This repository has been archived by the owner on Mar 19, 2024. It is now read-only.
v0.5.0
0.5.0 (November 17, 2022)
FEATURES:
- Switch deployed gateways to use TTL-based health checks to better support running with Consul servers that are not on the same network as a gateway [GH-371]
IMPROVEMENTS:
- Add optional
consul.partitionandconsul.serverNameto GatewayClassConfig CRD. If set these will be used to initialize the partition and server name used in TLS verification for communicating with Consul in a deployment. [GH-450] - Add optional
podSecurityPolicyto GatewayClassConfig CRD. If set and "managed" ServiceAccounts are being used, a Role and RoleBinding are created to attach the namedPodSecurityPolicyto the managed ServiceAccount. [GH-433] - Add optional configuration for maximum upstream connections to GatewayClassConfig CRD. If unset, behavior is unchanged and Envoy's default will be used. [GH-405]
- Add support for tolerations to Consul API Gateway Controller and GatewayClassConfig. [GH-426]
- Integrate consul-server-connection-manager to support Agentless consul server discovery [GH-449]
- Support distroless Envoy images (with continued support for distroful images) [GH-391]
- api: add OpenAPI schema and stubs for bootstrap token CRUD [GH-384]
- go: update to Go v1.19 [GH-424]
- makefile: switch back to upstream go-changelog repo [GH-385]
BUG FIXES:
- Delete gateway ACL tokens on shutdown so they are not orphaned after being provisioned at startup. [GH-377]
- Fix failing root certificate watch for controller when deployed in secondary federated datacenter. [GH-368]
- When a gateway is created in a namespace that doesn't exist in Consul and namespace mirroring is enabled, create the namespace in Consul. [GH-397]
NOTES:
- RefNotPermitted error is now returned instead of InvalidCertificateRef in the case where a cross namespace certificate is not allowed by a ReferenceGrant [GH-412]