luxolus/open-consul
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-consul/website/content/docs/release-notes/consul/v1_16_x.mdx
hc-github-team-consul-core 4cad4922a0
Backport of docs: Deprecations for connect-native SDK and specific connect native APIs into release/1.16.x (#17941) 
* backport of commit a8658bf7c88722c0b88481637c213ce838eb3c7c

* backport of commit 966673b5fe20854f815211fe97cfff30056a002d

* backport of commit 7cea575b3a5c28f014fb35c42f46079ccbeaeef0

* backport of commit 17e57a3abe52c19d323c4159b1521788298e8216

* backport of commit 86a7dc34657c4434cb89077fff95217744e596e5

* backport of commit 7f541fffaabb377de97e13b20e8052b9573643df

* backport of commit 4e46d282ff8f24418321e32924c466762dd3f459

* backport of commit 72d7b61634ffc539f4c5a70de6c648a51a74c9f4

* backport of commit 2b6169f7cb3bd374ce0a378fc174268790dd1d4b

* backport of commit b94a833ec952979e9fc7d6518ce30897b3477323

* backport of commit 74e0ec2a05ead2da243086dedab606ff16185afe

* backport of commit be0167b4920f2406f53f326780fff2f7633734d7

* backport of commit a92a3088b4d5431fc6668c1859cd46301e44af8e

* backport of commit 4b02d312d718ac9ea265d8d39463a7625e659c51

* backport of commit f131207d42ce1684a49e18c4096def2fa6d68a82

* backport of commit 3f0be37f49b0b006e5d9ecdba8e9a4af8c933230

* backport of commit 29ed7aaf6f7e080e41e896111b9f25b95af880a7

* backport of commit 8ae546707beaf3a52c28f2e5d8a9d85b965ee93c

* backport of commit 8ed74fcf442dd8cf5e9abb8317d106564c47cfd1

* backport of commit 36537bafb6962d2f966da754a19cbc6a23ef2535

* backport of commit ef7599d7789a216e688a4663538b2e9d06f82c07

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-06-28 19:58:47 +00:00

74 lines
8.2 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: 1.16.x
description: >-
Consul release notes for version 1.16.x
---
# Consul 1.16.0
We are pleased to announce the following Consul updates.
## Release highlights
- **Sameness groups (Enterprise):** Sameness groups are a user-defined set of partitions that Consul uses to identify services in different administrative partitions with the same name as being the same services. You can use sameness groups to create a blanket failover policy for deployments with cluster peering connections. Refer to the [Sameness groups overview](/consul/docs/connect/cluster-peering/usage/create-sameness-groups) for more information.
<Note> Sameness groups is currently a beta feature in Consul Enterprise v1.16.0. </Note>
- **Permissive mTLS:** You can enable the `permissive` mTLS mode to enable sidecar proxies to accept both mTLS and non-mTLS traffic. Using this mode enables you to onboard services without downtime and without reconfiguring or redeploying your application. Refer to the [Onboard services while in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode) for more information on how to use permissive mTLS to onboard services to Consul.
- **Transparent proxy enhancements for failover and virtual services:** We have made several internal improvements, such as ensuring that virtual IPs are always available, to reduce the friction associated with operating Consul in transparent proxy mode. Onboarding services, configuring failover redirects, and other operations require less administrative effort and ensure a smoother experience. Refer to the following documentation for additional information:
- [Onboard services while in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode)
- [Route traffic to virtual services](/consul/docs/k8s/l7-traffic/route-to-virtual-services)
- [Configure failover services](/consul/docs/k8s/l7-traffic/failover-tproxy).
- **Granular server-side rate limits:** You can now set limits per source IP address in Consul Enterprise. The following steps describe the general process for setting global read and write rate limits:
1. Set arbitrary limits to begin understanding the upper boundary of RPC and gRPC loads in your network. Refer to [Initialize rate limit settings](/consul/docs/agent/limits/usage/init-rate-limits) for additional information.
1. Monitor the metrics and logs and readjust the initial configurations as necessary. Refer to [Monitor rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limits)
1. Define your final operational limits based on your observations. If you are defining global rate limits, refer to [Set global traffic rate limits](/consul/docs/agent/limits/usage/set-global-traffic-rate-limits) for additional information. For information about setting limits based on source IP, refer to [Limit traffic rates for a source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips).
- **Consul Envoy Extensions:** Consul Envoy extension system enables you to modify Consul-generated Envoy resources. Refer to [Envoy extension overview](/consul/docs/connect/proxies/envoy-extensions) for more information on how to use these extensions for Consul service mesh.
