This page details the releases of Lenses.
For versions 4.0 to 5.4 see our legacy documentation.
London, UK - October 17th, 2024 Lenses 5.5.10 is now generally available.
Improvements
Audit Logs include the list of groups presented by IdP for the user
The group listing API endpoint now includes a list of users
London, UK - October 4th, 2024 Lenses 5.5.9 is now generally available.
Improvements
Optimise kubernetes event handling
Add extra logging for queue processing and event handling
London, UK - September 27th, 2024 Lenses 5.5.8> is now generally available
Improvements
Optimise topic auto-detection audit logging to avoid duplicate entries
Optimise logging (adjust UDAF for intellisense polluting the logs, better actor mailbox logging)
Improvements to the connector verification logic when Lenses has to mock topics or topics.regex
London, UK - August 28th, 2024 Lenses 5.5.7 is now generally available
Improvements
This version improves the fetching of schemas from Schema Registries. The related subsystem has been re-worked to provide better error handling, fewer requests to the Schema Registry, and support rate-limiting. Find out how to configure rate limiting.
London, UK - August 6th, 2024 Lenses 5.5.6 is now generally available.
The S3 backup/restore functionality now supports the latest version of the Stream Reactor S3 connector plugin.
New users coming from LDAP will not be created unless they have groups coming from LDAP matching Lenses groups. Users can still be created manually by an administrator.
If you upgrade your S3 connector plugin, existing S3 connectors will stop working. Check here to find out how you can update your connector configuration to work with the latest plugin version.
London, UK - July 26th, 2024 Lenses 5.5.5 is now generally available.
Improve performance of the data catalogue. Lenses should now be many times faster to detect topics and their serialization, and use less memory and CPU time. For teams with Kafka clusters that have thousands of schemas, the startup time will also improve. For teams with tens of thousands of schemas, consumers, and partitions, software stability will also improve.
Bring back the restart task button for paused connectors. This undocumented behaviour of Kafka Connect allows users to stop a connector’s consumer group, so they can reset offsets. For Kafka Connect 3.5 or later the new STOP connector API and corresponding button in Lenses can have the same effect.
Compress schemas before sending them to the Schema Registry. This allows to send larger schemas to the Schema Registry as the limit is on the size of the request rather than the schema itself.
Improvements to the Skip Validation option for inserting JSON messages, to allow for less strict (but still valid) schemas for inserted messages.
If you have enabled the setting to keep lucene's index on disk (option lenses.explore.index.dir
), you should disable it and delete the files from disk. You can keep it enabled if you prefer but you still need to delete the files on disk. Please note that on-disk performance is slower than in-memory. The amount of memory we use is fixed per entry, so the default in-memory configuration is advised.
London, UK - July 17th, 2024 Lenses 5.5.4 is now generally available.
Add STOP operation (button) for Connectors. The STOP operation requires Kafka Connect 3.5 or greater
Allow to skip schema validation when inserting to JSON topics
Connector search is now case-insensitive
Allow to type to search groups when creating service accounts
Show masked passwords when editing a connector (regression in 5.5.3)
Filtering connectors by type doesn’t work
When there were at least two Connect clusters with at least one connector with common name in both clusters, filtering connectors returns incorrect or multiple results
Validating connectors with passwords may not work (regression in 5.5.3)
London, UK - July 1st, 2024 Lenses 5.5.3 is now generally available.
Support for case-insensitive LDAP users
Whilst Lenses users are case-sensitive, LDAP most of the time performs case-insensitive searches on user accounts. This can lead to users who try to login to Lenses with different casing in their username (e.g., user
and USER
) to get duplicate accounts.
We added the option lenses.security.ldap.case.sensitive
with a default value of true
. It can be switched to false
in which case Lenses will treat usernames from LDAP as case-insensitive and always converting to lowercase.
Upgrade the AWS IAM library to better support service account roles inside EKS
Upgrade libraries with known CVEs —not affecting Lenses in either way
Fix Grafana link not showing up on sidebar
Fix a case where some sensitive data might leak in the logs
Fix filtering by connector name causing the connector screen to crash if a connect cluster is offline
London, UK - May 23rd, 2024 Lenses 5.5.2 is now generally available.
The connectors’ screen will not mask passwords if they are referencing a secret from a secret provider.
Fix regression where connectors’ passwords were not masked.
London, UK - April 23rd, 2024 Lenses 5.5.1 is now generally available.
Authentication:
Enhanced authentication to reject with a 401 status code when the user lacks any attached groups in the IdP (Identity Provider).
