Consul k8s - v1.2.2

1.2.2 (September 21, 2023)

SECURITY:

FEATURES:

Add support for new observability service principal in cloud preset [GH-2958]
helm: Add ability to configure resource requests and limits for Gateway API deployments. [GH-2723]

IMPROVEMENTS:

Add NET_BIND_SERVICE capability to restricted security context used for consul-dataplane [GH-2787]
Add new value global.argocd.enabled. Set this to true when using ArgoCD to deploy this chart. [GH-2785]
Add support for running on GKE Autopilot. [GH-2952]
api-gateway: reduce log output when disconnecting from consul server [GH-2880]
control-plane: Improve performance for pod deletions by reducing the number of fetched tokens. [GH-2910]
control-plane: prevent updation of anonymous-token-policy and anonymous-token if anonymous-token-policy is already attached to the anonymous-token [GH-2790]
helm: Add JWKSCluster field to JWTProvider CRD. [GH-2881]
vault: Adds namespace to secretsBackend.vault.connectCA in Helm chart and annotation: "vault.hashicorp.com/namespace: namespace" to
secretsBackend.vault.agentAnnotations, if "vault.hashicorp.com/namespace" annotation is not present.
This provides a more convenient way to specify the Vault namespace than nested JSON in connectCA.additionalConfig. [GH-2841]

BUG FIXES:

audit-log: fix parsing error for some audit log configuration fields fail with uncovertible string to integer errors. [GH-2905]
bug: Remove global.acls.nodeSelector and global.acls.annotations from Gateway Resources Jobs [GH-2869]
control-plane: Fix issue where ACL tokens would have an empty pod name that prevented proper token cleanup. [GH-2808]
control-plane: When using transparent proxy or CNI, reduced required permissions by setting privileged to false. Privileged must be true when using OpenShift without CNI. [GH-2755]
helm: Update prometheus port and scheme annotations if tls is enabled [GH-2782]
ingress-gateway: Adds missing PassiveHealthCheck to IngressGateways CRD and updates missing fields on ServiceDefaults CRD [GH-2796]