--- layout: docs page_title: 1.0.x description: >- Consul on Kubernetes release notes for version 1.0.x --- # Consul on Kubernetes 1.0 ## Release Highlights - ** Simplified Service Mesh Deployments with Consul Dataplane:** Consul client agents are no longer deployed by default, and Consul service mesh no longer uses Consul clients to operate. A new component `consul-dataplane` is now injected as a sidecar-proxy instead of plain Envoy. `consul-dataplane` manages the Envoy proxy process and proxies xDS requests from Envoy to Consul servers. All service mesh consul-k8s components are configured to talk directly to Consul servers. - **Consul API Gateway 0.5.0 Support:** Support to run Consul API Gateway without clients and allow Consul API Gateway to directly connect to Consul servers. ## What's Changed - `client.enabled` now defaults to `false`. Setting it to true will deploy client agents, however, none of the consul-k8s components will use clients for their operation. For Vault on Kubernetes using Consul deployed on Kubernetes as a storage backend, `client.enabled` should be set to `true` prior to upgrading. - `externalServers.grpcPort` default is now 8502 instead of 8503. - Consul snapshot agent runs as a sidecar to Consul servers. - `client.snapshotAgent` values are moved to `server.snapshotAgent`, with the exception of the following values: `client.snaphostAgent.replicas`, `client.snaphostAgent.serviceAccount` - `global.secretsBackend.vault.consulSnapshotAgentRole` value is now removed. You should now use the `global.secretsBackend.vault.consulServerRole` for access to any Vault secrets. - Support simplified default deployment values to allow for easier quick starts and testing: * Set `server.replicas` to `1`. Formerly, this defaulted to `3`. * `connectInject.enabled` now defaults to true. * `dns.enabled` and `dns.enableRedirection` will now default to the value of `connectInject.transparentProxy.defaultEnabled`. Previously, `dns.enabled` defaulted to the value of `global.enabled` and `dns.enableRedirection` defaulted to the value to `false`. * Set `connectInject.replicas` to 1 * Set `meshGateway.affinity` to null and `meshGateway.replicas` to 1 * Set `ingressGateways.defaults.affinity` to null and `ingressGateways.defaults.replicas` to 1 * Set `terminatingGateways.defaults.affinity` to null and `terminatingGateways.defaults.replicas` to 1 * `syncCatalog.consulNamespaces.mirroringK8S` now defaults to `true`. * `connectInject.consulNamespaces.mirroringK8S` now defaults to `true`. - `global.imageEnvoy` is now replaced with `global.imageConsulDataplane` for running the sidecar proxy. apiGateway.imageEnvoy` is now available for configuring the version of Envoy that the API Gateway uses. ## Supported Software ~> **Note:** Consul 1.13.x and 1.12.x is not supported. Please use Consul K8s 0.49.x if you want to use Consul 1.13.x or 1.12.x. - Consul 1.14.x. - Consul Dataplane v1.0.x. Refer to [Envoy and Consul Dataplane](/docs/connect/proxies/envoy#envoy-and-consul-dataplane) for details about Consul Dataplane versions and the available packaged Envoy version. - Kubernetes 1.22.x - 1.25.x - `kubectl` 1.22.x - 1.25.x - Helm 3.6+ ## Upgrading For detailed information on upgrading, please refer to the [Upgrades page](/docs/k8s/upgrade) ## Known Issues The following issues are known to exist in the v1.0.0 release: - Pod Security Standards that are configured for the [Pod Security Admission controller](https://kubernetes.io/blog/2022/08/25/pod-security-admission-stable/) are currently not supported by Consul K8s. OpenShift 4.11.x enables Pod Security Standards on Kubernetes 1.25 [by default](https://connect.redhat.com/en/blog/important-openshift-changes-pod-security-standards) and is also not supported. Support will be added in a future Consul K8s 1.0.x patch release. ## Changelogs The changelogs for this major release version and any maintenance versions are listed below. ~> **Note:** The following link takes you to the changelogs on the GitHub website. - [1.0.0](https://github.com/hashicorp/consul-k8s/releases/tag/v1.0.0)