From 11672defafd61f1f8f84f67d5a351180e950af71 Mon Sep 17 00:00:00 2001 From: Freddy Date: Tue, 31 Aug 2021 10:39:18 -0600 Subject: [PATCH] connect: update envoy supported versions to latest patch release (#10961) Relevant advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h --- .changelog/10961.txt | 3 +++ .circleci/config.yml | 24 +++++++++---------- agent/xds/envoy_versioning_test.go | 6 ++--- agent/xds/proxysupport/proxysupport.go | 8 +++---- ..._ADDR-with-https-scheme-enables-tls.golden | 2 +- .../envoy/testdata/access-log-path.golden | 2 +- .../connect/envoy/testdata/defaults.golden | 2 +- .../deprecated-grpc-addr-config.golden | 2 +- .../envoy/testdata/existing-ca-file.golden | 2 +- .../envoy/testdata/existing-ca-path.golden | 2 +- .../envoy/testdata/extra_-multiple.golden | 2 +- .../envoy/testdata/extra_-single.golden | 2 +- .../envoy/testdata/grpc-addr-env.golden | 2 +- .../envoy/testdata/grpc-addr-flag.golden | 2 +- .../envoy/testdata/grpc-addr-unix.golden | 2 +- .../ingress-gateway-address-specified.golden | 2 +- .../ingress-gateway-no-auto-register.golden | 2 +- ...-register-with-service-and-proxy-id.golden | 2 +- ...ister-with-service-without-proxy-id.golden | 2 +- .../envoy/testdata/ingress-gateway.golden | 2 +- .../envoy/testdata/prometheus-metrics.golden | 2 +- .../testdata/stats-config-override.golden | 2 +- .../connect/envoy/testdata/token-arg.golden | 2 +- .../connect/envoy/testdata/token-env.golden | 2 +- .../envoy/testdata/token-file-arg.golden | 2 +- .../envoy/testdata/token-file-env.golden | 2 +- .../envoy/testdata/xds-addr-config.golden | 2 +- .../testdata/zipkin-tracing-config.golden | 2 +- test/integration/connect/envoy/run-tests.sh | 6 ++--- website/content/commands/connect/envoy.mdx | 2 +- .../content/docs/connect/proxies/envoy.mdx | 4 ++-- 31 files changed, 52 insertions(+), 49 deletions(-) create mode 100644 .changelog/10961.txt diff --git a/.changelog/10961.txt b/.changelog/10961.txt new file mode 100644 index 000000000..a25fcc132 --- /dev/null +++ b/.changelog/10961.txt @@ -0,0 +1,3 @@ +```release-note:improvement +connect: update supported envoy versions to 1.18.4, 1.17.4, 1.16.5 +``` \ No newline at end of file diff --git a/.circleci/config.yml b/.circleci/config.yml index 8166b11d1..e12accdb2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -826,26 +826,26 @@ jobs: ENVOY_VERSION: "1.15.5" TEST_V2_XDS: "1" - envoy-integration-test-1_16_4: + envoy-integration-test-1_16_5: <<: *ENVOY_TESTS environment: - ENVOY_VERSION: "1.16.4" + ENVOY_VERSION: "1.16.5" - envoy-integration-test-1_16_4-v2compat: + envoy-integration-test-1_16_5-v2compat: <<: *ENVOY_TESTS environment: - ENVOY_VERSION: "1.16.4" + ENVOY_VERSION: "1.16.5" TEST_V2_XDS: "1" - envoy-integration-test-1_17_3: + envoy-integration-test-1_17_4: <<: *ENVOY_TESTS environment: - ENVOY_VERSION: "1.17.3" + ENVOY_VERSION: "1.17.4" - envoy-integration-test-1_18_3: + envoy-integration-test-1_18_4: <<: *ENVOY_TESTS environment: - ENVOY_VERSION: "1.18.3" + ENVOY_VERSION: "1.18.4" # run integration tests for the connect ca providers test-connect-ca-providers: @@ -1093,16 +1093,16 @@ workflows: - envoy-integration-test-1_15_5-v2compat: requires: - dev-build - - envoy-integration-test-1_16_4: + - envoy-integration-test-1_16_5: requires: - dev-build - - envoy-integration-test-1_16_4-v2compat: + - envoy-integration-test-1_16_5-v2compat: requires: - dev-build - - envoy-integration-test-1_17_3: + - envoy-integration-test-1_17_4: requires: - dev-build - - envoy-integration-test-1_18_3: + - envoy-integration-test-1_18_4: requires: - dev-build diff --git a/agent/xds/envoy_versioning_test.go b/agent/xds/envoy_versioning_test.go index 8dfe65df6..007f328fe 100644 --- a/agent/xds/envoy_versioning_test.go +++ b/agent/xds/envoy_versioning_test.go @@ -118,9 +118,9 