v0.20.0
BREAKING CHANGES:
-
External Servers [GH-430]:
externalServers.https.address
moved toexternalServers.hosts
and changed its type fromstring
toarray
.externalServers.https.port
moved toexternalServers.httpsPort
and its default value changed from443
to8501
.externalServers.https.tlsServerName
moved toexternalServers.tlsServerName
.externalServers.https.useSystemRoots
moved toexternalServers.useSystemRoots
.
For example, if previously setting
externalServers
like so:externalServers: enabled: true https: address: "example.com" port: 443 tlsServerName: null useSystemRoots: false
Now you need to change it to the following:
externalServers: enabled: true hosts: ["example.com"] httpsPort: 443 tlsServerName: null useSystemRoots: false
-
Auto-encrypt: You can no longer re-use
client.join
property if using auto-encrypt
withexternalServers.enabled
set totrue
. You must provide Consul server HTTPS address
viaexternalServers.hosts
andexternalServers.httpsPort
.For example, if previously setting:
tls: enabled: true enabledAutoEncrypt: true externalServers: enabled: true client: join: ["consul.example.com"]
Now you need to change it to:
tls: enabled: true enabledAutoEncrypt: true externalServers: enabled: true hosts: ["consul.example.com"] client: join: ["consul.example.com"]
FEATURES:
-
Support managing ACLs when running Consul servers externally to Kubernetes:
-
ACLs: Support providing your own bootstrap token [GH-420].
If provided, theserver-acl-init
job will skip server ACL bootstrapping.Example:
global: acls: manageSystemACLs: true bootstrapToken: secretName: bootstrap-token secretKey: token
-
External Servers: Add
externalServers.k8sAuthMethodHost
to allow configuring a custom location
of the Kubernetes API server for the auth method created in Consul [GH-420].
The Kubernetes API server provided here must be reachable from the external Consul servers.Example:
externalServers: enabled: true k8sAuthMethodHost: https://kubernetes-api.example.com:443
-
IMPROVEMENTS:
- Default to the latest version of consul-k8s: hashicorp/consul-k8s:0.14.0
BUG FIXES:
tls-init-cleanup
can run even if pre-install fails [GH-419].