Change8

ent-changelog-1.13.0

Breaking Changes
📦 consul-connectView on GitHub →
3 breaking13 features🐛 7 fixes🔧 12 symbols

Summary

This release introduces Cluster Peering (Beta) and transparent proxying via terminating gateways, alongside numerous gRPC API enhancements and bug fixes. Consumers must remove the deprecated telemetry config flag and ensure Envoy is updated past version 1.19.

⚠️ Breaking Changes

  • config-entry: Exporting a specific service name across all namespace is invalid.
  • connect: Support for Envoy 1.19 has been removed. Users must upgrade Envoy.
  • telemetry: The config flag `telemetry { disable_compat_1.9 = (true|false) }` has been removed. Remove this flag from your configuration before upgrading.

Migration Steps

  1. If you are using the `telemetry { disable_compat_1.9 }` config flag, remove it from your configuration before upgrading.
  2. Ensure Envoy versions are 1.23.0 or newer, as support for 1.19 has been removed.

✨ New Features

  • Cluster Peering (Beta) added to federate Consul clusters for service mesh and traditional service discovery.
  • Transparent proxying through terminating gateways added for egress traffic control to destinations outside of Consul's catalog.
  • ACL: Ability to login and logout using the gRPC API.
  • Agent: Build date information added to version reporting via /agent/self endpoint and `consul version` commands.
  • CA: Leaf certificates can now be obtained via the gRPC API: `Sign`.
  • Checks: UDP health checks added.
  • CLI: New flag for `config delete` to delete a config entry using a valid config file (e.g., config delete -filename intention-allow.hcl).
  • Connect: Added a `destination` field to the `service-default` config entry for routing egress traffic through a terminating gateway in transparent proxy mode.
  • gRPC: New endpoint to return envoy bootstrap parameters.
  • gRPC: New gRPC service and endpoint to return the list of supported consul dataplane features.
  • Server: Public gRPC port is now broadcast using LAN serf and updates the consul service in the catalog.
  • Streaming: Added topic to consume updates about the list of services in a datacenter.
  • Streaming: Added topics for `ingress-gateway`, `mesh`, `service-intentions` and `service-resolver` config entry events.

🐛 Bug Fixes

  • ACL: Fixed a bug where the ACL down policy wasn't being applied on remote errors from the primary datacenter.
  • CLI: `acl token read` command now returns an error instead of panicking when used with `-self` and `-expanded` flags.
  • Connect: Fixed a goroutine/memory leak occurring when using the ingress gateway.
  • Connect: Ingress gateways and terminating gateways with a wildcard service entry should no longer incorrectly pick up non-connect/connect services as upstreams, respectively.
  • Proxycfg: Fixed a minor bug causing terminating gateways to watch too many service resolvers.
  • Raft: Upgraded to v1.3.8 which fixes a bug allowing non-cluster members to participate in an election.
  • Serf: Upgraded serf to v0.9.8 which fixes a bug related to...

🔧 Affected Symbols

/catalog/node-services/:node-name API`telemetry { disable_compat_1.9 }` flagEnvoy 1.19Envoy 1.23.0acl token read CLI commandagent/self endpointconsul version command`Sign` gRPC APIUDP health checksconfig delete CLI command`service-default` config entryServerDiscovery.WatchServers gRPC endpoint