Consul on Kubernetes 0.48.0

Release Highlights

  • Consul CNI Plugin: This release introduces the Consul CNI Plugin for Consul on Kubernetes, to allow for configuring traffic redirection rules without escalated container privileges such as CAP_NET_ADMIN. Refer to Enable the Consul CNI Plugin for more details. The Consul CNI Plugin is supported for Consul K8s 0.48.0+ and Consul 1.13.1+.

  • Kubernetes 1.24 Support: Add support for Kubernetes 1.24 where ServiceAccounts no longer have long-term JWT tokens. [GH-1431]

  • MaxInboundConnections in service-defaults CRD: Add support for MaxInboundConnections on the Service Defaults CRD. [GH-1437]

  • API Gateway: ACL auth when using WAN Federation: Configure ACL auth for controller correctly when deployed in secondary datacenter with federation enabled [GH-1462]

What has Changed

  • Kubernetes 1.24 Support for multiport applications require Kubernetes secrets: Users deploying multiple services to the same Pod (multiport) on Kubernetes 1.24+ must also deploy a Kubernetes secret for each ServiceAccount associated with the Consul service. The name of the Secret must match the ServiceAccount name and be of type kubernetes.io/service-account-token Example:

    1. apiVersion: v1
    2. kind: Secret
    3. metadata:
    4.   name: svc1
    5.   annotations:
    6.     kubernetes.io/service-account.name: svc1
    7. type: kubernetes.io/service-account-token
    8. ---
    9. apiVersion: v1
    10. kind: Secret
    11. metadata:
    12.   name: svc2
    13.   annotations:
    14.     kubernetes.io/service-account.name: svc2
    15. type: kubernetes.io/service-account-token

Supported Software

  • Consul 1.11.x, Consul 1.12.x and Consul 1.13.1+
  • Kubernetes 1.19-1.24
  • Kubectl 1.19+
  • Envoy proxy support is determined by the Consul version deployed. Refer to Envoy Integration for details.

Upgrading

For detailed information on upgrading, please refer to the Upgrades page

Known Issues

The following issues are know to exist in the v0.48.0 release:

  • Consul CNI Plugin currently does not support RedHat OpenShift as the CNI Plugin Daemonset requires additional SecurityContextConstraint objects to run on OpenShift. Support for OpenShift will be added in an upcoming release.

Changelogs

The changelogs for this major release version and any maintenance versions are listed below.

Note: The following link takes you to the changelogs on the GitHub website.