Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.ditto.live/llms.txt

Use this file to discover all available pages before exploring further.

​
v0.14.8
Release Date: w/c May 13, 2026
Ditto Operator 0.14.8 is a patch release that propagates image pull configuration to CDC components. Fixed:
  • imagePullSecrets and imagePullPolicy from the BigPeer custom resource are now propagated to CDC components
    • Any imagePullSecrets specified per-component are merged into the inherited ones
​
v0.14.7
Release Date: w/c May 11, 2026
Ditto Operator 0.14.7 is a patch release that fixes propagation of BigPeer and BigPeerApp changes to data bridges, with a small breaking change. Changed:
  • BREAKING CHANGE: BigPeerDataBridge custom resources must now carry an extra label ditto.live/big-peer: <big-peer-name>
Fixed:
  • Changes to BigPeer and BigPeerApp are now properly propagated to BigPeerDataBridge custom resources
​
v0.14.6
Release Date: w/c May 7, 2026
Ditto Operator 0.14.6 fixes several reconciliation issues, drops support for older Big Peer versions, and changes a Kafka data bridge default. Changed:
  • Kafka data bridges now default to 12 topic partitions when unspecified
Fixed:
  • Big Peer Store StatefulSets are now rebuilt when storage is updated in the BigPeer custom resource, instead of looping on HTTP 422 Forbidden from the Kubernetes API
    • The pod and PVC are preserved across the rebuild
    • The Ditto Operator ClusterRole has extra permissions to delete pods
  • Race condition where multiple Big Peer Store replicas could be updated at the same time
  • Changes to BigPeer are now properly propagated to BigPeerReplication custom resources
    • Users are no longer required to manually edit spec.image in BigPeerReplication as a workaround
Removed:
  • Support for Big Peer versions < 1.49.0
​
v0.14.5
Release Date: w/c Apr 17, 2026
Ditto Operator 0.14.5 is a patch release that fixes a crash during Big Peer Store PVC lookup. Fixed:
  • The Operator no longer enters CrashloopBackoff when a Kubernetes race condition prevents fetching the PVCs of a Big Peer Store StatefulSet
​
v0.14.4
Release Date: w/c Apr 17, 2026
Ditto Operator 0.14.4 adds support for configuring the Big Peer Store MRF and fixes a portal image tag issue. Added:
  • Support for specifying the Big Peer Store MRF (minimum replication factor) via the BigPeer CRD
Changed:
  • Upgraded the kube-rs and k8s-openapi Kubernetes client dependencies to their latest versions (3.0.1 and 0.27, respectively)
Fixed:
  • Self-managed portal image tag no longer falls back to the operator’s appVersion when the tag value is empty, preventing ImagePullBackOff errors from non-existent image references
  • Fixed the formula that calculates the MRF based on the number of replicas
    • NOTE: this may trigger a cluster config transition upon upgrading the Ditto Operator
​
v0.14.3
Release Date: w/c Feb 25, 2026
Ditto Operator 0.14.3 is a patch release that switches the Mongo Connector deployment to a Recreate strategy. Fixed:
  • The Mongo Connector deployment now uses the Recreate strategy to prevent duplicate connectors running concurrently during pod replacement
    • IMPORTANT: when upgrading a Big Peer with existing Mongo Connectors, each affected deployment must be manually deleted with kubectl delete deployment <name> --cascade=orphan so the Ditto Operator can recreate it
​
v0.14.2
Release Date: w/c Jan 16, 2026
Ditto Operator 0.14.2 is a patch release that updates the self-managed portal audience mapping and bumps its image tag. Changed:
  • The portal-self-managed audience now maps to the permissions needed by the self-managed portal
  • Bumped the self-managed portal image tag to 0.3.0
​
v0.14.1
Release Date: w/c Jan 15, 2026
Ditto Operator 0.14.1 is a patch release that fixes environment variable propagation in the Big Peer Store controller. Fixed:
  • The Big Peer Store controller now correctly diffs lists of environment variables, fixing an issue where env vars added to BigPeer were not propagated to its Store replicas
​
v0.14.0
Release Date: w/c Jan 12, 2026