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) { }} } for _, v := range []string{ - "1.16.0", "1.16.1", "1.16.2", "1.16.3", "1.16.4", - "1.17.0", "1.17.1", "1.17.2", "1.17.3", - "1.18.0", "1.18.1", "1.18.2", "1.18.3", + "1.16.0", "1.16.1", "1.16.2", "1.16.3", "1.16.4", "1.16.5", + "1.17.0", "1.17.1", "1.17.2", "1.17.3", "1.17.4", + "1.18.0", "1.18.1", "1.18.2", "1.18.3", "1.18.4", } { cases[v] = testcase{expect: supportedProxyFeatures{}} } diff --git a/agent/xds/proxysupport/proxysupport.go b/agent/xds/proxysupport/proxysupport.go index 01fb84081..a8f0b5051 100644 --- a/agent/xds/proxysupport/proxysupport.go +++ b/agent/xds/proxysupport/proxysupport.go @@ -7,13 +7,13 @@ package proxysupport // // see: https://www.consul.io/docs/connect/proxies/envoy#supported-versions var EnvoyVersions = []string{ - "1.18.3", - "1.17.3", - "1.16.4", + "1.18.4", + "1.17.4", + "1.16.5", "1.15.5", } var EnvoyVersionsV2 = []string{ - "1.16.4", + "1.16.5", "1.15.5", } diff --git a/command/connect/envoy/testdata/CONSUL_HTTP_ADDR-with-https-scheme-enables-tls.golden b/command/connect/envoy/testdata/CONSUL_HTTP_ADDR-with-https-scheme-enables-tls.golden index 861b59ab9..3f0a9f229 100644 --- a/command/connect/envoy/testdata/CONSUL_HTTP_ADDR-with-https-scheme-enables-tls.golden +++ b/command/connect/envoy/testdata/CONSUL_HTTP_ADDR-with-https-scheme-enables-tls.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/access-log-path.golden b/command/connect/envoy/testdata/access-log-path.golden index 393a924db..5bfbf2c72 100644 --- a/command/connect/envoy/testdata/access-log-path.golden +++ b/command/connect/envoy/testdata/access-log-path.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/defaults.golden b/command/connect/envoy/testdata/defaults.golden index c094ddc15..a8c606d3e 100644 --- a/command/connect/envoy/testdata/defaults.golden +++ b/command/connect/envoy/testdata/defaults.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/deprecated-grpc-addr-config.golden b/command/connect/envoy/testdata/deprecated-grpc-addr-config.golden index 34ed73682..34b99ec59 100644 --- a/command/connect/envoy/testdata/deprecated-grpc-addr-config.golden +++ b/command/connect/envoy/testdata/deprecated-grpc-addr-config.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/existing-ca-file.golden b/command/connect/envoy/testdata/existing-ca-file.golden index c74249dcf..f4f5d89ea 100644 --- a/command/connect/envoy/testdata/existing-ca-file.golden +++ b/command/connect/envoy/testdata/existing-ca-file.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/existing-ca-path.golden b/command/connect/envoy/testdata/existing-ca-path.golden index d83c138d9..e877124be 100644 --- a/command/connect/envoy/testdata/existing-ca-path.golden +++ b/command/connect/envoy/testdata/existing-ca-path.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/extra_-multiple.golden b/command/connect/envoy/testdata/extra_-multiple.golden index b16e5e248..78f293f68 100644 --- a/command/connect/envoy/testdata/extra_-multiple.golden +++ b/command/connect/envoy/testdata/extra_-multiple.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/extra_-single.golden b/command/connect/envoy/testdata/extra_-single.golden index b2617052f..41257f1c4 100644 --- a/command/connect/envoy/testdata/extra_-single.golden +++ b/command/connect/envoy/testdata/extra_-single.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/grpc-addr-env.golden b/command/connect/envoy/testdata/grpc-addr-env.golden index 34ed73682..34b99ec59 100644 --- a/command/connect/envoy/testdata/grpc-addr-env.golden +++ b/command/connect/envoy/testdata/grpc-addr-env.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/grpc-addr-flag.golden b/command/connect/envoy/testdata/grpc-addr-flag.golden index 34ed73682..34b99ec59 100644 --- a/command/connect/envoy/testdata/grpc-addr-flag.golden +++ b/command/connect/envoy/testdata/grpc-addr-flag.