-
Notifications
You must be signed in to change notification settings - Fork 4.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into docs/l7-config-entry-reference
- Loading branch information
Showing
517 changed files
with
25,278 additions
and
4,898 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:improvement | ||
envoy: add `MaxEjectionPercent` and `BaseEjectionTime` to passive health check configs. | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:improvement | ||
hcp: Add support for linking existing Consul clusters to HCP management plane. | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:improvement | ||
command: Allow creating ACL Token TTL with greater than 24 hours with the -expires-ttl flag. | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:improvement | ||
gateway: Change status condition reason for invalid certificate on a listener from "Accepted" to "ResolvedRefs". | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
```release-note:improvement | ||
ca: automatically set up Vault's auto-tidy setting for tidy_expired_issuers when using Vault as a CA provider. | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:improvement | ||
agent: add a configurable maximimum age (default: 7 days) to prevent servers re-joining a cluster with stale data | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:bug | ||
peering: ensure that merged central configs of peered upstreams for partitioned downstreams work | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
```release-note:improvement | ||
* cli: Add `-filter` option to `consul config list` for filtering config entries. | ||
``` | ||
```release-note:improvement | ||
* api: Support filtering for config entries. | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:bug | ||
xds: Fix possible panic that can when generating clusters before the root certificates have been fetched. | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:bug | ||
peering: Fix issue where peer streams could incorrectly deregister services in various scenarios. | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:improvement | ||
logging: change snapshot log header from `agent.server.snapshot` to `agent.server.raft.snapshot` | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
```release-note:security | ||
Upgrade to use Go 1.20.4. | ||
This resolves vulnerabilities [CVE-2023-24537](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`go/scanner`), | ||
[CVE-2023-24538](https://github.com/advisories/GHSA-v4m2-x4rp-hv22)(`html/template`), | ||
[CVE-2023-24534](https://github.com/advisories/GHSA-8v5j-pwr7-w5f8)(`net/textproto`) and | ||
[CVE-2023-24536](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`mime/multipart`). | ||
Also, `golang.org/x/net` has been updated to v0.7.0 to resolve CVEs [CVE-2022-41721 | ||
](https://github.com/advisories/GHSA-fxg5-wq6x-vr4w | ||
), [CVE-2022-27664](https://github.com/advisories/GHSA-69cg-p879-7622) and [CVE-2022-41723 | ||
](https://github.com/advisories/GHSA-vvpx-j8f3-3w6h | ||
.) | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:bug | ||
connect: Fix multiple inefficient behaviors when querying service health. | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:bug | ||
grpc: ensure grpc resolver correctly uses lan/wan addresses on servers | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:bug | ||
connect: fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:improvement | ||
connect: update supported envoy versions to 1.23.8, 1.24.6, 1.25.4, 1.26.0 | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,178 @@ | ||
#!/bin/bash | ||
# Copyright (c) HashiCorp, Inc. | ||
# SPDX-License-Identifier: MPL-2.0 | ||
|
||
set -euo pipefail | ||
|
||
current_branch=$GITHUB_REF | ||
GITHUB_DEFAULT_BRANCH='main' | ||
|
||
if [ -z "$GITHUB_TOKEN" ]; then | ||
echo "GITHUB_TOKEN must be set" | ||
exit 1 | ||
fi | ||
|
||
if [ -z "$current_branch" ]; then | ||
