diff --git a/.changelog/16274.txt b/.changelog/16274.txt
deleted file mode 100644
index 983d33b19599..000000000000
--- a/.changelog/16274.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:improvement
-connect: Bump Envoy 1.22.5 to 1.22.7, 1.23.2 to 1.23.4, 1.24.0 to 1.24.2, add 1.25.1, remove 1.21.5
-```
diff --git a/.changelog/16292.txt b/.changelog/16292.txt
deleted file mode 100644
index 085fe7fd07c2..000000000000
--- a/.changelog/16292.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:feature
-server: added server side RPC requests global read/write rate-limiter.
-```
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 46ebfe240e91..d50ddb1fa72a 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -23,10 +23,10 @@ references:
BASH_ENV: .circleci/bash_env.sh
GO_VERSION: 1.20.1
envoy-versions: &supported_envoy_versions
- - &default_envoy_version "1.22.7"
- - "1.23.4"
- - "1.24.2"
- - "1.25.1"
+ - &default_envoy_version "1.21.5"
+ - "1.22.5"
+ - "1.23.2"
+ - "1.24.0"
nomad-versions: &supported_nomad_versions
- &default_nomad_version "1.3.3"
- "1.2.10"
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 8a7e26fd2267..c269a70a458f 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -4,48 +4,27 @@ about: You're experiencing an issue with Consul that is different than the docum
---
-
-
#### Overview of the Issue
-
-
----
+A paragraph or two about the issue you're experiencing.
#### Reproduction Steps
-
-
### Consul info for both Client and Server
-
-
-
Client info
```
-Output from client 'consul info' command here
-```
-
-```
-Client agent HCL config
+output from client 'consul info' command here
```
@@ -54,29 +33,15 @@ Client agent HCL config
Server info
```
-Output from server 'consul info' command here
-```
-
-```
-Server agent HCL config
+output from server 'consul info' command here
```
### Operating system and Environment details
-
-
### Log Fragments
-
-
Include appropriate Client or Server log fragments. If the log is longer than a few dozen lines, please include the URL to the [gist](https://gist.github.com/) of the log instead of posting it in the issue. Use `-log-level=TRACE` on the client and server to capture the maximum log detail.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
index b3cd70e8cd17..fb9b6b4ef03e 100644
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -4,24 +4,12 @@ about: If you have something you think Consul could improve or add support for.
---
-
-
#### Feature Description
-
-
#### Use Case(s)
-
+Any relevant use-cases that you see.
diff --git a/.github/ISSUE_TEMPLATE/ui_issues.md b/.github/ISSUE_TEMPLATE/ui_issues.md
index 3a3ca0ed17e0..dd5a6351c8d1 100644
--- a/.github/ISSUE_TEMPLATE/ui_issues.md
+++ b/.github/ISSUE_TEMPLATE/ui_issues.md
@@ -4,68 +4,41 @@ about: You have usage feedback for the browser based UI
---
-
-
### Overview of the Issue
-
-
### Reproduction Steps
-
-
### Describe the solution you'd like
-
-
### Consul Version
-
-
### Browser and Operating system details
-
-
### Screengrabs / Web Inspector logs
-
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 7f1e645aa333..43b3ac71337b 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,31 +1,16 @@
### Description
-
-
+Describe why you're making this change, in plain English.
### Testing & Reproduction steps
-
-
-
### Links
-
-
-
### PR Checklist
* [ ] updated test coverage
diff --git a/.github/workflows/nightly-test-1.15.x.yaml b/.github/workflows/nightly-test-1.11.x.yaml
similarity index 98%
rename from .github/workflows/nightly-test-1.15.x.yaml
rename to .github/workflows/nightly-test-1.11.x.yaml
index 18fe5466f009..cd913d4eca49 100644
--- a/.github/workflows/nightly-test-1.15.x.yaml
+++ b/.github/workflows/nightly-test-1.11.x.yaml
@@ -1,4 +1,4 @@
-name: Nightly Test 1.15.x
+name: Nightly Test 1.11.x
on:
schedule:
- cron: '0 4 * * *'
@@ -6,8 +6,8 @@ on:
env:
EMBER_PARTITION_TOTAL: 4 # Has to be changed in tandem with the matrix.partition
- BRANCH: "release/1.15.x"
- BRANCH_NAME: "release/1.15.x" # Used for naming artifacts
+ BRANCH: "release/1.11.x"
+ BRANCH_NAME: "release-1.11.x" # Used for naming artifacts
jobs:
frontend-test-workspace-node:
diff --git a/agent/xds/testdata/clusters/api-gateway-with-tcp-route-and-inline-certificate.envoy-1-21-x.golden b/agent/xds/testdata/clusters/api-gateway-with-tcp-route-and-inline-certificate.envoy-1-21-x.golden
deleted file mode 100644
index 0f1acf258838..000000000000
--- a/agent/xds/testdata/clusters/api-gateway-with-tcp-route-and-inline-certificate.envoy-1-21-x.golden
+++ /dev/null
@@ -1,55 +0,0 @@
-{
- "versionInfo": "00000001",
- "resources": [
- {
- "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
- "name": "my-tcp-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
- "altStatName": "my-tcp-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
- "type": "EDS",
- "edsClusterConfig": {
- "edsConfig": {
- "ads": {},
- "resourceApiVersion": "V3"
- }
- },
- "connectTimeout": "5s",
- "circuitBreakers": {},
- "outlierDetection": {},
- "commonLbConfig": {
- "healthyPanicThreshold": {}
- },
- "transportSocket": {
- "name": "tls",
- "typedConfig": {
- "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
- "commonTlsContext": {
- "tlsParams": {},
- "tlsCertificates": [
- {
- "certificateChain": {
- "inlineString": "-----BEGIN CERTIFICATE-----\nMIICBTCCAaugAwIBAgIIDUmSJn0rk7IwCgYIKoZIzj0EAwIwFjEUMBIGA1UEAxML\nVGVzdCBDQSA5OTcwHhcNMjMwMjEzMTk1NzI2WhcNMzMwMjEwMTk1NzI2WjAAMFkw\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEg0SW0HLUZjEG9lnmnVT8g/1i+zdPVrCq\nWIltXSdtS3xbwaiP+5Vnc4sr/MqLhIC46BfyjrQWlz8bH+AGmn6pqKOB+DCB9TAO\nBgNVHQ8BAf8EBAMCA7gwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAwG\nA1UdEwEB/wQCMAAwKQYDVR0OBCIEIJhaXpuR2wfoxMchnGF3jGjSlhq4ldWkWnbj\nTjqghzzBMCsGA1UdIwQkMCKAIPSY/nP8UYJ63YM3PU3r4pUr6PujDyRaz1fyqlsJ\njZOZMF4GA1UdEQEB/wRUMFKCAIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMz\nLTQ0NDQtNTU1NTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMv\nd2ViMAoGCCqGSM49BAMCA0gAMEUCIQCWa5SsdXjVOHrIymFBFDYaB63G37I7G4fS\nnwHSTUX4WgIgRSmlLlZyYAC7iVfxYawVF00jlJgiI9BR15jZKX7AbQY=\n-----END CERTIFICATE-----\n"
- },
- "privateKey": {
