v2.0.1
📦 consul-connectView on GitHub →
✨ 9 features🐛 2 fixes🔧 10 symbols
Summary
This release focuses heavily on security updates, upgrading Go and Envoy versions, and introduces major Enterprise features like Global Rate Limiting and multi-port service support. Bug fixes address critical issues related to leader eviction after server renaming and header stripping in Connect.
Migration Steps
- If using API Gateway listeners, review configuration for SDS certificate usage, noting that service overrides inherit the listener SDS cluster when omitted.
- If encountering HTTP 500 errors after renaming a server, note that this issue is resolved by ensuring member events resync the server lookup mapping.
✨ New Features
- **(Enterprise Only)** Global Rate Limiter: a new "rate-limit" config entry kind enabling dynamic, cluster-wide RPC rate limiting stored in Raft and automatically replicated to all servers.
- **(Enterprise Only)** Update to go-licensing/v4 and go-census/v3 inorder to adapt to new licenses of PAO.
- API Gateway added SDS certificate support for listeners, including listener-level default TLS certificates and HTTP/TCP route service TLS SDS overrides.
- API Gateway added support for gateway-level default upstream limits and route service-level limit overrides for MaxConnections, MaxPendingRequests, and MaxConcurrentRequests.
- New API "/v1/internal/rpc/methods" added that lists all RPC method names (requires an operator:read ACL token).
- **(Enterprise Only)** Added new Connect CA provider for Cyberark WIM (connect.ca_provider = "pan-distributed-issuer").
- **(Enterprise Only)** Server added stable cluster identity and leader-gated global registry sync for service summary publishing.
- **(Enterprise Only)** Product telemetry for self-managed Consul with anonymous, opt-in usage reporting.
- **(Enterprise Only)** Introduce support for multi-port (named port) services in Consul, including port name routing and VIP retrieval for specific ports.
🐛 Bug Fixes
- Connect stripped the `x-forwarded-client-cert` header from inbound HTTP requests before forwarding them to local service instances.
- Fixed a server bug where renaming a server could cause an out-of-order serf event to evict the live leader, resulting in `Raft leader not found in server lookup mapping` (HTTP 500) errors on follower RPCs.