luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

docs: update docs related to GH-16779 (#17020)

This commit is contained in:
Jared Kirschner 2023-04-17 19:41:31 -04:00 committed by GitHub
parent 0674f30fc1
commit dcd1143086
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -109,7 +109,7 @@ BUG FIXES:
KNOWN ISSUES:
* connect: An issue with leaf certificate rotation can cause some service instances to lose their ability to communicate in the mesh after 72 hours (LeafCertTTL). This issue is not consistently reproducible. We are working to address this issue in an upcoming patch release. To err on the side of caution, service mesh deployments should not upgrade to Consul v1.15 at this time. Refer to [[GH-16779](https://github.com/hashicorp/consul/issues/16779)] for the latest information.
* connect: A race condition can cause some service instances to lose their ability to communicate in the mesh after 72 hours (LeafCertTTL) due to a problem with leaf certificate rotation. This bug is fixed in Consul v1.15.2 by [GH-16818](https://github.com/hashicorp/consul/issues/16818).
BREAKING CHANGES:

16
website/content/docs/release-notes/consul/v1_15_x.mdx
View File

@ -68,14 +68,11 @@ For more detailed information, please refer to the [upgrade details page](/consu
The following issues are known to exist in the v1.15.x releases:
- All current 1.15.x versions are under investigation for a not-consistently-reproducible
issue that can cause some service instances to lose their ability to communicate in the mesh after
- v1.15.0 - v1.15.1 contain a race condition that can cause
some service instances to lose their ability to communicate in the mesh after
[72 hours (LeafCertTTL)](/consul/docs/connect/ca/consul#leafcertttl)
due to a problem with leaf certificate rotation.
We will update this section with more information as our investigation continues,
including the target availability for a fix.
Refer to [GH-16779](https://github.com/hashicorp/consul/issues/16779)
for the latest information.
This is resolved in Consul v1.15.2.
- For v1.15.0, Consul is reporting newer releases of Envoy (for example, v1.25.1) as not supported, even though these versions are listed as valid in the [Envoy compatilibity matrix](/consul/docs/connect/proxies/envoy#envoy-and-consul-client-agent). The following error would result for newer versions of Envoy:
@ -83,15 +80,16 @@ The following issues are known to exist in the v1.15.x releases:
Envoy version 1.25.1 is not supported. If there is a reason you need to use this version of envoy use the ignore-envoy-compatibility flag. Using an unsupported version of Envoy is not recommended and your experience may vary.
```
The workaround to resolve this issue until Consul v1.15.1 would be to run the client agents with the new `ingore-envoy-compatiblity` flag:
To workaround this issue on Consul v1.15.0, launch sidecar proxies
with the `ignore-envoy-compatiblity` flag:
```shell-session
$ consul connect envoy --ignore-envoy-compatibility
```
- For v1.15.0, there is a known issue where `consul acl token read -self` requires an `-accessor-id`. This is resolved in the uppcoming Consul v1.15.1 patch release.
- For v1.15.0, there is a known issue where `consul acl token read -self` requires an `-accessor-id`. This is resolved in Consul v1.15.1.
- For v1.15.0, there is a known issue where search filters produced errors and resulted in lists not showing full results until being interacted with. This is resolved in the upcoming Consul v1.15.1 patch release.
- For v1.15.0, there is a known issue where search filters produced errors and resulted in lists not showing full results until being interacted with. This is resolved in Consul v1.15.1.
## Changelogs

13
website/content/docs/upgrading/upgrade-specific.mdx
View File

@ -24,21 +24,16 @@ This change removes the backward-compatibility behavior introduced in Consul 1.1
## Consul 1.15.x
#### Service mesh known issue
#### Service mesh compatibility ((#service-mesh-compatibility-1-15))
To err on the side of caution,
service mesh deployments should not upgrade to Consul v1.15 at this time.
Upgrade to **Consul version 1.15.2 or later**.
We are currently investigating a not-consistently-reproducible issue that can cause
Consul versions 1.15.0 - 1.15.1 contain a race condition that can cause
some service instances to lose their ability to communicate in the mesh after
[72 hours (LeafCertTTL)](/consul/docs/connect/ca/consul#leafcertttl)
due to a problem with leaf certificate rotation.
We will update this section with more information as our investigation continues,
including the target availability for a fix.
If you are already operating Consul v1.15, refer to discussion of this issue on
[GH-16779](https://github.com/hashicorp/consul/issues/16779)
for potential workarounds and to share your observations.
This bug is fixed in Consul versions 1.15.2 and newer.
#### Removing configuration options