image800×400 10.7 KB

The ScyllaDB team is pleased to announce the release of ScyllaDB Operator 1.21.0.

ScyllaDB Operator is an open-source project that helps you run ScyllaDB on Kubernetes by managing ScyllaDB clusters deployed to Kubernetes and automating tasks related to operating a ScyllaDB cluster, like installation, vertical and horizontal scaling, as well as rolling upgrades.

ScyllaDB Operator 1.21 brings new features, stability improvements and documentation updates.

Oracle Kubernetes Engine (OKE) support

ScyllaDB Operator 1.21 adds Oracle Container Engine for Kubernetes (OKE) as a supported platform, expanding the set of cloud providers where ScyllaDB is available.

The new OKE support comes with comprehensive documentation covering the entire workflow – from provisioning the underlying OCI infrastructure (VCN, subnets, gateways, and node pools with Dense I/O shapes and local NVMe storage) to deploying a 3-node ScyllaDB cluster spread across fault domains. An automated setup script is also provided for one-command infrastructure provisioning.

To get started with ScyllaDB on OKE, see the Set up an OKE cluster for ScyllaDB infrastructure guide and the OKE reference deployment.

ECDSA support for TLS certificates

ScyllaDB Operator manages TLS certificates internally for securing client-to-node communication. Until now, only RSA keys were supported for certificate generation. ScyllaDB Operator 1.21 adds elliptic curve cryptography (ECDSA) as an alternative key type, offering smaller key sizes and faster cryptographic operations while maintaining industry-grade security strength.

You can opt in to ECDSA by setting the --crypto-key-type=ECDSA flag on the operator, with the curve bit-size configurable via --crypto-ecdsa-key-size (defaulting to P-384). RSA remains the default key type. The RSA key size is now configured with a dedicated --crypto-rsa-key-size flag; the previous --crypto-key-size flag is deprecated and remains accepted as an alias.

Prometheus Operator is now an optional dependency

Previously, ScyllaDB Operator required Prometheus Operator CRDs (monitoring.coreos.com/v1) to be installed in the cluster, even if you did not intend to use ScyllaDBMonitoring. Missing CRDs would result in error logs at startup.

With ScyllaDB Operator 1.21, Prometheus Operator becomes a truly optional dependency. The operator auto-detects whether the CRDs are present at startup using Kubernetes API discovery. When they are absent, the ScyllaDBMonitoring controller is simply not started – no error logs are emitted. If you install Prometheus Operator after the ScyllaDB Operator is already running, restart the operator to pick up the new CRDs.

Refer to the monitoring setup guide for details.

Other notable changes

Deprecations

This release includes several deprecations as part of ongoing API cleanup:

• CQL-over-SNI expose options deprecated: ScyllaCluster and ScyllaDBDatacenter spec.exposeOptions.cql fields are deprecated and will be removed in a future release, along with operator support for exposing CQL over an SNI proxy. The admission webhook emits a warning when these fields are set. (#3410)

• ScyllaDBMonitoring SaaS type deprecated: The SaaS value of ScyllaDBMonitoring spec.type is deprecated. The default value has changed from SaaS to Platform; existing objects that omit spec.type will render Platform dashboards after upgrading. (#3410)

Breaking changes

• RFC 1123 task name validation enforced: ScyllaCluster backup and repair task names that do not conform to RFC 1123 subdomain requirements (e.g. containing underscores _) are now rejected on creation or update. The operator will also refuse to start if any existing ScyllaClusters have non-conforming task names. This was previously a warning introduced in 1.20.1. Please ensure your task names are updated before upgrading. (#3326)

Bug fixes

• Fixed identity service selector matching cleanup job pods, which could cause client connection failures. (#3409)

• ScyllaDBMonitoring now properly sets the aggregated Available and Progressing status conditions by inspecting the state of the underlying Grafana Deployment and Prometheus CR. (#3347)

• must-gather resource collection now tolerates partial API discovery failures (e.g. when aggregated API servers like metrics.k8s.io are transiently unavailable) instead of failing entirely. (#3396)

• Fixed Grafana volume name rejections when ScyllaDBMonitoring name exceeds 19 characters. (#3363)

• Fixed monitoring scrape intervals: 5s in ServiceMonitor and 30s in Grafana, overriding the global scrape interval set in Prometheus. (#3293)

For more changes and details, check out the changelog.

Upgrade instructions

For instructions on upgrading ScyllaDB Operator to 1.21, please refer to the Upgrading ScyllaDB Operator section of the documentation. In particular, review the 1.20 to 1.21 upgrade guide for steps specific to this release (notably the RFC 1123 task name validation and the ScyllaDBMonitoring default type change).

Supported versions

• ScyllaDB 2025.1, 2025.4 - 2026.1

• Red Hat OpenShift 4.20

• Kubernetes 1.33 - 1.36

• Container Runtime Interface API v1

• ScyllaDB Manager 3.7 - 3.9

Getting started with ScyllaDB Operator

• ScyllaDB Operator Documentation

• Learn how to deploy ScyllaDB on Google Kubernetes Engine (GKE) here

• Learn how to deploy ScyllaDB on Amazon Elastic Kubernetes Engine (EKS) here

• Learn how to deploy ScyllaDB on Oracle Kubernetes Engine (OKE) here

• Learn how to deploy ScyllaDB on OpenShift (OCP) here

• Learn how to deploy ScyllaDB on a Kubernetes Cluster here

Related links

• ScyllaDB Operator source (on GitHub)

• ScyllaDB Operator image on DockerHub

• ScyllaDB Operator Helm Chart repository

• ScyllaDB Operator documentation

• ScyllaDB Operator for Kubernetes lesson in ScyllaDB University

• Report a problem

Your feedback is always welcome! Feel free to open an issue or reach out on the #scylla-operator channel in ScyllaDB User Slack.

Regards,

The ScyllaDB Operator Team