FEATURES:
-
Supports deploying Consul Ingress
and Terminating Gateways.
Multiple different gateways of each type can be deployed with default values that can
be overridden for specific gateways if desired. Full documentation of the configuration
options can be found in the values file or in the Helm chart documentation
(Ingress,
Terminating).
Requires Consul 1.8.0+. -
Resources are now set on all containers. This enables the chart to be deployed
in clusters that have resource quotas set. This also ensures that Consul
server and client pods won't be evicted by Kubernetes when nodes reach their
resource limits.Resource settings have been made configurable for sync catalog, connect inject
and client snapshot deployments and sidecar proxies. [GH-470]The default settings were chosen based on a cluster with a small workload.
For production, we recommend monitoring resource usage and modifying the
defaults according to your usage. [GH-466]
BREAKING CHANGES:
-
It is recommended to use the helm repository to install the helm chart instead of cloning this repo directly. Starting with this release
the master branch may contain breaking changes.$ helm repo add hashicorp https://helm.releases.hashicorp.com $ helm install consul hashicorp/consul --set global.name=consul
-
Mesh Gateway:
meshGateway.enableHealthChecksis no longer supported. This config
option was to work around an issue where mesh gateways would not listen on their
bind ports until a Connect service was registered. This issue was fixed in Consul 1.6.2. (GH-464) -
Mesh Gateway: The default resource settings have been changed. To keep
the previous settings, you must setmeshGateway.resourcesin your own Helm config. (GH-466)Before:
meshGateway: resources: requests: memory: "128Mi" cpu: "250m" limits: memory: "256Mi" cpu: "500m"
After:
meshGateway: resources: requests: memory: "100Mi" cpu: "100m" limits: memory: "100Mi" cpu: "100m"
-
Clients and Servers: There are now default resource settings for Consul clients
and servers. Previously, there were no default settings which meant the default
was unlimited. This change was made because Kubernetes will prefer to evict
pods that don't have resource settings and that resulted in the Consul client
and servers being evicted. The default resource settings were chosen based
on a low-usage cluster. If you are running a production cluster, use the
kubectl topcommand to see how much CPU and memory your clients and servers
are using and set the resources accordingly [GH-466]. -
global.bootstrapACLshas been removed, useglobal.acls.manageSystemACLsinstead [GH-501].
IMPROVEMENTS:
-
Add component label to the server, DNS, and UI services [GH-480].
-
Provide the ability to set a custom CA Cert for consul snapshot agent [GH-481].
-
Add support for client host networking [GH-496].
To enable:
client: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet
-
Add ability to set Affinity and Tolerations to Connect Inject and Catalog Sync [GH-335].
-
Updated the default consul-k8s version to 0.16.0.
-
Updated the default consul version to 1.8.0.
-
Update default Envoy image version and OS to
envoyproxy/envoy-alpine:1.14.2[GH-502].
DEPRECATIONS
-
Setting resources via YAML string is now deprecated. Instead, set directly as YAML.
This affectsclient.resources,server.resourcesandmeshGateway.resources.
To set directly as YAML, simply remove the pipe (|) character that defines
the YAML as a string [GH-465]:Before:
client: resources: | requests: memory: "128Mi" cpu: "250m" limits: memory: "256Mi" cpu: "500m"
After:
client: resources: requests: memory: "128Mi" cpu: "250m" limits: memory: "256Mi" cpu: "500m"