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/grpc-addr-unix.golden b/command/connect/envoy/testdata/grpc-addr-unix.golden index 798cbb38b..d5fada950 100644 --- a/command/connect/envoy/testdata/grpc-addr-unix.golden +++ b/command/connect/envoy/testdata/grpc-addr-unix.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/ingress-gateway-address-specified.golden b/command/connect/envoy/testdata/ingress-gateway-address-specified.golden index 2b11eeb35..94e668af0 100644 --- a/command/connect/envoy/testdata/ingress-gateway-address-specified.golden +++ b/command/connect/envoy/testdata/ingress-gateway-address-specified.golden @@ -13,7 +13,7 @@ "id": "ingress-gateway", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/ingress-gateway-no-auto-register.golden b/command/connect/envoy/testdata/ingress-gateway-no-auto-register.golden index f3fe7a54b..eb486b8df 100644 --- a/command/connect/envoy/testdata/ingress-gateway-no-auto-register.golden +++ b/command/connect/envoy/testdata/ingress-gateway-no-auto-register.golden @@ -13,7 +13,7 @@ "id": "ingress-gateway", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/ingress-gateway-register-with-service-and-proxy-id.golden b/command/connect/envoy/testdata/ingress-gateway-register-with-service-and-proxy-id.golden index da6a17501..d36c6a25e 100644 --- a/command/connect/envoy/testdata/ingress-gateway-register-with-service-and-proxy-id.golden +++ b/command/connect/envoy/testdata/ingress-gateway-register-with-service-and-proxy-id.golden @@ -13,7 +13,7 @@ "id": "my-gateway-123", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/ingress-gateway-register-with-service-without-proxy-id.golden b/command/connect/envoy/testdata/ingress-gateway-register-with-service-without-proxy-id.golden index ef9138e40..290940196 100644 --- a/command/connect/envoy/testdata/ingress-gateway-register-with-service-without-proxy-id.golden +++ b/command/connect/envoy/testdata/ingress-gateway-register-with-service-without-proxy-id.golden @@ -13,7 +13,7 @@ "id": "my-gateway", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/ingress-gateway.golden b/command/connect/envoy/testdata/ingress-gateway.golden index 6f5b6c7a1..517d04ff4 100644 --- a/command/connect/envoy/testdata/ingress-gateway.golden +++ b/command/connect/envoy/testdata/ingress-gateway.golden @@ -13,7 +13,7 @@ "id": "ingress-gateway-1", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/prometheus-metrics.golden b/command/connect/envoy/testdata/prometheus-metrics.golden index 6c6799e4e..09d2dcc28 100644 --- a/command/connect/envoy/testdata/prometheus-metrics.golden +++ b/command/connect/envoy/testdata/prometheus-metrics.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/stats-config-override.golden b/command/connect/envoy/testdata/stats-config-override.golden index 42b22dbc6..d3c1cea96 100644 --- a/command/connect/envoy/testdata/stats-config-override.golden +++ b/command/connect/envoy/testdata/stats-config-override.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/token-arg.golden b/command/connect/envoy/testdata/token-arg.golden index 3e33edadb..a30627352 100644 --- a/command/connect/envoy/testdata/token-arg.golden +++ b/command/connect/envoy/testdata/token-arg.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/token-env.golden b/command/connect/envoy/testdata/token-env.golden index 3e33edadb..a30627352 100644 --- a/command/connect/envoy/testdata/token-env.golden +++ b/command/connect/envoy/testdata/token-env.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/token-file-arg.golden b/command/connect/envoy/testdata/token-file-arg.golden index 3e33edadb..a30627352 100644 --- a/command/connect/envoy/testdata/token-file-arg.golden +++ b/command/connect/envoy/testdata/token-file-arg.