Bot releases are hidden (Show)
BUG FIXES
google.golang.org/protobuf
to v1.33.0 and github.com/golang/protobuf
to v1.5.4 to address CVE-2024-24786. [GH-240]mesh-init
local executable copying in dynamically-linked execution contexts [GH-242]IMPROVEMENTS
1.21.10
x/net
to 0.23.0
Published by hc-github-team-es-release-engineering 8 months ago
BREAKING CHANGES
control-plane
container
control-plane
subcommand to mesh-init
. [GH-209]control-plane
[GH-207]mesh-init
will be a short lived container with the following responsibities
mesh-init
unlike control-plane
no longer writes the login token to a shared volume and passes it on to the Consul-dataplane
container. It instead generates the login configuration needed to get a Consul ACL token and writes it as part of the Consul dataplane configuration to a shared volume. Dataplane uses the login configuration to mint the token with the required permissions.[GH-208]health-sync
with the following responsibilities [GH-210]
critical
by mesh-init
transparentProxy.enabled
field defaults to true
if not specified. Transparent proxy is not yet supported for FARGATE based launch types. When performing upgrades from previous versions of Consul ECS, care must be taken to always pass false
for the transparentProxy.enabled
field for FARGET launch types to ensure that mesh-init
process doesn't fail due to insufficient privileges when applying traffic redirection rulesFEATURES
transparentProxy
stanza to the ECS_CONFIG_JSON
schema to control traffic redirection settings for the ECS task.[GH-171]transparentProxy.consulDNS
stanza. When enabled, Consul Dataplane starts up a DNS server on port 8600 and proxies DNS queries to the Consul DNS server. The /etc/resolv.conf
file of the ECS task is also modified to make sure that 127.0.0.1
is the first nameserver in the list.[GH-170]redirecttraffic
package that invokes the iptables
SDK of Consul which internally applies the traffic redirection rules needed to properly setup transparent proxy within the ECS task. [GH-173]consul-ecs-api-gateway-role
ACL role and consul-ecs-api-gateway-policy
ACL policy.consul.hashicorp.name.gateway-kind
to the existing service auth method's config.consul-ecs-api-gateway-role
consul-ecs-terminating-gateway-role
ACL role. This role will be assigned to the ACL token obtained by the terminating gateway task after performing a Consul login. Users can assign policies to this role via terraform whenever needed.consul-ecs-terminating-gateway-role
IMPROVEMENTS
1.21.6
BUG FIXES
consul-ecs-mesh-gateway-role
ACL role and consul-ecs-mesh-gateway-policy
ACL policy with the mesh:write
and peering:read
permissions.consul-ecs-mesh-gateway-role
Published by hc-github-team-es-release-engineering 8 months ago
IMPROVEMENTS
1.21.6
Published by hc-github-team-es-release-engineering 8 months ago
IMPROVEMENTS
1.21.6
Published by hc-github-team-es-release-engineering 8 months ago
BREAKING CHANGES
control-plane
container
control-plane
subcommand to mesh-init
. [GH-209]control-plane
[GH-207]mesh-init
will be a short lived container with the following responsibities
mesh-init
unlike control-plane
no longer writes the login token to a shared volume and passes it on to the Consul-dataplane
container. It instead generates the login configuration needed to get a Consul ACL token and writes it as part of the Consul dataplane configuration to a shared volume. Dataplane uses the login configuration to mint the token with the required permissions.[GH-208]health-sync
with the following responsibilities [GH-210]
critical
by mesh-init
transparentProxy.enabled
field defaults to true
if not specified. Transparent proxy is not yet supported for FARGATE based launch types. When performing upgrades from previous versions of Consul ECS, care must be taken to always pass false
for the transparentProxy.enabled
field for FARGET launch types to ensure that mesh-init
process doesn't fail due to insufficient privileges when applying traffic redirection rulesFEATURES
transparentProxy
stanza to the ECS_CONFIG_JSON
schema to control traffic redirection settings for the ECS task.[GH-171]transparentProxy.consulDNS
stanza. When enabled, Consul Dataplane starts up a DNS server on port 8600 and proxies DNS queries to the Consul DNS server. The /etc/resolv.conf
file of the ECS task is also modified to make sure that 127.0.0.1
is the first nameserver in the list.[GH-170]redirecttraffic
package that invokes the iptables
SDK of Consul which internally applies the traffic redirection rules needed to properly setup transparent proxy within the ECS task. [GH-173]consul-ecs-api-gateway-role
ACL role and consul-ecs-api-gateway-policy
ACL policy.consul.hashicorp.name.gateway-kind
to the existing service auth method's config.consul-ecs-api-gateway-role
consul-ecs-terminating-gateway-role
ACL role. This role will be assigned to the ACL token obtained by the terminating gateway task after performing a Consul login. Users can assign policies to this role via terraform whenever needed.consul-ecs-terminating-gateway-role
IMPROVEMENTS
1.21.6
BUG FIXES
consul-ecs-mesh-gateway-role
ACL role and consul-ecs-mesh-gateway-policy
ACL policy with the mesh:write
and peering:read
permissions.consul-ecs-mesh-gateway-role
Published by hc-github-team-es-release-engineering 9 months ago
BUG FIXES
consul-ecs-mesh-gateway-role
ACL role and consul-ecs-mesh-gateway-policy
ACL policy with the mesh:write
and peering:read
permissions.consul.hashicorp.name.gateway-kind
to the existing service auth method's config.consul-ecs-mesh-gateway-role
Published by hc-github-team-es-release-engineering 12 months ago
BREAKING CHANGES
consul-ecs
binary now communicates with Consul servers using HTTP(S) and GRPC.mesh-init
and health-sync
commands, and add a unified control-plane
command to replace them. The control-plane
command starts a long running process with the following responsibilities:
consulServer.hosts
config option supports an IP, DNS name, or an exec=
string specifying a command that returns a list of IP addresses. [GH-143]controller
command in place of the acl-controller
command with the following changes:
ECS_CONFIG_JSON
environment variable.[GH-150]control-plane
command.ECS_CONFIG_JSON
schema.