Ditto Operator 0.14.0 adds the ability to disable Kafka’s external listener, expands the data bridge creation API, and soft-deprecates the legacy CDC network properties. Added:
  • Ability to disable Kafka’s external listener (used for Kafka data bridges) via spec.cdc.network.kafkaExternalListener.enabled in the BigPeer CRD (enabled by default)
Changed:
  • spec.cdc.network.externalListener* properties in the BigPeer CRD are now soft-deprecated; use spec.cdc.network.kafkaExternalListener instead
  • Subservers’ revision hash calculation no longer takes the number of replicas into account
  • The Operator API’s endpoint for creating data bridges now accepts connectionString when creating Mongo Connectors
Fixed:
  • The Operator API’s OpenAPI spec
​
v0.13.1
Release Date: w/c Dec 17, 2025
Ditto Operator 0.13.1 adds authentication to the Operator API and several improvements to Kafka data bridges and workload authentication. Added:
  • Authentication support for the Operator API
  • Support for Kafka data bridges to map multiple queries to a single destination topic
Changed:
  • Legacy auto-mounting of Service Account tokens in Kubernetes pods is now disabled by default everywhere, relying instead on projected tokens for workload authentication
  • The HYDRA_APISERVER_URLS environment variable is now set on Big Peer HTTP API pods, which helps support distributed queries
  • Upgraded kube-rs, k8s-openapi, and schemars Kubernetes client dependencies to their latest versions
Fixed:
  • Removing store.resources from a BigPeerStore no longer triggers a schema error
​
v0.12.1
Release Date: w/c Dec 8, 2025
Ditto Operator 0.12.1 is a patch release that adds support for the Kafka metricsConfig property. Added:
  • Support for the metricsConfig property in Kafka configuration, configurable via spec.transactions.kafka.strimzi
​
v0.12.0
Release Date: w/c Dec 5, 2025
Ditto Operator 0.12.0 adds support for managed Big Peer Synthetic Monitors and additional customization options for the Operator Helm chart. Added:
  • Operator-managed Big Peer Synthetic Monitors
    • For now this only supports the small peer sync scenario, equivalent to the hydra-synthetic-monitor
  • The Operator Helm chart now allows configuring extra annotations and labels to be applied only to the Operator Service
  • nginx.ingress.kubernetes.io/cors-allow-headers and nginx.ingress.kubernetes.io/enable-cors annotations on the HTTP API Ingress
​
v0.11.1
Release Date: w/c Dec 4, 2025
Ditto Operator 0.11.1 is a patch release that fixes CORS handling in the Operator API. Fixed:
  • The Operator API now properly handles CORS
​
v0.11.0
Release Date: w/c Dec 3, 2025
Ditto Operator 0.11.0 introduces optional deployment of the self-managed portal UI, enables Cruise Control by default for multi-broker Kafka, and exposes Operator metrics. Added:
  • The self-managed portal UI can now be optionally deployed as part of the Operator Helm chart via portal.enabled=true
    • Provides a web interface for managing Ditto applications in self-managed deployments
    • Disabled by default — customers must explicitly opt-in
    • Includes an Operator HTTP API service to enable portal communication
  • Cruise Control is enabled by default for Kafka when the number of brokers is greater than 1
    • Can be templated via spec.transactions.kafka.strimzi.template.cruiseControl
    • Can be disabled by setting spec.transactions.kafka.strimzi.enableCruiseControl to false
  • The Ditto Operator now exposes metrics via the /metrics endpoint, accessible through the Operator API
    • All metrics are prefixed with ditto_operator_
​
v0.10.1
Release Date: w/c Nov 27, 2025
Ditto Operator 0.10.1 is a patch release that prevents replication instability caused by concurrent replication pods. Changed:
  • At most a single replication pod is now guaranteed to run at a time, preventing deadlock and instability when multiple pods simultaneously attempt to hold a lockfile over the replication session cache
​
v0.10.0
Release Date: w/c Nov 25, 2025
