Consul 1.19.0

We are pleased to announce the following Consul updates.

Release highlights

• External Services CRD: You can now configure and register external services, including their health checks, alongside existing Kubernetes application manifests with the new Registration Custom Resource Definition (CRD). This CRD changes the workflow to register a service running on an external node with the Consul catalog. A terminating gateway is still required to enable downstream services in the service mesh to communicate with external services. Refer to Register external services on Kubernetes overview for more information.

• Transparent Proxy on Nomad: Consul’s CNI plugin enables the use of transparent proxy for seamlessly redirecting traffic through the Envoy proxy without requiring application changes, or elevated network privileges for the workload. As a result, you can onboard applications without additional configuration between a service and its upstreams.

• API Gateway metrics: The Consul API Gateway now provides a Prometheus metrics endpoint you can use to gather information about the health of the gateway, as well as traffic for proxied connections or requests.

• File system certificate configuration entry: A new file-system-certificate configuration entry supports specifying a filepath to the certificate and private key for Consul API Gateway on VMs on the local system. Previously, the certificate and private key were specified directly in the inline-certificate configuration entry. When using the file system certificates, the Consul server never sees the contents of these files.

  File system certificates also include a file system watch that allows for changing the certificate and key without restarting the gateway. This feature requires that you have access to the gateway’s file system in order to place the certificate or update it.

  Consul on Kubernetes deployments that use consul-k8s Helm chart v1.5.0 or later use file system certificates without additional configuration. For more information, refer to File system certificate configuration reference.

• Argo Rollouts Plugin: A new Argo Rollouts plugin for progressive delivery is now available for consul-k8s. This plugin supports canary deployments by allowing you to incrementally release and test new versions of applications and roll back to previous versions by splitting traffic between subsets of services. Refer to Argo Rollouts Progressive Delivery with Consul on Kubernetes for more information.

What's deprecated

• Snapshot Agent (Enterprise): Starting with this release, top level single snapshot destinations local_storage, aws_storage, azure_blob_storage, and google_storage in snapshot agent configuration files are deprecated. Use the backup_destinations config object instead.

Upgrading

For more detailed information, please refer to the upgrade details page and the changelogs.

Known issues

The following issues are known to exist in the v1.19.x releases:

• v1.19.0 & v1.19.1 - There are known issues with the DNS server implementation. To revert to the old DNS behavior on 1.19.0 and 1.19.1, set experiments: [ "v1dns" ] in the agent configuration. In v1.19.2, the modified DNS subsystem will be reverted and the old DNS behavior will be restored resolving these issues.
  • DNS SRV records for registrations that specify a service address instead of a node address return identical .service hostnames instead of unique .addr addresses. As a result, it is impossible to resolve the individual service addresses. This bug can affect Nomad installations using Consul for service discovery because the service address field is always specified to Consul. [GH-21325].
  • DNS Tags are not resolved when using the Standard query format, tag.name.service.consul. [GH-21326].

Changelogs

The changelogs for this major release version and any maintenance versions are listed below.

• 1.19.0