From 68cd4182e4c22dee6984d273f533b0c85fc8b62d Mon Sep 17 00:00:00 2001 From: trujillo-adam Date: Fri, 3 Nov 2023 15:51:56 -0700 Subject: [PATCH 1/7] added 1.17 features to enterprise overview --- website/content/docs/connect/gateways/api-gateway/index.mdx | 4 ++-- .../gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx | 2 ++ .../gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx | 2 ++ website/content/docs/enterprise/index.mdx | 3 +++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/website/content/docs/connect/gateways/api-gateway/index.mdx b/website/content/docs/connect/gateways/api-gateway/index.mdx index a5edc2cf7038..5b29311bbc9b 100644 --- a/website/content/docs/connect/gateways/api-gateway/index.mdx +++ b/website/content/docs/connect/gateways/api-gateway/index.mdx @@ -52,8 +52,8 @@ Refer to the following resources for help setting up and using API gateways: - [Reroute HTTP requests in Kubernetes](/consul/docs/connect/gateways/api-gateway/define-routes/reroute-http-requests) - [Route traffic to peered services in Kubernetes](/consul/docs/connect/gateways/api-gateway/define-routes/route-to-peered-services) - [Encrypt API gateway traffic on VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/encrypt-vms) -- [Use JWTs to verify requests to API gateways on VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/jwts-vms) -- [Use JWTs to verify requests to API gateways on Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/jwts-k8s) +- [Use JWTs to verify requests to API gateways on VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) +- [Use JWTs to verify requests to API gateways on Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s) ### Reference diff --git a/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx b/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx index 7c58c4d513cd..6c60302165d5 100644 --- a/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx +++ b/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx @@ -8,6 +8,8 @@ description: Learn how to use JSON web tokens (JWT) to verify requests from exte This topic describes how to use JSON web tokens (JWT) to verify requests to API gateways deployed to Kubernetes-orchestrated containers. If your API gateway is deployed to virtual machines, refer to [Use JWTs to verify requests to API gateways on VMs](/consu/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms). + This feature is available in Consul Enterprise. + ## Overview You can configure API gateways to use JWTs to verify incoming requests so that you can stop unverified traffic at the gateway. You can configure JWT verification at different levels: diff --git a/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx b/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx index efb960f580ff..bd10964887d3 100644 --- a/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx +++ b/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx @@ -8,6 +8,8 @@ description: Learn how to use JSON web tokens (JWT) to verify requests from exte This topic describes how to use JSON web tokens (JWT) to verify requests to API gateways on virtual machines (VM). If your services are deployed to Kubernetes-orchestrated containers, refer to [Use JWTs to verify requests to API gateways on Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms). + This feature is available in Consul Enterprise. + ## Overview You can configure API gateways to use JWTs to verify incoming requests so that you can stop unverified traffic at the gateway. You can configure JWT verification at different levels: diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx index 34a8725b4648..a50edbc93464 100644 --- a/website/content/docs/enterprise/index.mdx +++ b/website/content/docs/enterprise/index.mdx @@ -27,6 +27,8 @@ The following features are [available in several forms of Consul Enterprise](#co - [Automated Backups](/consul/docs/enterprise/backups): Configure the automatic backup of Consul state - [Redundancy Zones](/consul/docs/enterprise/redundancy): Deploy backup voting Consul servers to efficiently improve Consul fault tolerance - [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips): Limit gRPC and RPC traffic to servers for source IP addresses. +- [Service request rate limits](/consul/docs/connect/manage-traffic/limit-request-rates): Limit the rate of HTTP requests a service receives from sources in the mesh. +- [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams): Prioritize upstream services in the same region and zone as the downstream service. ### Scalability @@ -46,6 +48,7 @@ The following features are [available in several forms of Consul Enterprise](#co - [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc): Manage user access to Consul through an OIDC identity provider instead of Consul ACL tokens directly - [Audit Logging](/consul/docs/enterprise/audit-logging): Understand