giantswarm / aws-operator

Manages Kubernetes clusters running on AWS (before Cluster API)
https://www.giantswarm.io/
Apache License 2.0
131 stars 22 forks source link

Update module github.com/hashicorp/consul to v1.18.0 #3706

Closed renovate[bot] closed 7 months ago

renovate[bot] commented 8 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/hashicorp/consul v1.17.1 -> v1.18.0 age adoption passing confidence

Release Notes

hashicorp/consul (github.com/hashicorp/consul) ### [`v1.18.0`](https://togithub.com/hashicorp/consul/releases/tag/v1.18.0) [Compare Source](https://togithub.com/hashicorp/consul/compare/v1.17.3...v1.18.0) BREAKING CHANGES: - config-entries: Allow disabling request and idle timeouts with negative values in service router and service resolver config entries. \[[GH-19992](https://togithub.com/hashicorp/consul/issues/19992)] - telemetry: Adds fix to always use the value of `telemetry.disable_hostname` when determining whether to prefix gauge-type metrics with the hostname of the Consul agent. Previously, if only the default metric sink was enabled, this configuration was ignored and always treated as `true`, even though its default value is `false`. \[[GH-20312](https://togithub.com/hashicorp/consul/issues/20312)] SECURITY: - Update `golang.org/x/crypto` to v0.17.0 to address [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795). \[[GH-20023](https://togithub.com/hashicorp/consul/issues/20023)] - connect: Update supported envoy versions to 1.24.12, 1.25.11, 1.26.6, 1.27.2 to address [CVE-2023-44487](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) \[[GH-19306](https://togithub.com/hashicorp/consul/issues/19306)] - mesh: Update Envoy versions to 1.28.1, 1.27.3, and 1.26.7 to address [CVE-2024-23324](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6), [CVE-2024-23325](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26), [CVE-2024-23322](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38), [CVE-2024-23323](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch), [CVE-2024-23327](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j), [CVE-2023-44487](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76), [GH-20589](https://togithub.com/hashicorp/consul/issues/20589)], [CVE-2023-44487](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76), and \[[GH-19879](https://togithub.com/hashicorp/consul/issues/19879)] FEATURES: - acl: add policy bindtype to binding rules. \[[GH-19499](https://togithub.com/hashicorp/consul/issues/19499)] - agent: Introduces a new agent config default_intention_policy to decouple the default intention behavior from ACLs \[[GH-20544](https://togithub.com/hashicorp/consul/issues/20544)] - agent: **(Enterprise Only)** Add fault injection filter support for Consul Service Mesh - cloud: Adds new API/CLI to initiate and manage linking a Consul cluster to HCP Consul Central \[[GH-20312](https://togithub.com/hashicorp/consul/issues/20312)] - dns: adds experimental support for a refactored DNS server that is v1 and v2 Catalog compatible. Use `v2dns` in the `experiments` agent config to enable. It will automatically be enabled when using the `resource-apis` (Catalog v2) experiment. The new DNS implementation will be the default in Consul 1.19. See the [Consul 1.18.x Release Notes](https://developer.hashicorp.com/consul/docs/release-notes/consul/v1\_18\_x) for deprecated DNS features. \[[GH-20643](https://togithub.com/hashicorp/consul/issues/20643)] - ui: Added a banner to let users link their clusters to HCP \[[GH-20275](https://togithub.com/hashicorp/consul/issues/20275)] - ui: Adds a redirect and warning message around unavailable UI with V2 enabled \[[GH-20359](https://togithub.com/hashicorp/consul/issues/20359)] - ui: adds V2CatalogEnabled to config that is passed to the ui \[[GH-20353](https://togithub.com/hashicorp/consul/issues/20353)] - v2: prevent use of the v2 experiments in secondary datacenters for now \[[GH-20299](https://togithub.com/hashicorp/consul/issues/20299)] IMPROVEMENTS: - cloud: unconditionally add Access-Control-Expose-Headers HTTP header \[[GH-20220](https://togithub.com/hashicorp/consul/issues/20220)] - connect: Replace usage of deprecated Envoy field `envoy.config.core.v3.HeaderValueOption.append`. \[[GH-20078](https://togithub.com/hashicorp/consul/issues/20078)] - connect: Replace usage of deprecated Envoy fields `envoy.config.route.v3.HeaderMatcher.safe_regex_match` and `envoy.type.matcher.v3.RegexMatcher.google_re2`. \[[GH-20013](https://togithub.com/hashicorp/consul/issues/20013)] - docs: add Link API documentation \[[GH-20308](https://togithub.com/hashicorp/consul/issues/20308)] - resource: lowercase names enforced for v2 resources only. \[[GH-19218](https://togithub.com/hashicorp/consul/issues/19218)] BUG FIXES: - dns: SERVFAIL when resolving not found PTR records. \[[GH-20679](https://togithub.com/hashicorp/consul/issues/20679)] - raft: Fix panic during downgrade from enterprise to oss. \[[GH-19311](https://togithub.com/hashicorp/consul/issues/19311)] - server: Ensure controllers are automatically restarted on internal stream errors. \[[GH-20642](https://togithub.com/hashicorp/consul/issues/20642)] - server: Ensure internal streams are properly terminated on snapshot restore. \[[GH-20642](https://togithub.com/hashicorp/consul/issues/20642)] - snapshot-agent: **(Enterprise only)** Fix a bug with static AWS credentials where one of the key id or secret key is provided via config file and the other is