consulHTTPAddr
and consulCACertFile
fields.consulLogin.datacenter
field.controller
field to support configuring the new controller
command.consulServers
field to specify the Consul server location and protocol-specific settings.consulServers.hosts
field is required. This specifies the Consul server location as an IP address, DNS name, or exec=
string specifying a command that returns a list of IP addresses. To use cloud auto-join, use an exec=
string to run the discover
CLI. For example, the following string invokes the discover CLI with a cloud auto-join string: exec=discover -q addrs provider=aws region=us-west-2 tag_key=consul-server tag_value=true
. The discover
CLI is included in the Consul ECS and Consul Dataplane images by default.service.checks
field. Consul agent health checks are no longer supported because Consul client agents are not used. Instead, set the healthSyncContainers
field to have consul-ecs
sync ECS health checks into Consul.proxy.healthCheckPort
field which can be hit to determine Envoy's readiness.proxy.upstreams.destinationPeer
field to enable the proxy to hit upstreams present in peer Consul clusters.meshGateway.healthCheckPort
field which can be hit to determine Envoy's readiness.proxy.localServiceAddress
field to configure Envoy to use a different address for the local service.FEATURES
AWS_REGION
container environment variable and AvailabilityZone
attribute of an ECS task meta JSON to set the locality parameters in Consul service and proxy registrations. These parameters are used to perform locality aware routing for Consul Enterprise installations. [GH-167]IMPROVEMENTS
Published by hc-github-team-es-release-engineering 12 months ago
IMPROVEMENTS
1.20
Published by hc-github-team-es-release-engineering about 1 year ago
BREAKING CHANGES
consul-ecs
binary now communicates with Consul servers using HTTP(S) and GRPC.mesh-init
and health-sync
commands, and add a unified control-plane
command to replace them. The control-plane
command starts a long running process with the following responsibilities:
consulServer.hosts
config option supports an IP, DNS name, or an exec=
string specifying a command that returns a list of IP addresses. [GH-143]controller
command in place of the acl-controller
command with the following changes:
ECS_CONFIG_JSON
environment variable.[GH-150]control-plane
command.ECS_CONFIG_JSON
schema.