- "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIAXRcUw9WfqWXNpB17uKREas/k4BEXmfTrHuMipy4cBYoAoGCCqGSM49\nAwEHoUQDQgAEg0SW0HLUZjEG9lnmnVT8g/1i+zdPVrCqWIltXSdtS3xbwaiP+5Vn\nc4sr/MqLhIC46BfyjrQWlz8bH+AGmn6pqA==\n-----END EC PRIVATE KEY-----\n"
- }
- }
- ],
- "validationContext": {
- "trustedCa": {
- "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
- },
- "matchSubjectAltNames": [
- {
- "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/my-tcp-service"
- }
- ]
- }
- },
- "sni": "my-tcp-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
- }
- }
- }
- ],
- "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
- "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/api-gateway-with-tcp-route-and-inline-certificate.latest.golden b/agent/xds/testdata/clusters/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
index f18e7e0d9766..e20479dfd1cf 100644
--- a/agent/xds/testdata/clusters/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
+++ b/agent/xds/testdata/clusters/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
@@ -1,55 +1,55 @@
{
- "versionInfo": "00000001",
- "resources": [
+ "versionInfo": "00000001",
+ "resources": [
{
- "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
- "name": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
- "altStatName": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
- "type": "EDS",
- "edsClusterConfig": {
- "edsConfig": {
- "ads": {},
- "resourceApiVersion": "V3"
+ "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+ "name": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+ "altStatName": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+ "type": "EDS",
+ "edsClusterConfig": {
+ "edsConfig": {
+ "ads": {},
+ "resourceApiVersion": "V3"
}
},
- "connectTimeout": "5s",
- "circuitBreakers": {},
- "outlierDetection": {},
- "commonLbConfig": {
- "healthyPanicThreshold": {}
+ "connectTimeout": "5s",
+ "circuitBreakers": {},
+ "outlierDetection": {},
+ "commonLbConfig": {
+ "healthyPanicThreshold": {}
},
- "transportSocket": {
- "name": "tls",
- "typedConfig": {
- "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
- "commonTlsContext": {
- "tlsParams": {},
- "tlsCertificates": [
+ "transportSocket": {
+ "name": "tls",
+ "typedConfig": {
+ "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+ "commonTlsContext": {
+ "tlsParams": {},
+ "tlsCertificates": [
{
- "certificateChain": {
- "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+ "certificateChain": {
+ "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
},
- "privateKey": {
- "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+ "privateKey": {
+ "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
}
}
],
- "validationContext": {
- "trustedCa": {
- "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+ "validationContext": {
+ "trustedCa": {
+ "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
},
- "matchSubjectAltNames": [
+ "matchSubjectAltNames": [
{
- "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/service"
+ "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/service"
}
]
}
},
- "sni": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+ "sni": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}
}
}
],
- "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
- "nonce": "00000001"
+ "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+ "nonce": "00000001"
}
\ No newline at end of file
diff --git a/agent/xds/testdata/endpoints/api-gateway-with-tcp-route-and-inline-certificate.latest.golden b/agent/xds/testdata/endpoints/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
index 8504dae2b840..47b46bca225b 100644
--- a/agent/xds/testdata/endpoints/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
+++ b/agent/xds/testdata/endpoints/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
@@ -1,5 +1,5 @@
{
- "versionInfo": "00000001",
- "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
- "nonce": "00000001"
+ "versionInfo": "00000001",
+ "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+ "nonce": "00000001"
}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/api-gateway-tcp-listeners.latest.golden b/agent/xds/testdata/listeners/api-gateway-tcp-listeners.latest.golden
deleted file mode 100644
index d2d839adf956..000000000000
--- a/agent/xds/testdata/listeners/api-gateway-tcp-listeners.latest.golden
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "versionInfo": "00000001",
- "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
- "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/api-gateway-with-tcp-route-and-inline-certificate.latest.golden b/agent/xds/testdata/listeners/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
index 0287ebcc4a17..3bfbb71f0672 100644
--- a/agent/xds/testdata/listeners/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
+++ b/agent/xds/testdata/listeners/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
@@ -1,60 +1,60 @@
{
- "versionInfo": "00000001",
- "resources": [
+ "versionInfo": "00000001",
+ "resources": [
{
- "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
- "name": "service:1.2.3.4:8080",
- "address": {
- "socketAddress": {
- "address": "1.2.3.4",
- "portValue": 8080
+ "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+ "name": "service:1.2.3.4:8080",
+ "address": {
+ "socketAddress": {
+ "address": "1.2.3.4",
+ "portValue": 8080
}
},
- "filterChains": [
+ "filterChains": [
{
- "filters": [
+ "filters": [
{
- "name": "envoy.filters.network.tcp_proxy",
- "typedConfig": {
- "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
- "statPrefix": "ingress_upstream_certificate",
- "cluster": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+ "name": "envoy.filters.network.tcp_proxy",
+ "typedConfig": {
+ "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+ "statPrefix": "ingress_upstream_certificate",
+ "cluster": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}
}
],
- "transportSocket": {
- "name": "tls",
- "typedConfig": {
- "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
- "commonTlsContext": {
- "tlsParams": {},
- "tlsCertificates": [
+ "transportSocket": {
+ "name": "tls",
+ "typedConfig": {
+ "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+ "commonTlsContext": {
+ "tlsParams": {},
+ "tlsCertificates": [
{
- "certificateChain": {