Ditto Operator 0.10.0 adds support for Mongo Connector data bridges, expands the Operator API for data bridges, and offers further Kafka customization options. Added:
  • The Operator API now supports create, get, list, and delete operations for Data Bridges on an existing Big Peer app
  • spec.subscriptions.everything in the BigPeerReplication CRD allows a replication instance to subscribe to all objects across all collections
    • NOTE: this should only be enabled with a full understanding of the interplay with evictions
  • Support for Mongo Connector data bridges
  • Further customization of Kafka-related resources:
    • spec.transactions.topic to customize the Kafka topic used for the transaction log
    • spec.transactions.kafka.strimzi accepts config and jmxOptions
    • spec.transactions.kafka.strimzi.template.kafka accepts pod and kafkaContainer
  • Support for providing extra ACLs when creating Kafka data bridges via spec.bridge.kafka.extraAcls in the BigPeerDataBridge CRD
Removed:
  • Traces from Webhook data bridges
​
v0.9.0
Release Date: w/c Nov 14, 2025
Ditto Operator 0.9.0 introduces CDC network configuration in the BigPeer CRD, exposes Kafka through an Ingress listener, and ships experimental full Kafka data bridge support. Added:
  • spec.cdc.network in the BigPeer CRD configures network aspects of the CDC Kafka
  • spec.streamType in the BigPeerDataBridge CRD, primarily to support legacy data bridges
  • The transaction log Kafka has an extra ingress listener on port 9094
    • Strimzi creates an Ingress that exposes Kafka outside the cluster via this listener, authenticated and subject to ACLs; used for CDC purposes
  • (EXPERIMENTAL) The BigPeerDataBridge controller now fully supports Kafka data bridges
Changed:
  • The transaction log built by the Ditto Operator now sets spec.authentication.type to simple by default
    • Access to Kafka via any listener other than the plaintext one (9092, not exposed outside the cluster) is now subject to authentication via ACLs
  • The Ditto Operator’s RBAC now allows manipulating KafkaUser, Secret, Role, and RoleBinding objects (needed for CDC and Data Bridges)
Removed:
  • spec.cdc.kafka in the BigPeer CRD
    • NOTE: spec.cdc is considered EXPERIMENTAL and is subject to breaking changes until it becomes stable
  • spec.cdc.enabled in the BigPeer CRD — CDC is always enabled
​
v0.8.2
Release Date: w/c Oct 23, 2025
Ditto Operator 0.8.2 is a patch release that temporarily disables the Auth Server’s HorizontalPodAutoscaler. Removed:
  • The HorizontalPodAutoscaler for the Auth Server is temporarily disabled
​
v0.8.1
Release Date: w/c Oct 15, 2025
Ditto Operator 0.8.1 is a patch release that adds custom storage class support to BigPeerReplication. Added:
  • BigPeerReplication now supports setting a custom storage class, causing the pod to use a PVC instead of ephemeral storage
​
v0.8.0
Release Date: w/c Oct 8, 2025
Ditto Operator 0.8.0 introduces several customization options for Big Peer services and authentication, plus experimental data bridge and CDC support. Added:
  • version field in the AuthProvider::TokenWebhook CRD (optional)
  • New optional field spec.api.enableRemoteQuery in BigPeer to enable the Remote Query feature across the cluster
  • The repository name used to construct the full image path for each Big Peer service can now be overridden via new optional CRD fields:
    • Auth Service: auth.server.repository
    • API Service: api.repository
    • Subscription Service: subscriptions.repository
    • Store Service: store.repository
    • If omitted, the previous big-peer- prefixed names are used
  • (EXPERIMENTAL) New BigPeerDataBridge CRD and corresponding controller — the controller is a no-op for now
  • (EXPERIMENTAL) spec.cdc in the BigPeer CRD enables CDC for a particular Big Peer (disabled by default)
  • (EXPERIMENTAL) The BigPeerApp CRD allows customizing individual CDC components per app; spec.cdc in BigPeer enables global customization and templating that per-app configurations can override
  • The operator_internal auth provider now accepts a customizable list of additional audiences to trust, allowing CDC and synthetic monitor workloads to authenticate via operator_internal
