config: Add new ports.grpc_tls configuration option.
Introduce a new port to better separate TLS config from the existing ports.grpc config.
The new ports.grpc_tls only supports TLS encrypted communication.
The existing ports.grpc now only supports plain-text communication. [GH-15339]
config: update 1.14 config defaults: Enable peering and connect by default. [GH-15302]
config: update 1.14 config defaults: Set gRPC TLS port default value to 8503 [GH-15302]
connect: Removes support for Envoy 1.20 [GH-15093]
peering: Rename PeerName to Peer on prepared queries and exported services. [GH-14854]
xds: Convert service mesh failover to use Envoy's aggregate clusters. This
changes the names of some Envoy dynamic HTTP metrics. [GH-14178]
SECURITY:
Ensure that data imported from peers is filtered by ACLs at the UI Nodes/Services endpoints CVE-2022-3920 [GH-15356]
cli: Add -node-name flag to redirect-traffic command to support running in environments without client agents. [GH-14933]
cli: Add -consul-dns-port flag to the consul connect redirect-traffic command to allow forwarding DNS traffic to a specific Consul DNS port. [GH-15050]
ui: Detect a TokenSecretID cookie and passthrough to localStorage [GH-14495]
ui: Display notice banner on nodes index page if synthetic nodes are being filtered. [GH-14971]
ui: Filter agentless (synthetic) nodes from the nodes list page. [GH-14970]
ui: Filter out node health checks on agentless service instances [GH-14986]
ui: Remove node meta on service instances when using agentless and consolidate external-source labels on service instances page if they all match. [GH-14921]
ui: Removed reference to node name on service instance page when using agentless [GH-14903]
ui: Use withCredentials for all HTTP API requests [GH-14343]
xds: servers will limit the number of concurrent xDS streams they can handle to balance the load across all servers [GH-14397]
IMPROVEMENTS:
peering: Add peering datacenter and partition to initial handshake. [GH-14889]
config: Add new ports.grpc_tls configuration option.
Introduce a new port to better separate TLS config from the existing ports.grpc config.
The new ports.grpc_tls only supports TLS encrypted communication.
The existing ports.grpc now only supports plain-text communication. [GH-15339]
config: update 1.14 config defaults: Enable peering and connect by default. [GH-15302]
config: update 1.14 config defaults: Set gRPC TLS port default value to 8503 [GH-15302]
connect: Removes support for Envoy 1.20 [GH-15093]
peering: Rename PeerName to Peer on prepared queries and exported services. [GH-14854]
xds: Convert service mesh failover to use Envoy's aggregate clusters. This
changes the names of some Envoy dynamic HTTP metrics. [GH-14178]
SECURITY:
Ensure that data imported from peers is filtered by ACLs at the UI Nodes/Services endpoints CVE-2022-3920 [GH-15356]
cli: Add -node-name flag to redirect-traffic command to support running in environments without client agents. [GH-14933]
cli: Add -consul-dns-port flag to the consul connect redirect-traffic command to allow forwarding DNS traffic to a specific Consul DNS port. [GH-15050]
ui: Detect a TokenSecretID cookie and passthrough to localStorage [GH-14495]
ui: Display notice banner on nodes index page if synthetic nodes are being filtered. [GH-14971]
ui: Filter agentless (synthetic) nodes from the nodes list page. [GH-14970]
ui: Filter out node health checks on agentless service instances [GH-14986]
ui: Remove node meta on service instances when using agentless and consolidate external-source labels on service instances page if they all match. [GH-14921]
ui: Removed reference to node name on service instance page when using agentless [GH-14903]
ui: Use withCredentials for all HTTP API requests [GH-14343]
xds: servers will limit the number of concurrent xDS streams they can handle to balance the load across all servers [GH-14397]
IMPROVEMENTS:
peering: Add peering datacenter and partition to initial handshake. [GH-14889]
xds: Added a rate limiter to the delivery of proxy config updates, to prevent updates to "global" resources such as wildcard intentions from overwhelming servers (see: xds.update_max_per_second config field) [GH-14960]
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/hashicorp/consul/api from 1.9.1 to 1.16.0.
Release notes
Sourced from github.com/hashicorp/consul/api's releases.
... (truncated)
Changelog
Sourced from github.com/hashicorp/consul/api's changelog.
... (truncated)
Commits
05b4282
Update api submodule gomod.d9d0d92
Backport of auto-config: relax node name validation for JWT authorization int...5d10221
Peering Mesh Gateway Updates for GA (#15344) (#15363)6f82a5e
docs(peering): remove beta references (#15340) (#15362)329d111
backport of commit 87038bb6723a3433cccbd8b5cab68e3585d1a92a (#15364)6ca306f
Backport of Ensure that NodeDump imported nodes are filtered into release/1.1...4d36fd1
backport of commit 33d521d9cee89cfe8dcd639a2047295d45351314 (#15357)54f7a79
Backport of Fixup authz for data imported from peers into release/1.14.x (#15...904aaf7
Backport of connect: strip port from DNS SANs for ingress gateway leaf cert i...a6f4893
backport of commit cf529cfdabc87ced74ac8ab1ec85173667850d7a (#15350)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)