consul v1.13.0 Release Notes

Release Date: 2022-08-09 // 4 months ago
  • ๐Ÿ’ฅ BREAKING CHANGES:

    • config-entry: Exporting a specific service name across all namespace is invalid.
    • ๐Ÿš€ connect: contains an upgrade compatibility issue when restoring snapshots containing service mesh proxy registrations from pre-1.13 versions of Consul [GH-14107]. Fixed in 1.13.1 [GH-14149]. Refer to 1.13 upgrade guidance for more information.
    • ๐Ÿš€ connect: if using auto-encrypt or auto-config, TLS is required for gRPC communication between Envoy and Consul as of 1.13.0; this TLS for gRPC requirement will be removed in a future 1.13 patch release. Refer to 1.13 upgrade guidance for more information.
    • โฌ†๏ธ connect: if a pre-1.13 Consul agent's HTTPS port was not enabled, upgrading to 1.13 may turn on TLS for gRPC communication for Envoy and Consul depending on the agent's TLS configuration. Refer to 1.13 upgrade guidance for more information.
    • ๐Ÿšš connect: Removes support for Envoy 1.19 [GH-13807]
    • telemetry: config flag telemetry { disable_compat_1.9 = (true|false) } has been removed. Before upgrading you should remove this flag from your config if the flag is being used. [GH-13532]

    ๐Ÿ”‹ FEATURES:

    • Cluster Peering (Beta) This version adds a new model to federate Consul clusters for both service mesh and traditional service discovery. Cluster peering allows for service interconnectivity with looser coupling than the existing WAN federation. For more information refer to the cluster peering documentation.
    • Transparent proxying through terminating gateways This version adds egress traffic control to destinations outside of Consul's catalog, such as APIs on the public internet. Transparent proxies can dial destinations defined in service-defaults and have the traffic routed through terminating gateways. For more information refer to the terminating gateway documentation.
    • acl: It is now possible to login and logout using the gRPC API [GH-12935]
    • ๐Ÿ— agent: Added information about build date alongside other version information for Consul. Extended /agent/self endpoint and consul version commands ๐Ÿ— to report this. Agent also reports build date in log on startup. [GH-13357]
    • ca: Leaf certificates can now be obtained via the gRPC API: Sign [GH-12787]
    • checks: add UDP health checks.. [GH-12722]
    • cli: A new flag for config delete to delete a config entry in a valid config file, e.g., config delete -filename intention-allow.hcl [GH-13677]
    • 0๏ธโƒฃ connect: Adds a new destination field to the service-default config entry that allows routing egress traffic through a terminating gateway in transparent proxy mode without modifying the catalog. [GH-13613]
    • grpc: New gRPC endpoint to return envoy bootstrap parameters. [GH-12825]
    • grpc: New gRPC endpoint to return envoy bootstrap parameters. [GH-1717]
    • ๐Ÿ‘ grpc: New gRPC service and endpoint to return the list of supported consul dataplane features [GH-12695]
    • โšก๏ธ server: broadcast the public grpc port using lan serf and update the consul service in the catalog with the same data [GH-13687]
    • โšก๏ธ streaming: Added topic that can be used to consume updates about the list of services in a datacenter [GH-13722]
    • streaming: Added topics for ingress-gateway, mesh, service-intentions and service-resolver config entry events. [GH-13658]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • ๐Ÿ”€ api: merge-central-config query parameter support added to /catalog/node-services/:node-name API, to view a fully resolved service definition (especially when not written into the catalog that way). [GH-13450]
    • ๐Ÿ”€ api: merge-central-config query parameter support added to /catalog/node-services/:node-name API, to view a fully resolved service definition (especially when not written into the catalog that way). [GH-2046]
    • ๐Ÿ”€ api: merge-central-config query parameter support added to some catalog and health endpoints to view a fully resolved service definition (especially when not written into the catalog that way). [GH-13001]
    • api: add the ability to specify a path prefix for when consul is behind a reverse proxy or API gateway [GH-12914]
    • catalog: Add per-node indexes to reduce watchset firing for unrelated nodes and services. [GH-12399]
    • connect: add validation to ensure connect native services have a port or socketpath specified on catalog registration. This was the only missing piece to ensure all mesh services are validated for a port (or socketpath) specification on catalog registration. [GH-12881]
    • ๐Ÿ’ป ui: Add new CopyableCode component and use it in certain pre-existing areas [GH-13686]
    • acl: Clarify node/service identities must be lowercase [GH-12807]
    • ๐Ÿ‘ command: Add support for enabling TLS in the Envoy Prometheus endpoint via the consul connect envoy command. โž• Adds the -prometheus-ca-file, -prometheus-ca-path, -prometheus-cert-file and -prometheus-key-file flags. [GH-13481]
    • ๐Ÿ‘ connect: Add Envoy 1.23.0 to support matrix [GH-13807]
    • connect: Added a max_inbound_connections setting to service-defaults for limiting the number of concurrent inbound connections to each service instance. [GH-13143]
    • grpc: Add a new ServerDiscovery.WatchServers gRPC endpoint for being notified when the set of ready servers has changed. [GH-12819]
    • telemetry: Added consul.raft.thread.main.saturation and consul.raft.thread.fsm.saturation metrics to measure approximate saturation of the Raft goroutines [GH-12865]
    • ๐Ÿฑ ui: removed external dependencies for serving UI assets in favor of Go's native embed capabilities [GH-10996]
    • โฌ†๏ธ ui: upgrade ember-composable-helpers to v5.x [GH-13394]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  acl: Fixed a bug where the ACL down policy wasn't being applied on remote errors from the primary datacenter. [GH-12885]
    • cli: when acl token read is used with the -self and -expanded flags, return an error instead of panicking [GH-13787]
    • ๐Ÿ›  connect: Fixed a goroutine/memory leak that would occur when using the ingress gateway. [GH-13847]
    • connect: Ingress gateways with a wildcard service entry should no longer pick up non-connect services as upstreams. connect: Terminating gateways with a wildcard service entry should no longer pick up connect services as upstreams. [GH-13958]
    • ๐Ÿ”ง proxycfg: Fixed a minor bug that would cause configuring a terminating gateway to watch too many service resolvers and waste resources doing filtering. [GH-13012]
    • โฌ†๏ธ raft: upgrade to v1.3.8 which fixes a bug where non cluster member can still be able to participate in an election. [GH-12844]
    • rpc: Adds a deadline to client RPC calls, so that streams will no longer hang indefinitely in unstable network conditions. [GH-8504] [GH-11500]
    • โฌ†๏ธ serf: upgrade serf to v0.9.8 which fixes a bug that crashes Consul when serf keyrings are listed [GH-13062]
    • ๐Ÿ’ป ui: Fixes an issue where client side validation errors were not showing in certain areas [GH-14021]