hashicorp/consul-k8s v0.33.0

on GitHub

0.33.0 (August 12, 2021)

BREAKING CHANGES:

• The consul-k8s repository has been merged with consul-helm and now contains the consul-k8s-control-plane binary (previously named consul-k8s) and the Helm chart to deploy Consul on Kubernetes. The docker image previously named hashicorp/consul-k8s has been renamed to hashicorp/consul-k8s-control-plane. The binary and Helm chart will be released together with the same version. NOTE: If you install Consul through the Helm chart and are not customizing the global.imageK8S value then this will not be a breaking change. [GH-589]
  • Helm chart v0.33.0+ will support the corresponding consul-k8s-control-plane image with the same version only. For example Helm chart 0.33.0 will only be supported to work with the default value global.imageK8S: hashicorp/consul-k8s-control-plane:0.33.0.
  • The control-plane binary has been renamed from consul-k8s to consul-k8s-control-plane and is now invoked as consul-k8s-control-plane in the Helm chart. The first version of this newly renamed binary will be 0.33.0.
  • The Go module github.com/hashicorp/consul-k8s has been named to github.com/hashicorp/consul-k8s/control-plane.
  • The Helm chart is located under consul-k8s/charts/consul.
  • The control-plane source code is located under consul-k8s/control-plane.
• Minimum Kubernetes versions supported is 1.17+ and now matches what is stated in the README.md file. [GH-1053]

IMPROVEMENTS:

• Control Plane
  • Add flags -log-level, -log-json to all subcommands to control log level and json formatting. [GH-523]
  • Execute Consul clients and servers using the Docker entrypoint for consistency. [GH-590]
• Helm Chart
  • Substitute HOST_IP/POD_IP/HOSTNAME variables in server.extraConfig and client.extraConfig so they are passed in to server/client config already evaluated at runtime. [GH-1042]
  • Set failurePolicy to Fail for connectInject mutating webhook so that pods fail to schedule when the webhook is offline. This can be controlled via connectInject.failurePolicy. [GH-1024]
  • Allow setting global.logLevel and global.logJSON and propogate this to all consul-k8s commands. [GH-980]
  • Allow setting connectInject.replicas to control number of replicas of webhook injector. [GH-1029]
  • Add the ability to manually specify a k8s secret containing server-cert via the value server.serverCert.secretName. [GH-1024]
  • Allow setting ui.pathType for providers that do not support the default pathType "Prefix". [GH-1012]
  • Allow setting client.nodeMeta to specify arbitrary key-value pairs to associate with the node. [GH-728]

BUG FIXES:

• Control Plane
  • Connect: Use AdmissionregistrationV1 instead of AdmissionregistrationV1beta1 API as it was deprecated in k8s 1.16. [GH-558]
  • Connect: Fix bug where environment variables <NAME>_CONNECT_SERVICE_HOST and
    <NAME>_CONNECT_SERVICE_PORT weren't being set when the upstream annotation was used. [GH-549]
  • Connect: Fix a bug with leaving around ACL tokens after a service has been deregistered. Note that this will not clean up existing leftover ACL tokens. [GH-540][GH-599]
  • CRDs: Fix ProxyDefaults and ServiceDefaults resources not syncing with Consul < 1.10.0 [GH-1023]
  • Connect: Skip service registration for duplicate services only on Kubernetes. [GH-581]
  • Connect: redirect-traffic command passes ACL token when ACLs are enabled. [GH-576]