Update quay.io/strimzi-helm/strimzi-kafka-operator Docker tag to v1

[renovate]

This PR contains the following updates:

Package	Update	Change
quay.io/strimzi-helm/strimzi-kafka-operator (source)	major	0.51.0 → 1.0.0

---

Release Notes

strimzi/strimzi-kafka-operator (quay.io/strimzi-helm/strimzi-kafka-operator)

v1.0.0

Compare Source

• Use the v1 API in the Cluster Operator
• Use the v1 API as the stored API version
• Remove the v1beta2 API (and v1alpha1 and v1beta2 for KafkaTopic and KafkaUser) from the CRDs and fully move to the v1 API
• Allow upgrading from unknown Apache Kafka versions (that might be used in Strimzi patch releases)
• Add support for Kafka 4.1.2
• Add support for advertisedPortTemplate in listener configuration to add more flexibility when configuring advertised ports.
• In-place Pod resizing support for Kafka brokers and controllers, Connect nodes, and MirrorMaker 2 nodes
• Remove PreferredLeaderElectionGoal from Cruise Control's default.goals list
• Support for type: environment-variable rack awareness based on environment variables that do not require ClusterRoleBindings
• Add topologySpreadConstraints support to the Strimzi Helm chart operator Deployment
• Update HTTP bridge to 1.0.0.
• Enable configuring allowList of Strimzi Metrics Reporter dynamically
• Add support for TLS/SSL on the HTTP Bridge
  Set spec.http.tls.certificateAndKey configuration to enable it and provide the certificate and key via Secret.
• Add support force-renewal of KafkaUser certificates via strimzi.io/force-renew annotation

Major changes, deprecations, and removals

• The Strimzi Access Operator 0.2.0 does not support the Strimzi v1 CRD API and is not compatible with Strimzi 1.0.0.
  The Strimzi v1 CRD API will be supported in Strimzi Access Operator 0.3.0 release that will follow shortly after the Strimzi 1.0.0 release.
  Please check the Access Operator repository for the latest updates on the Access Operator releases and compatibility with Strimzi 1.0.0.
• The api, test, crd-annotations, and crd-generator modules now use Java 21 as their Java language level.
  If you use one of these modules as a dependency in your Java project, you will need to upgrade to Java 21 as well.
• Open Policy Agent (OPA) authorizer plugin is not bundled as part of the Strimzi Container images anymore.
  If you want to continue use the OPA Authorizer, you have to add it as a custom plugin by building a custom Kafka container image or using additional volumes.
  Once added, you can continue to use OPA using the type: custom authorization.
• The UseConnectBuildWithBuildah feature gate moves to beta stage and is enabled by default.
  If needed, UseConnectBuildWithBuildah can be disabled in the feature gates configuration in the Cluster Operator.
• Update HTTP bridge to 1.0.0.
  • /metrics endpoint is no longer available on the regular HTTP interface (port 8080 by default). It is now available on the HTTP management interface, 8081.
    Users upgrading to Strimzi 1.0.0+ should check all monitoring configurations that scrape Kafka Bridge metrics and update them to use port 8081 instead of 8080 or any other non-default port before or immediately after the upgrade to avoid metrics collection failures.
• Standalone Topic Operator now reads certificates directly from the Kubernetes Secrets in PEM format instead of using JKS/P12 keystore and truststore files.
  If you use the standalone Topic Operator and you have any custom configuration related to TLS certificates, you might need to update it during the upgrade to Strimzi 1.0.0.
  • Make sure the Topic Operator has the Kubernetes RBAC rights to read the certificate Secrets
  • Use the environment variable STRIMZI_TLS_TRUSTED_CERTS_SECRET_NAME to configure the CA certificates for TLS encryption when connecting to the Apache Kafka cluster.
  • Use the environment variables STRIMZI_TLS_SECRET_NAME, STRIMZI_TLS_KEY_NAME, and STRIMZI_TLS_CERT_NAME to configure client certificate for the mTLS authentication when connecting to the Apache Kafka cluster.
  • Use the environment variable STRIMZI_CLUSTER_NAMESPACE to define the namespace where the TLS Secrets are.
  • If you want to use TLS encryption with an Apache Kafka cluster using server certificates signed by a public CA, you just need to use the STRIMZI_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM variable and set it to TLS.
  • The STRIMZI_TLS_ENABLED, STRIMZI_TLS_AUTH_ENABLED, STRIMZI_PUBLIC_CA, STRIMZI_TRUSTSTORE_LOCATION, STRIMZI_TRUSTSTORE_PASSWORD, STRIMZI_KEYSTORE_LOCATION, and STRIMZI_KEYSTORE_PASSWORD environment variables are not used anymore and will be ignored if set.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.