v1.8.1
1.8.1 (July 30, 2020)
FEATURES:
- acl: Added ACL Node Identities for easier creation of Consul Agent tokens. [GH-7970]
- agent: Added Consul client agent automatic configuration utilizing JWTs for authorizing the request to generate ACL tokens, TLS certificates and retrieval of the gossip encryption key. [GH-8003], [GH-8035], [GH-8086], [GH-8148], [GH-8157], [GH-8159], [GH-8193], [GH-8253], [GH-8301], [GH-8360], [GH-8362], [GH-8363], [GH-8364], [GH-8409]
IMPROVEMENTS:
- acl: allow auth methods created in the primary datacenter to optionally create global tokens [GH-7899]
- agent: Allow to restrict servers that can join a given Serf Consul cluster. [GH-7628]
- agent: new configuration options allow ratelimiting of the agent-cache:
cache.entry_fetch_rateandcache.entry_fetch_max_burst. [GH-8226] - cli: Output message on success when writing/deleting config entries. [GH-7806]
- connect: Append port number to expected ingress hosts [GH-8190]
- dns: Improve RCODE of response when query targets a non-existent datacenter. [GH-8102],[GH-8218]
- version: The
versionCLI subcommand was altered to always show the git revision the binary was built from on the second line of output. Additionally the command gained a-formatflag with the option now of outputting the version information in JSON form. NOTE This change has the potential to break any parsing done by users of theversioncommands output. In many cases nothing will need to be done but it is possible depending on how the output is parsed. [GH-8268]
BUGFIXES:
- agent: Fixed a bug where Consul could crash when
verify_outgoingwas set to true but no client certificate was used. [GH-8211] - agent: Fixed an issue with lock contention during RPCs when under load while using the Prometheus metrics sink. [GH-8372]
- auto_encrypt: Fixed an issue where auto encrypt certificate signing wasn't using the connect signing rate limiter. [GH-8211]
- auto_encrypt: Fixed several issues around retrieving the first TLS certificate where it would have the wrong CN and SANs. This was being masked by a second bug (also fixed) causing that certificate to immediately be discarded with a second certificate request being made afterwards. [GH-8211]
- auto_encrypt: Fixed an issue that caused auto encrypt certificates to not be updated properly if the agents token was changed and the old token was deleted. [GH-8311]
- connect: fix crash that would result if a mesh or terminating gateway's upstream has a hostname as an address and no healthy service instances available [GH-8158]
- connect: Fixed issue where specifying a prometheus bind address would cause ingress gateways to fail to start up [GH-8371]
- gossip: Avoid issue where two unique leave events for the same node could lead to infinite rebroadcast storms [GH-8343]
- snapshot: (Consul Enterprise only) Fixed a regression when using Azure blob storage.
- xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions [GH-8265]