provided via an environment variable. ### [`v1.17.3`](https://togithub.com/hashicorp/consul/releases/tag/v1.17.3) [Compare Source](https://togithub.com/hashicorp/consul/compare/v1.17.2...v1.17.3) #### 1.17.3 (February 13, 2024) SECURITY: - mesh: Update Envoy versions to 1.27.3 and 1.26.7 to address [CVE-2024-23324](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6), [CVE-2024-23325](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26), [CVE-2024-23322](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38), [CVE-2024-23323](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch), [CVE-2024-23327](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j), and [CVE-2023-44487](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) \[[GH-20587](https://togithub.com/hashicorp/consul/issues/20587)] FEATURES: - cli: Adds new command `exported-services` to list all services exported and their consumers. Refer to the [CLI docs](https://developer.hashicorp.com/consul/commands/exported-services) for more information. \[[GH-20331](https://togithub.com/hashicorp/consul/issues/20331)] IMPROVEMENTS: - ProxyCfg: avoid setting a watch on `Internal.ServiceDump` when mesh gateway is not used. \[[GH-20168](https://togithub.com/hashicorp/consul/issues/20168)] - ProxyCfg: only return the nodes list when querying the `Internal.ServiceDump` watch from proxycfg \[[GH-20168](https://togithub.com/hashicorp/consul/issues/20168)] - Upgrade to use Go 1.21.7. \[[GH-20545](https://togithub.com/hashicorp/consul/issues/20545)] - api: add a new api(/v1/exported-services) to list all the exported service and their consumers. \[[GH-20015](https://togithub.com/hashicorp/consul/issues/20015)] - connect: Add `CaseInsensitive` flag to service-routers that allows paths and path prefixes to ignore URL upper and lower casing. \[[GH-19647](https://togithub.com/hashicorp/consul/issues/19647)] BUG FIXES: - audit-logs: **(Enterprise Only)** Fixes non ASCII characters in audit logs because of gzip. \[[GH-20345](https://togithub.com/hashicorp/consul/issues/20345)] - connect: Fix issue where re-persisting existing proxy-defaults using `http` protocol fails with a protocol-mismatch error. \[[GH-20481](https://togithub.com/hashicorp/consul/issues/20481)] - connect: Fix regression with SAN matching on terminating gateways [GH-20360](https://togithub.com/hashicorp/consul/issues/20360) \[[GH-20417](https://togithub.com/hashicorp/consul/issues/20417)] - connect: Remove code coupling where the xDS capacity controller could negatively affect raft autopilot performance. \[[GH-20511](https://togithub.com/hashicorp/consul/issues/20511)] - logging: add /api prefix to v2 resource endpoint logs \[[GH-20352](https://togithub.com/hashicorp/consul/issues/20352)] - mesh: Fix bug where envoy extensions could not be configured with "permissive" mTLS mode. Note that envoy extensions currently do not apply to non-mTLS traffic in permissive mode. \[[GH-20406](https://togithub.com/hashicorp/consul/issues/20406)] ### [`v1.17.2`](https://togithub.com/hashicorp/consul/releases/tag/v1.17.2) [Compare Source](https://togithub.com/hashicorp/consul/compare/v1.17.1...v1.17.2) #### 1.17.2 (January 23, 2024) KNOWN ISSUES: - connect: Consul versions 1.17.2 and 1.16.5 perform excessively strict TLS SAN verification on terminating gateways, which prevents connections outside of the mesh to upstream services. Terminating gateway users are advised to avoid deploying these Consul versions. A fix will be present in a future release of Consul 1.17.3 and 1.16.6. \[[GH-20360](https://togithub.com/hashicorp/consul/issues/20360)] SECURITY: - Upgrade OpenShift container images to use `ubi9-minimal:9.3` as the base image. \[[GH-20014](https://togithub.com/hashicorp/consul/issues/20014)] IMPROVEMENTS: - connect: Remove usage of deprecated Envoy field `match_subject_alt_names` in favor of `match_typed_subject_alt_names`. \[[GH-19954](https://togithub.com/hashicorp/consul/issues/19954)] - connect: replace usage of deprecated Envoy field `envoy.config.router.v3.WeightedCluster.total_weight`. \[[GH-20011](https://togithub.com/hashicorp/consul/issues/20011)] - xds: Replace usage of deprecated Envoy field `envoy.config.cluster.v3.Cluster.http_protocol_options` \[[GH-20010](https://togithub.com/hashicorp/consul/issues/20010)] - xds: remove usages of deprecated Envoy fields: `envoy.config.cluster.v3.Cluster.http2_protocol_options`, `envoy.config.bootstrap.v3.Admin.access_log_path` \[[GH-19940](https://togithub.com/hashicorp/consul/issues/19940)] - xds: replace usage of deprecated Envoy field `envoy.extensions.filters.http.lua.v3.Lua.inline_code` \[[GH-20012](https://togithub.com/hashicorp/consul/issues/20012)] DEPRECATIONS: - cli: Deprecate the `-admin-access-log-path` flag from `consul connect envoy` command in favor of: `-admin-access-log-config`. \[[GH-19943](https://togithub.com/hashicorp/consul/issues/19943)] BUG FIXES: - prepared-query: (Enterprise-only) Fix issue where sameness-group failover targets to peers would attempt to query data from the default partition, rather than the sameness-group's partition always. - ui: update token list on Role details page to show only linked tokens \[[GH-19912](https://togithub.com/hashicorp/consul/issues/19912)]

Configuration

šŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

šŸš¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.

ā™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

šŸ”• Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.