Consul access and usage patterns by reviewing access to the Consul HTTP API +- Use JWTs to verify requests at the API gateway on [VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) and on [Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s): Prevent unverified traffic at the API gateway using JWTs for authentication and authorization. ### Regulatory compliance From f7574badb4dd6a3468c1653c7dba48c7802abd56 Mon Sep 17 00:00:00 2001 From: trujillo-adam Date: Fri, 3 Nov 2023 16:21:16 -0700 Subject: [PATCH 2/7] added features to runtime tables --- website/content/docs/enterprise/index.mdx | 70 +++++++++++++---------- 1 file changed, 39 insertions(+), 31 deletions(-) diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx index a50edbc93464..66ca283d764d 100644 --- a/website/content/docs/enterprise/index.mdx +++ b/website/content/docs/enterprise/index.mdx @@ -119,42 +119,47 @@ Consul Enterprise feature availability can change depending on your server and c -| Enterprise Feature | VM Client | K8s Client | ECS Client | -| ----------------------------------------------------------------------- | :-------: | :--------: | :--------: | -| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | ✅ | ✅ | ✅ | -| [Audit Logging](/consul/docs/enterprise/audit-logging) | ✅ | ✅ | ✅ | -| [Automated Server Backups](/consul/docs/enterprise/backups) | ✅ | ✅ | ✅ | -| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | ✅ | ✅ | ✅ | -| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | ✅ | ✅ | ✅ | -| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | ✅ | ✅ | ❌ | -| [Namespaces](/consul/docs/enterprise/namespaces) | ✅ | ✅ | ✅ | -| [Network Areas](/consul/docs/enterprise/federation) | ✅ | ✅ | ✅ | -| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | ✅ | ❌ | ❌ | -| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | ✅ | ✅ | ✅ | -| [Redundancy Zones](/consul/docs/enterprise/redundancy) | ✅ | ✅ | ✅ | -| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | ✅ | ✅ | ✅ | -| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ | +| Enterprise Feature | VM Client | K8s Client | ECS Client | +|----------------------------------------------------------------------------------------------------------|:---------:|:----------:| :--------: | +| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | ✅ | ✅ | ✅ | +| [Audit Logging](/consul/docs/enterprise/audit-logging) | ✅ | ✅ | ✅ | +| [Automated Server Backups](/consul/docs/enterprise/backups) | ✅ | ✅ | ✅ | +| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | ✅ | ✅ | ✅ | +| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | ✅ | ✅ | ✅ | +| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | ✅ | ✅ | ❌ | +| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) | ✅ | ✅ | ❌ | +| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | ✅ | ✅ | ❌ | +| [Namespaces](/consul/docs/enterprise/namespaces) | ✅ | ✅ | ✅ | +| [Network Areas](/consul/docs/enterprise/federation) | ✅ | ✅ | ✅ | +| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | ✅ | ❌ | ❌ | +| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | ✅ | ✅ | ✅ | +| [Redundancy Zones](/consul/docs/enterprise/redundancy) | ✅ | ✅ | ✅ | +| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | ✅ | ✅ | ✅ | +| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ | +| [Service request rate limits](/consul/docs/connect/manage-traffic/limit-request-rates) | ✅ | ✅ | ❌ | -| Enterprise Feature | VM Client | K8s Client | ECS Client | -| ----------------------------------------------------------------------- | :-------: | :--------: | :--------: | -| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | ✅ | ✅ | ✅ | -| [Audit Logging](/consul/docs/enterprise/audit-logging) | ✅ | ✅ | ✅ | -| [Automated Server Backups](/consul/docs/enterprise/backups) | ✅ | ✅ | ✅ | -| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | ❌ | ❌ | ❌ | -| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | ❌ | ❌ | ❌ | -| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | ✅ | ✅ | ❌ | -| [Namespaces](/consul/docs/enterprise/namespaces) | ✅ | ✅ | ✅ | -| [Network Areas](/consul/docs/enterprise/federation) | ✅ | ✅ | ✅ | -| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | ❌ | ❌ | ❌ | -| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | ✅ | ✅ | ✅ | -| [Redundancy Zones](/consul/docs/enterprise/redundancy) | ❌ | ❌ | ❌ | -| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | ✅ | ✅ | ✅ | -| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ | - +| Enterprise Feature | VM Client | K8s Client | ECS Client | +|---------------------------------------------------------------------------------------------------------------| :-------: | :--------: | :--------: | +| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | ✅ | ✅ | ✅ | +| [Audit Logging](/consul/docs/enterprise/audit-logging) | ✅ | ✅ | ✅ | +| [Automated Server