consul v1.8.0-beta2 Release Notes

Release Date: 2020-05-21 // 17 days ago
  • 1.8.0-beta2 (May 21, 2020)

    πŸ‘Œ IMPROVEMENTS:

    • xds: Ingress gateways now respect the same binding options as mesh and terminating gateways [GH-7924]

    πŸ›  BUGFIXES:

    • πŸ”§ xds: Fixed bug where deleting a gateway config entry did not correctly remove xDS configuration from the envoy proxy [GH-7898]
    • πŸ’» ui: Quote service names when filtering intentions to prevent 500 errors when accessing a service [GH-7896] [GH-7888]
    • πŸ’» ui: Miscellaneous amends for Safari and Firefox [GH-7904] [GH-7907]
    • ui: Ensure a value is always passed to CONSUL_SSO_ENABLED [GH-7913]
    • agent: Preserve ModifyIndex for unchanged entry in KV transaciton [GH-7832]
    • 0️⃣ agent: use default resolver scheme for gRPC dialing [GH-7617]

Previous changes from v1.8.0-beta1

  • πŸ”‹ FEATURES:

    • Terminating Gateway: Envoy can now be run as a gateway to enable services in a Consul service mesh to connect to external services through their local proxy. Terminating gateways unlock several of the benefits of a service mesh in the cases where a sidecar proxy cannot be deployed alongside services such as legacy applications or managed cloud databases.
    • Ingress Gateway: Envoy can now be run as a gateway to ingress traffic into the Consul service mesh, enabling a more incremental transition for applications.
    • WAN Federation over Mesh Gateways: Allows Consul datacenters to federate by forwarding WAN gossip and RPC traffic through Mesh Gateways rather than requiring the servers to be exposed to the WAN directly.
    • 🌐 JSON Web Token (JWT) Auth Method: Allows exchanging a signed JWT from a trusted external identity provider for a Consul ACL token.
    • Single Sign-On (SSO) [Enterprise]: Lets an operator configure Consul to use an external OpenID Connect (OIDC) provider to automatically handle the lifecycle of creating, distributing and managing ACL tokens for performing CLI operations or accessing the UI.
    • 🌲 Audit Logging [Enterprise]: Adds instrumentation to record a trail of events (both attempted and authorized) by users of Consul’s HTTP API for purposes of regulatory compliance.

    • acl: add DisplayName field to auth methods [GH-7769]

    • acl: add MaxTokenTTL field to auth methods [GH-7779]

    • πŸ”§ agent/xds: add support for configuring passive health checks [GH-7713]

    • ⚑️ cli: Add -config flag to "acl authmethod update/create" [GH-7776]

    • πŸ“š ui: Help menu to provide further documentation/learn links [GH-7310]

    • ui: (Consul Enterprise only) SSO support [GH-7742] [GH-7771] [GH-7790]

    • πŸ’» ui: Support for termininating and ingress gateways [GH-7858] [GH-7865]

    πŸ‘Œ IMPROVEMENTS:

    • acl: change authmethod.Validator to take a logger [GH-7758]
    • agent: show warning when enable_script_checks is enabled without safety net [GH-7437]
    • πŸ‘ api: Added filtering support to the v1/connect/intentions endpoint. [GH-7478]
    • auto_encrypt: add validations for auto_encrypt.{tls,allow_tls} [GH-7704]
    • πŸ— build: switched to compile with Go 1.14.1 [GH-7481]
    • config: validate system limits against limits.http_max_conns_per_client [GH-7434]
    • πŸ‘ connect: support envoy 1.12.3, 1.13.1, and 1.14.1. Envoy 1.10 is no longer officially supported. [GH-7380],[GH-7624]
    • connect: add DNSSAN and IPSAN to cache key for ConnectCALeafRequest [GH-7597]
    • license: (Consul Enterprise only) Update licensing to align with the current modules licensing structure.
    • 🌲 logging: catch problems with the log destination earlier by creating the file immediately [GH-7469]
    • πŸ‘ proxycfg: support path exposed with non-HTTP2 protocol [GH-7510]
    • 🚚 tls: remove old ciphers [GH-7282]
    • πŸ’» ui: Show the last 8 characters of AccessorIDs in listing views [GH-7327]
    • πŸ’» ui: Make all tabs within the UI linkable/bookmarkable and include in history [GH-7592]
    • πŸ’» ui: Redesign of all service pages [GH-7605] [GH-7632] [GH-7655] [GH-7683]
    • πŸ’» ui: Show intentions per individual service [GH-7615]
    • πŸ’» ui: Improved login/logout flow [GH-7790]
    • βͺ ui: Revert search to search as you type, add sort control for the service listing page [GH-7489]
    • πŸ’» ui: Omit proxy services from the service listing view and mark services as being proxied [GH-7820]
    • πŸ’» ui: Display proxies in a proxy info tab with the service instance detail page [GH-7745]

    πŸ›  BUGFIXES:

    • agent: (Consul Enterprise only) Fixed several bugs related to Network Area and Network Segment compatibility with other features caused by incorrectly doing version or serf tag checking. [GH-7491]
    • agent: rewrite checks with proxy address, not local service address [GH-7518]
    • cli: enable TLS when CONSUL_HTTP_ADDR has an https scheme [GH-7608]
    • license: (Consul Enterprise only) Fixed a bug that would cause a license reset request to only be applied on the leader server.
    • sdk: Fix race condition in freeport [GH-7567]
    • server: strip local ACL tokens from RPCs during forwarding if crossing datacenters [GH-7419]

    KNOWN ISSUES:

    • πŸ’» ui: service pages in the UI for services with non-alphanumeric characters will not render. They instead show a page that says The backend responded with an error and Error 500. [GH-7896]