Consul on Kubernetes 1.1.0

Release Highlights

  • Enhanced Envoy Access Logging: Envoy access logs are now centrally managed via the accessLogs field within the ProxyDefaults CRD to allow operators to easily turn on access logs for all proxies within the service mesh. Refer to Access logs overview for more information.

  • Consul Envoy Extensions: The new Envoy extension system enables you to modify Consul-generated Envoy resources outside of the Consul binary. This will allow extensions to add, delete, and modify Envoy listeners, routes, clusters, and endpoints, enabling support for additional Envoy features without changes to the Consul codebase. The new envoyExtensions field in the ProxyDefaults and ServiceDefaults CRDs enable built-in Envoy extensions. Refer to Envoy extensions overview for more information on how to use these extensions.

  • Envoy Proxy Debugging CLI Commands: This release adds a new command to quickly modify the log level of Envoy proxies for sidecars and gateways for easier debugging. Refer to consul-k8s CLI proxy log command docs for more information.

    • Add consul-k8s proxy log podname command for displaying current log levels or updating log levels for Envoy in a given pod.

What’s Changed

  • Connect inject now excludes the openebs namespace from sidecar injection by default. If you previously had pods in that namespace that you wanted to be injected, you must now set namespaceSelector as follows:

    1. connectInject:
    2.   namespaceSelector: |
    3.     matchExpressions:
    4.     - key: "kubernetes.io/metadata.name"
    5.       operator: "NotIn"
    6.       values: ["kube-system","local-path-storage"]

Supported Software

Note: Consul 1.14.x and 1.13.x are not supported. Please refer to Supported Consul and Kubernetes versions for more detail on choosing the correct consul-k8s version.

  • Consul 1.15.x.
  • Consul Dataplane v1.1.x. Refer to Envoy and Consul Dataplane for details about Consul Dataplane versions and the available packaged Envoy version.
  • Kubernetes 1.23.x - 1.26.x
  • kubectl 1.23.x - 1.26.x
  • Helm 3.6+

Upgrading

For detailed information on upgrading, please refer to the Upgrades page

Known Issues

The following issues are known to exist in the v1.1.0 release:

  • Pod Security Standards that are configured for the Pod Security Admission controller are currently not supported by Consul K8s. OpenShift 4.11.x enables Pod Security Standards on Kubernetes 1.25 by default and is also not supported. Support will be added in a future Consul K8s 1.0.x patch release.

Changelogs

The changelogs for this major release version and any maintenance versions are listed below.

Note: The following link takes you to the changelogs on the GitHub website.