Confluent Private Cloud Gateway Release Notes

This topic summarizes the technical details of the Confluent Private Cloud Gateway releases.

Confluent Private Cloud Gateway 1.2.0 Release Notes

This release introduces the following new features and enhancements:

New features

  • Confluent Gateway now supports a fencing filter, which restricts client access based on configurable criteria such as client ID, IP address, or API key. For more information, see Fencing filter.

Enhancements

Confluent Gateway now supports the following authentication methods and client versions:

  • SASL/SCRAM authentication for secure client-to-Confluent Gateway communication. For more information, see Authentication for Gateway.

  • NONE authentication method for:

    • Disabling client-to-Confluent Gateway or Confluent Gateway-to-cluster authentication.

    • Supporting authentication swapping between NONE and SASL mechanisms.

    For more information, see Configure authentication swapping mode.

  • librdkafka client support for versions 2.0.0 through 2.13.0.

Confluent Private Cloud Gateway 1.1.2 Release Notes (Patch Release)

Bug fixes

Secrets redaction from startup logs: When you provide secrets through secretRef in Confluent for Kubernetes (CFK), Confluent Gateway now redacts them from the pod startup logs.

  • Action required: If you are running Confluent Gateway 1.1.0 or earlier, upgrade to 1.1.2.

Confluent Private Cloud Gateway 1.1.0 Release Notes

New features

This release introduces license management for Confluent Private Cloud Gateway (Confluent Gateway).

Confluent Gateway now supports two license modes:

  • Trial mode (default) - No license required, and Confluent Gateway starts automatically in the trial mode.

  • Enterprise mode for Confluent Gateway - A valid Confluent Private Cloud license is required to have access to the full functionality of Confluent Gateway.

To learn about license details and configuration, see Configure License using Docker or Configure License using Confluent for Kubernetes.

Known issues

Secrets not redacted from startup logs: During Docker container startup, Confluent Gateway logs the configuration file before the Kafka log redactor initializes. If you provide secrets through secretRef in Confluent for Kubernetes (CFK), restrict access to pod startup logs to authorized users only.

  • Resolution: Upgrade to version 1.1.2, which fixes this issue.

Confluent Private Cloud Gateway 1.0.0 Release Notes

Confluent Private Cloud Gateway (Confluent Gateway), part of the core Confluent offering Confluent Private Cloud, is an enterprise-grade, stateless, self-managed, on-premises solution. It is Kafka protocol-aware and helps decouple your client applications from the underlying streaming infrastructure.

Major features and highlights

Confluent Gateway is a Kafka protocol-aware proxy positioned between clients and clusters for stateless routing. The first release of Confluent Gateway offers the following features:

  • Enables operational governance and seamless migrations (blue-green upgrades, disaster recovery switch-overs) without client modifications.

  • Facilitates secure external partner access with public endpoints for private Kafka clusters exposure, authentication swapping, and advanced traffic controls.

  • Supports customizable routing and streaming domains.

  • Supports multiple combinations of authentication swapping with secure credential storage and retrieval.

Resources and examples