Releases: cloudfoundry/routing-release
Releases · cloudfoundry/routing-release
0.311.0
0.311.0
Release Date: September 12, 2024
Changes
- Fix route-registrar dynamic config YAML field names to match JSON names
✨ Built with go 1.22.7
Full Changelog: v0.310.0...v0.311.0
Resources
0.310.0
0.310.0
Release Date: September 09, 2024
Changes
- dep: bump gopkg.in/yaml from v2 to v3; adjusted submodules listed in routing-release#435
- minor dependency bumps
✨ Built with go 1.22.7
Full Changelog: v0.309.0...v0.310.0
Resources
0.309.0
0.309.0
Release Date: September 06, 2024
Changes
- Dependency bumps
✨ Built with go 1.22.7
Full Changelog: v0.308.0...v0.309.0
Resources
0.308.0
0.308.0
Release Date: September 04, 2024
Changes
- Route Registrar now allows hosts to be configured per route
- By default it will use the top level host config
✨ Built with go 1.22.6
Full Changelog: v0.307.0...v0.308.0
Resources
0.307.0
0.307.0
Release Date: August 27, 2024
Changes
- Bump healthchecker-boshrelease vendored packages
✨ Built with go 1.22.6
Full Changelog: v0.306.0...v0.307.0
Resources
0.306.0
0.306.0
Release Date: August 26, 2024
Changes
- 🐛Fixes a bug where TCP routes were incorrectly detected as existing records in routing-api when the only difference between the new route and existing record was that the SNI Hostname or TLS TCP Port were different. This resulted in backends for TLS TCP Routes being ignored in certain scenarios.
✨ Built with go 1.22.6
Full Changelog: v0.305.0...v0.306.0
Resources
0.305.0
0.305.0
Release Date: August 23, 2024
Changes
- Route-registrar can dynamically scan and register routes at paths matching
route_registrar.dynamic_config_globs
Bosh Job Spec changes:
diff --git a/jobs/route_registrar/spec b/jobs/route_registrar/spec
index feafaf10..4f887265 100644
--- a/jobs/route_registrar/spec
+++ b/jobs/route_registrar/spec
@@ -94,6 +94,10 @@ properties:
route_registrar.routing_api.server_ca_cert:
description: "Routing API Certificate Authority"
+ route_registrar.dynamic_config_globs:
+ description: "Files matching the globs contain routes configuration that will be loaded dynamically. Parent directory must exist for bpm to mount it."
+ default: [/var/vcap/jobs/*/config/route_registrar/config.yml]
+
route_registrar.routes:
description: |
(required, array of objects): Routes that will be registered
✨ Built with go 1.22.6
Full Changelog: v0.304.0...v0.305.0
Resources
0.304.0
0.304.0
Release Date: August 13, 2024
Changes
- Addresses issues with routing-api DB migration logic to fix the following bugs:
- 🐛 Failed DB migrations would not re-run without manual intervention in the database
- 🐛 DB migrations could run prior to the active routing-api server receiving code updates
- 🐛 Failed DB migrations did not result in BOSH deployment failures
- 🐛Works around an issue with Gorm + the V6 schema changes for TLS TCP Routing that did not always get applied properly.
✨ Built with go 1.22.6
Full Changelog: v0.303.0...v0.304.0
Resources
0.303.0
0.303.0
Release Date: August 09, 2024
Changes
- add additional unsafe params by @pnikonowicz in #431
Bosh Job Spec changes:
diff --git a/jobs/route_registrar/spec b/jobs/route_registrar/spec
index de81a0e8..feafaf10 100644
--- a/jobs/route_registrar/spec
+++ b/jobs/route_registrar/spec
@@ -132,10 +132,16 @@ properties:
name (required, string): Human-readable reference for the healthcheck
script_path (required, string): Path to script that will be run periodically to determine
service health
+ unrestricted_volumes (optional, array of unrestricted_volumes): Additional directories to be mounted in the bpm config for the route_registrar job.
+ privileged: (optional, boolean): Sets bpm privileged flag. defaults to false
timeout (optional, string): The healthcheck script must exit within this timeout, otherwise
the script is terminated with `SIGKILL` and the route is unregistered. Value is a string (e.g. "10s") and must parse to a positive time duration i.e. "-5s" is not permitted. Must be less than the value of `registration_interval`.