echo "GITHUB_REF must be set" | ||
exit 1 | ||
fi | ||
|
||
# Get Consul and Envoy version | ||
SCRIPT_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" | ||
pushd $SCRIPT_DIR/../.. # repository root | ||
consul_envoy_data_json=$(echo go run ./test/integration/consul-container/test/consul_envoy_version/consul_envoy_version.go) | ||
# go back to where you started when finished | ||
popd | ||
|
||
if [ -z "$consul_envoy_data_json" ]; then | ||
echo "Error! Consul and Envoy versions not returned: $consul_envoy_data_json" | ||
exit 1 | ||
fi | ||
|
||
# sanitize_consul_envoy_version removes characters from result that may contain new lines, spaces, and [...] | ||
# example envoyVersions:[1.25.4 1.24.6 1.23.8 1.22.11] => 1.25.4 1.24.6 1.23.8 1.22.11 | ||
sanitize_consul_envoy_version() { | ||
local _consul_version=$(eval "$consul_envoy_data_json" | jq -r '.ConsulVersion') | ||
local _envoy_version=$(eval "$consul_envoy_data_json" | jq -r '.EnvoyVersions' | tr -d '"' | tr -d '\n' | tr -d ' '| tr -d '[]') | ||
echo "${_consul_version}" "${_envoy_version}" | ||
} | ||
|
||
# get major version for Consul and Envoy | ||
get_major_version(){ | ||
local _verison="$1" | ||
local _abbrVersion="$(cut -d "." -f1-2 <<< $_verison)" | ||
echo "${_abbrVersion}" | ||
} | ||
|
||
get_latest_envoy_version() { | ||
OUTPUT_FILE=$(mktemp) | ||
HTTP_CODE=$(curl -L --silent --output "$OUTPUT_FILE" -w "%{http_code}" \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "Authorization: Bearer ${GITHUB_TOKEN}"\ | ||
-H "X-GitHub-Api-Version: 2022-11-28" \ | ||
https://api.github.com/repos/envoyproxy/envoy/releases/latest) | ||
if [[ ${HTTP_CODE} -lt 200 || ${HTTP_CODE} -gt 299 ]]; then | ||
cat >&2 "$OUTPUT_FILE" | ||
rm "$OUTPUT_FILE" | ||
exit 1 | ||
fi | ||
_latest_envoy_version=$(jq -r '.tag_name' "$OUTPUT_FILE") | ||
echo "$_latest_envoy_version" | ||
rm "$OUTPUT_FILE" | ||
} | ||
|
||
# major_envoy_versions takes multiple arguments | ||
major_envoy_versions(){ | ||
version=("$@") | ||
for i in "${version[@]}"; | ||
do | ||
envoy_versions_array+="$(cut -d "." -f1-2 <<< $i)" | ||
done | ||
echo "${envoy_versions_array}" | ||
} | ||
|
||
# Get latest Envoy version from envoyproxy repo | ||
released_envoy_version=$(get_latest_envoy_version) | ||
major_released_envoy_version="${released_envoy_version[@]:1:4}" | ||
|
||
validate_envoy_version_main(){ | ||
echo "verify "main" GitHub branch has latest envoy version" | ||
# Get envoy version for current branch | ||
ENVOY_VERSIONS=$(sanitize_consul_envoy_version | awk '{print $2}' | tr ',' ' ') | ||
envoy_version_main_branch=$(get_major_version ${ENVOY_VERSIONS}) | ||
|
||
if [[ "$envoy_version_main_branch" != "$major_released_envoy_version" ]]; then | ||
echo | ||
echo "Latest released Envoy version is: "$released_envoy_version"" | ||
echo "ERROR! Branch $current_branch; Envoy versions: "$ENVOY_VERSIONS" needs to be updated." | ||
exit 1 | ||
else | ||
echo "#### SUCCESS! ##### Compatible Envoy versions found: ${ENVOY_VERSIONS}" | ||
exit 0 | ||
fi | ||
} | ||
|
||
if [[ "$current_branch" == *"$GITHUB_DEFAULT_BRANCH"* ]]; then | ||
validate_envoy_version_main | ||
fi | ||
|
||
# filter consul and envoy version | ||
CONSUL_VERSION=$(sanitize_consul_envoy_version | awk '{print $1}') | ||
ENVOY_VERSIONS=$(sanitize_consul_envoy_version | awk '{print $2}' | tr ',' ' ') | ||
|
||
# Get Consul and Envoy version from default branch | ||
echo checking out "${GITHUB_DEFAULT_BRANCH}" branch | ||
git checkout "${GITHUB_DEFAULT_BRANCH}" | ||
|
||
# filter consul and envoy version from default branch | ||
CONSUL_VERSION_DEFAULT_BRANCH=$(sanitize_consul_envoy_version | awk '{print $1}') | ||
ENVOY_VERSIONS_DEFAULT_BRANCH=$(sanitize_consul_envoy_version | awk '{print $2}' | tr ',' ' ') | ||
|
||
# Ensure required values are not empty | ||
if [ -z "$CONSUL_VERSION" ] || [ -z "$CONSUL_VERSION_DEFAULT_BRANCH" ] || [ -z "$ENVOY_VERSIONS" ] || [ -z "$ENVOY_VERSIONS_DEFAULT_BRANCH" ]; then | ||