Backups](/consul/docs/enterprise/backups) | ✅ | ✅ | ✅ | +| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | ❌ | ❌ | ❌ | +| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | ❌ | ❌ | ❌ | +| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | ✅ | ✅ | ❌ | +| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s) | ✅ | ✅ | ❌ | +| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | ✅ | ✅ | ❌ | +| [Namespaces](/consul/docs/enterprise/namespaces) | ✅ | ✅ | ✅ | +| [Network Areas](/consul/docs/enterprise/federation) | ✅ | ✅ | ✅ | +| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | ❌ | ❌ | ❌ | +| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | ✅ | ✅ | ✅ | +| [Redundancy Zones](/consul/docs/enterprise/redundancy) | ❌ | ❌ | ❌ | +| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | ✅ | ✅ | ✅ | +| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ | +| [Service request rate limits](/consul/docs/connect/manage-traffic/limit-request-rates) | ✅ | ✅ | ❌ | @@ -167,6 +172,8 @@ Consul Enterprise feature availability can change depending on your server and c | [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | ✅ | ✅ | ✅ | | [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | ❌ | ❌ | ❌ | | [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | ❌ | ❌ | ❌ | +| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) | ✅ | ✅ | ❌ | +| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | ✅ | ✅ | ❌ | | [Namespaces](/consul/docs/enterprise/namespaces) | ✅ | ✅ | ✅ | | [Network Areas](/consul/docs/enterprise/federation) | ❌ | ❌ | ❌ | | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | ❌ | ❌ | ❌ | @@ -174,6 +181,7 @@ Consul Enterprise feature availability can change depending on your server and c | [Redundancy Zones](/consul/docs/enterprise/redundancy) | n/a | n/a | n/a | | [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | ✅ | ✅ | ✅ | | [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ | +| [Service request rate limits](/consul/docs/connect/manage-traffic/limit-request-rates) | ✅ | ✅ | ❌ | From 72c5e85ef162ab0d05abe47d3b6654bd4a06a1e5 Mon Sep 17 00:00:00 2001 From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Date: Mon, 6 Nov 2023 08:23:29 -0800 Subject: [PATCH 3/7] Apply suggestions from code review Co-authored-by: David Yu --- website/content/docs/enterprise/index.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx index 66ca283d764d..6cb5a2798c32 100644 --- a/website/content/docs/enterprise/index.mdx +++ b/website/content/docs/enterprise/index.mdx @@ -27,7 +27,7 @@ The following features are [available in several forms of Consul Enterprise](#co - [Automated Backups](/consul/docs/enterprise/backups): Configure the automatic backup of Consul state - [Redundancy Zones](/consul/docs/enterprise/redundancy): Deploy backup voting Consul servers to efficiently improve Consul fault tolerance - [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips): Limit gRPC and RPC traffic to servers for source IP addresses. -- [Service request rate limits](/consul/docs/connect/manage-traffic/limit-request-rates): Limit the rate of HTTP requests a service receives from sources in the mesh. +- [Local rate limiting](/consul/docs/connect/manage-traffic/limit-request-rates): Limit the rate of HTTP requests a service receives per service instance. - [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams): Prioritize upstream services in the same region and zone as the downstream service. ### Scalability @@ -48,7 +48,7 @@ The following features are [available in several forms of Consul Enterprise](#co - [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc): Manage user access to Consul through an OIDC identity provider instead of Consul ACL tokens directly - [Audit Logging](/consul/docs/enterprise/audit-logging): Understand Consul access and usage patterns by reviewing access to the Consul HTTP API -- Use JWTs to verify requests at the API gateway on [VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) and on [Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s): Prevent unverified traffic at the API gateway using JWTs for authentication and authorization. +- JWT authentication and authorization for API gateway: Prevent unverified traffic at the API gateway using JWTs for authentication and authorization on [VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) and on [Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s): ### Regulatory compliance From 930f3bbe42c0c00c8ccb02afc3e74c23a1c8b7b2 Mon Sep 17 00:00:00 2001 From: Tu Nguyen Date: Mon, 6 Nov 2023 10:42:20 -0800 Subject: [PATCH 4/7] add ecs release notes --- .../docs/release-notes/consul-ecs/v0_7_x.mdx | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 website/content/docs/release-notes/consul-ecs/v0_7_x.mdx diff --git a/website/content/docs/release-notes/consul-ecs/v0_7_x.mdx b/website/content/docs/release-notes/consul-ecs/v0_7_x.mdx