v2.0.0-rc1
📦 consul-connectView on GitHub →
✨ 8 features🐛 3 fixes🔧 7 symbols
Summary
This major release (2.0.0-rc1) introduces significant enterprise features like Global Rate Limiting and multi-port service support, alongside security upgrades and improvements to API Gateway certificate handling via SDS.
Migration Steps
- If using API Gateway listeners, review certificate configuration as SDS certificate support has been added, potentially replacing static certs.
- If configuring rate limits, utilize the new "/v1/internal/rpc/methods" API to identify endpoints to exclude if necessary.
- Operators using terminating-gateway should note that cluster upstream TLS now uses SDS instead of static certs for dynamic certificate updates.
✨ New Features
- Global Rate Limiter (Enterprise Only): Added a new "rate-limit" config entry kind for dynamic, cluster-wide RPC rate limiting stored in Raft.
- API Gateway now supports SDS certificate for listeners, including listener-level default TLS certificates and HTTP/TCP route service TLS SDS overrides.
- API Gateway added support for gateway-level default upstream limits and route service-level limit overrides for MaxConnections, MaxPendingRequests, and MaxConcurrentRequests.
- Added new API "/v1/internal/rpc/methods" that lists all RPC method names (requires operator:read ACL token).
- (Enterprise Only) Added new Connect CA provider for Cyberark WIM (connect.ca_provider = "pan-distributed-issuer").
- (Enterprise Only) Added stable cluster identity and leader-gated global registry sync for service summary publishing.
- (Enterprise Only) Introduced support for multi-port (named port) services in Consul, including routing via port names and retrieving VIPs for specific service ports.
- (Enterprise Only) Introduced product telemetry for self-managed Consul with anonymous, opt-in usage reporting.
🐛 Bug Fixes
- (Enterprise Only) Fixed JSON unmarshall error when array of obj is passed for auditReq body.
- Enhanced error messages in `consul config write` command to provide actionable guidance when config entries cannot be modified due to references by gateways or routers.
- Fixed XDS package to generate correct endpoints and cluster configurations for API Gateways when peered, and updated the API Gateway update handler to propagate mesh gateway config to its upstreams.