github hashicorp/consul-helm v0.32.0-beta1

latest releases: v0.32.1, v0.32.0, v0.32.0-beta3...
pre-release3 years ago

IMPROVEMENTS:

  • Specify kubeVersion in Chart.yaml to denote that this chart is compatible with Kubernetes 1.16+. [GH-883]
  • CRDs: update the CRD versions from v1beta1 to v1. [GH-883]
  • Enterprise: support applying Consul Enterprise license when security context defaults to non-root users. [GH-880]
  • Sync Catalog: add new syncCatalog.extraLabels Helm value for configuring labels on sync catalog pods. [GH-892]
  • Connect: Support high availability of the connect-inject deployment. [GH-903]

BREAKING CHANGES:

  • Minimum Kubernetes versions supported is 1.16+. [GH-883]

  • Connect: The Helm values for health checks and cleanup controller have been removed: connectInject.healthChecks and connectInject.cleanupController, as these controllers have been replaced by the endpoints controller. [GH-899]

  • Connect: connect webhook deployment now uses webhook-cert-manager to bootstrap the webhook certificates instead of generating them inside of the webhook. [GH-861]

  • Connect: Kubernetes Services are now required for all connect injected applications.
    The Kubernetes service name will be used as the service name to register with Consul unless the annotation consul.hashicorp.com/connect-service is provided to the pod to override this.
    If using ACLs the ServiceAccountName must match the service name used with Consul.

    Example Service:

    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: sample-app
    spec:
      selector:
        app: sample-app
      ports:
      - port: 80
        targetPort: 9090
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      labels:
        app: sample-app
      name: sample-app
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: sample-app
      template:
        metadata:
          annotations:
            'consul.hashicorp.com/connect-inject': 'true'
          labels:
            app: sample-app
        spec:
          containers:
          - name: sample-app
            image: sample-app:0.1.0
            ports:
            - containerPort: 9090

    Note: if you're already using a Kubernetes service, no changes are required.

  • Connect: -enable-health-checks-controller, -health-checks-reconcile-period, -cleanup-controller-reconcile-period have been removed
    and are no longer supported as the controllers have been replaced by the endpoints controller. [GH-892]

  • Connect: Support transparent proxy. [GH-905]
    This feature allows users to reach other services on the Consul Service Mesh by using KubeDNS instead of using localhost
    and enforces all inbound and outbound traffic within a pod to go through the Envoy proxy.
    Please see Transparent Proxy docs for more information.

    Note: This feature is currently in beta and requires consul-k8s v0.26.0-beta1 or higher.

    Transparent proxy is enabled by default for all Consul service mesh application. You can disable it for the
    entire Helm installation by setting:

    connectInject:
      transparentProxy:
        defaultEnabled: false

    Alternatively, you can enable or disable it for each individual application by using
    the consul.hashicorp.com/transparent-proxy pod annotation:

    ...
    metadata:
      name: example
      labels:
        app: example
      annotations:
        "consul.hashicorp.com/transparent-proxy": "true"
    ...

BUG FIXES:

  • Add startup probe to connect-inject deployment to give time for certificates to be available.
    Previously, the deployment could be killed by Kubernetes and crash loop because certificates would take a couple
    of seconds. [GH-885]

Don't miss a new consul-helm release

NewReleases is sending notifications on new releases.