Consul 1.9.0
Release Highlights
Application-Aware Intentions: A new set of capabilities that extends Consul’s intentions model to support Layer 7 request information. Intentions now provide the ability for operators to construct policies which evaluate application-layer information such as HTTP Path, Headers, or Method – in addition to service identity – when authorizing HTTP-based (HTTP/1.1, HTTP/2, gRPC) service-to-service communication.
Service Mesh Visualization: This addition provides a new topology tab to the Consul UI which displays topology diagrams and key service mesh metrics like request, error rates, and timing metrics. These new features will assist developers and operators in verifying configuration and troubleshooting issues within the service mesh. The UI also supports deep linking into your external metrics dashboards.
Improved Metrics and Grafana Dashboard: Consul 1.9 additionally updates several metrics to reduce cardinality in metric names in favor of the best practice of using labels instead and provides a Grafana dashboard template that exposes the most important metrics associated with the Consul datacenter for operators.
Custom Resources for Kubernetes: Consul now provides a Kubernetes-first experience through CRDs to allow practitioners to easily configure Consul service mesh via Kubernetes-style objects.
Deploy Consul in OpenShift: Enable installing Consul via Helm chart in OpenShift. We’ve now ensured that Consul Kubernetes runs on OpenShift securely by ensuring that Consul runs as non-root and also provided a set of SecurityContextConstraints to deploy Consul securely.
- Installing Consul on OpenShift should now be as simple as running a Helm install with the
global.openshift.enabled
set totrue
.
- Installing Consul on OpenShift should now be as simple as running a Helm install with the
Active Health Checks for Consul on Kubernetes: Consul service mesh now integrates with Kubernetes Readiness probes. This provides the ability to natively detect health status from Kubernetes via Readiness probe, and is then used for directing service mesh traffic.
Streaming: This feature introduces a major architectural enhancement in how update notifications for blocking queries are delivered within the cluster. Streaming results in very significant reduction of CPU and network bandwidth usage on Consul servers in large-scale deployments. Streaming is particularly helpful in scaling blocking queries in Consul clusters that have rapid changes in service state.
- Streaming is now available for the service health HTTP endpoint, and can be enabled through the use_streaming_backend client configuration option, and rpc.enable_streaming option on the servers. We will continue to enable streaming in more endpoints in subsequent releases.
What’s Changed
- Consul 1.9 is built with Go 1.15, which has dropped support for 32-bit binaries for Darwin/macOS, so we will no longer be issuing darwin_386 builds for Consul 1.9.x or newer.
- Drops support for Envoy versions 1.12.0, 1.12.1, 1.12.2, and 1.13.0
- Switches the default gateway port from 443 to 8443 to avoid assumption of Envoy running as root.
For more detailed information, please refer to the changelog.