v1.0.0-beta5

updating versions for release

v1.0.0-beta4

IMPROVEMENTS:

CLI:

• Update demo charts and CLI command to not presume tproxy when using HCP preset. Also, use the most recent version of hashicups. [GH-1657]

v1.0.0-beta3

1.0.0-beta3 (October 12, 2022)

FEATURES:

• Peering: Add support for PeerThroughMeshGateways in Mesh CRD. [GH-1478]

BREAKING CHANGES:

• Helm:
  • syncCatalog.consulNamespaces.mirroringK8S now defaults to true. [GH-1601]
  • connectInject.consulNamespaces.mirroringK8S now defaults to true. [GH-1601]

IMPROVEMENTS:

• Helm:
  • API Gateway: Allow controller to read MeshServices for use as a route backend. [GH-1574]
• CLI:
  • consul-k8s status command will only show status of servers if they are expected to be present in the Kubernetes cluster. [GH-1603]

v1.0.0-beta2

1.0.0-beta2 (October 6, 2022)

BREAKING CHANGES:

• Helm
  • server.replicas now defaults to 1. Formerly, this defaulted to 3. [GH-1551]
  • connectInject.enabled now defaults to true. [GH-1551]
  • controller.enabled now defaults to true. [GH-1551]

BUG FIXES:

• CLI
  • Pass required environment variables to the CLI for cluster bootstrapping. [GH-1593]
  • Configure -tls-server-name when global.cloud.enabled=true so that it matches the server certificate created via HCP [GH-1591]
  • Do not query clients in the status command since clients no longer exist. [GH-1573]

v1.0.0-beta1

1.0.0-beta1 (October 4, 2022)

FEATURES:

• CLI:
  • Add the ability to install HCP self-managed clusters. [GH-1540]
  • Add the ability to install the HashiCups demo application via the -demo flag. [GH-1540]

BREAKING CHANGES:

• Consul client agents are no longer deployed by default, and Consul service mesh no longer uses Consul clients to operate. This change affects several main areas listed below. [GH-1552]
  • Control plane:
    • A new component consul-dataplane is now injected as a sidecar-proxy instead of plain Envoy. consul-dataplane manages the Envoy proxy process and proxies xDS requests from Envoy to Consul servers.
    • All services on the service mesh are now registered directly with the central catalog in Consul servers.
    • All service-mesh consul-k8s components are configured to talk directly to Consul servers.
    • Mesh, ingress, and terminating gateways are now registered centrally by the endpoints controller, similar to how service-mesh services are registered.
  • Helm:
    • client.enabled now defaults to false. Setting it to true will deploy client agents, however, none of the consul-k8s components will use clients for their operation.
    • global.imageEnvoy is no longer used for sidecar proxies, as well as mesh, terminating, and ingress gateways.
    • externalServers.grpcPort default is now 8502 instead of 8503.
    • meshGateway.service.enabled value is removed. Mesh gateways now will always have a Kubernetes service as this is required to register them as a service with Consul.
    • meshGateway.initCopyConsulContainer, ingressGateways.initCopyConsulContainer, terminatingGateways.initCopyConsulContainer values are removed.
  • Known beta limitations:
    • Transparent proxy is not yet supported.
    • Metrics and observability is not yet supported.
    • API gateway is not yet supported.
    • Executables in the form of exec= are not yet supported when using external servers and ACLs.

v0.49.0

0.49.0 (September 30, 2022)

FEATURES:

• CLI:
  • Add support for tab autocompletion [GH-1437]
• Consul CNI Plugin
  • Support for OpenShift and Multus CNI plugin [GH-1527]

BUG FIXES:

• Control plane
  • Use global ACL auth method to provision ACL tokens for API Gateway in secondary datacenter [GH-1481]
  • Peering: pass new use_auto_cert value to gRPC TLS config when auto-encrypt is enabled. [GH-1541]
• Helm:
  • Only create Federation Secret Job when server.updatePartition is 0 [GH-1512]
  • Fixes a typo in the templating of global.connectInject.disruptionBudget.maxUnavailable. [GH-1530]

IMPROVEMENTS:

• Helm:
  • API Gateway: Set primary datacenter flag when deploying controller into secondary datacenter with federation enabled [GH-1511]
  • API Gateway: Allow controller to create and update Secrets for storing Consul CA cert alongside gateway Deployments [GH-1542]
  • New parameter EnforcingConsecutive5xx which supports a configurable percent chance of automatic ejection of a host when a consecutive number of 5xx response codes are received [GH-1484]
• Control-plane:
  • Support escaped commas in service tag annotations for pods which use consul.hashicorp.com/connect-service-tags or consul.hashicorp.com/service-tags. [GH-1532]

v0.48.0

0.48.0 (September 01, 2022)

FEATURES:

• MaxInboundConnections in service-defaults CRD
  • Add support for MaxInboundConnections on the Service Defaults CRD. [GH-1437]
• Consul CNI Plugin
  • CNI Plugin for Consul-k8s [GH-1465]
• Kubernetes 1.24 Support
  • Add support for Kubernetes 1.24 where ServiceAccounts no longer have long-term JWT tokens. [GH-1431]
  • Upgrade kubeVersion in helm chart to support Kubernetes 1.21+.

