databind docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2019-13627 | OS | libgcrypt20 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-33560 | OS | libgcrypt20 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2016-2781 | OS | coreutils docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2018-7169 | OS | passwd,login docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-36084 | OS | libsepol1 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-36085 | OS | libsepol1 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-36086 | OS | libsepol1 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-36087 | OS | libsepol1 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2020-14155 | OS | libpcre3 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2020-16156 | OS | perl-base docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2019-17543 | OS | liblz4-1 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-22898 | OS | libcurl4,curl docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-22947 | OS | libcurl4,curl docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-22946 | OS | libcurl4,curl docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-22924 | OS | libcurl4,curl docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2019-12290 | OS | libidn2-0 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2016-10228 | OS | libc-bin,libc6 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2022-23219 | OS | libc-bin,libc6 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-27645 | OS | libc-bin,libc6 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-35942 | OS | libc-bin,libc6 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2022-23218 | OS | libc-bin,libc6 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2020-10029 | OS | libc-bin,libc6 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2020-6096 | OS | libc-bin,libc6 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-3326 | OS | libc-bin,libc6 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2020-27618 | OS | libc-bin,libc6 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2019-25013 | OS | libc-bin,libc6 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-33574 | OS | libc-bin,libc6 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2020-1752 | OS | libc-bin,libc6 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2020-1751 | OS | libc-bin,libc6 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2019-19126 | OS | libc-bin,libc6 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2019-3844 | OS | libsystemd0,libudev1 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2019-3843 | OS | libsystemd0,libudev1 docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2018-12886 | OS | libgcc1,libstdc++6,gcc-8-base docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2019-15847 | OS | libgcc1,libstdc++6,gcc-8-base docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2019-14855 | OS | gpgv docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | PRISMA-2021-0182 | java | org.eclipse.jetty_jetty-servlet docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-43797 | java | io.netty_netty-codec docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-4104 | java | log4j_log4j docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2022-23302 | java | log4j_log4j docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2022-23305 | java | log4j_log4j docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | PRISMA-2021-0182 | java | org.eclipse.jetty_jetty-server docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2022-23806 | binary | go docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-41772 | binary | go docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-44716 | binary | go docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-38297 | binary | go docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2022-23772 | binary | go docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-41771 | binary | go docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2022-24921 | binary | go docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-39293 | binary | go docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2021-29923 | binary | go docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2022-23773 | binary | go docker.io/bitnami/kafka | 2.8.1-debian-10-r189 | debian-buster | CVE-2022-24921 | binary | go docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2016-2781 | OS | coreutils docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2019-13115 | OS | libssh2-1 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2019-17498 | OS | libssh2-1 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2020-11080 | OS | libnghttp2-14 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2019-17571 | java | log4j_log4j docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-28169 | java | org.eclipse.jetty_jetty-io docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-34429 | java | org.eclipse.jetty_jetty-io docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | PRISMA-2021-0213 | java | com.fasterxml.jackson.core_jackson-databind docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2020-36518 | java | com.fasterxml.jackson.core_jackson-databind docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-37136 | java | io.netty_netty-codec docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-37137 | java | io.netty_netty-codec docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2019-13627 | OS | libgcrypt20 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-33560 | OS | libgcrypt20 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2019-14855 | OS | gpgv docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2019-12290 | OS | libidn2-0 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-22898 | OS | libcurl4,curl docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-22947 | OS | libcurl4,curl docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-22946 | OS | libcurl4,curl docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-22924 | OS | libcurl4,curl docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-36084 | OS | libsepol1 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-36085 | OS | libsepol1 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-36086 | OS | libsepol1 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-36087 | OS | libsepol1 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2018-12886 | OS | libgcc1,libstdc++6,gcc-8-base docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2019-15847 | OS | libgcc1,libstdc++6,gcc-8-base docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2019-17543 | OS | liblz4-1 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2019-3844 | OS | libsystemd0,libudev1 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2019-3843 | OS | libsystemd0,libudev1 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2020-14155 | OS | libpcre3 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2016-10228 | OS | libc-bin,libc6 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2022-23219 | OS | libc-bin,libc6 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-27645 | OS | libc-bin,libc6 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-35942 | OS | libc-bin,libc6 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2022-23218 | OS | libc-bin,libc6 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2020-10029 | OS | libc-bin,libc6 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2020-6096 | OS | libc-bin,libc6 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-3326 | OS | libc-bin,libc6 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2020-27618 | OS | libc-bin,libc6 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2019-25013 | OS | libc-bin,libc6 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-33574 | OS | libc-bin,libc6 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2020-1752 | OS | libc-bin,libc6 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2020-1751 | OS | libc-bin,libc6 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2019-19126 | OS | libc-bin,libc6 docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2020-16156 | OS | perl-base docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2018-7169 | OS | passwd,login docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-4104 | java | log4j_log4j docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2022-23302 | java | log4j_log4j docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2022-23305 | java | log4j_log4j docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-34428 | java | org.eclipse.jetty_jetty-io docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-28163 | java | org.eclipse.jetty_jetty-io docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | PRISMA-2021-0182 | java | org.eclipse.jetty_jetty-servlet docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-21409 | java | io.netty_netty-codec docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-21295 | java | io.netty_netty-codec docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-43797 | java | io.netty_netty-codec docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | PRISMA-2021-0182 | java | org.eclipse.jetty_jetty-server docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-29923 | binary | go docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2022-23773 | binary | go docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2022-23806 | binary | go docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-41772 | binary | go docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-44716 | binary | go docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-38297 | binary | go docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2022-23772 | binary | go docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-41771 | binary | go docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2022-24921 | binary | go docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2021-39293 | binary | go docker.io/bitnami/zookeeper | 3.7.0-debian-10-r348 | debian-buster | CVE-2022-24921 | binary | go

Proposal - what do you suggest to solve the problem or improve the existing situation?

Upgrade this chart's dependencies to use the 15.x or 16.x version of the Kafka chart.

Any open questions to address

I'm not sure if anyone has gauged the expected difficulty of upgrading; it will certainly be a backward incompatible release of this chart. Kafka outlines the upgrade steps here: https://github.com/bitnami/charts/tree/master/bitnami/kafka#to-1500

gburton1 avatar Apr 12 '22 22:04 gburton1