Consul k8s - v0.41.0

0.41.0 (February 23, 2022)

FEATURES:
* Support WAN federation via Mesh Gateways with Vault as the secrets backend. [GH-1016,GH-1025,GH-1029,GH-1038]
* Note: To use WAN federation with ACLs and Vault, you will need to create a KV secret in Vault that will serve as the replication token with
a random UUID: vault kv put secret/consul/replication key="$(uuidgen)".
* You will need to then provide this secret to both the primary
and the secondary datacenters with global.acls.replicationToken values and allow the global.secretsBackend.vault.manageSystemACLsRole Vault role to read it.
In the primary datacenter, the Helm chart will create the replication token in Consul using the UUID as the secret ID of the token.
* Connect: Support workaround for pods with multiple ports, by registering a Consul service and injecting an Envoy sidecar and init container per port. [GH-1012]
* Transparent proxying, metrics, and metrics merging are not supported for multi-port pods.
* Multi-port pods should specify annotations in the format, such that the service names and port names correspond with each other in the specified order, i.e. web service is listening on 8080, web-admin service is listening on 9090.
* consul.hashicorp.com/connect-service': 'web,web-admin
* consul.hashicorp.com/connect-service-port': '8080,9090

IMPROVEMENTS:
* Helm
* Vault: Allow passing arbitrary annotations to the vault agent. [GH-1015]
* Vault: Add support for customized IP and DNS SANs for server cert in Vault. [GH-1020]
* Vault: Add support for Enterprise License to be configured in Vault. [GH-1032]
* API Gateway: Allow Kubernetes namespace to Consul enterprise namespace mapping for deployed gateways and mesh services. [GH-1024]

BUG FIXES:
* API Gateway
* Fix issue where if the API gateway controller pods restarted, gateway pods would become disconnected from the secret discovery service. [GH-1007]
* Fix issue where the API gateway controller could not update existing Deployments or Services. [GH-1014]
* Fix issue where the API gateway controller lacked sufficient permissions to bind routes when ACLs were enabled. [GH-1018]

BREAKING CHANGES:
* Helm
* Rename fields of IngressGateway CRD to fix incorrect names (gatewayTLSConfig => tls, gatewayServiceTLSConfig => tls, gatewayTLSSDSConfig => sds). [GH-1017]

Details

date
Feb. 23, 2022, 7:54 p.m.
name
v0.41.0
type
Minor
official page
https://github.com/hashicorp/consul-k8s/releases/tag/v0.41.0
👇
Register or login to:
  • 🔍View and search all Consul k8s releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or