Backport of docs: Core 1.14 and K8s 1.0 release notes into release/1.14.x (#15483)

Co-authored-by: David Yu <dyu@hashicorp.com>
pull/15489/head
hc-github-team-consul-core 2022-11-18 21:53:25 -05:00 committed by GitHub
parent 184574f711
commit 287d7a13c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 118 additions and 0 deletions

View File

@ -0,0 +1,60 @@
---
layout: docs
page_title: 1.0.x
description: >-
Consul on Kubernetes release notes for version 1.0.x
---
# Consul on Kubernetes 1.0
## Release Highlights
- ** Simplified Service Mesh Deployments with Consul Dataplane:** Consul client agents are no longer deployed by default, and Consul service mesh no longer uses Consul clients to operate. A new component `consul-dataplane` is now injected as a sidecar-proxy instead of plain Envoy. `consul-dataplane` manages the Envoy proxy process and proxies xDS requests from Envoy to Consul servers. All service mesh consul-k8s components are configured to talk directly to Consul servers.
- **Consul API Gateway 0.5.0 Support:** Support to run Consul API Gateway without clients and allow Consul API Gateway to directly connect to Consul servers.
## What's Changed
- `client.enabled` now defaults to `false`. Setting it to true will deploy client agents, however, none of the consul-k8s components will use clients for their operation. For Vault on Kubernetes using Consul deployed on Kubernetes as a storage backend, `client.enabled` should be set to `true` prior to upgrading.
- `externalServers.grpcPort` default is now 8502 instead of 8503.
- Consul snapshot agent runs as a sidecar to Consul servers. <EnterpriseAlert inline />
- `client.snapshotAgent` values are moved to `server.snapshotAgent`, with the exception of the following values: `client.snaphostAgent.replicas`, `client.snaphostAgent.serviceAccount`
- `global.secretsBackend.vault.consulSnapshotAgentRole` value is now removed. You should now use the `global.secretsBackend.vault.consulServerRole` for access to any Vault secrets.
- Support simplified default deployment values to allow for easier quick starts and testing:
* Set `server.replicas` to `1`. Formerly, this defaulted to `3`.
* `connectInject.enabled` now defaults to true.
* `dns.enabled` and `dns.enableRedirection` will now default to the value of `connectInject.transparentProxy.defaultEnabled`. Previously, `dns.enabled` defaulted to the value of `global.enabled` and `dns.enableRedirection` defaulted to the value to `false`.
* Set `connectInject.replicas` to 1
* Set `meshGateway.affinity` to null and `meshGateway.replicas` to 1
* Set `ingressGateways.defaults.affinity` to null and `ingressGateways.defaults.replicas` to 1
* Set `terminatingGateways.defaults.affinity` to null and `terminatingGateways.defaults.replicas` to 1
* `syncCatalog.consulNamespaces.mirroringK8S` now defaults to `true`. <EnterpriseAlert inline />
* `connectInject.consulNamespaces.mirroringK8S` now defaults to `true`. <EnterpriseAlert inline />
- `global.imageEnvoy` is now replaced with `global.imageConsulDataplane` for running the sidecar proxy. apiGateway.imageEnvoy` is now available for configuring the version of Envoy that the API Gateway uses.
## Supported Software
~> **Note:** Consul 1.13.x and 1.12.x is not supported. Please use Consul K8s 0.49.x if you want to use Consul 1.13.x or 1.12.x.
- Consul 1.14.x.
- Consul Dataplane v1.0.x. Refer to [Envoy and Consul Dataplane](/docs/connect/proxies/envoy#envoy-and-consul-dataplane) for details about Consul Dataplane versions and the available packaged Envoy version.
- Kubernetes 1.22.x - 1.25.x
- `kubectl` 1.22.x - 1.25.x
- Helm 3.6+
## Upgrading
For detailed information on upgrading, please refer to the [Upgrades page](/docs/k8s/upgrade)
## Known Issues
The following issues are known to exist in the v1.0.0 release:
- Pod Security Standards that are configured for the [Pod Security Admission controller](https://kubernetes.io/blog/2022/08/25/pod-security-admission-stable/) are currently not supported by Consul K8s. OpenShift 4.11.x enables Pod Security Standards on Kubernetes 1.25 [by default](https://connect.redhat.com/en/blog/important-openshift-changes-pod-security-standards) and is also not supported. Support will be added in a future Consul K8s 1.0.x patch release.
## Changelogs
The changelogs for this major release version and any maintenance versions are listed below.
~> **Note:** The following link takes you to the changelogs on the GitHub website.
- [1.0.0](https://github.com/hashicorp/consul-k8s/releases/tag/v1.0.0)