- "inlineString": "-----BEGIN CERTIFICATE-----\nMIICljCCAX4CCQCQMDsYO8FrPjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJV\nUzAeFw0yMjEyMjAxNzUwMjVaFw0yNzEyMTkxNzUwMjVaMA0xCzAJBgNVBAYTAlVT\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx95Opa6t4lGEpiTUogEB\nptqOdam2ch4BHQGhNhX/MrDwwuZQhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2\njQlhqTodElkbsd5vWY8R/bxJWQSoNvVE12TlzECxGpJEiHt4W0r8pGffk+rvplji\nUyCfnT1kGF3znOSjK1hRMTn6RKWCyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409\ng9X5VU88/Bmmrz4cMyxce86Kc2ug5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftr\nXOvuCbO5IBRHMOBHiHTZ4rtGuhMaIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+W\nmQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBfCqoUIdPf/HGSbOorPyZWbyizNtHJ\nGL7x9cAeIYxpI5Y/WcO1o5v94lvrgm3FNfJoGKbV66+JxOge731FrfMpHplhar1Z\nRahYIzNLRBTLrwadLAZkApUpZvB8qDK4knsTWFYujNsylCww2A6ajzIMFNU4GkUK\nNtyHRuD+KYRmjXtyX1yHNqfGN3vOQmwavHq2R8wHYuBSc6LAHHV9vG+j0VsgMELO\nqwxn8SmLkSKbf2+MsQVzLCXXN5u+D8Yv+4py+oKP4EQ5aFZuDEx+r/G/31rTthww\nAAJAMaoXmoYVdgXV+CPuBb2M4XCpuzLu3bcA2PXm5ipSyIgntMKwXV7r\n-----END CERTIFICATE-----\n"
+ "certificateChain": {
+ "inlineString": "-----BEGIN CERTIFICATE-----\nMIICljCCAX4CCQCQMDsYO8FrPjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJV\nUzAeFw0yMjEyMjAxNzUwMjVaFw0yNzEyMTkxNzUwMjVaMA0xCzAJBgNVBAYTAlVT\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx95Opa6t4lGEpiTUogEB\nptqOdam2ch4BHQGhNhX/MrDwwuZQhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2\njQlhqTodElkbsd5vWY8R/bxJWQSoNvVE12TlzECxGpJEiHt4W0r8pGffk+rvplji\nUyCfnT1kGF3znOSjK1hRMTn6RKWCyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409\ng9X5VU88/Bmmrz4cMyxce86Kc2ug5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftr\nXOvuCbO5IBRHMOBHiHTZ4rtGuhMaIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+W\nmQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBfCqoUIdPf/HGSbOorPyZWbyizNtHJ\nGL7x9cAeIYxpI5Y/WcO1o5v94lvrgm3FNfJoGKbV66+JxOge731FrfMpHplhar1Z\nRahYIzNLRBTLrwadLAZkApUpZvB8qDK4knsTWFYujNsylCww2A6ajzIMFNU4GkUK\nNtyHRuD+KYRmjXtyX1yHNqfGN3vOQmwavHq2R8wHYuBSc6LAHHV9vG+j0VsgMELO\nqwxn8SmLkSKbf2+MsQVzLCXXN5u+D8Yv+4py+oKP4EQ5aFZuDEx+r/G/31rTthww\nAAJAMaoXmoYVdgXV+CPuBb2M4XCpuzLu3bcA2PXm5ipSyIgntMKwXV7r\n-----END CERTIFICATE-----\n"
},
- "privateKey": {
- "inlineString": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAx95Opa6t4lGEpiTUogEBptqOdam2ch4BHQGhNhX/MrDwwuZQ\nhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2jQlhqTodElkbsd5vWY8R/bxJWQSo\nNvVE12TlzECxGpJEiHt4W0r8pGffk+rvpljiUyCfnT1kGF3znOSjK1hRMTn6RKWC\nyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409g9X5VU88/Bmmrz4cMyxce86Kc2ug\n5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftrXOvuCbO5IBRHMOBHiHTZ4rtGuhMa\nIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+WmQIDAQABAoIBACYvceUzp2MK4gYA\nGWPOP2uKbBdM0l+hHeNV0WAM+dHMfmMuL4pkT36ucqt0ySOLjw6rQyOZG5nmA6t9\nsv0g4ae2eCMlyDIeNi1Yavu4Wt6YX4cTXbQKThm83C6W2X9THKbauBbxD621bsDK\n7PhiGPN60yPue7YwFQAPqqD4YaK+s22HFIzk9gwM/rkvAUNwRv7SyHMiFe4Igc1C\nEev7iHWzvj5Heoz6XfF+XNF9DU+TieSUAdjd56VyUb8XL4+uBTOhHwLiXvAmfaMR\nHvpcxeKnYZusS6NaOxcUHiJnsLNWrxmJj9WEGgQzuLxcLjTe4vVmELVZD8t3QUKj\nPAxu8tUCgYEA7KIWVn9dfVpokReorFym+J8FzLwSktP9RZYEMonJo00i8aii3K9s\nu/aSwRWQSCzmON1ZcxZzWhwQF9usz6kGCk//9+4hlVW90GtNK0RD+j7sp4aT2JI8\n9eLEjTG+xSXa7XWe98QncjjL9lu/yrRncSTxHs13q/XP198nn2aYuQ8CgYEA2Dnt\nsRBzv0fFEvzzFv7G/5f85mouN38TUYvxNRTjBLCXl9DeKjDkOVZ2b6qlfQnYXIru\nH+W+v+AZEb6fySXc8FRab7lkgTMrwE+aeI4rkW7asVwtclv01QJ5wMnyT84AgDD/\nDgt/RThFaHgtU9TW5GOZveL+l9fVPn7vKFdTJdcCgYEArJ99zjHxwJ1whNAOk1av\n09UmRPm6TvRo4heTDk8oEoIWCNatoHI0z1YMLuENNSnT9Q280FFDayvnrY/qnD7A\nkktT/sjwJOG8q8trKzIMqQS4XWm2dxoPcIyyOBJfCbEY6XuRsUuePxwh5qF942EB\nyS9a2s6nC4Ix0lgPrqAIr48CgYBgS/Q6riwOXSU8nqCYdiEkBYlhCJrKpnJxF9T1\nofa0yPzKZP/8ZEfP7VzTwHjxJehQ1qLUW9pG08P2biH1UEKEWdzo8vT6wVJT1F/k\nHtTycR8+a+Hlk2SHVRHqNUYQGpuIe8mrdJ1as4Pd0d/F/P0zO9Rlh+mAsGPM8HUM\nT0+9gwKBgHDoerX7NTskg0H0t8O+iSMevdxpEWp34ZYa9gHiftTQGyrRgERCa7Gj\nnZPAxKb2JoWyfnu3v7G5gZ8fhDFsiOxLbZv6UZJBbUIh1MjJISpXrForDrC2QNLX\nkHrHfwBFDB3KMudhQknsJzEJKCL/KmFH6o0MvsoaT9yzEl3K+ah/\n-----END RSA PRIVATE KEY-----\n"
+ "privateKey": {
+ "inlineString": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAx95Opa6t4lGEpiTUogEBptqOdam2ch4BHQGhNhX/MrDwwuZQ\nhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2jQlhqTodElkbsd5vWY8R/bxJWQSo\nNvVE12TlzECxGpJEiHt4W0r8pGffk+rvpljiUyCfnT1kGF3znOSjK1hRMTn6RKWC\nyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409g9X5VU88/Bmmrz4cMyxce86Kc2ug\n5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftrXOvuCbO5IBRHMOBHiHTZ4rtGuhMa\nIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+WmQIDAQABAoIBACYvceUzp2MK4gYA\nGWPOP2uKbBdM0l+hHeNV0WAM+dHMfmMuL4pkT36ucqt0ySOLjw6rQyOZG5nmA6t9\nsv0g4ae2eCMlyDIeNi1Yavu4Wt6YX4cTXbQKThm83C6W2X9THKbauBbxD621bsDK\n7PhiGPN60yPue7YwFQAPqqD4YaK+s22HFIzk9gwM/rkvAUNwRv7SyHMiFe4Igc1C\nEev7iHWzvj5Heoz6XfF+XNF9DU+TieSUAdjd56VyUb8XL4+uBTOhHwLiXvAmfaMR\nHvpcxeKnYZusS6NaOxcUHiJnsLNWrxmJj9WEGgQzuLxcLjTe4vVmELVZD8t3QUKj\nPAxu8tUCgYEA7KIWVn9dfVpokReorFym+J8FzLwSktP9RZYEMonJo00i8aii3K9s\nu/aSwRWQSCzmON1ZcxZzWhwQF9usz6kGCk//9+4hlVW90GtNK0RD+j7sp4aT2JI8\n9eLEjTG+xSXa7XWe98QncjjL9lu/yrRncSTxHs13q/XP198nn2aYuQ8CgYEA2Dnt\nsRBzv0fFEvzzFv7G/5f85mouN38TUYvxNRTjBLCXl9DeKjDkOVZ2b6qlfQnYXIru\nH+W+v+AZEb6fySXc8FRab7lkgTMrwE+aeI4rkW7asVwtclv01QJ5wMnyT84AgDD/\nDgt/RThFaHgtU9TW5GOZveL+l9fVPn7vKFdTJdcCgYEArJ99zjHxwJ1whNAOk1av\n09UmRPm6TvRo4heTDk8oEoIWCNatoHI0z1YMLuENNSnT9Q280FFDayvnrY/qnD7A\nkktT/sjwJOG8q8trKzIMqQS4XWm2dxoPcIyyOBJfCbEY6XuRsUuePxwh5qF942EB\nyS9a2s6nC4Ix0lgPrqAIr48CgYBgS/Q6riwOXSU8nqCYdiEkBYlhCJrKpnJxF9T1\nofa0yPzKZP/8ZEfP7VzTwHjxJehQ1qLUW9pG08P2biH1UEKEWdzo8vT6wVJT1F/k\nHtTycR8+a+Hlk2SHVRHqNUYQGpuIe8mrdJ1as4Pd0d/F/P0zO9Rlh+mAsGPM8HUM\nT0+9gwKBgHDoerX7NTskg0H0t8O+iSMevdxpEWp34ZYa9gHiftTQGyrRgERCa7Gj\nnZPAxKb2JoWyfnu3v7G5gZ8fhDFsiOxLbZv6UZJBbUIh1MjJISpXrForDrC2QNLX\nkHrHfwBFDB3KMudhQknsJzEJKCL/KmFH6o0MvsoaT9yzEl3K+ah/\n-----END RSA PRIVATE KEY-----\n"
}
}
]
},
- "requireClientCertificate": false
+ "requireClientCertificate": false
}
}
}
],
- "listenerFilters": [
+ "listenerFilters": [
{
- "name": "envoy.filters.listener.tls_inspector",
- "typedConfig": {
- "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
+ "name": "envoy.filters.listener.tls_inspector",
