container: Upgrade container image to use to Alpine 3.17. [GH-16358]
mesh: Add ServiceResolver RequestTimeout for route timeouts to make request timeouts configurable [GH-16495]
BUG FIXES:
mesh: Fix resolution of service resolvers with subsets for external upstreams [GH-16499]
peering: Fix bug where services were incorrectly imported as connect-enabled. [GH-16339]
peering: Fix issue where mesh gateways would use the wrong address when contacting a remote peer with the same datacenter name. [GH-16257]
peering: Fix issue where secondary wan-federated datacenters could not be used as peering acceptors. [GH-16230]
proxycfg: fix a bug where terminating gateways were not cleaning up deleted service resolvers for their referenced services [GH-16498]
v1.14.4
1.14.4 (January 26, 2023)
BREAKING CHANGES:
connect: Fix configuration merging for transparent proxy upstreams. Proxy-defaults and service-defaults config entries were not correctly merged for implicit upstreams in transparent proxy mode and would result in some configuration not being applied. To avoid issues when upgrading, ensure that any proxy-defaults or service-defaults have correct configuration for upstreams, since all fields will now be properly used to configure proxies. [GH-16000]
peering: Newly created peering connections must use only lowercase characters in the name field. Existing peerings with uppercase characters will not be modified, but they may encounter issues in various circumstances. To maintain forward compatibility and avoid issues, it is recommended to destroy and re-create any invalid peering connections so that they do not have a name containing uppercase characters. [GH-15697]
FEATURES:
connect: add flags envoy-ready-bind-port and envoy-ready-bind-address to the consul connect envoy command that allows configuration of readiness probe on proxy for any service kind. [GH-16015]
deps: update to latest go-discover to provide ECS auto-discover capabilities. [GH-13782]
IMPROVEMENTS:
acl: relax permissions on the WatchServers, WatchRoots and GetSupportedDataplaneFeatures gRPC endpoints to accept any valid ACL token [GH-15346]
connect: Add support for ConsulResolver to specifies a filter expression [GH-15659]
grpc: Use new balancer implementation to reduce periodic WARN logs when shuffling servers. [GH-15701]
partition: (Consul Enterprise only) when loading service from on-disk config file or sending API request to agent endpoint,
if the partition is unspecified, consul will default the partition in the request to agent's partition [GH-16024]
BUG FIXES:
agent: Fix assignment of error when auto-reloading cert and key file changes. [GH-15769]
agent: Fix issue where the agent cache would incorrectly mark protobuf objects as updated. [GH-15866]
cli: Fix issue where consul connect envoy was unable to configure TLS over unix-sockets to gRPC. [GH-15913]
connect: (Consul Enterprise only) Fix issue where upstream configuration from proxy-defaults and service-defaults was not properly merged. This could occur when a mixture of empty-strings and "default" were used for the namespace or partition fields.
connect: Fix issue where service-resolver protocol checks incorrectly errored for failover peer targets. [GH-15833]
connect: Fix issue where watches on upstream failover peer targets did not always query the correct data. [GH-15865]
xds: Removed a bottleneck in Envoy config generation. [GH-16269]
container: Upgrade container image to use to Alpine 3.17. [GH-16358]
mesh: Add ServiceResolver RequestTimeout for route timeouts to make request timeouts configurable [GH-16495]
BUG FIXES:
mesh: Fix resolution of service resolvers with subsets for external upstreams [GH-16499]
proxycfg: fix a bug where terminating gateways were not cleaning up deleted service resolvers for their referenced services [GH-16498]
1.15.0 (February 23, 2023)
KNOWN ISSUES:
connect: A race condition can cause some service instances to lose their ability to communicate in the mesh after 72 hours (LeafCertTTL) due to a problem with leaf certificate rotation. This bug is fixed in Consul v1.15.2 by GH-16818.
BREAKING CHANGES:
acl errors: Delete and get requests now return descriptive errors when the specified resource cannot be found. Other ACL request errors provide more information about when a resource is missing. Add error for when the ACL system has not been bootstrapped.
Delete Token/Policy/AuthMethod/Role/BindingRule endpoints now return 404 when the resource cannot be found.
New error formats: "Requested * does not exist: ACL not found", "* not found in namespace $NAMESPACE: ACL not found"
Read Token/Policy/Role endpoints now return 404 when the resource cannot be found.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/shieldproject/shield/network/alerts).
Bumps github.com/hashicorp/consul from 0.8.0 to 1.14.5.
Release notes
Sourced from github.com/hashicorp/consul's releases.
... (truncated)
Changelog
Sourced from github.com/hashicorp/consul's changelog.
... (truncated)
Commits
8fd879bStage v1.14.5 take 22b59ca6Merge branch 'release/1.14.x' into release/1.14.5673653cManual Backport of Add ServiceResolver RequestTimeout for route timeouts to m...f38cefbManual Backport of Fix resolution of service resolvers with subsets for exter...89cee20Manual Backport of Fix issue where terminating gateway service resolvers were...38701d9Backport of Update docs to reflect functionality into release/1.14.x (#16554)5ec425bStage v1.14.5cf3485dbackport of commit 5dca39b8137daf740f18b6d86f1d48081c317815 (#16535)9102716backport of commit 39a967064c030d94e3e81a4f99828e9ba7f6a223 (#16526)83583e0Backport of Remove merge conflict leftovers on Consul at Scale page into rele...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/shieldproject/shield/network/alerts).