We are excited to announce the release of Consul 1.5.0. Consul is a multi-cloud service networking platform to connect, secure and configure services across any runtime platform and public or private cloud.
Consul 1.5.0 introduced several major new features and a number of improvements and bug fixes.
We've published an outline for a blog post series that will provide information about the Connect (Consul service mesh) roadmap. This release is the first in a series of major releases that will provide the functionality outlined in that post.
Specifically, Connect now supports L7 observability and load balancing which can be used today via the Envoy integration. Read more in the Connect Envoy documentation. If you'd like to try this today with Kubernetes, follow our L7 Observability on Kubernetes guide. Stay tuned for the our L7 observability blog to learn more about the use case.
Additionally, we've added a number of new features and improvements:
Expressive Filtering support across HTTP APIs. When using the HTTP API a query parameter can be used to pass a filter expression to Consul on a range of endpoints. Learn more about options for filtering in the API documentation.
Centralized Configuration. Enables central configuration of some service and proxy defaults. For more information see the Configuration Entries docs. This is a set of new endpoints and CLI commands for centrally managing the configuration of many upcoming L7 features of Consul Connect.
ACL enhancements. Expiration times, roles, service identity mappings and auth methods are all improvements to the ACL system to enable services to obtain a valid Consul ACL token using 3rd party identity. The first available auth method included in this release is Kubernetes Service Account Tokens.
consul-k8s and consul-helm. The Kubernetes integrations have been updated to support L7 observability and usage of the new auth method ACL functionality, as well as general support for ACLs. For a full list of changes, visit the changelog for consul-k8s or consul-helm. Note that releases here will be available shortly after the Consul 1.5.0 release.
UI Improvements. The UI now supports live updates (opt-in for now), a better search interface for the services page, visibility of Connect proxies, additional ACL features, and a number of bug fixes.
Azure Snapshot Agent support (Enterprise). The enterprise snapshot agent can now store snapshots in Azure storage.
Envoy versions lower than 1.9.1 are vulnerable to CVE-2019-9900 and CVE-2019-9901. Both are related to HTTP request parsing and so only affect Consul Connect users if they have configured HTTP routing rules via the "escape hatch". Note that while we officially deprecate support for the older version of Envoy in 1.5.0, we recommend using Envoy 1.9.1 with all previous versions of Consul Connect too (back to 1.3.0 where Envoy support was introduced).
We've removed the legacy UI completely from Consul, so it is no longer available when using the CONSUL_UI_LEGACY environment variable.
We have completed the guide transition from consul.io to learn.hashicorp.com/consul. During the transition process, all the guides were updated to be easier to use. HashiCorp Learn is a learning platform for all types of users at every experience level. The Learn guides are step-by-step walk throughs aimed to help you complete specific tasks. Recently, we've also added new content to the Learn platform including a track to help you get started with Kubernetes, production guidance for configuring ACLs, and a streamlined troubleshooting guide.
Thank you to our active community members who have been invaluable in adding new features, reporting bugs, and improving the documentation for Consul in this release!
Consul API Gateway 0.4 introduces support for the new beta version of the Kubernetes Gateway API and HTTP path rewrites.
This release enhances a number of features in Consul while adding such new features as a Consul on Kubernetes CNI plugin and a beta version of cluster peering.
A service mesh like HashiCorp Consul can be an essential part of applying zero trust security principles to modern, complex, Kubernetes deployments.