0.33.0 (August 12, 2021)
BREAKING CHANGES:
- The consul-k8s repository has been merged with consul-helm and now contains the
consul-k8s-control-plane
binary (previously namedconsul-k8s
) and the Helm chart to deploy Consul on Kubernetes. The docker image previously namedhashicorp/consul-k8s
has been renamed tohashicorp/consul-k8s-control-plane
. The binary and Helm chart will be released together with the same version. NOTE: If you install Consul through the Helm chart and are not customizing theglobal.imageK8S
value then this will not be a breaking change. [GH-589]- Helm chart v0.33.0+ will support the corresponding
consul-k8s-control-plane
image with the same version only. For example Helm chart 0.33.0 will only be supported to work with the default valueglobal.imageK8S
:hashicorp/consul-k8s-control-plane:0.33.0
. - The control-plane binary has been renamed from
consul-k8s
toconsul-k8s-control-plane
and is now invoked asconsul-k8s-control-plane
in the Helm chart. The first version of this newly renamed binary will be 0.33.0. - The Go module
github.com/hashicorp/consul-k8s
has been named togithub.com/hashicorp/consul-k8s/control-plane
. - The Helm chart is located under
consul-k8s/charts/consul
. - The control-plane source code is located under
consul-k8s/control-plane
.
- Helm chart v0.33.0+ will support the corresponding
- Minimum Kubernetes versions supported is 1.17+ and now matches what is stated in the
README.md
file. [GH-1053]
IMPROVEMENTS:
- Control Plane
- Helm Chart
- Substitute
HOST_IP/POD_IP/HOSTNAME
variables inserver.extraConfig
andclient.extraConfig
so they are passed in to server/client config already evaluated at runtime. [GH-1042] - Set failurePolicy to Fail for connectInject mutating webhook so that pods fail to schedule when the webhook is offline. This can be controlled via
connectInject.failurePolicy
. [GH-1024] - Allow setting global.logLevel and global.logJSON and propogate this to all consul-k8s commands. [GH-980]
- Allow setting
connectInject.replicas
to control number of replicas of webhook injector. [GH-1029] - Add the ability to manually specify a k8s secret containing server-cert via the value
server.serverCert.secretName
. [GH-1024] - Allow setting
ui.pathType
for providers that do not support the default pathType "Prefix". [GH-1012] - Allow setting
client.nodeMeta
to specify arbitrary key-value pairs to associate with the node. [GH-728]
- Substitute
BUG FIXES:
- Control Plane
- Connect: Use
AdmissionregistrationV1
instead ofAdmissionregistrationV1beta1
API as it was deprecated in k8s 1.16. [GH-558] - Connect: Fix bug where environment variables
<NAME>_CONNECT_SERVICE_HOST
and
<NAME>_CONNECT_SERVICE_PORT
weren't being set when the upstream annotation was used. [GH-549] - Connect: Fix a bug with leaving around ACL tokens after a service has been deregistered. Note that this will not clean up existing leftover ACL tokens. [GH-540][GH-599]
- CRDs: Fix ProxyDefaults and ServiceDefaults resources not syncing with Consul < 1.10.0 [GH-1023]
- Connect: Skip service registration for duplicate services only on Kubernetes. [GH-581]
- Connect: redirect-traffic command passes ACL token when ACLs are enabled. [GH-576]
- Connect: Use