echo "Error! Consul version: $CONSUL_VERSION | Consul version default branch: $CONSUL_VERSION_DEFAULT_BRANCH | Envoy version: $ENVOY_VERSIONS | Envoy version default branch: $ENVOY_VERSIONS_DEFAULT_BRANCH cannot be empty" | ||
exit 1 | ||
fi | ||
|
||
echo checking out branch: "${current_branch}" | ||
git checkout "${current_branch}" | ||
|
||
echo | ||
echo "Branch ${current_branch} =>Consul version: ${CONSUL_VERSION}; Envoy Version: ${ENVOY_VERSIONS}" | ||
echo "Branch ${GITHUB_DEFAULT_BRANCH} =>Consul version: ${CONSUL_VERSION_DEFAULT_BRANCH}; Envoy Version: ${ENVOY_VERSIONS_DEFAULT_BRANCH}" | ||
|
||
## Get major Consul and Envoy versions on release and default branch | ||
MAJOR_CONSUL_VERSION=$(get_major_version ${CONSUL_VERSION}) | ||
MAJOR_CONSUL_VERSION_DEFAULT_BRANCH=$(get_major_version ${CONSUL_VERSION_DEFAULT_BRANCH}) | ||
MAJOR_ENVOY_VERSION_DEFAULT_BRANCH=$(get_major_version ${ENVOY_VERSIONS_DEFAULT_BRANCH}) | ||
|
||
_envoy_versions=($ENVOY_VERSIONS) | ||
_envoy_versions_default=($ENVOY_VERSIONS_DEFAULT_BRANCH) | ||
|
||
## Validate supported envoy versions available - should be 4 | ||
echo | ||
echo "Validating supported envoy versions available on branches: $current_branch and $GITHUB_DEFAULT_BRANCH" | ||
if [ "${#_envoy_versions_default[@]}" != 4 ] || [ "${#_envoy_versions[@]}" != 4 ]; then | ||
echo "Branch $GITHUB_DEFAULT_BRANCH =>Consul version: ${CONSUL_VERSION_DEFAULT_BRANCH}; Envoy versions: $ENVOY_VERSIONS_DEFAULT_BRANCH" | ||
echo "Branch $current_branch =>Consul version: ${CONSUL_VERSION}; Envoy versions: $_envoy_versions" | ||
echo "ERROR! Envoy should have 4 compatible versions." | ||
exit 1 | ||
fi | ||
|
||
echo "Checking if branch $GITHUB_DEFAULT_BRANCH has latest Envoy version" | ||
## 1. Check "main" GitHub branch has latest envoy version | ||
if [[ "$MAJOR_ENVOY_VERSION_DEFAULT_BRANCH" != "$major_released_envoy_version" ]]; then | ||
echo | ||
echo "Latest released Envoy version is: "$released_envoy_version"" | ||
echo "ERROR! Branch $GITHUB_DEFAULT_BRANCH; Envoy versions: "$ENVOY_VERSIONS_DEFAULT_BRANCH" needs to be updated." | ||
exit 1 | ||
else | ||
echo "#### SUCCESS! #####. Compatible Envoy versions found: ${ENVOY_VERSIONS_DEFAULT_BRANCH}" | ||
echo | ||
|
||
## 2. Check main branch and release branch support the same Envoy major versions | ||
## Get the major Consul version on the main and release branch. If both branches have | ||
## the same major Consul version, verify both branches have the same major Envoy versions. | ||
## Return error if major envoy versions are not the same. | ||
echo "Checking branch $current_branch and $GITHUB_DEFAULT_BRANCH have the same compatible major Envoy versions." | ||
consul_version_diff=$(echo "$MAJOR_CONSUL_VERSION_DEFAULT_BRANCH $MAJOR_CONSUL_VERSION" | awk '{print $1 - $2}') | ||
check=$(echo "$consul_version_diff == 0" | bc -l) | ||
|
||
if (( $check )); then | ||
echo "Branch $current_branch and $GITHUB_DEFAULT_BRANCH have the same major Consul version "$MAJOR_CONSUL_VERSION"" | ||
echo "Validating branches have the same Envoy major versions..." | ||
_major_envoy_versions=$(major_envoy_versions $ENVOY_VERSIONS) | ||
_major_envoy_versions_default=$(major_envoy_versions $ENVOY_VERSIONS_DEFAULT_BRANCH) | ||
|
||
if [[ "$_major_envoy_versions_default" != "$_major_envoy_versions" ]]; then | ||
echo "Branch $GITHUB_DEFAULT_BRANCH =>Envoy versions: $_major_envoy_versions" | ||
echo "Branch $current_branch =>Envoy versions: $_major_envoy_versions_default" | ||
echo "ERROR! Branches should support the same major versions for envoy." | ||
exit 1 | ||
else | ||
echo "#### SUCCESS! #####. Compatible Envoy major versions found: $ENVOY_VERSIONS_DEFAULT_BRANCH" | ||
fi | ||
else | ||
echo "No validation needed. Branches have different Consul versions" | ||
fi | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.