Skip to content

Releases: hashicorp/consul-k8s

v1.5.3

03 Sep 17:01
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.5.3
2cb0769
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.5.3 Latest
Latest

1.5.3 (August 30, 2024)

SECURITY:

IMPROVEMENTS:

  • docker: update go-discover binary [GH-4287]
  • docker: update ubi base image to ubi9-minimal:9.4. [GH-4287]
  • helm: Adds webhookCertManager.resources field which can be configured to override the resource settings for the webhook-cert-manager deployment. [GH-4184]
  • helm: Adds connectInject.apiGateway.managedGatewayClass.resourceJob.resources field which can be configured to override the resource settings for the gateway-resources-job job. [GH-4184]
  • config-entry: add validate_clusters to mesh config entry [GH-4256]
  • helm: Kubernetes v1.30 is now supported. Minimum tested version of Kubernetes is now v1.27. [GH-4244]

BUG FIXES:

  • Fixes install of Consul on GKE Autopilot where the option 'manageNonStandardCRDs' was not being used for the TCPRoute CRD. [GH-4213]
  • api-gateway: fix nil pointer deref bug when the section name in a gateway policy is not specified [GH-4247]
  • helm: adds imagePullSecret to the gateway-resources job and the gateway-cleanup job, would fail before if the image was in a private registry [GH-4210]
  • openshift: order SecurityContextConstraint volumes alphabetically to match OpenShift behavior.
    This ensures that diff detection tools like ArgoCD consider the source and reconciled resources to be identical. [GH-4227]
  • sync-catalog: fix infinite retry loop when the catalog fails to connect to consul-server during the sync process [GH-4266]
  • terminating-gateways: Fix bug where namespace field was not correctly set on ACL policies if using the Registration CRD with the service's namespace unset. [GH-4224]
Assets 2
Loading

v1.4.6

30 Aug 23:18
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.4.6
da8d421
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.4.6

1.4.6 (August 30, 2024)

SECURITY:

IMPROVEMENTS:

  • docker: update go-discover binary [GH-4287]
  • docker: update ubi base image to ubi9-minimal:9.4. [GH-4287]
  • helm: Adds webhookCertManager.resources field which can be configured to override the resource settings for the webhook-cert-manager deployment. [GH-4184]
  • helm: Adds connectInject.apiGateway.managedGatewayClass.resourceJob.resources field which can be configured to override the resource settings for the gateway-resources-job job. [GH-4184]
  • config-entry: add validate_clusters to mesh config entry [GH-4256]

BUG FIXES:

  • Fixes install of Consul on GKE Autopilot where the option 'manageNonStandardCRDs' was not being used for the TCPRoute CRD. [GH-4213]
  • api-gateway: fix nil pointer deref bug when the section name in a gateway policy is not specified [GH-4247]
  • control-plane: add missing $HOST_IP environment variable to to consul-dataplane sidecar containers [GH-3916]
  • helm: adds imagePullSecret to the gateway-resources job and the gateway-cleanup job, would fail before if the image was in a private registry [GH-4210]
  • openshift: order SecurityContextConstraint volumes alphabetically to match OpenShift behavior.
    This ensures that diff detection tools like ArgoCD consider the source and reconciled resources to be identical. [GH-4227]
  • sync-catalog: fix infinite retry loop when the catalog fails to connect to consul-server during the sync process [GH-4266]
Assets 2
Loading

v1.3.9

30 Aug 23:38
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.3.9
2f6664f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.3.9

1.3.9 (August 30, 2024)

SECURITY:

IMPROVEMENTS:

  • docker: update go-discover binary [GH-4287]
  • docker: update ubi base image to ubi9-minimal:9.4. [GH-4287]
  • helm: Adds webhookCertManager.resources field which can be configured to override the resource settings for the webhook-cert-manager deployment. [GH-4184]
  • helm: Adds connectInject.apiGateway.managedGatewayClass.resourceJob.resources field which can be configured to override the resource settings for the gateway-resources-job job. [GH-4184]
  • config-entry: add validate_clusters to mesh config entry [GH-4256]

BUG FIXES:

  • Fixes install of Consul on GKE Autopilot where the option 'manageNonStandardCRDs' was not being used for the TCPRoute CRD. [GH-4213]
  • api-gateway: fix nil pointer deref bug when the section name in a gateway policy is not specified [GH-4247]
  • helm: Fix ArgoCD hooks related annotations on server-acl-init Job, they must be added at Job definition and not template level. [GH-3989]
  • helm: adds imagePullSecret to the gateway-resources job and the gateway-cleanup job, would fail before if the image was in a private registry [GH-4210]
  • openshift: order SecurityContextConstraint volumes alphabetically to match OpenShift behavior.
    This ensures that diff detection tools like ArgoCD consider the source and reconciled resources to be identical. [GH-4227]
  • sync-catalog: fix infinite retry loop when the catalog fails to connect to consul-server during the sync process [GH-4266]
Assets 2
Loading

v1.1.16

30 Aug 23:18
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.1.16
6a9c1cc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.16

1.1.16 (August 30, 2024)

SECURITY:

IMPROVEMENTS:

  • docker: update go-discover binary [GH-4287]
  • docker: update ubi base image to ubi9-minimal:9.4. [GH-4287]
  • helm: Adds webhookCertManager.resources field which can be configured to override the resource settings for the webhook-cert-manager deployment. [GH-4184]
  • helm: Adds connectInject.apiGateway.managedGatewayClass.resourceJob.resources field which can be configured to override the resource settings for the gateway-resources-job job. [GH-4184]
  • config-entry: add validate_clusters to mesh config entry [GH-4256]

BUG FIXES:

  • openshift: order SecurityContextConstraint volumes alphabetically to match OpenShift behavior.
    This ensures that diff detection tools like ArgoCD consider the source and reconciled resources to be identical. [GH-4227]
  • sync-catalog: fix infinite retry loop when the catalog fails to connect to consul-server during the sync process [GH-4266]
Assets 2
Loading

v1.4.5

29 Aug 23:34
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.4.5
13da7c8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.4.5

1.4.5 (August 29, 2024)

SECURITY:

IMPROVEMENTS:

  • helm: Adds webhookCertManager.resources field which can be configured to override the resource settings for the webhook-cert-manager deployment.[GH-4184]

  • helm: Adds connectInject.apiGateway.managedGatewayClass.resourceJob.resources field which can be configured to override the resource settings for the gateway-resources-job job. [GH-4184]

  • config-entry: add validate_clusters to mesh config entry [GH-4256]

BUG FIXES:

  • Fixes install of Consul on GKE Autopilot where the option 'manageNonStandardCRDs' was not being used for the TCPRoute CRD. [GH-4213]
  • api-gateway: fix nil pointer deref bug when the section name in a gateway policy is not specified [GH-4247]
  • helm: adds imagePullSecret to the gateway-resources job and the gateway-cleanup job, would fail before if the image was in a private registry [GH-4210]
  • openshift: order SecurityContextConstraint volumes alphabetically to match OpenShift behavior.
    This ensures that diff detection tools like ArgoCD consider the source and reconciled resources to be identical. [GH-4227]
Assets 2
Loading

v1.3.8

29 Aug 22:05
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.3.8
3cc8315
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.3.8

1.3.8 (August 29, 2024)

SECURITY:

IMPROVEMENTS:

  • helm: Adds webhookCertManager.resources field which can be configured to override the resource settings for the webhook-cert-manager deployment. [GH-4184]

  • helm: Adds connectInject.apiGateway.managedGatewayClass.resourceJob.resources field which can be configured to override the resource settings for the gateway-resources-job job. [GH-4184]

  • config-entry: add validate_clusters to mesh config entry [GH-4256]

BUG FIXES:

  • Fixes install of Consul on GKE Autopilot where the option 'manageNonStandardCRDs' was not being used for the TCPRoute CRD. [GH-4213]
  • api-gateway: fix nil pointer deref bug when the section name in a gateway policy is not specified [GH-4247]
  • helm: Fix ArgoCD hooks related annotations on server-acl-init Job, they must be added at Job definition and not template level. [GH-3989]
  • helm: adds imagePullSecret to the gateway-resources job and the gateway-cleanup job, would fail before if the image was in a private registry [GH-4210]
  • openshift: order SecurityContextConstraint volumes alphabetically to match OpenShift behavior.
    This ensures that diff detection tools like ArgoCD consider the source and reconciled resources to be identical. [GH-4227]
Assets 2
Loading

v1.1.15

29 Aug 21:16
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.1.15
ff19795
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.15