+ "typedConfig": {
+ "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
}
}
],
- "trafficDirection": "OUTBOUND"
+ "trafficDirection": "OUTBOUND"
}
],
- "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
- "nonce": "00000001"
+ "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+ "nonce": "00000001"
}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/api-gateway-with-tcp-route-and-inline-certificate.latest.golden b/agent/xds/testdata/routes/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
index 9c050cbe6b4d..306f5220e7b9 100644
--- a/agent/xds/testdata/routes/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
+++ b/agent/xds/testdata/routes/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
@@ -1,5 +1,5 @@
{
- "versionInfo": "00000001",
- "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
- "nonce": "00000001"
+ "versionInfo": "00000001",
+ "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+ "nonce": "00000001"
}
\ No newline at end of file
diff --git a/agent/xds/testdata/secrets/api-gateway-with-tcp-route-and-inline-certificate.latest.golden b/agent/xds/testdata/secrets/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
index 95612291de70..e6c25e165c65 100644
--- a/agent/xds/testdata/secrets/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
+++ b/agent/xds/testdata/secrets/api-gateway-with-tcp-route-and-inline-certificate.latest.golden
@@ -1,5 +1,5 @@
{
- "versionInfo": "00000001",
- "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
- "nonce": "00000001"
+ "versionInfo": "00000001",
+ "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
+ "nonce": "00000001"
}
\ No newline at end of file
diff --git a/envoyextensions/xdscommon/envoy_versioning_test.go b/envoyextensions/xdscommon/envoy_versioning_test.go
index e20a2ca8ceef..833e3014ebee 100644
--- a/envoyextensions/xdscommon/envoy_versioning_test.go
+++ b/envoyextensions/xdscommon/envoy_versioning_test.go
@@ -121,7 +121,6 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) {
"1.18.6": {expectErr: "Envoy 1.18.6 " + errTooOld},
"1.19.5": {expectErr: "Envoy 1.19.5 " + errTooOld},
"1.20.7": {expectErr: "Envoy 1.20.7 " + errTooOld},
- "1.21.5": {expectErr: "Envoy 1.21.5 " + errTooOld},
}
// Insert a bunch of valid versions.
@@ -136,10 +135,10 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) {
}
*/
for _, v := range []string{
+ "1.21.0", "1.21.1", "1.21.2", "1.21.3", "1.21.4", "1.21.5",
"1.22.0", "1.22.1", "1.22.2", "1.22.3", "1.22.4", "1.22.5",
- "1.23.0", "1.23.1", "1.23.2", "1.23.3", "1.23.4",
- "1.24.0", "1.24.1", "1.24.2",
- "1.25.0", "1.25.1",
+ "1.23.0", "1.23.1", "1.23.2",
+ "1.24.0",
} {
cases[v] = testcase{expect: SupportedProxyFeatures{}}
}
diff --git a/envoyextensions/xdscommon/proxysupport.go b/envoyextensions/xdscommon/proxysupport.go
index bedc0608bfd3..963e0dba0c2a 100644
--- a/envoyextensions/xdscommon/proxysupport.go
+++ b/envoyextensions/xdscommon/proxysupport.go
@@ -9,10 +9,10 @@ import "strings"
//
// see: https://www.consul.io/docs/connect/proxies/envoy#supported-versions
var EnvoyVersions = []string{
- "1.25.1",
- "1.24.2",
- "1.23.4",
+ "1.24.0",
+ "1.23.2",
"1.22.5",
+ "1.21.5",
}
// UnsupportedEnvoyVersions lists any unsupported Envoy versions (mainly minor versions) that fall
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/setup.sh b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/setup.sh
index bb9baacbb0f9..2394ab23621e 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/setup.sh
@@ -38,7 +38,6 @@ services = [
]
parents = [
{
- kind = "api-gateway"
name = "api-gateway"
}
]
@@ -48,4 +47,4 @@ register_services primary
gen_envoy_bootstrap api-gateway 20000 primary true
gen_envoy_bootstrap s1 19000
-gen_envoy_bootstrap s2 19001
+gen_envoy_bootstrap s2 19001
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-simple/setup.sh b/test/integration/connect/envoy/case-api-gateway-tcp-simple/setup.sh
index 56a86166d4c0..fd4f474abfdc 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-simple/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-simple/setup.sh
@@ -47,7 +47,6 @@ parents = [
{
name = "api-gateway"
sectionName = "listener-two"
- kind = "api-gateway"
}
]
'
@@ -74,4 +73,4 @@ register_services primary
gen_envoy_bootstrap api-gateway 20000 primary true
gen_envoy_bootstrap s1 19000
-gen_envoy_bootstrap s2 19001
+gen_envoy_bootstrap s2 19001
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-simple/verify.bats b/test/integration/connect/envoy/case-api-gateway-tcp-simple/verify.bats
index e96f473be4f4..51ed646bd6bc 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-simple/verify.bats
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-simple/verify.bats
@@ -29,4 +29,4 @@ load helpers
@test "api gateway should get an intentions error connecting to s2 via configured port" {
run retry_default must_fail_tcp_connection localhost:9998
-}
+}
\ No newline at end of file
diff --git a/test/integration/consul-container/libs/assert/envoy.go b/test/integration/consul-container/libs/assert/envoy.go
index 6713c4fb6490..e62118c4f1d8 100644
--- a/test/integration/consul-container/libs/assert/envoy.go
+++ b/test/integration/consul-container/libs/assert/envoy.go
@@ -127,7 +127,7 @@ func AssertEnvoyMetricAtLeast(t *testing.T, adminPort int, prefix, metric string
err error
)
failer := func() *retry.Timer {
- return &retry.Timer{Timeout: 60 * time.Second, Wait: 500 * time.Millisecond}
+ return &retry.Timer{Timeout: 30 * time.Second, Wait: 500 * time.Millisecond}
}
retry.RunWith(failer(), t, func(r *retry.R) {
diff --git a/test/integration/consul-container/libs/service/connect.go b/test/integration/consul-container/libs/service/connect.go
index b5a8087d2d67..ac4907d4e583 100644
--- a/test/integration/consul-container/libs/service/connect.go
+++ b/test/integration/consul-container/libs/service/connect.go
@@ -109,13 +109,6 @@ func (g ConnectContainer) Start() error {
return g.container.Start(g.ctx)
}
-func (g ConnectContainer) Stop() error {
- if g.container == nil {
- return fmt.Errorf("container has not been initialized")
- }
- return g.container.Stop(context.Background(), nil)
-}
-
func (g ConnectContainer) Terminate() error {
return cluster.TerminateContainer(g.ctx, g.container, true)
