0.285.0
tas-runtime-bot
released this
06 Dec 14:53
·
447 commits
to develop
since this release
Changes
- A new
localhost:8082
endpoint has been added for retrieving the routing table on gorouter. This is in preparation of removing non-TLS LB-health check endpoints from the public:8080
listener for increased security./var/vcap/jobs/gorouter/bin/retrieve-local-routes
is updated and still the official way to retrieve the local routing table on a gorouter. The port this listens on can be configured via therouter.status.routes.port
property. - A new TLS-enabled endpoint for LB health checks has been added on
:8443
. This can be configured via therouter.status.tls.port
,router.status.tls.certificate
androuter.status.tls.key
properties. - routing-api has been updated to work towards supporting a TLS-only CF deployment. Thanks @reneighbor!
- gorouter's
proxy
package received some test enhancements for increased test stability. Thanks @domdom82! - gorouter's
pool.Endpoint.Equals()
received a performance improvement thanks to @peanball! - Route-registrar will now fail if it configured to talk to NATS without using TLS. This can be toggled via the
nats.fail_if_using_nats_without_tls
property. thanks @ameowlia!
Bosh Job Spec changes:
diff --git a/jobs/gorouter/spec b/jobs/gorouter/spec
index e9a9dd73..35576742 100644
--- a/jobs/gorouter/spec
+++ b/jobs/gorouter/spec
@@ -57,6 +57,15 @@ properties:
default: router-status
router.status.password:
description: "Password for HTTP basic auth to the /varz and /routes endpoints."
+ router.status.routes.port:
+ description: "Port used for the /routes endpoint (available on localhost-only)"
+ default: 8082
+ router.status.tls.port:
+ description: "Port used for the TLS listener of the LB healthcheck endpoint"
+ router.status.tls.certificate:
+ description: "TLS Certificate used for the TLS listener of the LB healthcheck endpoint"
+ router.status.tls.key:
+ description: "Private Key used for the TLS listener of the LB healthcheck endpoint"
router.prometheus.port:
description: "Port for the prometheus endpoint."
router.prometheus.server_name:
diff --git a/jobs/route_registrar/spec b/jobs/route_registrar/spec
index bf3d9a03..be708025 100644
--- a/jobs/route_registrar/spec
+++ b/jobs/route_registrar/spec
@@ -53,6 +53,13 @@ properties:
description: "PEM-encoded certificate for the route-registrar to present to NATS for verification when connecting via TLS."
nats.tls.client_key:
description: "PEM-encoded private key for the route-registrar to present to NATS for verification when connecting via TLS."
+ nats.fail_if_using_nats_without_tls:
+ description: |
+ Connecting to nats (instead of nats-tls) is deprecated. The nats
+ process will be removed soon. Please migrate to using nats-tls as soon
+ as possible. If you must continue using nats for a short time you can
+ set this flag to false.
+ default: true
host:
description: (string, optional) By default, route_registrar will detect the IP of the VM and use it, in combination with port as the backend destination for each uri being registered. This property enables overriding the destination hostname or IP.
✨ Built with go 1.21.5
Full Changelog: v0.284.0...v0.285.0