Improved authentication flow, allowing an authenticated SSO (Single Sign-On) user to log in even if there isn’t a corresponding group in Lenses.
Documentation Enhancement:
New SQL processor page with direct links to the latest documentation and support resources for user convenience.
Deployment Issue:
Addressed a bug introduced in Lenses git ops deployment* version 5.5.0, resolving provisioning issues experienced in certain deployment scenarios.
SSO Authentication Fix:
Corrected SSO authentication behavior. When an SSO user is configured to overwrite the IdP groups, Lenses now correctly refrains from extracting groups from the IdP.
London, UK1 - 11 April 2024 - Lenses 5.5 is now generally available.
For versions 4.0 to 5.4 see our doc archive.
Kafka Connectors as Code
Lenses now introduces support for managing Kafka connectors as code. With this feature, you can define your connectors in a YAML file and seamlessly deploy them to Lenses. This capability is accessible via both the Lenses CLI and the Lenses UI. This release marks the commencement of our journey towards a more declarative and automated approach to managing Kafka and Lenses resources.
Consumer Group Management
In this version, Lenses introduces support for deleting consumer group offsets and entire consumer groups, enhancing flexibility and control over consumer group management.
Generic SSO Provider
Lenses provides support for a few SSO providers out of the box like Google, Okta, etc. In this release, Lenses introduces a generic SSO provider, enabling users to integrate with any SSO provider that supports the SAML 2.0 protocol. This feature is configurable via the lenses.conf
file under lenses.security.saml.idp.provider
.
Kafka Message Replay
The Kafka message replay feature receives an enhancement, now enabling users to replay messages from a specific offset. This functionality is accessible from both the Lenses topic screen and the Lenses SQL studio screen, providing greater precision in message replay operations.
Consumer Group Offsets Data Link
Users can now seamlessly navigate from the consumer group offsets screen to the data of the topic that the consumer group offset points to, enhancing visibility and ease of data exploration.
Audits to log file
Lenses now provides the capability to log audit events to its log file, enabling users to store audit logs locally for compliance and security purposes. This feature is configurable via the lenses.conf
file under lenses.audit.to.log.file
.
Lenses Internal Topics Replication Factor
To ensure compatibility with cloud providers such as IBM, where a minimum replication factor is mandated, Lenses now allows the configuration of the replication factor for its internal topics. This setting can be configured in the lenses.conf
file under lenses.internal.topics.replication.***
.
External Applications via Lenses SDK
The Lenses SDK, a thin client facilitating the monitoring and tracking of external applications connected to Kafka within Lenses topology, has been enhanced in this release. An issue where the application’s status in Lenses was not updated correctly has been resolved.
S3 Backup-Restore for JSON Payloads
In this release, a bug affecting the S3 backup-restore feature for JSON payloads has been rectified. Previously, the feature encountered issues due to the Connect converter enforcing schema on JSON payloads, leading to incorrect functionality. This bug has been addressed to ensure seamless backup and restoration of JSON data via S3.
Lenses 5.5 is an incremental release which brings in new features and improvements.
Upgrading from 5.0 or later does not require any static configuration change but if you have automated the creation of any AWS connection, then you will have to adjust the provisioning section of your Helm chart, or your CICD, or —if you use the API directly— your API calls.
If you are upgrading from version 4.3 or older, you need to follow the upgrade procedure for Lenses 5.0 as well as the rest of the instructions that follow.
Lenses upgrades (except patch releases) are not backwards compatible. It is best practice to take a backup of the Lenses database before an upgrade.
New provisioning API [caution]
With Lenses 5.3 the provisioning API was introduced. This new API can be used to create or update the connections landscape. The old provisioning methods could only create the connection landscape (first run).
What this means, is that now the Helm chart or a CICD process can be used to manage Lenses’ connections.
For teams that are on the old provisioning method some adjustments are required to their Helm charts or other provisioning code to switch to the new API. The old methods are still available but are considered deprecated and will be removed or break in the future.
AWS and Glue Connection provisioning [breaking]
With Lenses 5.4 IAM support was added for the AWS connection type. An AWS connection is used as an authentication provider for the Glue Schema Registry and Cloudwatch channels.
Due to this change, if you create or manage your AWS and Glue connections via the API or provisioning, you need to update your configuration to the new format.
Action required
Add the new authMode
property to your connections for AWS and Glue Schema Registry.
Details
Lenses 5.4 adds a new required property for the AWS and Glue Schema Registry connections.