View File

@ -0,0 +1,50 @@
---
layout: docs
page_title: 1.14.x
description: >-
Consul release notes for version 1.14.x
---
# Consul 1.14.0
## Release Highlights
- **Cluster Peering (GA):** This version promotes Cluster Peering, a new model to federate Consul clusters for both service mesh and traditional service discovery, to General Availability. Cluster peering allows for service interconnectivity with looser coupling than the existing WAN federation. For more information, refer to the [cluster peering](/docs/connect/cluster-peering) documentation. Some notable improvements to Cluster Peering include:
- **Cluster Peering Failover:** Cluster Peering now supports the ability to redirect to services running on cluster peers with service resolvers. More details for configuring failover across peers is provided in the Service Resolver [failover](/docs/connect/config-entries/service-resolver#failover) stanza.
- **Control Plane traffic over Mesh Gateways:** Cluster Peering now supports the establishing peering through Mesh Gateways. More detail on using Mesh Gateways for Cluster Peering are found in [Enabling Service-to-service traffic across Peered Clusters](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers). Mesh Gateways are used by default for [Cluster Peering on Kubernetes](/docs/connect/cluster-peering/k8s).
- **Simplified Service Mesh with Consul Dataplane:** Support for a new `consul-dataplane`, a lightweight process for managing Envoy proxies introduced in Consul v1.14.0. Consul Dataplane removes the need to run client agents on every node in a cluster for service discovery and service mesh. Instead, Consul deploys sidecar proxies that provide lower latency, support additional runtimes, and integrate with cloud infrastructure providers. Read more in [Simplified Service Mesh with Consul Dataplane](/docs/connect/dataplane).
~> **Note:** Currently `consul-dataplane` is only supported on clusters running on Consul on Kubernetes 1.0+.
## What's Changed
- 1.14 adds a new `ports.grpc_tls` configuration option. This introduces a new port to better separate TLS config from the existing `ports.grpc` config. The new `ports.grpc_tls` only supports TLS encrypted communication. The existing `ports.grpc` now only supports plain-text communication.
- `peering` and `connect` are default.
- The gRPC TLS port default value to 8503
- Removes support for Envoy 1.20.x and adds Envoy 1.24.0 to support matrix.
- Renames `PeerName` to `Peer` on prepared queries and exported services.
- Converts service mesh failover to use Envoy's aggregate clusters. This
changes the names of some [Envoy dynamic HTTP metrics](https://www.envoyproxy.io/docs/envoy/latest/configuration/upstream/cluster_manager/cluster_stats#dynamic-http-statistics).
## Upgrading
For more detailed information, please refer to the [upgrade details page](/docs/upgrading/upgrade-specific#consul-1-14-0) and the changelogs.
## Known Issues
The following issues are known to exist in the 1.14.0 release:
- Prior to Consul 1.14, cluster peering and Consul service mesh were disabled by default. A breaking change was made in Consul 1.14 that enabled cluster peering and Consul service mesh by default. To disable both, set `peering.enabled` and `connect.enabled` to false. The changes to Consul service mesh in version 1.14 are incompatible with Nomad 1.4.2 and earlier. If you operate Consul service mesh using Nomad 1.4.2 or earlier, do not upgrade to Consul 1.14 until hashicorp/nomad#15266 is fixed.
- For 1.14.0, there is a known issue with the `consul connect envoy` CLI command. If the command is configured to use TLS for contacting the HTTP API, it will also incorrectly enable TLS for gRPC. Users should not upgrade to 1.14.0 if they are using plaintext gRPC connections in conjunction with TLS-encrypted HTTP APIs.
## Changelogs
The changelogs for this major release version and any maintenance versions are listed below.
-> **Note**: These links take you to the changelogs on the GitHub website.
- [1.14.0](https://github.com/hashicorp/consul/releases/tag/v1.14.0)

View File

@ -141,6 +141,10 @@
{
"title": "Consul",
"routes": [
{
"title": "v1.14.x",
"path": "release-notes/consul/v1_14_x"
},
{
"title": "v1.13.x",
"path": "release-notes/consul/v1_13_x"
@ -166,6 +170,10 @@
{
"title": "Consul K8s",
"routes": [
{
"title": "v1.0.x",
"path": "release-notes/consul-k8s/v1_0_x"
},
{
"title": "v0.49.x",
"path": "release-notes/consul-k8s/v0_49_x"