From 25a25d4be711e901146e2744880b8484d7beb7db Mon Sep 17 00:00:00 2001
From: Kyle Schochenmaier <kschoche@gmail.com>
Date: Wed, 11 Nov 2020 15:52:24 -0600
Subject: [PATCH] update changelog for health checks (#390)

* Update CHANGELOG.md
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
---
 CHANGELOG.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2b9c9ff48126..32680db8ea0d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,25 @@
 ## UNRELEASED
 
+FEATURES:
+* Connect: Support Kubernetes health probe synchronization with Consul for connect injected pods. [[GH-363](https://github.com/hashicorp/consul-k8s/pull/363)]
+    * Adds a new controller to the connect-inject webhook which is responsible for synchronizing Kubernetes pod health checks with Consul service instance health checks.
+      A Consul health check is registered for each connect-injected pod which mirrors the pod's Readiness status to Consul. This modifies connect routing to only
+      pods which have passing Kubernetes health checks. See breaking changes for more information.
+    * Adds a new label to connect-injected pods which mirrors the `consul.hashicorp.com/connect-inject-status` annotation.
+  Consul-ENT only: Adds a new annotation to connect-injected pods when namespaces are enabled: `consul.hashicorp.com/consul-namespace` [[GH-376](https://github.com/hashicorp/consul-k8s/pull/376)]
+
+BREAKING CHANGES:
+* Connect: With the addition of the connect-inject health checks controller any connect services which have failing Kubernetes readiness
+  probes will no longer be routable through connect until their Kubernetes health probes are passing.
+  Previously, if any connect services were failing their Kubernetes readiness checks they were still routable through connect.
+  Users should verify that their connect services are passing Kubernetes readiness probes prior to using health checks synchronization.
+
+DEPRECATIONS:
+* `create-inject-token` in the server-acl-init command has been undeprecated.
+  `-create-inject-auth-method` has been deprecated and replaced by `-create-inject-token`.
+  `-create-inject-namespace-token` in the server-acl-init command has been deprecated. Please use `-create-inject-token` and `-enable-namespaces` flags
+  to achieve the same functionality.[[GH-368](https://github.com/hashicorp/consul-k8s/pull/368)].
+
 IMPROVEMENTS:
 * Connect: support passing extra arguments to the envoy binary. [[GH-378](https://github.com/hashicorp/consul-k8s/pull/378)]
     Arguments can be passed in 2 ways: