Skip to content
This repository has been archived by the owner on Aug 25, 2021. It is now read-only.

v0.30.0

Compare
Choose a tag to compare
@thisisnotashwin thisisnotashwin released this 16 Feb 23:08
· 128 commits to master since this release

BREAKING CHANGES:

  • The following Helm settings are no longer supported and will cause errors on helm upgrade.
    See Upgrade to CRDs
    for more information on how to upgrade. [GH-763]

    • connectInject.centralConfig.defaultProtocol
    • connectInject.centralConfig.proxyDefaults
    • connectInject.centralConfig.enabled
    • meshGateway.globalMode
  • The consul.hashicorp.com/connect-service-protocol annotation on Connect pods is
    no longer supported with this version of consul-k8s (0.23.0).

    Current deployments that have the annotation should remove it, otherwise they
    will get an error if a pod from that deployment is rescheduled.

    See Upgrade to CRDs
    for more information on how to upgrade.

  • The lifecycle-sidecar command and container has been renamed to
    consul-sidecar. The Helm value global.lifecycleSidecarContainer has been
    renamed to global.consulSidecarContainer.
    global.lifecycleSidecarContainer is no longer supported and will cause
    errors on helm upgrade. Please use global.consulSidecarContainer instead.
    [GH-810]

  • Ingress Gateways: when running on platforms that use hostnames instead of IPs for LoadBalancers (e.g. EKS)
    the hostname will now be used as the address of the ingress gateway. Previously the first IP was
    used, however, the IP could be recycled or go stale whereas the hostname will always work. [[GH-813](https://github.com//pull/813]

  • Helm 2 is no longer supported. It may still work, however the chart is no longer unit tested against Helm 2. [GH-807]

IMPROVEMENTS:

  • Add ability to set extra labels on Consul client pods. [GH-612]
  • CRDs: add value controller.aclToken to support manually passing in an ACL token to the CRD controller if independently managing ACLs. [GH-783]
  • TLS: Consul client certificates now include their pod IPs in the IP SANs. This applies to auto-encrypt enabled and disabled. [GH-805]
  • Consul client nodes have a new meta key called "host-ip" set to the IP of the Kubernetes node they're running on. [GH-805]
  • Connect: the latest version of consul-k8s cleans up Consul connect service mesh instances whose pods are no longer running.
    This could happen if the pod's preStop hook failed to execute for some reason. [GH-806]
  • Updated the default Consul image to hashicorp/consul:1.9.3.
  • Updated the default consul-k8s image to hashicorp/consul-k8s:0.24.0.

BUG FIXES:

  • Use rbac.authorization.k8s.io/v1 instead of rbac.authorization.k8s.io/v1beta1 API version for the roles and rolebindings used by the tls-init
    and tls-init-cleanup jobs. [GH-789]
  • Fix API version of Ingress resource for Consul UI. [GH-786]
  • Provide a deterministic host-based node ID for the Consul clients to fix an error when a client is terminated without a graceful shutdown.
    [GH-791]