Skip to content
This repository has been archived by the owner on Aug 25, 2021. It is now read-only.

v0.32.0-beta1

Pre-release
Pre-release
Compare
Choose a tag to compare
@thisisnotashwin thisisnotashwin released this 16 Apr 19:21
· 74 commits to master since this release
v0.32.0-beta1
44600e1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

IMPROVEMENTS:

  • Specify kubeVersion in Chart.yaml to denote that this chart is compatible with Kubernetes 1.16+. [GH-883]
  • CRDs: update the CRD versions from v1beta1 to v1. [GH-883]
  • Enterprise: support applying Consul Enterprise license when security context defaults to non-root users. [GH-880]
  • Sync Catalog: add new syncCatalog.extraLabels Helm value for configuring labels on sync catalog pods. [GH-892]
  • Connect: Support high availability of the connect-inject deployment. [GH-903]

BREAKING CHANGES:

  • Minimum Kubernetes versions supported is 1.16+. [GH-883]

  • Connect: The Helm values for health checks and cleanup controller have been removed: connectInject.healthChecks and connectInject.cleanupController, as these controllers have been replaced by the endpoints controller. [GH-899]

  • Connect: connect webhook deployment now uses webhook-cert-manager to bootstrap the webhook certificates instead of generating them inside of the webhook. [GH-861]

  • Connect: Kubernetes Services are now required for all connect injected applications.
    The Kubernetes service name will be used as the service name to register with Consul unless the annotation consul.hashicorp.com/connect-service is provided to the pod to override this.
    If using ACLs the ServiceAccountName must match the service name used with Consul.

    Example Service:

    ---
apiVersion: v1
kind: Service
metadata:
  name: sample-app
spec:
  selector:
    app: sample-app
  ports:
  - port: 80
    targetPort: 9090
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: sample-app
  name: sample-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sample-app
  template:
    metadata:
      annotations:
        'consul.hashicorp.com/connect-inject': 'true'
      labels:
        app: sample-app
    spec:
      containers:
      - name: sample-app
        image: sample-app:0.1.0
        ports:
        - containerPort: 9090

    Note: if you're already using a Kubernetes service, no changes are required.

  • Connect: -enable-health-checks-controller, -health-checks-reconcile-period, -cleanup-controller-reconcile-period have been removed
    and are no longer supported as the controllers have been replaced by the endpoints controller. [GH-892]

  • Connect: Support transparent proxy. [GH-905]
    This feature allows users to reach other services on the Consul Service Mesh by using KubeDNS instead of using localhost
    and enforces all inbound and outbound traffic within a pod to go through the Envoy proxy.
    Please see Transparent Proxy docs for more information.

    Note: This feature is currently in beta and requires consul-k8s v0.26.0-beta1 or higher.

    Transparent proxy is enabled by default for all Consul service mesh application. You can disable it for the
    entire Helm installation by setting:

    connectInject:
  transparentProxy:
    defaultEnabled: false

    Alternatively, you can enable or disable it for each individual application by using
    the consul.hashicorp.com/transparent-proxy pod annotation:

    ...
metadata:
  name: example
  labels:
    app: example
  annotations:
    "consul.hashicorp.com/transparent-proxy": "true"
...

BUG FIXES:

  • Add startup probe to connect-inject deployment to give time for certificates to be available.
    Previously, the deployment could be killed by Kubernetes and crash loop because certificates would take a couple
    of seconds. [GH-885]
Assets 2
Loading