Fixed:
  • The ConfigMap for global authentication providers is now serialized in a stable format when there are multiple providers, preventing unnecessary reconciliations
​
v0.7.4
Release Date: w/c Sep 4, 2025
Ditto Operator 0.7.4 reintroduces the hashing_scheme field in the BigPeer CRD. Added:
  • Reintroduced hashing_scheme to the BigPeer CRD as an optional value
    • NOTE: this field was removed prior to version 0.1.4, but some clusters were using ByNamespace by default, causing clusters with more than 1 partition to be stuck in a permanently broken cluster config transition
​
v0.7.3
Release Date: w/c Aug 29, 2025
Ditto Operator 0.7.3 is a patch release that fixes Auth Server and HTTP API URL resolution across namespaces. Fixed:
  • The BigPeerApp’s namespace is now included in the Auth Server and HTTP API URLs constructed by the BigPeerApp controller, allowing the Operator to interact with Big Peer components deployed in different namespaces
​
v0.7.2
Release Date: w/c Aug 29, 2025
Ditto Operator 0.7.2 is a patch release that fixes cluster config transitions when the Operator and Big Peers run in different namespaces. Fixed:
  • The BigPeer’s namespace is now included in the Store replicas’ routable addresses, fixing cluster config transitions in deployments where the Operator and Big Peers run in different namespaces
​
v0.7.1
Release Date: w/c Aug 28, 2025
Ditto Operator 0.7.1 is a patch release that relaxes the ARN regex validation in BigPeer and BigPeerSubscription CRDs. Fixed:
  • The ARN regex in the BigPeer and BigPeerSubscription CRDs has been relaxed to accept more allowed symbols
​
v0.7.0
Release Date: w/c Aug 28, 2025
Ditto Operator 0.7.0 introduces a dedicated Auth Server Docker image, configurable Kafka topic and PVC deletion, and additional template options. Added:
  • Support for topicName and topicResourceName fields in Strimzi Kafka configurations, allowing custom topic names and Kubernetes resource names for KafkaTopic resources
  • The BigPeer CRD now supports configurable Kafka topic and PVC deletion via spec.transactions.kafka.strimzi.enableDeletion (defaults to false)
Changed:
  • When spec.version >= 1.49.0, the Operator builds the Auth Server using a new Docker image, big-peer-auth-server
    • NOTE: when spec.version < 1.49.0, the Operator still builds a separate Auth Server, but uses the big-peer-subscription Docker image
  • The BigPeer CRD now supports templating PodDisruptionBudget under spec.auth.server.template
​
v0.6.1
Release Date: w/c Aug 18, 2025
Ditto Operator 0.6.1 is a patch release that restores clean upgrades from earlier versions and fixes Operator API routing. Fixed:
  • Named parameters captured in Operator API routes are correctly handled following a recent dependency upgrade
  • ongoingPvcResize in BigPeerStore Status is now optional, restoring clean upgrades from versions prior to 0.6.0
  • Added missing permissions to read StorageClass resources, required for PVC resize support
​
v0.6.0
Release Date: w/c Aug 6, 2025
Ditto Operator 0.6.0 separates the Auth Server into its own workload, ships default topology and disruption configurations for API and Subscription resources, and enables Store storage resizing. Added:
  • API and Subscription pods now include a default set of topologySpreadConstraints when none are specified, attempting to schedule replicas across both availability zones and worker nodes
  • API and Subscription resources now ship with a default set of PodDisruptionBudget configurations
  • Store nodes can have their storage size increased by updating spec.store.storage.size
  • The Auth Server now runs as a separate workload
    • The BigPeer CRD exposes configuration to tweak Auth Server workloads
    • The Operator manages extra Kubernetes resources for it: Deployment, Service, ServiceAccount, Ingress, HorizontalPodAutoscaler, and PodDisruptionBudget, all suffixed with -auth-server
Changed:
  • Tightened schema validations for BigPeer and related objects:
