BREAKING CHANGES:
- config-entry: Exporting a specific service name across all namespace is invalid.
- connect: Removes support for Envoy 1.19 [GH-13807]
- telemetry: config flag
telemetry { disable_compat_1.9 = (true|false) }
has been removed. Before upgrading you should remove this flag from your config if the flag is being used. [GH-13532]
FEATURES:
- acl: It is now possible to login and logout using the gRPC API [GH-12935]
- agent: Added information about build date alongside other version information for Consul. Extended /agent/self endpoint and
consul version
commands to report this. Agent also reports build date in log on startup. [GH-13357] - ca: Leaf certificates can now be obtained via the gRPC API:
Sign
[GH-12787] - checks: add UDP health checks.. [GH-12722]
- cli: A new flag for config delete to delete a config entry in a valid config file, e.g., config delete -filename intention-allow.hcl [GH-13677]
- connect: Adds a new
destination
field to theservice-default
config entry that allows routing egress traffic through a terminating gateway in transparent proxy mode without modifying the catalog. [GH-13613] - grpc: New gRPC endpoint to return envoy bootstrap parameters. [GH-12825]
- grpc: New gRPC endpoint to return envoy bootstrap parameters. [GH-1717]
- grpc: New gRPC service and endpoint to return the list of supported consul dataplane features [GH-12695]
- server: broadcast the public grpc port using lan serf and update the consul service in the catalog with the same data [GH-13687]
- streaming: Added topic that can be used to consume updates about the list of services in a datacenter [GH-13722]
- streaming: Added topics for
ingress-gateway
,mesh
,service-intentions
andservice-resolver
config entry events. [GH-13658]
IMPROVEMENTS:
- api:
merge-central-config
query parameter support added to/catalog/node-services/:node-name
API, to view a fully resolved service definition (especially when not written into the catalog that way). [GH-13450] - api:
merge-central-config
query parameter support added to/catalog/node-services/:node-name
API, to view a fully resolved service definition (especially when not written into the catalog that way). [GH-2046] - api:
merge-central-config
query parameter support added to some catalog and health endpoints to view a fully resolved service definition (especially when not written into the catalog that way). [GH-13001] - api: add the ability to specify a path prefix for when consul is behind a reverse proxy or API gateway [GH-12914]
- catalog: Add per-node indexes to reduce watchset firing for unrelated nodes and services. [GH-12399]
- connect: add validation to ensure connect native services have a port or socketpath specified on catalog registration. This was the only missing piece to ensure all mesh services are validated for a port (or socketpath) specification on catalog registration. [GH-12881]
- ui: Add new CopyableCode component and use it in certain pre-existing areas [GH-13686]
- acl: Clarify node/service identities must be lowercase [GH-12807]
- command: Add support for enabling TLS in the Envoy Prometheus endpoint via the
consul connect envoy
command. Adds the-prometheus-ca-file
,-prometheus-ca-path
,-prometheus-cert-file
and-prometheus-key-file
flags. [GH-13481] - connect: Add Envoy 1.23.0 to support matrix [GH-13807]
- connect: Added a
max_inbound_connections
setting to service-defaults for limiting the number of concurrent inbound connections to each service instance. [GH-13143] - grpc: Add a new ServerDiscovery.WatchServers gRPC endpoint for being notified when the set of ready servers has changed. [GH-12819]
- telemetry: Added
consul.raft.thread.main.saturation
andconsul.raft.thread.fsm.saturation
metrics to measure approximate saturation of the Raft goroutines [GH-12865] - ui: removed external dependencies for serving UI assets in favor of Go's native embed capabilities [GH-10996]
- ui: upgrade ember-composable-helpers to v5.x [GH-13394]
BUG FIXES:
- acl: Fixed a bug where the ACL down policy wasn't being applied on remote errors from the primary datacenter. [GH-12885]
- cli: when
acl token read
is used with the-self
and-expanded
flags, return an error instead of panicking [GH-13787] - connect: Fixed a goroutine/memory leak that would occur when using the ingress gateway. [GH-13847]
- connect: Ingress gateways with a wildcard service entry should no longer pick up non-connect services as upstreams. connect: Terminating gateways with a wildcard service entry should no longer pick up connect services as upstreams. [GH-13958]
- proxycfg: Fixed a minor bug that would cause configuring a terminating gateway to watch too many service resolvers and waste resources doing filtering. [GH-13012]
- raft: upgrade to v1.3.8 which fixes a bug where non cluster member can still be able to participate in an election. [GH-12844]
- serf: upgrade serf to v0.9.8 which fixes a bug that crashes Consul when serf keyrings are listed [GH-13062]
- ui: Fixes an issue where client side validation errors were not showing in certain areas [GH-14021]