diff --git a/website/content/docs/release-notes/consul-k8s/v1_0_x.mdx b/website/content/docs/release-notes/consul-k8s/v1_0_x.mdx new file mode 100644 index 0000000000..93f06b55a6 --- /dev/null +++ b/website/content/docs/release-notes/consul-k8s/v1_0_x.mdx @@ -0,0 +1,60 @@ +--- +layout: docs +page_title: 1.0.x +description: >- + Consul on Kubernetes release notes for version 1.0.x +--- + +# Consul on Kubernetes 1.0 + +## Release Highlights + +- ** Simplified Service Mesh Deployments with Consul Dataplane:** Consul client agents are no longer deployed by default, and Consul service mesh no longer uses Consul clients to operate. A new component `consul-dataplane` is now injected as a sidecar-proxy instead of plain Envoy. `consul-dataplane` manages the Envoy proxy process and proxies xDS requests from Envoy to Consul servers. All service mesh consul-k8s components are configured to talk directly to Consul servers. + +- **Consul API Gateway 0.5.0 Support:** Support to run Consul API Gateway without clients and allow Consul API Gateway to directly connect to Consul servers. + +## What's Changed + +- `client.enabled` now defaults to `false`. Setting it to true will deploy client agents, however, none of the consul-k8s components will use clients for their operation. For Vault on Kubernetes using Consul deployed on Kubernetes as a storage backend, `client.enabled` should be set to `true` prior to upgrading. +- `externalServers.grpcPort` default is now 8502 instead of 8503. +- Consul snapshot agent runs as a sidecar to Consul servers. + - `client.snapshotAgent` values are moved to `server.snapshotAgent`, with the exception of the following values: `client.snaphostAgent.replicas`, `client.snaphostAgent.serviceAccount` + - `global.secretsBackend.vault.consulSnapshotAgentRole` value is now removed. You should now use the `global.secretsBackend.vault.consulServerRole` for access to any Vault secrets. +- Support simplified default deployment values to allow for easier quick starts and testing: + * Set `server.replicas` to `1`. Formerly, this defaulted to `3`. + * `connectInject.enabled` now defaults to true. + * `dns.enabled` and `dns.enableRedirection` will now default to the value of `connectInject.transparentProxy.defaultEnabled`. Previously, `dns.enabled` defaulted to the value of `global.enabled` and `dns.enableRedirection` defaulted to the value to `false`. + * Set `connectInject.replicas` to 1 + * Set `meshGateway.affinity` to null and `meshGateway.replicas` to 1 + * Set `ingressGateways.defaults.affinity` to null and `ingressGateways.defaults.replicas` to 1 + * Set `terminatingGateways.defaults.affinity` to null and `terminatingGateways.defaults.replicas` to 1 + * `syncCatalog.consulNamespaces.mirroringK8S` now defaults to `true`. + * `connectInject.consulNamespaces.mirroringK8S` now defaults to `true`. +- `global.imageEnvoy` is now replaced with `global.imageConsulDataplane` for running the sidecar proxy. apiGateway.imageEnvoy` is now available for configuring the version of Envoy that the API Gateway uses. + +## Supported Software + + ~> **Note:** Consul 1.13.x and 1.12.x is not supported. Please use Consul K8s 0.49.x if you want to use Consul 1.13.x or 1.12.x. +- Consul 1.14.x. +- Consul Dataplane v1.0.x. Refer to [Envoy and Consul Dataplane](/docs/connect/proxies/envoy#envoy-and-consul-dataplane) for details about Consul Dataplane versions and the available packaged Envoy version. +- Kubernetes 1.22.x - 1.25.x +- `kubectl` 1.22.x - 1.25.x +- Helm 3.6+ + +## Upgrading + +For detailed information on upgrading, please refer to the [Upgrades page](/docs/k8s/upgrade) + +## Known Issues + +The following issues are known to exist in the v1.0.0 release: + +- Pod Security Standards that are configured for the [Pod Security Admission controller](https://kubernetes.io/blog/2022/08/25/pod-security-admission-stable/) are currently not supported by Consul K8s. OpenShift 4.11.x enables Pod Security Standards on Kubernetes 1.25 [by default](https://connect.redhat.com/en/blog/important-openshift-changes-pod-security-standards) and is also not supported. Support will be added in a future Consul K8s 1.0.x patch release. + +## Changelogs + +The changelogs for this major release version and any maintenance versions are listed below. + +~> **Note:** The following link takes you to the changelogs on the GitHub website. + +- [1.0.0](https://github.com/hashicorp/consul-k8s/releases/tag/v1.0.0) diff --git a/website/content/docs/release-notes/consul/v1_14_x.mdx b/website/content/docs/release-notes/consul/v1_14_x.mdx new file mode 100644 index 0000000000..11af78790c --- /dev/null +++ b/website/content/docs/release-notes/consul/v1_14_x.mdx @@ -0,0 +1,52 @@ +--- +layout: docs +page_title: 1.14.x +description: >- + Consul release notes for version 1.14.x +--- + +# Consul 1.14.0 + +## Release Highlights + +- **Cluster Peering (GA):** This version promotes Cluster Peering, a new model to federate Consul clusters for both service mesh and traditional service discovery, to General Availability. Cluster peering allows for service interconnectivity with looser coupling than the existing WAN federation. For more information, refer to the [cluster peering](/docs/connect/cluster-peering) documentation. Some notable improvements to Cluster Peering include: + + - **Cluster Peering Failover:** Cluster Peering now supports the ability to redirect to services running on cluster peers with service resolvers. More details for configuring failover across peers is provided in the Service Resolver [failover](/docs/connect/config-entries/service-resolver#failover) stanza. + + - **Control Plane traffic over Mesh Gateways:** Cluster Peering now supports the establishing peering through Mesh Gateways. More detail on using Mesh Gateways for Cluster Peering are found in [Enabling Service-to-service traffic across Peered Clusters](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers). Mesh Gateways are used by default for [Cluster Peering on Kubernetes](/docs/connect/cluster-peering/k8s). + +- **Simplified Service Mesh with Consul Dataplane:** Support for a new `consul-dataplane`, a lightweight process for managing Envoy proxies introduced in Consul v1.14.0. Consul Dataplane removes the need to run client agents on every node in a cluster for service discovery and service mesh. Instead, Consul deploys sidecar proxies that provide lower latency, support additional runtimes, and integrate with cloud infrastructure providers. Read more in [Simplified Service Mesh with Consul Dataplane](/docs/connect/dataplane). + + ~> **Note:** Currently `consul-dataplane` is only supported on clusters running on Consul on Kubernetes 1.0+. + + +## What's Changed + +- 1.14 adds a new `ports.grpc_tls` configuration option. This introduces a new port to better separate TLS config from the existing `ports.grpc` config. The new `ports.grpc_tls` only supports TLS encrypted communication. The existing `ports.grpc` now only supports plain-text communication. +- `peering` and `connect` are default. +- The gRPC TLS port default value to 8503 +- Removes support for Envoy 1.20.x and adds Envoy 1.24.0 to support matrix. +- Renames `PeerName` to `Peer` on prepared queries and exported services. +- Converts service mesh failover to use Envoy's aggregate clusters. This +changes the names of some [Envoy dynamic HTTP metrics](https://www.envoyproxy.io/docs/envoy/latest/configuration/upstream/cluster_manager/cluster_stats#dynamic-http-statistics). + +## Upgrading + +For more detailed information, please refer to the [upgrade details page](/docs/upgrading/upgrade-specific#consul-1-14-0) and the changelogs. + +## Known Issues + +The following issues are known to exist in the 1.14.0 release: + +- Prior to Consul 1.14, cluster peering and Consul service mesh were disabled by default. A breaking change was made in Consul 1.14 that enabled cluster peering and Consul service mesh by default. To disable both, set `peering.enabled` and `connect.enabled` to false. The changes to Consul service mesh in version 1.14 are incompatible with Nomad 1.4.2 and earlier. If you operate Consul service mesh using Nomad 1.4.2 or earlier, do not upgrade to Consul 1.14 until hashicorp/nomad#15266 is fixed. + +- For 1.14.0, there is a known issue with the `consul connect envoy` CLI command. If the command is configured to use TLS for contacting the HTTP API, it will also incorrectly enable TLS for gRPC. Users should not upgrade to 1.14.0 if they are using plaintext gRPC connections in conjunction with TLS-encrypted HTTP APIs. + + +## Changelogs + +The changelogs for this major release version and any maintenance versions are listed below. + +-> **Note**: These links take you to the changelogs on the GitHub website. + +- [1.14.0](https://github.com/hashicorp/consul/releases/tag/v1.14.0) diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index 39442e11d7..903bb9d862 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -141,6 +141,10 @@ { "title": "Consul", "routes": [ + { + "title": "v1.14.x", + "path": "release-notes/consul/v1_14_x" + }, { "title": "v1.13.x", "path": "release-notes/consul/v1_13_x" @@ -166,6 +170,10 @@ { "title": "Consul K8s", "routes": [ + { + "title": "v1.0.x", + "path": "release-notes/consul-k8s/v1_0_x" + }, { "title": "v0.49.x", "path": "release-notes/consul-k8s/v0_49_x"