diff --git a/website/content/docs/release-notes/1-10-0.mdx b/website/content/docs/release-notes/1-10-0.mdx index 074d60967d..5cadcbc262 100644 --- a/website/content/docs/release-notes/1-10-0.mdx +++ b/website/content/docs/release-notes/1-10-0.mdx @@ -7,7 +7,7 @@ page_title: 1.10.0 ## Release Highlights -- **Transparent Proxy:** Simplifies deploying applications into the service mesh by using iptables to redirect traffic from applications running in virtual machines or Kubernetes through the Envoy proxy. +- **Transparent Proxy:** Simplifies deploying applications into the service mesh by using iptables to redirect traffic from applications running in virtual machines or Kubernetes through the Envoy proxy. [`consul connect redirect-traffic`](/commands/connect/redirect-traffic) now provides a CLI interface for applying traffic redirection `iptables` rules to redirect traffic through an inbound and outbound listener on the Envoy sidecar. More information on how to utilize Transparent Proxy for Consul on Kubernetes could be found on [Transparent Proxy](/docs/connect/transparent-proxy). - **Support for xDS v3 and Incremental xDS:** Consul 1.10 will default to using xDS version 3 and Incremental xDS for all supported Envoy proxy versions bootstrapped by the Consul 1.10 CLI. This is driven by the fact that xDS v2 was deprecated in Envoy 1.15 and disabled in Envoy 1.17. Envoy proxies bootstrapped with older Consul CLI binaries will continue to use the xDS v2 state-of-the-world API. diff --git a/website/content/docs/release-notes/1-11-0.mdx b/website/content/docs/release-notes/1-11-0.mdx new file mode 100644 index 0000000000..d2b80b6983 --- /dev/null +++ b/website/content/docs/release-notes/1-11-0.mdx @@ -0,0 +1,28 @@ +--- +layout: docs +page_title: 1.11.0 +--- + +# Consul 1.11.0 + +## Release Highlights + +- **Admin Partitions (Enterprise):** Consul 1.11.0 Enteprise introduces a new entity for defining administrative and networking boundaries within a Consul deployment. This feature also enables servers to communicate with clients over a specific gossip segment created for each partition. This release also enables cross partition communication between services across partitions, using Mesh Gateways. For more information refer to the [Admin Partitions](/docs/enterprise/admin-partitions) documentation. + +- **Virtual IPs for services deployed with Consul Service Mesh:** Consul will now generate a unique virtual IP for each service deployed within Consul Service Mesh, allowing transparent proxy to route to services within a data center that exist in different clusters or outside the service mesh. + +- **Replace [boltdb](https://github.com/boltdb/bolt) with [etcd-io/bbolt](https://github.com/etcd-io/bbolt) for raft log store:** Consul now leverages `etcd-io/bbolt` as the default implementation of `boltdb` instead of `boltdb/bolt`. This change also exposes a configuration to allow for disabling boltdb freelist syncing. In addition, Consul now emits metrics for the raft boltdb store to provide insights into boltdb performance. + +- **TLS Certificates for Ingress Gateways via an SDS source:**: Ingress Gateways can now be configured to retrieve TLS certificates from an external SDS Service and load the TLS certificates for Ingress listeners. This configuration is set using the `ingress-gateway` configuration entry via the [SDS](/docs/connect/config-entries/ingress-gateway#sds) stanza within the Ingress Gateway TLS configuration. + +- **Vault Auth Method support for Connect CA Vault Provider:** Consul now supports configuring the Connect CA Vault provider to use auth methods for authentication to Vault. Consul supports using any non-deprecated auth method that is available in Vault v1.8.5, including AppRole, AliCloud, AWS, Azure, Cloud Foundry, GitHub, Google Cloud, JWT/OIDC, Kerberos, Kubernetes, LDAP, Oracle Cloud Infrastructure, Okta, Radius, TLS Certificates, and Username & Password. The Vault Auth Method for Connect CA Provider is utilized by default for the [Vault Secrets Backend](/docs/k8s/installation/vault) feature on Consul on Kubernetes. Utilizing a Vault Auth method would no longer require a Vault token to be managed or provisioned ahead of time to be used for authentication to Vault. + +## What's Changed + +- The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that all tokens and policies have been migrated to the newer ACL system. See the [Migrate Legacy ACL Tokens Learn Guide](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) for more information. + +- The `agent_master` ACL token has been renamed to `agent_recovery` ACL token. In addition, the `consul acl set-agent-token master` command has been replaced with `consul acl set-agent-token recovery`. See [ACL Agent Recovery Token](/docs/security/acl/acl-system#acl-agent-recovery-token) and [Consul ACL Set Agent Token](/commands/acl/set-agent-token) for more information. + +- Drops support for Envoy versions 1.15.x and 1.16.x + +For more detailed information, please refer to the [upgrade details page](/docs/upgrading/upgrade-specific#consul-1-11-0) and the [1.11.0 changelog](https://github.com/hashicorp/consul/releases/tag/v1.11.0). diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index 66a0415cb7..c58c649180 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -1067,12 +1067,16 @@ "title": "Release Notes", "routes": [ { - "title": "1.9.0", - "path": "release-notes/1-9-0" + "title": "1.11.0", + "path": "release-notes/1-11-0" }, { "title": "1.10.0", "path": "release-notes/1-10-0" + }, + { + "title": "1.9.0", + "path": "release-notes/1-9-0" } ] },