Backport of docs: Consul 1.15.0 and Consul K8s 1.0 release notes into release/1.15.x (#16482)

* merge conflict
---------

Co-authored-by: david-yu <dyu@hashicorp.com>
pull/16488/head
hc-github-team-consul-core 2023-03-01 02:22:50 -06:00 committed by GitHub
parent 06b0867654
commit cafe8ee57f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 153 additions and 0 deletions

View File

@ -44,3 +44,7 @@ The changelogs for this major release version and any maintenance versions are l
~> **Note:** The following link takes you to the changelogs on the GitHub website.
- [0.49.0](https://github.com/hashicorp/consul-k8s/releases/tag/v0.49.0)
- [0.49.1](https://github.com/hashicorp/consul-k8s/releases/tag/v0.49.1)
- [0.49.2](https://github.com/hashicorp/consul-k8s/releases/tag/v0.49.2)
- [0.49.3](https://github.com/hashicorp/consul-k8s/releases/tag/v0.49.3)
- [0.49.4](https://github.com/hashicorp/consul-k8s/releases/tag/v0.49.4)

View File

@ -61,3 +61,7 @@ The changelogs for this major release version and any maintenance versions are l
~> **Note:** The following link takes you to the changelogs on the GitHub website.
- [1.0.0](https://github.com/hashicorp/consul-k8s/releases/tag/v1.0.0)
- [1.0.1](https://github.com/hashicorp/consul-k8s/releases/tag/v1.0.1)
- [1.0.2](https://github.com/hashicorp/consul-k8s/releases/tag/v1.0.2)
- [1.0.3](https://github.com/hashicorp/consul-k8s/releases/tag/v1.0.3)
- [1.0.4](https://github.com/hashicorp/consul-k8s/releases/tag/v1.0.4)

View File

@ -0,0 +1,56 @@
---
layout: docs
page_title: 1.1.x
description: >-
Consul on Kubernetes release notes for version 1.1.x
---
# Consul on Kubernetes 1.1.0
## Release Highlights
- **Enhanced Envoy Access Logging:** Envoy access logs are now centrally managed via the `accessLogs` field within the ProxyDefaults CRD to allow operators to easily turn on access logs for all proxies within the service mesh. Refer to [Access logs overview](/consul/docs/connect/observability/access-logs) for more information.
- **Consul Envoy Extensions:** The new Envoy extension system enables you to modify Consul-generated Envoy resources outside of the Consul binary. This will allow extensions to add, delete, and modify Envoy listeners, routes, clusters, and endpoints, enabling support for additional Envoy features without changes to the Consul codebase.
The new `envoyExtensions` field in the ProxyDefaults and ServiceDefaults CRDs enable built-in Envoy extensions. Refer to [Envoy extensions overview](/consul/docs/connect/proxies/envoy-extensions) for more information on how to use these extensions.
## What's Changed
- Connect inject now excludes the `openebs` namespace from sidecar injection by default. If you previously had pods in that namespace
that you wanted to be injected, you must now set namespaceSelector as follows:
```yaml
connectInject:
namespaceSelector: |
matchExpressions:
- key: "kubernetes.io/metadata.name"
operator: "NotIn"
values: ["kube-system","local-path-storage"]
```
## Supported Software
~> **Note:** Consul 1.14.x and 1.13.x are not supported. Please refer to [Supported Consul and Kubernetes versions](/consul/docs/k8s/compatibility#supported-consul-and-kubernetes-versions) for more detail on choosing the correct `consul-k8s` version.
- Consul 1.15.x.
- Consul Dataplane v1.1.x. Refer to [Envoy and Consul Dataplane](/consul/docs/connect/proxies/envoy#envoy-and-consul-dataplane) for details about Consul Dataplane versions and the available packaged Envoy version.
- Kubernetes 1.23.x - 1.26.x
- `kubectl` 1.23.x - 1.26.x
- Helm 3.6+
## Upgrading
For detailed information on upgrading, please refer to the [Upgrades page](/consul/docs/k8s/upgrade)
## Known Issues
The following issues are known to exist in the v1.1.0 release:
- Pod Security Standards that are configured for the [Pod Security Admission controller](https://kubernetes.io/blog/2022/08/25/pod-security-admission-stable/) are currently not supported by Consul K8s. OpenShift 4.11.x enables Pod Security Standards on Kubernetes 1.25 [by default](https://connect.redhat.com/en/blog/important-openshift-changes-pod-security-standards) and is also not supported. Support will be added in a future Consul K8s 1.0.x patch release.
## Changelogs
The changelogs for this major release version and any maintenance versions are listed below.
~> **Note:** The following link takes you to the changelogs on the GitHub website.
- [1.1.0](https://github.com/hashicorp/consul-k8s/releases/tag/v1.1.0)

