v1.9.0-beta1
Pre-release
Pre-release
hashicorp-ci
released this
12 Oct 19:10
·
8696 commits
to main
since this release
1.9.0-beta1 (October 12, 2020)
BREAKING CHANGES:
- agent: The
enable_central_service_config
option now defaults to true. [GH-8746] - connect: intention destinations can no longer be renamed [GH-8834]
- xds: Drop support for Envoy versions 1.12.0, 1.12.1, 1.12.2, and 1.13.0, due to a lack of support for url_path in RBAC. [GH-8839]
FEATURES:
- agent: Allow client agents to be configured with an advertised reconnect timeout to control how long until the nodes are reaped by others in the cluster. [GH-8781]
- agent: moved ui config options to a new
ui_config
stanza in agent configuration and added new options to display service metrics in the UI. [GH-8694] - cli: update
snapshot inspect
command to provide more detailed snapshot data [GH-8787] - connect: intentions are now managed as a new config entry kind "service-intentions" [GH-8834]
- connect: support defining intentions using layer 7 criteria [GH-8839]
- server: create new memdb table for storing system metadata [GH-8703]
- telemetry: track node and service counts and emit them as metrics [GH-8603]
- ui: If Prometheus is being used for monitoring the sidecars, the topology view can be configured to display overview metrics for the services. [GH-8858]
- ui: Services using Connect with Envoy sidecars have a topology tab in the UI showing their upstream and downstream services. [GH-8788]
- xds: use envoy's rbac filter to handle intentions entirely within envoy [GH-8569]
IMPROVEMENTS:
- agent: Return HTTP 429 when connections per clients limit (
limits.http_max_conns_per_client
) has been reached GH-7527. [GH-8221] - agent: add config flag
telemetry { disable_compat_1.9 = (true|false) }
to disable deprecated metrics in 1.9 [GH-8877] - agent: add counter
consul.api.http
with labels for each HTTP path and method. This is intended to replaceconsul.http...
[GH-8877] - agent: allow the /v1/connect/intentions/match endpoint to use the agent cache [GH-8875]
- api: The
v1/connect/ca/roots
endpoint now accepts apem=true
query parameter and will return a PEM encoded certificate chain of
all the certificates that would normally be in the JSON version of the response. [GH-8774] - api: support GetMeta() and GetNamespace() on all config entry kinds [GH-8764]
- checks: add health status to the failure message when gRPC healthchecks fail. [GH-8726]
- command: remove conditional envoy bootstrap generation for versions <=1.10.0 since those are not supported [GH-8855]
- connect: The Vault provider will now automatically renew the lease of the token used, if supported. [GH-8560]
- connect: add support for specifying load balancing policy in service-resolver [GH-8585]
- deps: Update raft to v1.2.0 to prevent non-voters from becoming eligible for leader elections and adding peer id as metric label to reduce cardinality in metric names [GH-8822]
- server: (Consul Enterprise only) ensure that we also shutdown network segment serf instances on server shutdown [GH-8786]
- server: make sure that the various replication loggers use consistent logging [GH-8745]
- snapshot agent: Deregister critical snapshotting TTL check if leadership is transferred.
- ui: Upstream and downstream services in the topology tab will show a visual indication if a deny intention or intention with L7 policies is configured. [GH-8846]
DEPRECATIONS:
- agent: The measurements in all of the
consul.http...
prefixed metrics have been migrated toconsul.api.http
.consul.http...
prefixed metrics will be removed in a future version of Consul. [GH-8877] - agent:
ui
,ui_dir
andui_content_path
are now deprecated for use in agent configuration files. Useui_config.{enable, dir, content_path}
instead. The command arguments-ui
,-ui-dir
, and-ui-content-path
remain supported. [GH-8694]
BUG FIXES:
- agent: make the json/hcl decoding of ConnectProxyConfig fully work with CamelCase and snake_case [GH-8741]
- agent: when enable_central_service_config is enabled ensure agent reload doesn't revert check state to critical [GH-8747]
- connect: Fixed an issue where the Vault intermediate was not renewed in the primary datacenter. [GH-8784]
- connect: fix Vault provider not respecting IntermediateCertTTL [GH-8646]
- connect: use stronger validation that ingress gateways have compatible protocols defined for their upstreams [GH-8470]
- fixed a bug that caused logs to be flooded with
[WARN] agent.router: Non-server in server-only area
[GH-8685] - license: (Enterprise only) Fixed an issue where the UI would see Namespaces and SSO as licensed when they were not.
- raft: (Enterprise only) properly update consul server meta non_voter for non-voting Enterprise Consul servers [GH-8731]
- ui: show correct datacenter for gateways [GH-8704]