}
diff --git a/test/integration/consul-container/libs/service/examples.go b/test/integration/consul-container/libs/service/examples.go
index da075f5aec9c..9d95f6e9099f 100644
--- a/test/integration/consul-container/libs/service/examples.go
+++ b/test/integration/consul-container/libs/service/examples.go
@@ -101,13 +101,6 @@ func (g exampleContainer) Start() error {
return g.container.Start(context.Background())
}
-func (g exampleContainer) Stop() error {
- if g.container == nil {
- return fmt.Errorf("container has not been initialized")
- }
- return g.container.Stop(context.Background(), nil)
-}
-
func (c exampleContainer) Terminate() error {
return cluster.TerminateContainer(c.ctx, c.container, true)
}
diff --git a/test/integration/consul-container/libs/service/gateway.go b/test/integration/consul-container/libs/service/gateway.go
index 70897fc7b099..5fb3a36184b4 100644
--- a/test/integration/consul-container/libs/service/gateway.go
+++ b/test/integration/consul-container/libs/service/gateway.go
@@ -86,13 +86,6 @@ func (g gatewayContainer) Start() error {
return g.container.Start(context.Background())
}
-func (g gatewayContainer) Stop() error {
- if g.container == nil {
- return fmt.Errorf("container has not been initialized")
- }
- return g.container.Stop(context.Background(), nil)
-}
-
func (c gatewayContainer) Terminate() error {
return cluster.TerminateContainer(c.ctx, c.container, true)
}
diff --git a/test/integration/consul-container/libs/service/service.go b/test/integration/consul-container/libs/service/service.go
index 99da55822690..57a3539a6412 100644
--- a/test/integration/consul-container/libs/service/service.go
+++ b/test/integration/consul-container/libs/service/service.go
@@ -18,7 +18,6 @@ type Service interface {
GetName() string
GetServiceName() string
Start() (err error)
- Stop() (err error)
Terminate() error
Restart() error
GetStatus() (string, error)
diff --git a/test/integration/consul-container/libs/topology/peering_topology.go b/test/integration/consul-container/libs/topology/peering_topology.go
index ba36978c72f4..1c764c45c53c 100644
--- a/test/integration/consul-container/libs/topology/peering_topology.go
+++ b/test/integration/consul-container/libs/topology/peering_topology.go
@@ -41,7 +41,6 @@ type BuiltCluster struct {
func BasicPeeringTwoClustersSetup(
t *testing.T,
consulVersion string,
- peeringThroughMeshgateway bool,
) (*BuiltCluster, *BuiltCluster) {
// acceptingCluster, acceptingCtx, acceptingClient := NewPeeringCluster(t, "dc1", 3, consulVersion, true)
acceptingCluster, acceptingCtx, acceptingClient := NewPeeringCluster(t, 3, &libcluster.BuildOptions{
@@ -54,38 +53,6 @@ func BasicPeeringTwoClustersSetup(
ConsulVersion: consulVersion,
InjectAutoEncryption: true,
})
-
- // Create the mesh gateway for dataplane traffic and peering control plane traffic (if enabled)
- acceptingClusterGateway, err := libservice.NewGatewayService(context.Background(), "mesh", "mesh", acceptingCluster.Clients()[0])
- require.NoError(t, err)
- dialingClusterGateway, err := libservice.NewGatewayService(context.Background(), "mesh", "mesh", dialingCluster.Clients()[0])
- require.NoError(t, err)
-
- // Enable peering control plane traffic through mesh gateway
- if peeringThroughMeshgateway {
- req := &api.MeshConfigEntry{
- Peering: &api.PeeringMeshConfig{
- PeerThroughMeshGateways: true,
- },
- }
- configCluster := func(cli *api.Client) error {
- libassert.CatalogServiceExists(t, cli, "mesh")
- ok, _, err := cli.ConfigEntries().Set(req, &api.WriteOptions{})
- if !ok {
- return fmt.Errorf("config entry is not set")
- }
-
- if err != nil {
- return fmt.Errorf("error writing config entry: %s", err)
- }
- return nil
- }
- err = configCluster(dialingClient)
- require.NoError(t, err)
- err = configCluster(acceptingClient)
- require.NoError(t, err)
- }
-
require.NoError(t, dialingCluster.PeerWithCluster(acceptingClient, AcceptingPeerName, DialingPeerName))
libassert.PeeringStatus(t, acceptingClient, AcceptingPeerName, api.PeeringStateActive)
@@ -93,6 +60,7 @@ func BasicPeeringTwoClustersSetup(
// Register an static-server service in acceptingCluster and export to dialing cluster
var serverService, serverSidecarService libservice.Service
+ var acceptingClusterGateway libservice.Service
{
clientNode := acceptingCluster.Clients()[0]
@@ -113,10 +81,15 @@ func BasicPeeringTwoClustersSetup(
libassert.CatalogServiceExists(t, acceptingClient, "static-server-sidecar-proxy")
require.NoError(t, serverService.Export("default", AcceptingPeerName, acceptingClient))
+
+ // Create the mesh gateway for dataplane traffic
+ acceptingClusterGateway, err = libservice.NewGatewayService(context.Background(), "mesh", "mesh", clientNode)
+ require.NoError(t, err)
}
// Register an static-client service in dialing cluster and set upstream to static-server service
var clientSidecarService *libservice.ConnectContainer
+ var dialingClusterGateway libservice.Service
{
clientNode := dialingCluster.Clients()[0]
@@ -127,6 +100,9 @@ func BasicPeeringTwoClustersSetup(
libassert.CatalogServiceExists(t, dialingClient, "static-client-sidecar-proxy")
+ // Create the mesh gateway for dataplane traffic
+ dialingClusterGateway, err = libservice.NewGatewayService(context.Background(), "mesh", "mesh", clientNode)
+ require.NoError(t, err)
}
_, adminPort := clientSidecarService.GetAdminAddr()
diff --git a/test/integration/consul-container/test/peering/rotate_server_and_ca_then_fail_test.go b/test/integration/consul-container/test/peering/rotate_server_and_ca_then_fail_test.go
index bbac9cc03401..223effa449b2 100644
--- a/test/integration/consul-container/test/peering/rotate_server_and_ca_then_fail_test.go
+++ b/test/integration/consul-container/test/peering/rotate_server_and_ca_then_fail_test.go
@@ -50,7 +50,7 @@ import (
func TestPeering_RotateServerAndCAThenFail_(t *testing.T) {
t.Parallel()
- accepting, dialing := libtopology.BasicPeeringTwoClustersSetup(t, utils.TargetVersion, false)
+ accepting, dialing := libtopology.BasicPeeringTwoClustersSetup(t, utils.TargetVersion)
var (
acceptingCluster = accepting.Cluster
dialingCluster = dialing.Cluster
