Skip to content

v0.38.0
Compare
Choose a tag to compare
@hc-github-team-consul-ecosystem hc-github-team-consul-ecosystem released this 08 Dec 20:18
· 1487 commits to main since this release
v0.38.0
dd1e1b0

0.38.0 (December 08, 2021)

BREAKING CHANGES:

  • Control Plane
    • Update minimum go version for project to 1.17 [GH-878]
    • Add boolean metric to merged metrics response consul_merged_service_metrics_success to indicate if service metrics
      were scraped successfully. [GH-551]

FEATURES:

  • Vault as a Secrets Backend: Add support for Vault as a secrets backend for Gossip Encryption, Server TLS certs and Service Mesh TLS certificates,
    removing the existing usage of Kubernetes Secrets for the respective secrets. [GH-904]

    See the Consul Kubernetes and Vault documentation for full install instructions.

    Requirements:

    • Consul 1.11+
    • Vault 1.9+ and Vault-K8s 0.14+ must be installed with the Vault Agent Injector enabled (injector.enabled=true)
      into the Kubernetes cluster that Consul is installed into.
    • global.tls.enableAutoEncryption=true is required for TLS support.
    • If TLS is enabled in Vault, global.secretsBackend.vault.ca must be provided and should reference a Kube secret
      which holds a copy of the Vault CA cert.
    • Add boolean metric to merged metrics response consul_merged_service_metrics_success to indicate if service metrics were
      scraped successfully. [GH-551]

  • Helm

    • Rename PartitionExports CRD to ExportedServices. [GH-902]

IMPROVEMENTS:

  • CLI
    • Pre-check in the install command to verify the correct license secret exists when using an enterprise Consul image. [GH-875]
  • Control Plane
    • Add a label "managed-by" to every secret the control-plane creates. Only delete said secrets on an uninstall. [GH-835]
    • Add support for labeling a Kubernetes service with consul.hashicorp.com/service-ignore to prevent services from being registered in Consul. [GH-858]
  • Helm Chart
    • Fail an installation/upgrade if WAN federation and Admin Partitions are both enabled. [GH-892]
    • Add support for setting ingressClassName for UI. [GH-909]
    • Add partition support to Service Resolver, Service Router and Service Splitter CRDs. [GH-908]

BUG FIXES:

  • Control Plane:
    • Add a workaround to check that the ACL token is replicated to other Consul servers. [GH-862]
    • Return 500 on prometheus response if unable to get metrics from Envoy. [GH-551]
    • Don't include body of failed service metrics calls in merged metrics response. [GH-551]
  • Helm Chart
    • Admin Partitions (Consul Enterprise only): Do not mount Consul CA certs to partition-init job if externalServers.useSystemRoots is true. [GH-885]
Assets 2
Loading