new file mode 100644 index 000000000000..be154b746db6 --- /dev/null +++ b/website/content/docs/release-notes/consul-ecs/v0_7_x.mdx @@ -0,0 +1,69 @@ +--- +layout: docs +page_title: 0.7.x +description: >- + Consul ECS release notes for version 0.7.x +--- + +# Consul ECS 0.7.x + +## Release highlights + +- **Consul Dataplane:** Consul on ECS 0.7.x adopts the [Dataplane architecture](/consul/docs/connect/dataplane) to simplify connecting your ECS workloads to Consul. Refer to the documentation to learn more about the updated [ECS components](/consul/docs/ecs/architecture) and how to [deploy Consul to ECS using the Terraform module](/consul/docs/ecs/deploy/terraform). + +- **New `control-plane` command:** The new, unified `control-plane` command combines the capabilities for the deprecated `mesh-init` and `health-sync` commands. The `control-plane` command starts a long running process with the following responsibilities: + - Automatically (re)discover and (re)connect to Consul servers using connection manager. + - Make an ACL Login request to obtain an ACL token when using the Consul AWS IAM auth method. + - Register the service and sidecar proxy with the central catalog on the Consul servers. + - Write the configuration for Consul Dataplane to a file on a shared volume. + - Sync ECS health check statuses for the ECS task into the central catalog on the Consul servers on a periodic basis. + - Gracefully shutdown when an ECS task is stopped. Upon receiving a SIGTERM, mark synced health checks critical and wait for Consul Dataplane to stop. Then remove health checks, services, and perform an ACL Logout if necessary. + +- **New `controller` command:** The new `controller` command replaces the `acl-controller` command with the following changes: + - Remove all CLI flags. Configuration is read from the `ECS_CONFIG_JSON` environment variable. + - Automatically (re)discover and (re)connect to Consul servers, similar to the `control-plane` command. + - Because Consul client agents are no longer used, the controller no longer configures the "client" auth method, policy, role, and binding rule which previously enabled Consul client agents to login. + - Register the ECS cluster as a synthetic node in the central catalog on the Consul servers. The synthetic node is used to register services running in the ECS cluster. + - Ensure leftover tokens and services are removed for ECS tasks that have stopped. + +- **Locality aware routing (Enterprise):** Consul on ECS 0.7.x supports [locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams). In your ECS task meta JSON, set the `AWS_REGION` container environment variable and `AvailabilityZone` attributes to set the locality parameters in Consul service and proxy registrations. Consul uses these parameters to perform locality aware routing in Consul Enterprise installations. + +## Breaking changes + +- The new Dataplane architecture comes with the following breaking changes to configuring Consul on ECS. Refer to the [Upgrade to Consul dataplane architecture](https://developer.hashicorp.com/consul/docs/ecs/upgrade-to-dataplanes) documentation for a step-by-step upgrade guide. + - Consul client agents are no longer used. + - Consul Dataplane must be run in place of Envoy in each ECS task. Consul Dataplane manages the Envoy process and proxies xDS requests from Envoy to Consul servers. + - The `consul-ecs` binary now communicates with Consul servers using HTTP(S) and GRPC. + - Services are registered directly with the central catalog on the Consul servers. Services in the same ECS cluster are registered to the same Consul node name. +- Replaced the `mesh-init` and `health-sync` commands with a unified `control-plane`. +- Replaced the `acl-controller` command with `controller`. +- Add the `go-discover` binary to the Consul ECS image to better support [cloud auto-join](/consul/docs/install/cloud-auto-join). +- Changes to `ECS_CONFIG_JSON` schema. + - Remove the `consulHTTPAddr` and `consulCACertFile` fields. + - Add the `consulLogin.datacenter` field. + - Add the `controller` field to support configuring the new `controller` command. + - Add the `consulServers` field to specify the Consul server location and protocol-specific settings. + - The `consulServers.hosts` field is required. This specifies the Consul server location as an IP address, DNS name, or `exec=` string specifying a command that returns a list of IP addresses. To use cloud auto-join, use an `exec=` string to run the `discover` CLI. For example, the following string invokes the discover CLI with a cloud auto-join string: + + ```log + exec=discover -q addrs provider=aws region=us-west-2 tag_key=consul-server tag_value=true + ``` + + By default, Consul ECS and Consul Dataplane images include the `discover` CLI. + - Add the `proxy.healthCheckPort` field which can be hit to determine