diff --git a/test/integration/consul-container/test/troubleshoot/troubleshoot_test.go b/test/integration/consul-container/test/troubleshoot/troubleshoot_upstream_test.go
similarity index 100%
rename from test/integration/consul-container/test/troubleshoot/troubleshoot_test.go
rename to test/integration/consul-container/test/troubleshoot/troubleshoot_upstream_test.go
diff --git a/test/integration/consul-container/test/upgrade/peering_control_plane_mgw_test.go b/test/integration/consul-container/test/upgrade/peering_control_plane_mgw_test.go
index 5ccba9567739..f4112b6f6b83 100644
--- a/test/integration/consul-container/test/upgrade/peering_control_plane_mgw_test.go
+++ b/test/integration/consul-container/test/upgrade/peering_control_plane_mgw_test.go
@@ -42,7 +42,7 @@ func TestPeering_Upgrade_ControlPlane_MGW(t *testing.T) {
}
run := func(t *testing.T, tc testcase) {
- accepting, dialing := libtopology.BasicPeeringTwoClustersSetup(t, tc.oldversion, true)
+ accepting, dialing := libtopology.BasicPeeringTwoClustersSetup(t, tc.oldversion)
var (
acceptingCluster = accepting.Cluster
dialingCluster = dialing.Cluster
@@ -54,6 +54,19 @@ func TestPeering_Upgrade_ControlPlane_MGW(t *testing.T) {
acceptingClient, err := acceptingCluster.GetClient(nil, false)
require.NoError(t, err)
+ // Enable peering control plane traffic through mesh gateway
+ req := &api.MeshConfigEntry{
+ Peering: &api.PeeringMeshConfig{
+ PeerThroughMeshGateways: true,
+ },
+ }
+ ok, _, err := dialingClient.ConfigEntries().Set(req, &api.WriteOptions{})
+ require.True(t, ok)
+ require.NoError(t, err)
+ ok, _, err = acceptingClient.ConfigEntries().Set(req, &api.WriteOptions{})
+ require.True(t, ok)
+ require.NoError(t, err)
+
// Verify control plane endpoints and traffic in gateway
_, gatewayAdminPort := dialing.Gateway.GetAdminAddr()
libassert.AssertUpstreamEndpointStatus(t, gatewayAdminPort, "server.dc1.peering", "HEALTHY", 1)
@@ -61,9 +74,6 @@ func TestPeering_Upgrade_ControlPlane_MGW(t *testing.T) {
libassert.AssertEnvoyMetricAtLeast(t, gatewayAdminPort,
"cluster.static-server.default.default.accepting-to-dialer.external",
"upstream_cx_total", 1)
- libassert.AssertEnvoyMetricAtLeast(t, gatewayAdminPort,
- "cluster.server.dc1.peering",
- "upstream_cx_total", 1)
// Upgrade the accepting cluster and assert peering is still ACTIVE
require.NoError(t, acceptingCluster.StandardUpgrade(t, context.Background(), tc.targetVersion))
@@ -80,12 +90,11 @@ func TestPeering_Upgrade_ControlPlane_MGW(t *testing.T) {
// - Register a new static-client service in dialing cluster and
// - set upstream to static-server service in peered cluster
- // Stop the accepting gateway and restart dialing gateway
- // to force peering control plane traffic through dialing mesh gateway
- require.NoError(t, accepting.Gateway.Stop())
+ // Restart the gateway & proxy sidecar
require.NoError(t, dialing.Gateway.Restart())
+ require.NoError(t, dialing.Container.Restart())
- // Restarted dialing gateway should not have any measurement on data plane traffic
+ // Restarted gateway should not have any measurement on data plane traffic
libassert.AssertEnvoyMetricAtMost(t, gatewayAdminPort,
"cluster.static-server.default.default.accepting-to-dialer.external",
"upstream_cx_total", 0)
@@ -93,7 +102,6 @@ func TestPeering_Upgrade_ControlPlane_MGW(t *testing.T) {
libassert.AssertEnvoyMetricAtLeast(t, gatewayAdminPort,
"cluster.server.dc1.peering",
"upstream_cx_total", 1)
- require.NoError(t, accepting.Gateway.Start())
clientSidecarService, err := libservice.CreateAndRegisterStaticClientSidecar(dialingCluster.Servers()[0], libtopology.DialingPeerName, true)
require.NoError(t, err)
diff --git a/test/integration/consul-container/test/upgrade/peering_http_test.go b/test/integration/consul-container/test/upgrade/peering_http_test.go
index fe91f7653098..aec03a3edb41 100644
--- a/test/integration/consul-container/test/upgrade/peering_http_test.go
+++ b/test/integration/consul-container/test/upgrade/peering_http_test.go
@@ -99,7 +99,7 @@ func TestPeering_UpgradeToTarget_fromLatest(t *testing.T) {
}
run := func(t *testing.T, tc testcase) {
- accepting, dialing := libtopology.BasicPeeringTwoClustersSetup(t, tc.oldversion, false)
+ accepting, dialing := libtopology.BasicPeeringTwoClustersSetup(t, tc.oldversion)
var (
acceptingCluster = accepting.Cluster
dialingCluster = dialing.Cluster
diff --git a/version/VERSION b/version/VERSION
index 1f0d2f335194..0dec25d15b37 100644
--- a/version/VERSION
+++ b/version/VERSION
@@ -1 +1 @@
-1.16.0-dev
+1.15.0-dev
\ No newline at end of file
diff --git a/website/content/docs/connect/config-entries/service-splitter.mdx b/website/content/docs/connect/config-entries/service-splitter.mdx
index 34ea9597e218..4386fba281bc 100644
--- a/website/content/docs/connect/config-entries/service-splitter.mdx
+++ b/website/content/docs/connect/config-entries/service-splitter.mdx
@@ -1,575 +1,54 @@
----
+---
layout: docs
-page_title: Service Splitter Configuration Entry Reference
-description: >-
- Service splitter configuration entries are L7 traffic management tools for redirecting requests for a service to
- multiple instances. Learn how to write `service-splitter` config entries in HCL or YAML with a specification
- reference, configuration model, a complete example, and example code by use case.
+page_title: Service Splitter - Configuration Entry Reference
+description: >-
+ The service splitter configuration entry kind defines how to divide service mesh traffic between service instances. Use the reference guide to learn about `""service-splitter""` config entry parameters and how it can be used for traffic management behaviors like canary rollouts, blue green deployment, and load balancing across environments.
---
-# Service Splitter Configuration Reference
-
-This reference page describes the structure and contents of service splitter configuration entries. Configure and apply service splitters to redirect a percentage of incoming traffic requests for a service to one or more specific service instances.
-
-## Configuration model
-
-The following list outlines field hierarchy, language-specific data types, and requirements in a service splitter configuration entry. Click on a property name to view additional details, including default values.
