1.0.8 (June 28, 2023)
BREAKING CHANGES:
- control-plane: All policies managed by consul-k8s will now be updated on upgrade. If you previously edited the policies after install, your changes will be overwritten. [GH-2392]
SECURITY:
- Bump Dockerfile base image for RedHat UBI
consul-k8s-control-planeimage toubi-minimal:9.2. [GH-2204] - Bump Dockerfile base image to
alpine:3.18. Resolves CVE-2023-2650 vulnerability in openssl@3.0.8-r4 [GH-2284] - Bump
controller-runtimeto address CVEs in dependencies. [GH-2225] - Update Go-Discover in the container has been updated to address CVE-2020-14040 [GH-2390]
FEATURES:
- Add support for configuring graceful shutdown proxy lifecycle management settings. [GH-2233]
- helm: Adds
acls.resourcesfield which can be configured to override theresourcesettings for theserver-acl-initandserver-acl-init-cleanupJobs. [GH-2416] - sync-catalog: add ability to support weighted loadbalancing by service annotation
consul.hashicorp.com/service-weight: <number>[GH-2293]
IMPROVEMENTS:
- (Consul Enterprise) Add support to provide inputs via helm for audit log related configuration [GH-2265]
- helm: Update the default amount of memory used by the connect-inject controller so that its less likely to get OOM killed. [GH-2249]
BUG FIXES:
- control-plane: Always update ACL policies upon upgrade. [GH-2392]
- control-plane: Fix casing of the Enforce Consecutive 5xx field on Service Defaults and acceptance test fixtures. [GH-2266]
- control-plane: add support for idleTimeout in the Service Router config [GH-2156]
- control-plane: fix issue with json tags of service defaults fields EnforcingConsecutive5xx, MaxEjectionPercent and BaseEjectionTime. [GH-2159]
- control-plane: fix issue with multiport pods crashlooping due to dataplane port conflicts by ensuring dns redirection is disabled for non-tproxy pods [GH-2176]
- crd: fix bug on service intentions CRD causing some updates to be ignored. [GH-2194]