    • Fields represented internally as unsigned 16-bit integers now have maximums reflecting that
    • S3 bucket names, regions, and ARNs are validated against a regular expression
Fixed:
  • KafkaTopic and Kafka’s persistent storage are now correctly removed when the BigPeer resource is deleted
  • Setting imagePullSecrets to an empty array no longer causes the Operator to get stuck updating replicas
​
v0.5.0
Release Date: w/c Jul 3, 2025
Ditto Operator 0.5.0 expands the Operator API for managing existing Big Peer apps and fixes cluster config transitions in the Store. Added:
  • Operator API enhancements:
    • Add, update, or delete auth providers for an existing Big Peer app
    • Update an existing Big Peer app
      • NOTE: only the set of auth providers can be updated for now
    • Configure Big Peer replication for an existing Big Peer app
  • API server replicas are now limited to a maximum of 256
  • CRDs no longer require a size to be set alongside storage_class_name
  • New CLI parameters: --service-account-token-path and --api-key-validator-url
Fixed:
  • Configuring custom auth providers in a BigPeerApp
  • Broken cluster config transitions that prevented changing the number of partitions and/or replicas in a Big Peer Store
    • NOTE: this bug affected Operator versions >= 0.3.0
​
v0.4.0
Release Date: w/c May 1, 2025
Ditto Operator 0.4.0 adds per-app auth providers, ships a default auth provider set for every BigPeer, and validates BP2BP subscription expressions. Added:
  • Support for per-app auth providers
Changed:
  • Every BigPeer is now built with a default set of auth providers (currently just the internal provider)
  • The API Key Validator is used as the internal provider for validating service account tokens
  • BigPeer-to-BigPeer subscription expressions are now validated before reconciling BP2BP resources
    • NOTE: invalid expressions will prevent resources from being reconciled
Fixed:
  • The Operator API now returns 400 Bad Request when attempting to create an API key with a past expiry date
    • NOTE: this is a breaking change — previously a 200 OK was returned
​
v0.3.0
Release Date: w/c Apr 25, 2025
Ditto Operator 0.3.0 adds important features, such as an internal API key validator and an Operator Management API Added:
  • New CRD: BigPeerApiKey
  • Support for validating Big Peer HTTP API keys using an internal API Key Validator
  • Optional deployment of API Key Validator via Ditto Operator Helm chart
  • Support for BigPeer-to-BigPeer auth. This requires Big Peer >= 1.43.0
  • Operator Management API
Changed:
  • BigPeer-to-BigPeer subscriptions from OQL to DQL, which requires Big Peer >= 1.42.0
  • BREAKING CHANGE: new invariants for BigPeerApp custom resources:
    • Label ditto.live/big-peer must exist
    • BigPeer references by label ditto.live/big-peer must exist
    • spec.appId must be unique amongst all the BigPeerApp’s that reference the same BigPeer
  • BREAKING CHANGE: new invariants for BigPeerReplication custom resources:
    • Label ditto.live/app must exist
    • BigPeerApp referenced by label ditto.live/app must exist
​
v0.2.0
Release Date: w/c Apr 3, 2025
Ditto Operator 0.2.0 adds new features, important bug fixes, and a breaking change. Added:
  • Initial BigPeer-to-BigPeer (BigPeerReplication) support
Changed:
  • Ensure stable ordering in serialized custom resources.
Fixed:
  • Ensure unique API actor ids across Big Peers in BigPeer-to-BigPeer. Requires Big Peer >= 1.42.0
  • Ensure Big Peer Store replicas are updated one at a time
  • Support templates for Kafka-related resources. This has been fully extended to full parity with Strimzi’s templating scheme.
  • Extra verbosity in Big Peer Store controller’s logs
​
v0.1.5
Release Date: w/c Mar 18, 2025
Ditto Operator 0.1.5 is a patch release that adds bug fixes. Fixed:
  • Add disjoint roles for Ditto Operator store services
  • Fix Ditto Operator BigPeer enum serialization
​
v0.1.4
Release Date: w/c Mar 16, 2025
Ditto Operator 0.1.4 adds minor features Added:
  • Attachment backend support
  • Anonymous auth provider