Skip to content
This repository has been archived by the owner on Aug 25, 2021. It is now read-only.

v0.26.0
Compare
Choose a tag to compare
@ndhanushkodi ndhanushkodi released this 12 Nov 22:40
· 216 commits to master since this release
v0.26.0
65aeb67
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

FEATURES:

  • Kubernetes health check synchronization with Consul for connect injected pods via connectInject.healthChecks [GH-651].
    The default behavior for this feature is enabled: true.
    See https://www.consul.io/docs/k8s/connect/health for more information.
    In order to enable this feature for existing installations it is required to restart all connect injected deployments so that they are re-injected.
    Until this is done, health checks for these deployments will not be synced to Consul.

    It is recommended to enable TLS with this setting enabled because it requires making calls to Consul clients across the cluster.
    Without TLS enabled, these calls could leak ACL tokens should the cluster network become compromised.

  • Support for custom resource definitions (CRDs) is now generally available.
    CRDs require Consul >= 1.8.4. If you wish to use ServiceIntentions
    custom resources then this requires Consul >= 1.9.0 (which is still in beta as of this release).

    To enable, set controller.enabled: true in your Helm configuration:

    controller:
  enabled: true

    See https://www.consul.io/docs/k8s/crds
    for more information. NOTE: Using CRDs with an existing cluster may require additional steps to migrate previously created
    config entries so they can be managed by CRDs. See https://www.consul.io/docs/k8s/crds/upgrade-to-crds
    for full details.

BREAKING CHANGES:

  • This helm release only supports consul-k8s versions 0.20+
  • With the addition of the connect-inject health checks controller, any connect services which have failing Kubernetes readiness
    probes will no longer be routable through connect until their Kubernetes health probes are passing.
    Previously, if any connect services were failing their Kubernetes readiness checks they were still routable through connect.
    Users should verify that their connect services are passing Kubernetes readiness probes prior to using health checks synchronization.
  • When health checks are enabled, Consul clients will have check_update_interval set to 0s. Previously,
    it was set to its default of 5m. This change ensures the output of the check will show up in the Consul UI immediately. [GH-674]
  • CRDs: controller default limits.memory increased from 30Mi to 50Mi and requests.memory increased from 20Mi to 50Mi
    based on observed usage. [GH-649]

BUG FIXES:

  • Fix issue where Consul enterprise license job would fail for Consul versions >= 1.8.1. [GH-647]

IMPROVEMENTS:

  • Connect: support passing extra arguments to the injected envoy sidecar. [GH-675]

    To pass extra arguments to envoy, set connectInject.envoyExtraArgs in your
    Helm configuration:

    connectInject:
  enabled: true
  envoyExtraArgs: "--log-level debug --disable-hot-restart"

  • Connect: update MutatingWebhook resource version to admissionregistration.k8s.io/v1 from admissionregistration.k8s.io/v1beta1
    for clusters where it is supported. [GH-658]

  • Updated the default Consul image to consul:1.8.5.

  • Updated the default consul-k8s image to hashicorp/consul-k8s:0.20.0.

Assets 2
Loading