1.1.15- (August 28, 2024)

SECURITY:

IMPROVEMENTS:

  • helm: Adds webhookCertManager.resources field which can be configured to override the resource settings for the webhook-cert-manager deployment. [GH-4184]
  • helm: Adds connectInject.apiGateway.managedGatewayClass.resourceJob.resources field which can be configured to override the resource settings for the gateway-resources-job job. [GH-4184]
  • config-entry: add validate_clusters to mesh config entry [GH-4256]

BUG FIXES:

  • openshift: order SecurityContextConstraint volumes alphabetically to match OpenShift behavior.
    This ensures that diff detection tools like ArgoCD consider the source and reconciled resources to be identical. [GH-4227]
Assets 2
Loading

v1.5.1

16 Jul 16:57
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.5.1
9251592
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.5.1

1.5.1 (July 16, 2024)

SECURITY:

IMPROVEMENTS:

  • api-gateways: Change security settings to make root file system read only and to not allow privilage escalation. [GH-3959]
  • control-plane: Remove anyuid Security Context Constraints (SCC) requirement in OpenShift. [GH-4152]
  • partition-init: Role no longer includes unnecessary access to Secrets resource. [GH-4053]

BUG FIXES:

  • api-gateway: fix issue where API Gateway specific acl roles/policy were not being cleaned up on deletion of an api-gateway [GH-4060]
  • connect-inject: add NET_BIND_SERVICE capability when injecting consul-dataplane sidecar [GH-4152]
  • endpoints-controller: graceful shutdown logic should not run on a new pod with the same name. Fixes a case where statefulset rollouts could get stuck in graceful shutdown when the new pods come up. [GH-4059]
  • terminating-gateway: Fix generated acl policy for external services to include the namespace and partition block if they are enabled. [GH-4153]
Assets 2
Loading

v1.4.4

16 Jul 14:32
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.4.4
66c58e8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.4.4

1.4.4 (July 15, 2024)

SECURITY:

IMPROVEMENTS:

  • upgrade go version to v1.22.4. [GH-4085]
  • api-gateways: Change security settings to make root file system read only and to not allow privilage escalation. [GH-3959]
  • cni: package consul-cni as .deb and .rpm files [GH-4040]
  • control-plane: Remove anyuid Security Context Constraints (SCC) requirement in OpenShift. [GH-4152]
  • partition-init: Role no longer includes unnecessary access to Secrets resource. [GH-4053]

BUG FIXES:

  • api-gateway: fix issue where API Gateway specific acl roles/policy were not being cleaned up on deletion of an api-gateway [GH-4060]
  • cni: fix incorrect release version due to unstable submodule pinning [GH-4091]
  • connect-inject: add NET_BIND_SERVICE capability when injecting consul-dataplane sidecar [GH-4152]
  • endpoints-controller: graceful shutdown logic should not run on a new pod with the same name. Fixes a case where statefulset rollouts could get stuck in graceful shutdown when the new pods come up. [GH-4059]
Assets 2
Loading

v1.3.7

16 Jul 22:05
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.3.7
4bc24aa
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.3.7

1.3.7 (July 16, 2024)

SECURITY:

IMPROVEMENTS:

  • upgrade go version to v1.22.4. [GH-4085]
  • partition-init: Role no longer includes unnecessary access to Secrets resource. [GH-4053]

BUG FIXES:

  • api-gateway: fix issue where API Gateway specific acl roles/policy were not being cleaned up on deletion of an api-gateway [GH-4060]
  • cni: fix incorrect release version due to unstable submodule pinning [GH-4091]
  • endpoints-controller: graceful shutdown logic should not run on a new pod with the same name. Fixes a case where statefulset rollouts could get stuck in graceful shutdown when the new pods come up. [GH-4059]
Assets 2
Loading