consulHTTPAddr
and consulCACertFile
fields.consulLogin.datacenter
field.controller
field to support configuring the new controller
command.consulServers
field to specify the Consul server location and protocol-specific settings.consulServers.hosts
field is required. This specifies the Consul server location as an IP address, DNS name, or exec=
string specifying a command that returns a list of IP addresses. To use cloud auto-join, use an exec=
string to run the discover
CLI. For example, the following string invokes the discover CLI with a cloud auto-join string: exec=discover -q addrs provider=aws region=us-west-2 tag_key=consul-server tag_value=true
. The discover
CLI is included in the Consul ECS and Consul Dataplane images by default.service.checks
field. Consul agent health checks are no longer supported because Consul client agents are not used. Instead, set the healthSyncContainers
field to have consul-ecs
sync ECS health checks into Consul.proxy.healthCheckPort
field which can be hit to determine Envoy's readiness.proxy.upstreams.destinationPeer
field to enable the proxy to hit upstreams present in peer Consul clusters.meshGateway.healthCheckPort
field which can be hit to determine Envoy's readiness.proxy.localServiceAddress
field to configure Envoy to use a different address for the local service.FEATURES
AWS_REGION
container environment variable and AvailabilityZone
attribute of an ECS task meta JSON to set the locality parameters in Consul service and proxy registrations. These parameters are used to perform locality aware routing for Consul Enterprise installations. [GH-167]Published by hc-github-team-es-release-engineering over 1 year ago
FEATURES
consul-ecs net-dial
subcommand to support ECS health checks when nc
proxy.publicListenerPort
config option to set Envoy's public listener port.BREAKING CHANGES
consulLogin.extraLoginFields
config option. The Consul Login API is used directly insteadconsul login
CLI command for logging into the AWS IAM auth method. Add meta
, region
,stsEndpoint
, and serverIdHeaderValue
fields to the consulLogin
config object.Published by hc-github-team-es-release-engineering almost 2 years ago
FEATURES
proxy.publicListenerPort
config option to set Envoy's public listener port.Published by hc-github-team-es-release-engineering almost 2 years ago
FEATURES
proxy.publicListenerPort
config option to set Envoy's public listener port.IMPROVEMENTS
Published by hc-github-team-es-release-engineering about 2 years ago
BUG FIXES:
consul-k8s
. This fixes a connectivity issue that occurs when consul-k8s
andconsul-ecs
deployments are connected to the same Consul datacenter.Published by hc-github-team-es-release-engineering over 2 years ago
BREAKING CHANGES
acl-controller
to cleanup ACL tokens created from Consul's AWS IAM auth method. Remove-secret-name-prefix
and -consul-client-secret-arn
flags. The controller no longer creates ACLmesh-init
and health-sync
. When the service.name
fieldservice.name
isFEATURES
-log-level
flag to acl-controller
, envoy-entrypoint
, and app-entrypoint
logLevel
field to config JSON for mesh-init
and health-sync
commands.mesh-init
now does a consul login
to obtain a token if consulLogin.enabled = true
.health-sync
does a consul logout
during shutdown to destroy these tokens.consulHTTPAddr
, consulCACertFile
, and consulLogin
fields to the config JSON.acl-controller
to configure Consul's AWS IAM auth method at startup.-iam-role-path
flag to specify the path of IAM roles permitted to login.IMPROVEMENTS
consul-ecs version
now includes the git commit sha.DEPRECATIONS
BUG FIXES:
acl-controller
command where namespaces are not created in the correctacl-controller
did not update the default namespace with the cross-namespace policy.acl-controller
when Consul Enterprise admin partitions are enabled.acl-controller
configures the anonymous token with service:read
and node:read
Published by hc-github-team-es-release-engineering over 2 years ago
BREAKING CHANGES
acl-controller
to cleanup ACL tokens created from Consul's AWS IAM auth method. Remove-secret-name-prefix
and -consul-client-secret-arn
flags. The controller no longer creates ACLmesh-init
and health-sync
. When the service.name
fieldservice.name
isFEATURES
-log-level
flag to acl-controller
, envoy-entrypoint
, and app-entrypoint
logLevel
field to config JSON for mesh-init
and health-sync
commands.mesh-init
now does a consul login
to obtain a token if consulLogin.enabled = true
.health-sync
does a consul logout
during shutdown to destroy these tokens.consulHTTPAddr
, consulCACertFile
, and consulLogin
fields to the config JSON.acl-controller
to configure Consul's AWS IAM auth method at startup.-iam-role-path
flag to specify the path of IAM roles permitted to login.IMPROVEMENTS
consul-ecs version
now includes the git commit sha.DEPRECATIONS
BUG FIXES:
Published by hc-github-team-consul-ecosystem over 2 years ago
This is a patch release that keeps the consul-ecs project in sync with the
terraform-aws-consul-ecs project.
Published by hc-github-team-consul-ecosystem over 2 years ago
BREAKING CHANGES
mesh-init
and health-sync
commands. Instead, use the CONSUL_ECS_CONFIG_JSON
FEATURES
app-entrypoint
subcommand which can be used to delay applicationgithub.com/hashicorp/consul/api
package to v1.12.0
to supportPublished by hc-github-team-consul-ecosystem almost 3 years ago
BREAKING CHANGES
consul-ecs
docker images no longer have the consul
binary. Theconsul
binary on the$PATH
. [GH-40]-envoy-bootstrap-file
option is removed, and replaced with -envoy-bootstrap-dir
.envoy-bootstrap.json
within that directory.FEATURES
health-sync
subcommand to sync ECS health checks into Consul. [GH-33]-health-sync-containers
flag to mesh-init
. [GH-36]-tags
, -service-name
and -meta
flags to mesh-init
. [GH-41]-service-name
flag to health-sync
. [GH-43]consul.hashicorp.com/service-name
tag on the ECS task. If the tagenvoy-entrypoint
subcommand, which can be used as the entrypoint to the Envoy container running in ECSBUG FIXES:
BREAKING CHANGES
discover-servers
command. Due to the many changes made for beta,FEATURES
acl-controller
. The command will firstIMPROVEMENTS