View File

@ -0,0 +1,81 @@
---
layout: docs
page_title: 1.15.x
description: >-
Consul release notes for version 1.15.x
---
# Consul 1.15.0
## Release Highlights
- **Enhanced Envoy Access Logging:** Envoy access logs are now centrally managed via config entries and CRDs to allow operators to easily turn on access logs for all proxies within the service mesh. Refer to [Access logs overview](/consul/docs/connect/observability/access-logs) for more information. Additionally, the [Proxy default configuration entry](/consul/docs/connect/config-entries/proxy-defaults) shows you how to enable access logs centrally via the ProxyDefaults config entry or CRD.
- **Consul Envoy Extensions:** The new Envoy extension system enables you to modify Consul-generated Envoy resources outside of the Consul binary. This will allow extensions to add, delete, and modify Envoy listeners, routes, clusters, and endpoints, enabling support for additional Envoy features without changes to the Consul codebase.
Current supported extensions include the [Lua](/consul/docs/connect/proxies/envoy-extensions#lua) and [AWS Lambda](/consul/docs/connect/proxies/envoy-extensions#lambda) extensions. Refer to [Envoy extensions overview](/consul/docs/connect/proxies/envoy-extensions) for more information on how to use these extensions for Consul service mesh.
- **API Gateway support on Linux VM runtimes:** You can now deploy Consul API Gateway on Linux VM runtimes. API Gateway is built into Consul and, when deploying on Linux VM runtimes, is not separately installed software. Refer to [API gateway overview](/consul/docs/connect/gateways/api-gateway) for more information on API Gateway specifically for VM.
~> **Note:** Support for API Gateway on Linux VM runtimes is considered a "Beta" feature in Consul v1.15.0. HashiCorp expects to change it to a GA feature as part of a v1.15 patch release in the near future.
- **Limit traffic rates to Consul servers:** You can now configure global RPC rate limits to mitigate the risks to Consul servers when clients send excessive read or write requests to Consul resources. Refer to [Limit traffic rates overview](/consul/docs/agent/limits) for more details on how to use the new troubleshooting commands.
- **Service-to-service troubleshooting:** Consul includes a built-in tool for troubleshooting communication between services in a service mesh. The `consul troubleshoot` command enables you to validate communication between upstream and downstream Envoy proxies on VM and Kubernetes deployments. Refer to [Service-to-service troubleshooting overview](/consul/docs/troubleshoot/troubleshoot-services) for more details on how to use the new troubleshooting commands.
Refer to [Service-to-service troubleshooting overview](/consul/docs/troubleshoot/troubleshoot-services) for more details on how to use the new troubleshooting commands.
- **Raft write-ahead log (Experimental):** Consul provides an experimental storage backend called write-ahead log (WAL). WAL implements a traditional log with rotating, append-only log files which resolves a number of performance issues with the current BoltDB storage backend. Refer to [Experimental WAL LogStore backend overview](/consul/docs/agent/wal-logstore) for more details.
~> **Note:** The new Raft write-ahead log storage backend is not recommended for production use cases yet, but is ready for testing by the general community.
## What's Changed
- ACL errors have now been ehanced to return descriptive errors when the specified resource cannot be found. Other ACL request errors provide more information about when a resource is missing. In addition, errors are now gracefully thrown when interacting with the ACL system before the ACL system been bootstrapped.
- The Delete Token/Policy/AuthMethod/Role/BindingRule endpoints now return 404 when the resource cannot be found. The new error format is as follows:
```log hideClipboard
Requested * does not exist: ACL not found", "* not found in namespace $NAMESPACE: ACL not found`
```
- The Read Token/Policy/Role endpoints now return 404 when the resource cannot be found. The new error format is as follows:
```log hideClipboard
Cannot find * to delete
```
- The Logout endpoint now returns a 401 error when the supplied token cannot be found. The new error format is as follows:
```log hideClipboard
Supplied token does not exist
```
- The Token Self endpoint now returns 404 when the token cannot be found. The new error format is as follows:
```log hideClipboard
Supplied token does not exist
```
- Consul v1.15.0 formally removes all uses of legacy ACLs and ACL policies from Consul. The legacy ACL system was deprecated in Consul v1.4.0 and removed in Consul v1.11.0. The documentation for the new ACL system can be found [here](/consul/docs/v1.14.x/security/acl). For information on how to migrate to the new ACL System, please read the [Migrate Legacy ACL Tokens tutorial](/consul/tutorials/security-operations/access-control-token-migration).
- The following agent flags are now deprecated: `-join`, `-join-wan`, `start_join`, and `start_join_wan`. These options are now aliases of `-retry-join`, `-retry-join-wan`, `retry_join`, and `retry_join_wan`, respectively.
- A `peer` field has been added to ServiceDefaults upstream overrides to make it possible to apply upstream overrides only to peer services. Prior to this change, overrides would be applied based on matching the namespace and name fields only, which means users could not have different configuration for local versus peer services. With this change, peer upstreams are only affected if the peer field matches the destination peer name.
- If you run the `consul connect envoy` command with an incompatible Envoy version, Consul will now error and exit. To ignore this check, use flag `--ignore-envoy-compatibility`.
- Ingress Gateway upstream clusters will have empty `outlier_detection` if passive health check is unspecified.
## Upgrading
For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific#consul-1-15-0) and the changelogs.
## Known Issues
The following issues are known to exist in the v1.15.0 release:
- For v1.15.0, there is a known issue where `consul acl token read -self` requires an `-accessor-id`. This is resolved in the uppcoming Consul v1.15.1 patch release.
- For v1.15.0, there is a known issue where search filters produced errors and resulted in lists not showing full results until being interacted with. This is resolved in the upcoming Consul v1.15.1 patch release.
## Changelogs
The changelogs for this major release version and any maintenance versions are listed below.
~> **Note:** These links take you to the changelogs on the GitHub website.
- [1.15.0](https://github.com/hashicorp/consul/releases/tag/v1.15.0)

View File

@ -145,6 +145,10 @@
{
"title": "Consul",
"routes": [
{
"title": "v1.15.x",
"path": "release-notes/consul/v1_15_x"
},
{
"title": "v1.14.x",
"path": "release-notes/consul/v1_14_x"
@ -174,6 +178,10 @@
{
"title": "Consul K8s",
"routes": [
{
"title": "v1.1.x",
"path": "release-notes/consul-k8s/v1_1_x"
},
{
"title": "v1.0.x",
"path": "release-notes/consul-k8s/v1_0_x"