Envoy's readiness. + - Add the `proxy.upstreams.destinationPeer` field to enable the proxy to hit upstreams present in peer Consul clusters. + - Add the `meshGateway.healthCheckPort` field which can be hit to determine Envoy's readiness. + - Add the `proxy.localServiceAddress` field to configure Envoy to use a different address for the local service. + - Remove the `service.checks` field. Consul agent health checks are no longer supported because Consul client agents are not used. Instead, set the healthSyncContainers field to have consul-ecs sync ECS health checks into Consul. + +## Supported software versions + +- Consul: 1.17.x + +## Changelogs + +The changelogs for this major release version and any maintenance versions are listed below. + +-> **Note**: These links will take you to the changelogs on the GitHub website. + +- [0.7.0](https://github.com/hashicorp/consul-ecs/releases/tag/v0.7.0) From 240a93530b71fe72c8d829b1c8a9be5ba0ebf77f Mon Sep 17 00:00:00 2001 From: Tu Nguyen Date: Mon, 6 Nov 2023 10:53:25 -0800 Subject: [PATCH 5/7] add draft of 1.3.x consul-k8s release notes --- .../docs/release-notes/consul-k8s/v1_3_x.mdx | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 website/content/docs/release-notes/consul-k8s/v1_3_x.mdx diff --git a/website/content/docs/release-notes/consul-k8s/v1_3_x.mdx b/website/content/docs/release-notes/consul-k8s/v1_3_x.mdx new file mode 100644 index 000000000000..5282460674af --- /dev/null +++ b/website/content/docs/release-notes/consul-k8s/v1_3_x.mdx @@ -0,0 +1,51 @@ +--- +layout: docs +page_title: 1.3.x +description: >- + Consul on Kubernetes release notes for version 1.3.x +--- + +# Consul on Kubernetes 1.3.0 + +We are pleased to announce the following Consul updates. + +## Release highlights + +- **Catalog v2:** This release provides the ability to preview Consul's v2 Catalog and Resource API. You must enable this feature. +Catalog v2 supports multi-port application deployments with a single Envoy proxy. Refer to the [v2 Catalog and Resource API](/consul/docs/v1.17.x/k8s/multiport) documentation for more information. + + The v1 and v2 catalogs are not cross compatible, and not all Consul features are available within this v2 feature preview. + + - The Consul UI must be disabled. It does not support multi-port services or the v2 catalog API in this release. + - HCP Consul does not support multi-port services or the v2 catalog API in this release. + - The v2 API only supports transparent proxy mode where services that have permissions to connect to each other can use Kube DNS to connect. + + The v2 Catalog and Resources API is currently in feature preview for Consul on Kubernetes 1.3.0 and should not be used in production environments. + +## Supported software + + Consul 1.15.x and 1.14.x are not supported. Please refer to Supported Consul and Kubernetes versions for more detail on choosing the correct consul-k8s version. + +- Consul 1.17.x. +- Consul Dataplane v1.2.x. Refer to Envoy and Consul Dataplane for details about Consul Dataplane versions and the available packaged Envoy version. +- Kubernetes 1.24.x - 1.27.x +- kubectl 1.24.x - 1.27.x +- Helm 3.6+ + +## Upgrading + +For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs. + +## Known Issues + +The following issues are known to exist in the v1.3.x releases. Refer to the changelog for more information. + +- When using the v2 API with transparent proxy, Kubernetes pods cannot use L7 liveness, readiness, or startup probes. + +## Changelogs + +The changelogs for this major release version and any maintenance versions are listed below. + + These links take you to the changelogs on the GitHub website. + +- [1.3.0](https://github.com/hashicorp/consul-k8s/releases/tag/v1.3.0) From f4376f1e82dae7f8a33544d8534a1f3681ffcbdf Mon Sep 17 00:00:00 2001 From: Tu Nguyen Date: Mon, 6 Nov 2023 10:55:40 -0800 Subject: [PATCH 6/7] update nav with new release notes --- website/data/docs-nav-data.json | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index 2989c955e646..90b167036c68 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -186,6 +186,10 @@ { "title": "Consul K8s", "routes": [ + { + "title": "v1.3.x", + "path": "release-notes/consul-k8s/v1_3_x" + }, { "title": "v1.2.x", "path": "release-notes/consul-k8s/v1_2_x" @@ -240,6 +244,10 @@ { "title": "Consul ECS", "routes": [ + { + "title": "v0.7.x", + "path": "release-notes/consul-ecs/v0_7_x" + }, { "title": "v0.5.x", "path": "release-notes/consul-ecs/v0_5_x" From 5f683ee7255cb8cac4e7a0c2a5f203a3c1e27db7 Mon Sep 17 00:00:00 2001 From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Date: Mon, 6 Nov 2023 12:21:24 -0800 Subject: [PATCH 7/7] Apply suggestions from code review Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com> --- website/content/docs/enterprise/index.mdx | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx index 