lhotari opened a new pull request, #25856:
URL: https://github.com/apache/pulsar/pull/25856
### Motivation
The `io.kubernetes:client-java` 26.0.0 release adds
`software.amazon.awssdk:sts` as a direct dependency to support EKS IAM
authentication (IRSA). That single dependency transitively pulls in ~28 AWS SDK
v2 jars (about 8 MB) plus `software.amazon.eventstream:eventstream`.
Pulsar uses the kubernetes client only for in-cluster API access (functions
runtime, OIDC auth, secrets, integration tests) and does not need the AWS
authentication path. Bundling the AWS SDK jars in the binary distribution would
be pure dead weight.
### Modifications
- Bumped `kubernetesclient` from `23.0.0` to `26.0.0` in
`gradle/libs.versions.toml`.
- Added `exclude(group = "software.amazon.awssdk")` to every consumer of
`libs.kubernetes.client.java` (and `libs.kubernetes.client.java.api.fluent`):
- `pulsar-broker-auth-oidc/build.gradle.kts`
- `pulsar-functions/runtime/build.gradle.kts`
- `pulsar-functions/secrets/build.gradle.kts`
- `tests/integration/build.gradle.kts`
- Updated the three `io.kubernetes-client-java*` jar version entries in
`distribution/server/src/assemble/LICENSE.bin.txt` from `23.0.0` to `26.0.0`.
No AWS SDK LICENSE entries were added because the jars are no longer bundled.
The commit also pulls along a few unrelated in-flight changes in
`tests/integration` (joda-time test dep, TestNG suite handling that defers to
`--tests` CLI filter, and small fixes in `AbstractPulsarStandaloneK8STest`)
that were already staged on this branch.
### Verifying this change
- [x] Make sure that the change passes the CI checks.
This change is already covered by existing tests:
- `./gradlew checkBinaryLicense` passes (verifies no missing LICENSE/NOTICE
entries against the produced `apache-pulsar-*-bin.tar.gz`, confirming the AWS
SDK is no longer bundled).
- `./gradlew spotlessCheck checkstyleMain checkstyleTest` passes on the
modified modules.
### Does this pull request potentially affect one of the following parts:
- [x] Dependencies (add or upgrade a dependency)
The `io.kubernetes:client-java` runtime dependency moves from `23.0.0` to
`26.0.0`. Transitive `software.amazon.awssdk:*` and
`software.amazon.eventstream:eventstream` (newly introduced by 26.0.0) are
excluded everywhere `client-java` is consumed, so the binary distribution gains
only the kubernetes-client version bump.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
