Note: The Consul team released 1.4.2 shortly after the 1.4.1 release to fix a regression that impacted Nomad users. Please refer to the 1.4.2 mailing list announcement or the changelog for more details. At this time we recommend upgrading directly to 1.4.2.
We are excited to announce the release of HashiCorp Consul 1.4.1. Consul is a service mesh which provides service discovery, runtime configuration, and secure service-to-service communication for distributed applications and infrastructure.
TLS commands and improved guide. A new subcommand
consul tlswas added to make it easier to bootstrap TLS for Consul agents. As part of this, our TLS guide was updated and improved.
Expanded transaction API support. Common catalog operations for nodes, services, and checks have been added to the transaction API. This can increase safety for integrations that manage the lifecycle of services in the catalog. consul-esm will be released following 1.4.1 with support for these new APIs.
Local agent health queries. A new API
/v1/agent/health/service/name/:service_namewas added, enabling queries of the health catalog against the local agent rather than querying the Consul server directly.
CIDR allow list for HTTP. A new
allow_write_http_fromconfiguration can be configured to allow CIDR network ranges that can make non GET/HEAD/OPTIONS HTTP requests.
Gossip performance improvements for very large clusters. Bootstrapping time for large scale gossip clusters should be greatly improved in this release. More details on the changes and performance impact can be found here. Thanks to critical feedback from the community in making these changes possible.
Prepared query support in Envoy. When utilizing the Envoy proxy for Connect, prepared queries now work as upstreams.
CSR rate limiting. Connect related certificate signing is now rate limited during certificate rotations across large clusters to ensure servers aren't overwhelmed.
This release also included many smaller bug fixes. Full details can be found in the 1.4.1 changelog.
In December 2018, we determined that there was a misleading statement in our documentation and issue in implementation for TLS configuration for agent-to-agent TLS in Consul. This vulnerability affected versions 0.5.1 - 1.4.0 of Consul, both OSS and Enterprise. This issue was able to be remediated by modifying agent configuration and restarting agents. We notified the community of this issue, updated our documentation, and in this release corrected the underlying behavior.
This can be remediated on all affected versions of Consul by following the instructions here, or by upgrading to 1.4.1.
» Consul & Kubernetes
Support for Consul and Kubernetes continues to improve with releases of the Consul Helm chart and consul-k8s. This includes support for syncing ClusterIP services and improved RBAC support. Full changelogs are available with more detail: consul-helm and consul-k8s.
We continue to invest in making Consul and Kubernetes easy to use together, and have some short-term improvements planned for easier ACL and TLS configuration via Helm.
» New Consul Learn Programs
Our recently formed dedicated education team released new training content for learn.hashicorp.com. This release is focused on education for operators and has been placed in two tracks; Day 1: Deploying Your First Datacenter learning path and Day 2: Advanced Operations track.
Some existing guides for Consul have been improved and migrated to this new Learn site. This process will continue in the coming months.
As always, please test in an isolated environment before upgrading. Consul 1.4.1 is also available in Consul Enterprise.
Thank you to our active community members who have been invaluable in adding new features, reporting bugs, and improving the documentation for Consul in this release.