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/token-file-env.golden b/command/connect/envoy/testdata/token-file-env.golden index 3e33edadb..a30627352 100644 --- a/command/connect/envoy/testdata/token-file-env.golden +++ b/command/connect/envoy/testdata/token-file-env.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/xds-addr-config.golden b/command/connect/envoy/testdata/xds-addr-config.golden index 34ed73682..34b99ec59 100644 --- a/command/connect/envoy/testdata/xds-addr-config.golden +++ b/command/connect/envoy/testdata/xds-addr-config.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/command/connect/envoy/testdata/zipkin-tracing-config.golden b/command/connect/envoy/testdata/zipkin-tracing-config.golden index 5a6cc29d0..a59742790 100644 --- a/command/connect/envoy/testdata/zipkin-tracing-config.golden +++ b/command/connect/envoy/testdata/zipkin-tracing-config.golden @@ -13,7 +13,7 @@ "id": "test-proxy", "metadata": { "namespace": "default", - "envoy_version": "1.18.3" + "envoy_version": "1.18.4" } }, "static_resources": { diff --git a/test/integration/connect/envoy/run-tests.sh b/test/integration/connect/envoy/run-tests.sh index f536e9ed2..2015c373f 100755 --- a/test/integration/connect/envoy/run-tests.sh +++ b/test/integration/connect/envoy/run-tests.sh @@ -9,7 +9,7 @@ readonly HASHICORP_DOCKER_PROXY="docker.mirror.hashicorp.services" # DEBUG=1 enables set -x for this script so echos every command run DEBUG=${DEBUG:-} -OLD_XDSV2_AWARE_CONSUL_VERSION="${OLD_XDSV2_AWARE_CONSUL_VERSION:-"${HASHICORP_DOCKER_PROXY}/library/consul:1.9.5"}" +OLD_XDSV2_AWARE_CONSUL_VERSION="${OLD_XDSV2_AWARE_CONSUL_VERSION:-"${HASHICORP_DOCKER_PROXY}/library/consul:1.9.8"}" export OLD_XDSV2_AWARE_CONSUL_VERSION # TEST_V2_XDS=1 causes it to do just the 'consul connect envoy' part using @@ -18,7 +18,7 @@ TEST_V2_XDS=${TEST_V2_XDS:-} export TEST_V2_XDS # ENVOY_VERSION to run each test against -ENVOY_VERSION=${ENVOY_VERSION:-"1.18.3"} +ENVOY_VERSION=${ENVOY_VERSION:-"1.18.4"} export ENVOY_VERSION if [ ! -z "$DEBUG" ] ; then @@ -27,7 +27,7 @@ fi if [[ -n "$TEST_V2_XDS" ]] ; then if [[ ! "${ENVOY_VERSION}" =~ ^1\.1[456]\. ]]; then - echo "Envoy version ${ENVOY_VERSION} is not compatible with Consul 1.9.1 so we cannot test the xDS v2 fallback code" + echo "Envoy version ${ENVOY_VERSION} is not compatible with Consul 1.9.8 so we cannot test the xDS v2 fallback code" exit 1 fi fi diff --git a/website/content/commands/connect/envoy.mdx b/website/content/commands/connect/envoy.mdx index 3b913c1cd..285e95304 100644 --- a/website/content/commands/connect/envoy.mdx +++ b/website/content/commands/connect/envoy.mdx @@ -75,7 +75,7 @@ proxy configuration needed. allowed to access by [Connect intentions](/docs/connect/intentions). - `-envoy-version` - The version of envoy that is being started. Default is - `1.18.3`. This is required so that the correct configuration can be generated. + `1.18.4`. This is required so that the correct configuration can be generated. - `-no-central-config` - By default the proxy's bootstrap configuration can be customized centrally. This requires that the command run on the same agent diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index e80134f67..13e6759e8 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -35,8 +35,8 @@ compatible Envoy versions. | Consul Version | Compatible Envoy Versions | | ------------------- | ------------------------------------------------------ | -| 1.10.x | 1.18.3, 1.17.3, 1.16.4, 1.15.5 | -| 1.9.x | 1.16.4, 1.15.5, 1.14.71, 1.13.71 | +| 1.10.x | 1.18.4, 1.17.4, 1.16.5, 1.15.5 | +| 1.9.x | 1.16.5, 1.15.5, 1.14.71, 1.13.71 | | 1.8.x | 1.14.7, 1.13.7, 1.12.7, 1.11.2 | | 1.7.x | 1.13.7, 1.12.7, 1.11.2, 1.10.02 | | 1.6.x, 1.5.3, 1.5.2 | 1.11.1, 1.10.0, 1.9.1, 1.8.03 |