The property is authMode
.
It controls how Lenses authenticates with AWS:
Access keys (existing feature).
Credentials provider chain (new feature).
You set the property either with the:
Connections API - create, update.
Provision YAML.
You can set authMode
in 2 modes:
1. Access keys mode
This is the existing mode where Lenses uses AWS access keys.
Set the authMode
to Access Key
.
Specify the access key ID and secret access key, as you had before.
2. Credentials provider chain mode (new)
This is the new mode where Lenses uses the AWS default credentials provider chain.
Set the authMode
to Credentials Chain
.
No additional properties needed.
Examples - Provision YAML
1. Access mode
2. Credentials provider chain mode
Examples - API JSON
1. Access mode
AWS connection
Glue Schema Registry connection
2. Credentials provider chain mode
AWS connection
Glue Schema Registry connection
Docker image base change
Starting with Lenses 5.2 the base image of Lenses and SQL Processor Dockers switched from Debian to Ubuntu. On some older systems, these docker images will fail to run, due to a combination of a recent glibc in the container, and older docker daemon on the host.
If you fall under this category, during the startup of the Lenses container, you might see errors such as Unable to identify system. Uname is required or [warning][os,thread] Failed to start thread “GC Thread#0”.
For these cases, we now offer Lenses docker images with the suffix -debian
in their tags. E.g:
lensesio/lenses:5.5-debian
lensesio/lenses:5.5.0-debian
lensesio/lenses:latest-debian
If your host is running on an older operating system and you encounter these errors, try to use the debian equivalent tag.
Using the Lenses Archive
Download the latest 5.5 archive and extract it in a new directory on your server. It is important to avoid extracting an archive over an older installation to avoid having multiple versions of libraries. Instead, you should remove (or rename) the old directory, then move the new into its place. Copy if needed and update your lenses.conf
and security.conf
files. If you are using the internal database instead of PostgreSQL, make sure Lenses Storage Directory (lenses.storage.directory
) is kept intact. The folder is where persistent data is stored, such as users, groups, audits, data policies, connections, and more.
Make sure you have a JRE (or JDK) installed in the server running Lenses. Lenses can run on JRE 8 or greater, and the recommended version is JRE 11.
Using the Lenses Docker
The docker image uses tags to distinguish between versions. The latest
tag (lensesio/lenses:latest
) brings the latest stable version of Lenses. There are minor tags to help users get the latest patch in a minor version (e.g 5.5
, 5.1
) and patch tags to help users pin to a specific patch (e.g 5.5.1
, 5.1.2
). The best practice advice is to use the minor tag (lensesio/lenses:5.5
), which ensures that your installation will always get compatible updates until you made a conscious decision to upgrade the minor version.
If you use the internal database instead of PostgreSQL as the backing store of Lenses, make sure you keep the /data/storage
volume to not lose your data. Other volumes supported by the docker are /data/kafka-streams-state
which holds state for SQL Processors running IN-PROC and may have to be rebuilt (automatically) if lost, /data/log
(log files on disk), /data/plugins
(custom UDFs).
Pull the 5.5 docker:
Stop your current container and restart with the 5.5
image, mounting any volumes you might need.
Lenses Box
If you are a Box user, pull the latest version, preserve your /data
volume and restart Lenses:
Helm
Download the latest charts and update your values.yaml
as described below. Remember that if you are using the internal database instead of PostgreSQL as the backing store, then the Lenses Storage Directory should be stored in a persistent volume and be kept intact between updates. To support a potential downgrade, make sure this volume is backed-up before installing a newer version of Lenses.
If you have provisioning enabled (lenses.provision.enabled: true
) in your values.yaml
, and you are on provision version “1” then you have to act. Version “1” means either that lenses.provision.version
is set to "1"
, or it is not set at all. You have two options:
Disable it, as Lenses already has all the information stored in the database, and version “1” does not support updating the connections and license.Copy
Switch to provisioning version “2” which supports updating connections and licenses every time you do a helm upgrade. To do that, you must make some changes to your old provisioning section. Some resources that can come handy for the switch are:
If you don’t have your values.yaml
you can download it from the Kubernetes cluster using Helm:
Proceed to upgrade:
Alternatively, reusing the old values and turning provisioning off:
Cloud Installations
Use the latest version available in the marketplaces. Remember that Lenses Storage Directory should be provided as a persistent volume and be kept intact between updates. If a new image does not exist, you may be able to update Lenses in-place. Our support team will be happy to go through the available options with you.
\