BREAKING CHANGES:

• Kubernetes 1.24 Support

  • Users deploying multiple services to the same Pod (multiport) on Kubernetes 1.24 must also deploy a Kubernetes Secret for each ServiceAccount associated with the Consul service. The name of the Secret must match the ServiceAccount name and be of type kubernetes.io/service-account-token [GH-1431]
  • Kubernetes 1.19 and 1.20 are no longer supported.

  Example:

  apiVersion: v1
  kind: Secret
  metadata:
    name: svc1
    annotations:
      kubernetes.io/service-account.name: svc1
  type: kubernetes.io/service-account-token
  ---
  apiVersion: v1
  kind: Secret
  metadata:
    name: svc2
    annotations:
      kubernetes.io/service-account.name: svc2
  type: kubernetes.io/service-account-token

• Control Plane

  • Rename flag server-address to token-server-address in the inject-connect subcommand to avoid overloading the context of the server-address flag. [GH-1426]

IMPROVEMENTS:

• CLI:
  • Display clusters by their short names rather than FQDNs for the proxy read command. [GH-1412]
  • Display a message when proxy list returns no results. [GH-1412]
  • Display a warning when a user passes a field and table filter combination to proxy read where the given field is not present in any of the output tables. [GH-1412]
  • Extend the timeout for consul-k8s proxy read to establish a connection from 5s to 10s. [GH-1442]
  • Expand the set of Envoy Listener Filters that may be parsed and output to the Listeners table. [GH-1442]
• Helm:
  • The default Envoy proxy image is now envoyproxy/envoy:v1.23.1. [GH-1473]

BUG FIXES:

• Helm
  • API Gateway: Configure ACL auth for controller correctly when deployed in secondary datacenter with federation enabled [GH-1462]
• CLI
  • Fix issue where SNI filters for Terminating Gateways showed up as blank lines. [GH-1442]
  • Fix issue where Logical DNS endpoints were being displayed alongside cluster names. [GH-1452]

v0.47.1

0.47.1 (August 12, 2022)

BUG FIXES:

• Helm
  • Update the version of the imageK8S in values.yaml to the latest control-plane image. [GH-1355]

v0.47.0

0.47.0 (August 12, 2022)

FEATURES:

• Transparent Proxy Egress
  • Add support for Destinations on the Service Defaults CRD. [GH-1352]
• CLI:
  • Add consul-k8s proxy list command for displaying Pods running Envoy managed by Consul. [GH-1271]
  • Add consul-k8s proxy read podname command for displaying Envoy configuration for a given Pod. [GH-1271]
• [Experimental] Cluster Peering:
  • Add support for ACLs and TLS. [GH-1343] [GH-1366]
  • Add support for Load Balancers or external addresses in front of Consul servers for peering stream.
    • Support new expose-servers Kubernetes Service deployed by Helm chart to expose the Consul servers, and using the service address in the peering token. [GH-1378]
    • Support non-default partitions by using externalServers.hosts as the server addresses in the peering token. [GH-1384]
    • Support arbitrary addresses as the server addresses in the peering token via global.peering.tokenGeneration.source="static" and global.peering.tokenGeneration.static=["sample-server-address:8502"]. [GH-1392]
  • Generate new peering token only on user-triggered events. [GH-1399]

IMPROVEMENTS:

• Helm
  • Bump default Envoy version to 1.22.4. [GH-1413]
  • Added support for Consul API Gateway to read ReferenceGrant custom resources. This will require either installing Consul API Gateway CRDs from the upcoming v0.4.0 release with kubectl apply --kustomize "github.com/hashicorp/consul-api-gateway/config/crd?ref=v0.4.0" or manually installing the ReferenceGrant CRD from the Gateway API v0.5 Experimental Channel when setting apiGateway.enabled=true [GH-1299]

BUG FIXES:

• Helm
  • Fix permissions in client-daemonset and server-statefulset when using extra-config volumes to prevent errors on OpenShift. [GH-1307]

v0.46.1

0.46.1 (July 26, 2022)

IMPROVEMENTS:

• Control Plane
  • Update alpine to 3.16 in the Docker image. [GH-1372]