Default: Half of the value of `registration_interval`
+ unrestricted_volume object
+ path (required, string): the path to be mounted
+ writable (optional, boolean): sets the writable flag. defaults to false
+
options object
lb_algo (optional, string): Load balancing algorithm for routing incoming requests to the backend: 'round-robin' or 'least-connection'. In cases where this option is not specified, the algorithm defined in gorouter spec is applied.
✨ Built with go 1.22.6
Full Changelog: v0.302.0...v0.303.0
0.302.0
0.302.0
Release Date: August 08, 2024
Changes
- ✨Adds drain_wait + load_balancer_healthy_threshold properties behaving similarly to gorouter's to provide better uptime during BOSH deployments by waiting for LBs to pull nodes about to be shut down out of service, and re-add them before moving on to the next.
- ✨Adds support for TLS backends with TCP routes. This enables TCP routes to use the envoy proxy settings on app containers used by HTTP routes, providing guaranteed TLS encryption between tcp-router + diego-cell VMs, without intervention from app teams. Additionally it allows for the disabling of the unproxied ports on containers since TCP route traffic can now go through envoy.
- 🐛Fixed a bug with v0.301.0 that caused problems with TCP routes when a postgres database was used for the routing-api. Thanks for finding this @schmidtsv!
- Bumped to golang 1.22.5
- Bumped tcp_router's haproxy to 2.8.10
- Testing + docs improvements
Bosh Job Spec changes:
diff --git a/jobs/tcp_router/spec b/jobs/tcp_router/spec
index 44fbb41a..aa6b764c 100644
--- a/jobs/tcp_router/spec
+++ b/jobs/tcp_router/spec
@@ -10,10 +10,16 @@ templates:
routing_api_client_certificate.crt.erb: config/certs/routing-api/client.crt
routing_api_client_private.key.erb: config/keys/routing-api/client.key
routing_api_ca_certificate.crt.erb: config/certs/routing-api/ca_cert.crt
+ tcp_router_backend_client_cert_and_key.pem.erb: config/keys/tcp-router/backend/client_cert_and_key.pem
+ tcp_router_backend_ca.crt.erb: config/certs/tcp-router/backend/ca.crt
tcp_router_health_check_certificate.pem.erb: config/certs/health.pem
+ # config/haproxy.conf is used for initial haproxy config when starting up
haproxy.conf.erb: config/haproxy.conf
- haproxy.conf.template.erb: config/haproxy.conf.template
+ # config/haproxy.conf.template is rendered by tcp-router when routes are provided
+ haproxy.conf.template.erb: config/haproxy.conf.template
bpm.yml.erb: config/bpm.yml
+ drain.erb: bin/drain
+ post-start.erb: bin/post-start
packages:
- routing_utils
@@ -46,6 +52,18 @@ properties:
default: "1m"
tcp_router.oauth_secret:
description: "OAuth client secret used to obtain token for Routing API from UAA."
+ tcp_router.backend_tls.enabled:
+ description: |
+ Turns on support for TLS for TCP Router. Requires tcp_router.backend_tls.ca_cert to
+ be set. For mTLS also set tcp_router.backend_tls.client_cert and
+ tcp_router.backend_tls.client_key.
+ default: false
+ tcp_router.backend_tls.client_cert:
+ description: "TCP Router's TLS client cert used for mTLS with route backends"
+ tcp_router.backend_tls.client_key:
+ description: "TCP Router's TLS client private key used for mTLS with route backends"
+ tcp_router.backend_tls.ca_cert:
+ description: "TCP Router's TLS CA used with route backends"
routing_api.uri:
description: "URL where the routing API can be reached internally"
@@ -86,6 +104,19 @@ properties:
description: "Fail the tcp router if routing_api.reserved_system_component_ports conflict with ports in existing router groups."
default: "false"
+ tcp_router.drain_wait:
+ description: |
+ Delay in seconds after shut down is initiated before haproxy stops listening.
+ During this time haproxy will reject requests to the /health endpoint.
+ This accommodates requests forwarded by a load balancer until it considers the tcp_router unhealthy.
+ default: 20
+ tcp_router.load_balancer_healthy_threshold:
+ description: |
+ Time period in seconds to wait until declaring the tcp_router instance
+ started after starting the listener socket. This allows an external load
+ balancer time to register the instance as healthy."
+ default: 20
+
uaa.token_endpoint:
description: "UAA token endpoint host name. Do not include a scheme in this value; TCP Router will always use TLS to connect to UAA."
default: uaa.service.cf.internal
✨ Built with go 1.22.6
Full Changelog: v0.301.0...v0.302.0