-
-
-
-
-
-- [`Kind`](#kind): string | required
-- [`Name`](#name): string | required
-- [`Namespace`](#namespace): string
-- [`Partition`](#partition): string
-- [`Meta`](#meta): map
-- [`Splits`](#splits): map | required
- - [`Weight`](#splits-weight): number | required
- - [`Service`](#splits-service): string | required
- - [`ServiceSubset`](#splits-servicesubset): string
- - [`Namespace`](#splits-namespace): string
- - [`Partition`](#splits-partition): string
- - [`RequestHeaders`](#splits-requestheaders): map
- - [`Add`](#splits-requestheaders): map
- - [`Set`](#splits-requestheaders): map
- - [`Remove`](#splits-requestheaders): map
- - [`ResponseHeaders`](#splits-responseheaders): map
- - [`Add`](#splits-responseheaders): map
- - [`Set`](#splits-responseheaders): map
- - [`Remove`](#splits-responseheaders): map
-
-
-
-
-
-- [`apiVersion`](#apiversion): string | required
-- [`kind`](#kind): string | required
-- [`metadata`](#metadata): object | required
- - [`name`](#metadata-name): string | required
- - [`namespace`](#metadata-namespace): string | optional
-- [`spec`](#spec): object | required
- - [`splits`](#spec-splits): list | required
- - [`weight`](#spec-splits-weight): float32 | required
- - [`service`](#spec-splits-service): string | required
- - [`serviceSubset`](#spec-splits-servicesubset): string
- - [`namespace`](#spec-splits-namespace): string
- - [`partition`](#spec-splits-partition): string
- - [`requestHeaders`](#spec-splits-requestheaders): HTTPHeaderModifiers
- - [`add`](#spec-splits-requestheaders): map
- - [`set`](#spec-splits-requestheaders): map
- - [`remove`](#spec-splits-requestheaders): map
- - [`responseHeaders`](#spec-splits-responseheaders): HTTPHeaderModifiers
- - [`add`](#spec-splits-responseheaders): map
- - [`set`](#spec-splits-responseheaders): map
- - [`remove`](#spec-splits-responseheaders): map
-
-
-
-
-## Complete configuration
-
-When every field is defined, a service splitter configuration entry has the following form:
-
-
-
-
-
-```hcl
-Kind = "service-splitter" ## string | required
-Name = "config-entry-name" ## string | required
-Namespace = "main" ## string
-Partition = "partition" ## string
-Meta = { ## map
- key = "value"
-}
-Splits = [ ## list | required
- { ## map
- Weight = 90 ## number | required
- Service = "service" ## string
- ServiceSubset = "v1" ## string
- Namespace = "target-namespace" ## string
- Partition = "target-partition" ## string
- RequestHeaders = { ## map
- Set = {
- "X-Web-Version" : "from-v1"
- }
- }
- ResponseHeaders = { ## map
- Set = {
- "X-Web-Version" : "to-v1"
- }
- }
- },
- {
- Weight = 10
- Service = "service"
- ServiceSubset = "v2"
- Namespace = "target-namespace"
- Partition = "target-partition"
- RequestHeaders = {
- Set = {
- "X-Web-Version" : "from-v2"
- }
- }
- ResponseHeaders = {
- Set = {
- "X-Web-Version" : "to-v2"
- }
- }
- }
-]
-```
-
-
-
-
-
-```json
-{
- "Kind" : "service-splitter", ## string | required
- "Name" : "config-entry-name", ## string | required
- "Namespace" : "main", ## string
- "Partition" : "partition", ## string
- "Meta" : { ## map
- "_key_" : "_value_"
- },
- "Splits" : [ ## list | required
- { ## map
- "Weight" : 90, ## number | required
- "Service" : "service", ## string
- "ServiceSubset" : "v1", ## string
- "Namespace" : "target-namespace", ## string
- "Partition" : "target-partition", ## string
- "RequestHeaders" : { ## map
- "Set" : {
- "X-Web-Version": "from-v1"
- }
- },
- "ResponseHeaders" : { ## map
- "Set" : {
- "X-Web-Version": "to-v1"
- }
- }
- },
- {
- "Weight" : 10,
- "Service" : "service",
- "ServiceSubset" : "v2",
- "Namespace" : "target-namespace",
- "Partition" : "target-partition",
- "RequestHeaders" : {
- "Set" : {
- "X-Web-Version": "from-v2"
- }
- },
- "ResponseHeaders" : {
- "Set" : {
- "X-Web-Version": "to-v2"
- }
- }
- }
- ]
-}
-```
-
-
-
-
-
-```yaml
-apiVersion: consul.hashicorp.com/v1alpha1 # string | required
-kind: ServiceSplitter # string | required
-metadata: # object | required
- name: config-entry-name # string | required
- namespace: main # string
-spec:
- splits: # list
- - weight: 90 # floating point | required
- service: service # string
- serviceSubset: v1 # string
- namespace: target-namespace # string
- partition: target-partition # string
- requestHeaders:
- set:
- x-web-version: from-v1 # string
- responseHeaders:
- set:
- x-web-version: to-v1 # string
- - weight: 10
- service: service
- serviceSubset: v2
- namespace: target-namespace
- partition: target-partition
- requestHeaders:
- set:
- x-web-version: from-v2
- responseHeaders:
- set:
- x-web-version: to-v2
-```
-
-
-
-
-
-## Specification
-
-This section provides details about the fields you can configure in the service splitter configuration entry.
-
-
-
-
-
-### `Kind`
-
-Specifies the type of configuration entry to implement.
-
-#### Values
-
-- Default: none
-- This field is required.
-- Data type: String value that must be set to `service-splitter`.
-
-### `Name`
-
-Specifies a name for the configuration entry. The name is metadata that you can use to reference the configuration entry when performing Consul operations, such as applying a configuration entry to a specific cluster.
-
-#### Values
-
-- Default: Defaults to the name of the node after writing the entry to the Consul server.
-- This field is required.
-- Data type: String
-
-
-### `Namespace`
-
-Specifies the [namespace](/consul/docs/enterprise/namespaces) to apply the configuration entry.
-
-#### Values
-
-- Default: None
-- Data type: String
-
-### `Partition`
-
-Specifies the [admin partition](/consul/docs/enterprise/admin-partitions) to apply the configuration entry.
-
-#### Values
-
-- Default: `Default`
-- Data type: String
-
-### `Meta`
-
-Specifies key-value pairs to add to the KV store.
-
-#### Values
-
-- Default: none
-- Data type: Map of one or more key-value pairs
- - keys: String
- - values: String, integer, or float
-
-### `Splits`
-
-Defines how much traffic to send to sets of service instances during a traffic split.
-
-#### Values
-
-- Default: None
-- This field is required.
-- Data type: list of objects that can contain the following fields:
- - `Weight`: The sum of weights for a set of service instances must add up to 100.
- - `Service`: This field is required.
- - `ServiceSubset`
- - `Namespace`
- - `Partition`
- - `RequestHeaders`
- - `ResponseHeaders`
-
-### `Splits[].Weight`
-
-Specifies the percentage of traffic sent to the set of service instances specified in the [`Service`](#service) field. Each weight must be a floating integer between `0` and `100`. The smallest representable value is `.01`. The sum of weights across all splits must add up to `100`.
-
-#### Values
-
-- Default: `null`
-- This field is required.
-- Data type: Floating number from `.01` to `100`.
-
-### `Splits[].Service`
-
-Specifies the name of the service to resolve.
-
-#### Values
-
-- Default: Inherits the value of the [`Name`](#name) field.
-- Data type: String
-
-### `Splits[].ServiceSubset`
-
-Specifies a subset of the service to resolve. A service subset assigns a name to a specific subset of discoverable service instances within a datacenter, such as `version2` or `canary`. All services have an unnamed default subset that returns all healthy instances.
-
-You can define service subsets in a [service resolver configuration entry](/consul/docs/connect/config-entries/service-resolver), which are referenced by their names throughout the other configuration entries. This field overrides the default subset value in the service resolver configuration entry.
-
-#### Values
-
-- Default: If empty, the `split` uses the default subset.
-- Data type: String
-
-### `Splits[].Namespace`
-
-Specifies the [namespace](/consul/docs/enterprise/namespaces) to use in the FQDN when resolving the service.
-
-#### Values
-
-- Default: Inherits the value of [`Namespace`](#Namespace) from the top-level of the configuration entry.
-- Data type: String
-
-### `Splits[].Partition`
-
-Specifies the [admin partition](/consul/docs/enterprise/admin-partitions) to use in the FQDN when resolving the service.
-
-#### Values
-
-- Default: By default, the `service-splitter` uses the [admin partition specified in the top-level configuration entry](#partition).
-- Data type: String
-
-### `Splits[].RequestHeaders`
-
-Specifies a set of HTTP-specific header modification rules applied to requests routed with the service split. You cannot configure request headers if the listener protocol is set to `tcp`. Refer to [Set HTTP Headers](#set-http-headers) for an example configuration.
-
-#### Values
-
-- Default: None
-- Values: Object containing one or more fields that define header modification rules
- - `Add`: Map of one or more key-value pairs
- - `Set`: Map of one or more key-value pairs
- - `Remove`: Map of one or more key-value pairs
-
-The following table describes how to configure values for request headers:
-
-| Rule | Description | Type |
-| --- | --- | --- |
-| `Add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
-| `Set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
-| `Remove` | Defines an list of headers to remove. Consul removes only headers containing exact matches. Header names are not case-sensitive. | list of strings |
-
-#### Use variable placeholders
-
-For `Add` and `Set`, if the service is configured to use Envoy as the proxy, the value may contain variables to interpolate dynamic metadata into the value. For example, using the variable `%DOWNSTREAM_REMOTE_ADDRESS%` in your configuration entry allows you to pass a value that is generated when the split occurs.
