HashiCorp Consul 1.4.1
Note: The Consul team released 1.4.2 shortly after the 1.4.1 release to fix a regression that impacted Nomad users. Please refer to the 1.4.2 mailing list announcement or the changelog for more details. At this time we recommend upgrading directly to 1.4.2.
We are excited to announce the release of HashiCorp Consul 1.4.1. Consul is a service mesh which provides service discovery, runtime configuration, and secure service-to-service communication for distributed applications and infrastructure.
Consul 1.4.1 is a minor release that includes a number of important bug fixes for Consul Connect and our newly released ACL system.
-
TLS commands and improved guide. A new subcommand
consul tls
was added to make it easier to bootstrap TLS for Consul agents. As part of this, our TLS guide was updated and improved. -
Expanded transaction API support. Common catalog operations for nodes, services, and checks have been added to the transaction API. This can increase safety for integrations that manage the lifecycle of services in the catalog. consul-esm will be released following 1.4.1 with support for these new APIs.
-
Local agent health queries. A new API
/v1/agent/health/service/name/:service_name
was added, enabling queries of the health catalog against the local agent rather than querying the Consul server directly. -
CIDR allow list for HTTP. A new
allow_write_http_from
configuration can be configured to allow CIDR network ranges that can make non GET/HEAD/OPTIONS HTTP requests. -
Gossip performance improvements for very large clusters. Bootstrapping time for large scale gossip clusters should be greatly improved in this release. More details on the changes and performance impact can be found here. Thanks to critical feedback from the community in making these changes possible.
-
Prepared query support in Envoy. When utilizing the Envoy proxy for Connect, prepared queries now work as upstreams.
-
CSR rate limiting. Connect related certificate signing is now rate limited during certificate rotations across large clusters to ensure servers aren't overwhelmed.
This release also included many smaller bug fixes. Full details can be found in the 1.4.1 changelog.
» CVE-2018-19653
In December 2018, we determined that there was a misleading statement in our documentation and issue in implementation for TLS configuration for agent-to-agent TLS in Consul. This vulnerability affected versions 0.5.1 - 1.4.0 of Consul, both OSS and Enterprise. This issue was able to be remediated by modifying agent configuration and restarting agents. We notified the community of this issue, updated our documentation, and in this release corrected the underlying behavior.
This can be remediated on all affected versions of Consul by following the instructions here, or by upgrading to 1.4.1.
» Consul & Kubernetes
Support for Consul and Kubernetes continues to improve with releases of the Consul Helm chart and consul-k8s. This includes support for syncing ClusterIP services and improved RBAC support. Full changelogs are available with more detail: consul-helm and consul-k8s.
We continue to invest in making Consul and Kubernetes easy to use together, and have some short-term improvements planned for easier ACL and TLS configuration via Helm.
» New Consul Learn Programs
Our recently formed dedicated education team released new training content for learn.hashicorp.com. This release is focused on education for operators and has been placed in two tracks; Day 1: Deploying Your First Datacenter learning path and Day 2: Advanced Operations track.
Some existing guides for Consul have been improved and migrated to this new Learn site. This process will continue in the coming months.
» Conclusion
Please review the v1.4.1 changelog for a detailed list of changes. If you are upgrading the ACL system, refer to the 1.4.0 upgrade guide for more information.
As always, please test in an isolated environment before upgrading. Consul 1.4.1 is also available in Consul Enterprise.
Thank you to our active community members who have been invaluable in adding new features, reporting bugs, and improving the documentation for Consul in this release.
Sign up for the latest HashiCorp news
More blog posts like this one
HashiCorp at AWS re:Invent: Your blueprint to cloud success
If you’re attending AWS re:Invent in Las Vegas, Dec. 2 - Dec. 6th, visit us for breakout sessions, expert talks, and product demos to learn how to take a unified approach to Infrastructure and Security Lifecycle Management.
Consul 1.20 improves multi-tenancy, metrics, and OpenShift deployment
HashiCorp Consul 1.20 is a significant upgrade for the Kubernetes operator and developer experience, including better multi-tenant service discovery, catalog registration metrics, and secure OpenShift integration.
New SLM offerings for Vault, Boundary, and Consul at HashiConf 2024 make security easier
The latest Security Lifecycle Management (SLM) features from HashiCorp Vault, Boundary, and Consul help organizations offer a smoother path to better security practices for developers.