6cb5a2798c32..ea616f7d1f9a 100644 --- a/website/content/docs/enterprise/index.mdx +++ b/website/content/docs/enterprise/index.mdx @@ -27,7 +27,7 @@ The following features are [available in several forms of Consul Enterprise](#co - [Automated Backups](/consul/docs/enterprise/backups): Configure the automatic backup of Consul state - [Redundancy Zones](/consul/docs/enterprise/redundancy): Deploy backup voting Consul servers to efficiently improve Consul fault tolerance - [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips): Limit gRPC and RPC traffic to servers for source IP addresses. -- [Local rate limiting](/consul/docs/connect/manage-traffic/limit-request-rates): Limit the rate of HTTP requests a service receives per service instance. +- [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates): Limit the rate of HTTP requests a service receives per service instance. - [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams): Prioritize upstream services in the same region and zone as the downstream service. ### Scalability @@ -126,9 +126,9 @@ Consul Enterprise feature availability can change depending on your server and c | [Automated Server Backups](/consul/docs/enterprise/backups) | ✅ | ✅ | ✅ | | [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | ✅ | ✅ | ✅ | | [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | ✅ | ✅ | ✅ | -| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | ✅ | ✅ | ❌ | +| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | ✅ | ✅ | ✅ | | [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) | ✅ | ✅ | ❌ | -| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | ✅ | ✅ | ❌ | +| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | ✅ | ✅ | ✅ | | [Namespaces](/consul/docs/enterprise/namespaces) | ✅ | ✅ | ✅ | | [Network Areas](/consul/docs/enterprise/federation) | ✅ | ✅ | ✅ | | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | ✅ | ❌ | ❌ | @@ -136,7 +136,7 @@ Consul Enterprise feature availability can change depending on your server and c | [Redundancy Zones](/consul/docs/enterprise/redundancy) | ✅ | ✅ | ✅ | | [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | ✅ | ✅ | ✅ | | [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ | -| [Service request rate limits](/consul/docs/connect/manage-traffic/limit-request-rates) | ✅ | ✅ | ❌ | +| [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates) | ✅ | ✅ | ✅ | @@ -149,9 +149,9 @@ Consul Enterprise feature availability can change depending on your server and c | [Automated Server Backups](/consul/docs/enterprise/backups) | ✅ | ✅ | ✅ | | [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | ❌ | ❌ | ❌ | | [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | ❌ | ❌ | ❌ | -| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | ✅ | ✅ | ❌ | +| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | ✅ | ✅ | ✅ | | [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s) | ✅ | ✅ | ❌ | -| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | ✅ | ✅ | ❌ | +| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | ✅ | ✅ | ✅ | | [Namespaces](/consul/docs/enterprise/namespaces) | ✅ | ✅ | ✅ | | [Network Areas](/consul/docs/enterprise/federation) | ✅ | ✅ | ✅ | | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | ❌ | ❌ | ❌ | @@ -159,7 +159,7 @@ Consul Enterprise feature availability can change depending on your server and c | [Redundancy Zones](/consul/docs/enterprise/redundancy) | ❌ | ❌ | ❌ | | [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | ✅ | ✅ | ✅ | | [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ | -| [Service request rate limits](/consul/docs/connect/manage-traffic/limit-request-rates) | ✅ | ✅ | ❌ | +| [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates) | ✅ | ✅ | ✅ | @@ -173,7 +173,7 @@ Consul Enterprise feature availability can change depending on your server and c | [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | ❌ | ❌ | ❌ | | [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | ❌ | ❌ | ❌ | | [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) | ✅ | ✅ | ❌ | -| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | ✅ | ✅ | ❌ | +| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | ✅ | ✅ | ✅ | | [Namespaces](/consul/docs/enterprise/namespaces) | ✅ | ✅ | ✅ | | [Network Areas](/consul/docs/enterprise/federation) | ❌ | ❌ | ❌ | | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | ❌ | ❌ | ❌ | @@ -181,7 +181,7 @@ Consul Enterprise feature availability can change depending on your server and c | [Redundancy Zones](/consul/docs/enterprise/redundancy) | n/a | n/a | n/a | | [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | ✅ | ✅ | ✅ | | [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ | -| [Service request rate limits](/consul/docs/connect/manage-traffic/limit-request-rates) | ✅ | ✅ | ❌ | +| [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates) | ✅ | ✅ | ✅ |