v0.18.0

0.18.0 (July 30, 2020)

IMPROVEMENTS:

• Connect: Add resource request and limit flags for the injected init and lifecycle sidecar containers. These flags replace the hardcoded values previously included. As part of this change, the default value for the lifecycle sidecar container memory limit has increased from 25Mi to 50Mi. [GH-298], [GH-300]

BUG FIXES:

• Connect: Respect allow/deny list flags when namespaces are disabled. [GH-296]

v0.17.0

0.17.0 (July 09, 2020)

BREAKING CHANGES:

• ACLs: Always update Kubernetes auth method created by the server-acl-init job. Previously, we would only update the auth method if Consul namespaces are enabled. With this change, we always update it to make sure that any configuration changes or updates to the connect-injector-authmethod-svc-account are propagated [GH-282].
• Connect: Connect pods have had the following resource settings changed: consul-connect-inject-init now has its memory limit set to 150M up from 25M and consul-connect-lifecycle-sidecar has its CPU request and limit set to 20m up from 10m. [GH-291]

IMPROVEMENTS:

• Extracted Consul's HTTP flags into our own package so we no longer depend on the internal Consul golang module. [GH-259]

BUG FIXES:

• Connect: Update resource settings to fix out of memory errors and CPU usage at 100% of limit. [GH-283, consul-helm GH-515]
• Connect: Creating a pod with a different service account name than its Consul service name will now result in an error when ACLs are enabled.
  Previously this would not result in an error, but the pod would not be able to send or receive traffic because its ACL token would be for a
  different service name. [GH-237]

v0.16.0

0.16.0 (June 17, 2020)

FEATURES:

• ACLs: server-acl-init now supports creating tokens for ingress and terminating gateways [GH-264].
  • Add -ingress-gateway-name flag that takes the name of an ingress gateway that needs an acl token. May be specified multiple times. [Enterprise Only] If using Consul namespaces and registering the gateway outside of the default namespace, specify the value in the form <GatewayName>.<ConsulNamespace>.
  • Add -terminating-gateway-name flag that takes the name of a terminating gateway that needs an acl token. May be specified multiple times. [Enterprise Only] If using Consul namespaces and registering the gateway outside of the default namespace, specify the value in the form <GatewayName>.<ConsulNamespace>.
• Connect: Add support for configuring resource settings for memory and cpu limits/requests for sidecar proxies. [GH-267]

BREAKING CHANGES:

• Gateways: service-address command will now return hostnames if that is the address of the Kubernetes LB. Previously it would resolve the hostname to 1 IP. The -resolve-hostnames flag was added to preserve the IP resolution behavior. [GH-271]

IMPROVEMENTS:

• Sync: Add -sync-lb-services-endpoints flag to optionally sync load balancer endpoint IPs instead of load balancer ingress IP or hostname to Consul [GH-257].
• Connect: Add pod name to the consul connect metadata for connect injected pods. [GH-231]

BUG FIXES:

• Connect:
  • Fix bug where preStop hook was malformed. This caused Consul ACL tokens to never be deleted for connect services. [GH-265]
  • Fix bug where environment variable for upstream was not populated when using a different datacenter resulted. [GH-246]
  • Fix bug where the Connect health-check was defined with a service name instead of a service ID. This check was passing in consul version before 1.8, but will now fail with versions 1.8 and higher. [GH-272]