- **Property Override:** The property override Envoy extension lets you set, remove, or modify individual properties for the Envoy resources Consul generates. Refer to the [Configure Envoy proxy properties](/consul/docs/connect/proxies/envoy-extensions/usage/property-override) for more information on how to use this extension.
- **Wasm:** The Wasm Envoy extension lets you configure Wasm programs to be used as filters in the service's sidecar proxy. Refer to the [Run WebAssembly plug-ins in Envoy proxy](/consul/docs/connect/proxies/envoy-extensions/usage/wasm) for more information on how to use this extension.
- **External Authorization:** The external authorization Envoy extension lets you delegate data plane authorization requests to external systems. Refer to the [Delegate authorization to an external service](/consul/docs/connect/proxies/envoy-extensions/usage/ext-authz) for more information on how to use this extension.
- **Simplified API Gateway installation for Consul on Kubernetes:** API Gateway is now built into Consul. This enables a simplified installation and configuration process for Consul on Kubernetes. Refer to the [API Gateway installation](/consul/docs/api-gateway/install) for more information on the simplified native installation method.
- **FIPS compliance (Enterprise):** HashiCorp now offers FIPS 140-2 compliant builds of Consul Enterprise that meet the security needs of federal agencies protecting sensitive, unclassified information with approved cryptographic measures. These builds use certified cryptographic modules and restrict configuration settings to comply with FIPS 140-2 Level 1 requirements, enabling compliant Consul deployments. Refer to the [Consul Enterprise FIPS](/consul/docs/enterprise/fips) for more information on FIPS compliance.
- **JWT Authorization with service intentions:** Consul can now authorize connections based on claims present in JSON Web Token (JWT). You can configure Consul to use one or more JWT providers, which lets you control access to services and specific HTTP paths based on the validity of JWT claims embedded in the service traffic. This ensures a uniform and low latency mechanism to validate and authorize communication based on JWT claims across all services in a diverse service-oriented architecture. Refer to the [Use JWT authorization with service intentions](/consul/docs/connect/intentions/jwt-authorization) for more information.
- **Automated license utilization reporting (Enterprise):** Consul Enterprise now provides automated license utilization reporting, which sends minimal product-license metering data to HashiCorp. You can use these reports to understand how much more you can deploy under your current contract, which can help you protect against overutilization and budget for predicted consumption. Refer to the [Automated license utilization reporting documentation](/consul/docs/enterprise/license/utilization-reporting) for more information.
## What's deprecated
- **Ingress gateway:** Starting with this release, ingress gateway is deprecated and will not be enhanced beyond its current capabilities. Ingress gateway is fully supported in this version but may be removed in a future release of Consul.
Consul's API gateway is the recommended alternative to ingress gateway. For ingress gateway features not currently supported by API gateway, equivalent functionality will be added to API gateway over the next several releases of Consul.
- **Connect Native Golang SDK:** The Connect Native [Golang SDK](https://github.com/hashicorp/consul/tree/main/connect) is deprecated and will be removed in a future release. No further enhancements or maintenance is expected in the future releases. We will remove the SDK when the long term replacement to native application integration (such as a proxyless gRPC service mesh integration) is delivered. Refer to [GH-10339](https://github.com/hashicorp/consul/issues/10339) for additional information and to track progress toward one potential solution that is tracked as replacement functionality.
- **Connect Native APIs:** The following APIs for Connect Native are deprecated:
- `v1/agent/connect/authorize` - used by the SDK to perform intention based authorization checks
- `v1/agent/connect/ca/leaf` - used by the SDK to get a leaf cert for a locally registered service
- `v1/agent/connect/ca/roots` - use to retrieved cached CA roots form the local client agent
The `v1/agent/connect/authorize` and `v1/agent/connect/ca/leaf` endpoints have corresponding gRPC APIs. We will remove these APIs when the gRPC API for `v1/agent/connect/ca/roots` and HTTP endpoints for all three APIs are available.
## Upgrading
For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs.
## Changelogs
The changelogs for this major release version and any maintenance versions are listed below.
<Note> These links take you to the changelogs on the GitHub website. </Note>
- [1.16.0](https://github.com/hashicorp/consul/releases/tag/v1.16.0)
Reference in a new issue View git blame Copy permalink