github hashicorp/consul-k8s v0.20.0
on GitHub

latest releases: v1.3.6, v1.2.9, v1.1.13...
3 years ago

0.20.0 (November 12, 2020)

FEATURES:

  • Connect: Support Kubernetes health probe synchronization with Consul for connect injected pods. [GH-363]
    • Adds a new controller to the connect-inject webhook which is responsible for synchronizing Kubernetes pod health checks with Consul service instance health checks.
      A Consul health check is registered for each connect-injected pod which mirrors the pod's Readiness status to Consul. This modifies connect routing to only
      pods which have passing Kubernetes health checks. See breaking changes for more information.
    • Adds a new label to connect-injected pods which mirrors the consul.hashicorp.com/connect-inject-status annotation.
    • (Consul Enterprise only) Adds a new annotation to connect-injected pods when namespaces are enabled: consul.hashicorp.com/consul-namespace. [GH-376]

BREAKING CHANGES:

  • Connect: With the addition of the connect-inject health checks controller any connect services which have failing Kubernetes readiness
    probes will no longer be routable through connect until their Kubernetes health probes are passing.
    Previously, if any connect services were failing their Kubernetes readiness checks they were still routable through connect.
    Users should verify that their connect services are passing Kubernetes readiness probes prior to using health checks synchronization.

DEPRECATIONS:

  • create-inject-token in the server-acl-init command has been un-deprecated.
    -create-inject-auth-method has been deprecated and replaced by -create-inject-token.

    -create-inject-namespace-token in the server-acl-init command has been deprecated. Please use -create-inject-token and -enable-namespaces flags
    to achieve the same functionality. [GH-368]

IMPROVEMENTS:

  • Connect: support passing extra arguments to the envoy binary. [GH-378]

    Arguments can be passed in 2 ways:

    • via a flag to the consul-k8s inject-connect command,
      e.g. consul-k8s inject-connect -envoy-extra-args="--log-level debug --disable-hot-restart"
    • via pod annotations,
      e.g. consul.hashicorp.com/envoy-extra-args: "--log-level debug --disable-hot-restart"

  • CRDs:

    • Add Age column to CRDs. [GH-365]
    • Add validations and field descriptions for ServiceIntentions CRD. [GH-385]
    • Update CRD sync status if deletion in Consul fails. [GH-365]

BUG FIXES:

  • Federation: (Consul Enterprise only) ensure replication ACL token can replicate policies and tokens in Consul namespaces other than default. [GH-364]
  • CRDs: (Consul Enterprise only) validate custom resources can only set namespace fields if Consul namespaces are enabled. [GH-375]
  • CRDs: Ensure ACL token is global so that secondary DCs can manage custom resources.
    Without this fix, controllers running in secondary datacenters would get ACL errors. [GH-369]
  • CRDs: (Consul Enterprise only) Do not attempt to create a * namespace when service intentions specify * as destination.namespace. [GH-382]
  • CRDs: (Consul Enterprise only) Fix namespace support for ServiceIntentions CRD. [GH-362]
  • CRDs: Rename field namespaces -> namespace in ServiceResolver CRD. [GH-365]
Check out latest releases or
releases around hashicorp/consul-k8s v0.20.0

Don't miss a new consul-k8s release

NewReleases is sending notifications on new releases.

Get notifications