Release v0.19.0 · hashicorp/consul-helm

BREAKING CHANGES:

Mesh Gateways:
- meshGateway.wanAddress - The following values are no longer supported:
```
meshGateway:
  wanAddress:
    useNodeIP: true
    useNodeName: false
    host: ""
```
  Instead, if previously setting useNodeIP: true, now you must set:
```
meshGateway:
  wanAddress:
    source: "NodeIP"
```
  If previously setting useNodeName: true, now you must set:
```
meshGateway:
  wanAddress:
    source: "NodeName"
```
  If previously setting host: "example.com", now you must set:
```
meshGateway:
  wanAddress:
    source: "Static"
    static: "example.com"
```
  where meshGateway.wanAddress.static is set to the previous host value.
- meshGateway.service.enabled now defaults to true. If
  previously you were enabling mesh gateways but not enabling the service,
  you must now explicitly set this to false:
  
  Previously:
```
meshGateway:
  enabled: true
```
  Now:
```
meshGateway:
  enabled: true
  service:
    enabled: false
```
- meshGateway.service.type now defaults to LoadBalancer instead of ClusterIP.
  To set to ClusterIP use:
```
meshGateway:
  service:
    type: ClusterIP
```
- meshGateway.containerPort now defaults to 8443 instead of 443. This is
  to support running in Google Kubernetes Engine by default. This change should
  have no effect because the service's targetPort will change accordingly so
  you will still be able to route to the mesh gateway as before.
  If you wish to keep the port as 443 you must set:
```
meshGateway:
  containerPort: 443
```

FEATURES:

Add externalServers configuration to support configuring the Helm chart with Consul servers
running outside of a Kubernetes cluster [GH-375]. At the moment, this configuration is only used together
with auto-encrypt, but might be extended later for other use-cases.

To use auto-encrypt with external servers, you can set:
```
externalServers:
  enabled: true
```
This will tell all consul-k8s components to talk to the external servers to retrieve
the clients' CA. Take a look at other properties you can set for externalServers
here.
ACLs: Support ACL replication. ACL replication allows two or more Consul clusters
to be federated when ACLs are enabled. One cluster is designated the primary
and the rest are secondaries. The primary cluster replicates its ACLs to
the secondaries. [GH-368]

NOTE: This feature requires that the clusters are federated.

Primary cluster:
```
global:
  acls:
    manageSystemACLs: true
    createReplicationToken: true
```
The replication acl token Kubernetes secret is exported from the primary cluster
into the secondaries and then referenced in their Helm config:
```
global:
  acls:
    manageSystemACLs: true
    replicationToken:
      secretName: name
      secretKey: key
```

Mesh Gateways: Automatically set mesh gateway addresses when using a Kubernetes
Load Balancer service.
To use, set:

meshGateway:
  enabled: true
  service:
    enabled: true
    type: "LoadBalancer"
  wanAddress:
    source: "Service"

[GH-388]

Support setting image pull secrets via service accounts [GH-411].

IMPROVEMENTS:

Default to the latest version of consul-k8s: hashicorp/consul-k8s:0.13.0
Default to the latest version of Consul: consul:1.7.2
Allow setting specific secret keys in server.extraVolumes [GH-395]
Support auto-encrypt [GH-375].
Auto-encrypt is the feature of Consul that allows clients to bootstrap their own certs
at startup. To enable it through the Helm Chart, set:
```
global:
  tls:
    enabled: true
    enableAutoEncrypt: true
```
Run the enterprise license job on Helm upgrades, as well as installs [GH-407].

BUGFIXES:

Mesh Gateways: Mesh gateways are no longer de-registered when their node's Consul
client restarts. [GH-380]

DEPRECATIONS:

global.bootstrapACLs is deprecated. Instead, set global.acls.manageSystemACLs.
global.bootstrapACLs will be supported for the next three releases.

Previously:
```
global:
  bootstrapACLs: true
```
Now:
```
global:
  acls:
    manageSystemACLs: true
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.19.0