Skip to content

0.285.0
Compare
Choose a tag to compare
@tas-runtime-bot tas-runtime-bot released this 06 Dec 14:53
· 447 commits to develop since this release
v0.285.0
0b660e7

Changes

  • A new localhost:8082 endpoint has been added for retrieving the routing table on gorouter. This is in preparation of removing non-TLS LB-health check endpoints from the public :8080 listener for increased security. /var/vcap/jobs/gorouter/bin/retrieve-local-routes is updated and still the official way to retrieve the local routing table on a gorouter. The port this listens on can be configured via the router.status.routes.port property.
  • A new TLS-enabled endpoint for LB health checks has been added on :8443. This can be configured via the router.status.tls.port, router.status.tls.certificate and router.status.tls.key properties.
  • routing-api has been updated to work towards supporting a TLS-only CF deployment. Thanks @reneighbor!
  • gorouter's proxy package received some test enhancements for increased test stability. Thanks @domdom82!
  • gorouter's pool.Endpoint.Equals() received a performance improvement thanks to @peanball!
  • Route-registrar will now fail if it configured to talk to NATS without using TLS. This can be toggled via the nats.fail_if_using_nats_without_tls property. thanks @ameowlia!

Bosh Job Spec changes:

diff --git a/jobs/gorouter/spec b/jobs/gorouter/spec
index e9a9dd73..35576742 100644
--- a/jobs/gorouter/spec
+++ b/jobs/gorouter/spec
@@ -57,6 +57,15 @@ properties:
     default: router-status
   router.status.password:
     description: "Password for HTTP basic auth to the /varz and /routes endpoints."
+  router.status.routes.port:
+    description: "Port used for the /routes endpoint (available on localhost-only)"
+    default: 8082
+  router.status.tls.port:
+    description: "Port used for the TLS listener of the LB healthcheck endpoint"
+  router.status.tls.certificate:
+    description: "TLS Certificate used for the TLS listener of the LB healthcheck endpoint"
+  router.status.tls.key:
+    description: "Private Key used for the TLS listener of the LB healthcheck endpoint"
   router.prometheus.port:
     description: "Port for the prometheus endpoint."
   router.prometheus.server_name:
diff --git a/jobs/route_registrar/spec b/jobs/route_registrar/spec
index bf3d9a03..be708025 100644
--- a/jobs/route_registrar/spec
+++ b/jobs/route_registrar/spec
@@ -53,6 +53,13 @@ properties:
     description: "PEM-encoded certificate for the route-registrar to present to NATS for verification when connecting via TLS."
   nats.tls.client_key:
     description: "PEM-encoded private key for the route-registrar to present to NATS for verification when connecting via TLS."
+  nats.fail_if_using_nats_without_tls:
+    description: |
+        Connecting to nats (instead of nats-tls) is deprecated. The nats
+        process will be removed soon. Please migrate to using nats-tls as soon
+        as possible. If you must continue using nats for a short time you can
+        set this flag to false.
+    default: true
 
   host:
     description: (string, optional) By default, route_registrar will detect the IP of the VM and use it, in combination with port as the backend destination for each uri being registered. This property enables overriding the destination hostname or IP.

✨ Built with go 1.21.5

Full Changelog: v0.284.0...v0.285.0

Resources

Contributors

reneighbor, peanball, and 2 other contributors
Assets 3
Loading