Change8

ent-changelog-1.14.0

Breaking Changes
📦 consul-connectView on GitHub →
6 breaking24 features🐛 1 fixes🔧 9 symbols

Summary

This release introduces significant features around DNS-proxy support, gRPC enhancements, and extensive new functionality for cluster peering. It also contains breaking changes related to gRPC port configuration separation and the removal of older Envoy support.

⚠️ Breaking Changes

  • config: The existing `ports.grpc` configuration now only supports plain-text communication, as TLS configuration has been moved to the new `ports.grpc_tls` option.
  • config: Default configurations for 1.14 now enable `peering` and `connect` by default.
  • config: The default value for the gRPC TLS port has been set to 8503 in 1.14 defaults.
  • connect: Support for Envoy 1.20 has been removed.
  • peering: The field name `PeerName` has been renamed to `Peer` in prepared queries and exported services.
  • xds: Service mesh failover now uses Envoy's aggregate clusters, which changes the names of some Envoy dynamic HTTP metrics.

Migration Steps

  1. If you rely on the existing `ports.grpc` for TLS traffic, you must migrate that configuration to the new `ports.grpc_tls` configuration option.
  2. Review configuration defaults if you are using default settings, as `peering` and `connect` are now enabled by default.
  3. If you use prepared queries or export services, update any code referencing `PeerName` to use `Peer` instead.
  4. If you rely on specific Envoy dynamic HTTP metrics related to service mesh failover, check the new metric names documented in the Envoy documentation.

✨ New Features

  • DNS-proxy support via gRPC request.
  • cli: Added `-node-name` flag to `redirect-traffic` command to support running without client agents.
  • cli: Added `-consul-dns-port` flag to `consul connect redirect-traffic` command for forwarding DNS traffic.
  • connect: Added Envoy connection balancing configuration fields.
  • grpc: Added metrics for external gRPC server, including the `server_type=internal|external` label to gRPC metrics.
  • http: Added new `get-or-empty` operation to the txn api.
  • peering: Added mesh gateway local mode support for cluster peering.
  • peering: Added support for stale queries for trust bundle lookups.
  • peering: Added support to failover to services running on cluster peers.
  • peering: Added support to redirect to services running on cluster peers with service resolvers.
  • peering: Ensured un-exported services are deleted even if un-export occurs during peering replication downtime.
  • peering: Added support for routine peering control-plane traffic through mesh gateways.
  • sdk: Configured `iptables` to forward DNS traffic to a specific DNS port.
  • telemetry: Emitted memberlist size metrics and broadcast queue depth metric.
  • ui: Added support for central config merging.
  • ui: Created peerings detail page.
  • ui: Detects a TokenSecretID cookie and passes it through to localStorage.
  • ui: Displays notice banner on nodes index page if synthetic nodes are being filtered.
  • ui: Filters agentless (synthetic) nodes from the nodes list page.
  • ui: Filters out node health checks on agentless service instances.
  • ui: Removed node meta on service instances when using agentless and consolidated external-source labels on service instances page if they all match.
  • ui: Removed reference to node name on service instance page when using agentless.
  • ui: Uses `withCredentials` for all HTTP API requests.
  • xds: Servers will limit the number of concurrent xDS streams to balance load across all servers.

🐛 Bug Fixes

  • SECURITY: Ensured data imported from peers is filtered by ACLs at the UI Nodes/Services endpoints [CVE-2022-3920].

🔧 Affected Symbols

ports.grpcports.grpc_tlspeeringconnectPeerNamePeerEnvoy dynamic HTTP metricsCatalog's List Services (v1/catalog/services)/v1/txn