-
-
-### `Splits[].ResponseHeaders`
-
-Specifies a set of HTTP-specific header modification rules applied to responses routed with the service split. You cannot configure request headers if the listener protocol is set to `tcp`. Refer to [Set HTTP Headers](#set-http-headers) for an example configuration.
-
-#### Values
-
-- Default: None
-- Values: Object containing one or more fields that define header modification rules
- - `Add`: Map of one or more string key-value pairs
- - `Set`: Map of one or more string key-value pairs
- - `Remove`: Map of one or more string key-value pairs
-
-The following table describes how to configure values for response headers:
-
-| Rule | Description | Type |
-| --- | --- | --- |
-| `Add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
-| `Set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
-| `Remove` | Defines an list of headers to remove. Consul removes only headers containing exact matches. Header names are not case-sensitive. | list of strings |
-
-#### Use variable placeholders
-
-For `Add` and `Set`, if the service is configured to use Envoy as the proxy, the value may contain variables to interpolate dynamic metadata into the value. For example, using the variable `%DOWNSTREAM_REMOTE_ADDRESS%` in your configuration entry allows you to pass a value that is generated when the split occurs.
-
-
-
-
-
-### `apiVersion`
-
-Kubernetes-only parameter that specifies the version of the Consul API that the configuration entry maps to Kubernetes configurations. The value must be `consul.hashicorp.com/v1alpha1`.
-
-### `kind`
-
-Specifies the type of configuration entry to implement.
-
-#### Values
-
-- Default: none
-- This field is required.
-- Data type: String value that must be set to `serviceSplitter`.
-
-### `metadata.name`
-
-Specifies a name for the configuration entry. The name is metadata that you can use to reference the configuration entry when performing Consul operations, such as applying a configuration entry to a specific cluster.
-
-#### Values
-
-- Default: Inherits name from the host node
-- This field is required.
-- Data type: String
-
-
-### `metadata.namespace`
-
-Specifies the Consul namespace to use for resolving the service. You can map Consul namespaces to Kubernetes Namespaces in different ways. Refer to [Custom Resource Definitions (CRDs) for Consul on Kubernetes](/consul/docs/k8s/crds#consul-enterprise) for additional information.
-
-#### Values
-
-- Default: None
-- Data type: String
-
-### `spec`
-
-Kubernetes-only field that contains all of the configurations for service splitter pods.
-
-#### Values
-
-- Default: none
-- This field is required.
-- Data type: Object containing [`spec.splits`](#spec-splits) configuration
-
-### `spec.meta`
-
-Specifies key-value pairs to add to the KV store.
-
-#### Values
-
-- Default: none
-- Data type: Map of one or more key-value pairs
- - keys: String
- - values: String, integer, or float
-
-### `spec.splits`
-
-Defines how much traffic to send to sets of service instances during a traffic split.
+# Service Splitter Configuration Entry
-#### Values
+-> **v1.8.4+:** On Kubernetes, the `ServiceSplitter` custom resource is supported in Consul versions 1.8.4+.
+**v1.6.0+:** On other platforms, this config entry is supported in Consul versions 1.6.0+.
-- Default: None
-- This field is required.
-- Data type: list of objects that can contain the following fields:
- - `weight`: The sum of weights for a set of service instances. The total defined value must add up to 100.
- - `service`: This field is required.
- - `serviceSubset`
- - `namespace`
- - `partition`
- - `requestHeaders`
- - `responseHeaders`
+The `service-splitter` config entry kind (`ServiceSplitter` on Kubernetes) controls how to split incoming Connect
+requests across different subsets of a single service (like during staged
+canary rollouts), or perhaps across different services (like during a v2
+rewrite or other type of codebase migration).
-### `spec.splits[].weight`
+If no splitter config is defined for a service it is assumed 100% of traffic
+flows to a service with the same name and discovery continues on to the
+resolution stage.
-Specifies the percentage of traffic sent to the set of service instances specified in the [`spec.splits.service`](#spec-splits-service) field. Each weight must be a floating integer between `0` and `100`. The smallest representable value is `.01`. The sum of weights across all splits must add up to `100`.
+## Interaction with other Config Entries
-#### Values
+- Service splitter config entries are a component of [L7 Traffic
+ Management](/consul/docs/connect/l7-traffic).
-- Default: `null`
-- This field is required.
-- Data type: Floating integer from `.01` to `100`
+- Service splitter config entries are restricted to only services that define
+ their protocol as http-based via a corresponding
+ [`service-defaults`](/consul/docs/connect/config-entries/service-defaults) config
+ entry or globally via
+ [`proxy-defaults`](/consul/docs/connect/config-entries/proxy-defaults) .
-### `spec.splits[].service`
+- Any split destination that specifies a different `Service` field and omits
+ the `ServiceSubset` field is eligible for further splitting should a splitter
+ be configured for that other service, otherwise resolution proceeds according
+ to any configured
+ [`service-resolver`](/consul/docs/connect/config-entries/service-resolver).
-Specifies the name of the service to resolve.
+## UI
-#### Values
+Once a `service-splitter` is successfully entered, you can view it in the UI. Service routers, service splitters, and service resolvers can all be viewed by clicking on your service then switching to the _routing_ tab.
-- Default: The service matching the configuration entry [`meta.name`](#metadata-name) field.
-- Data type: String
+
-### `spec.splits[].serviceSubset`
-
-Specifies a subset of the service to resolve. This field overrides the `DefaultSubset`.
-
-#### Values
-
-- Default: Inherits the name of the default subset.
-- Data type: String
-
-### `spec.splits[].namespace`
-
-Specifies the [namespace](/consul/docs/enterprise/namespaces) to use when resolving the service.
-
-#### Values
-
-- Default: The namespace specified in the top-level configuration entry.
-- Data type: String
-
-### `spec.splits[].partition`
-
-Specifies which [admin partition](/consul/docs/enterprise/admin-partitions) to use in the FQDN when resolving the service.
-
-#### Values
-
-- Default: `default`
-- Data type: String
-
-### `spec.splits[].requestHeaders`
-
-Specifies a set of HTTP-specific header modification rules applied to requests routed with the service split. You cannot configure request headers if the listener protocol is set to `tcp`. Refer to [Set HTTP Headers](#set-http-headers) for an example configuration.
-
-#### Values
-
-- Default: None
-- Values: Object containing one or more fields that define header modification rules
- - `add`: Map of one or more key-value pairs
- - `set`: Map of one or more key-value pairs
- - `remove`: Map of one or more key-value pairs
-
-The following table describes how to configure values for request headers:
-
-| Rule | Description | Type |
-| --- | --- | --- |
-| `add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
-| `set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
-| `remove` | Defines an list of headers to remove. Consul removes only headers containing exact matches. Header names are not case-sensitive. | list of strings |
-
-#### Use variable placeholders
-
-For `add` and `set`, if the service is configured to use Envoy as the proxy, the value may contain variables to interpolate dynamic metadata into the value. For example, using the variable `%DOWNSTREAM_REMOTE_ADDRESS%` in your configuration entry allows you to pass a value that is generated when the split occurs.
-
-### `spec.splits[].responseHeaders`
-
-Specifies a set of HTTP-specific header modification rules applied to responses routed with the service split. You cannot configure request headers if the listener protocol is set to `tcp`. Refer to [Set HTTP Headers](#set-http-headers) for an example configuration.
-
-#### Values
-
-- Default: None
-- Values: Object containing one or more fields that define header modification rules
- - `add`: Map of one or more string key-value pairs
- - `set`: Map of one or more string key-value pairs
- - `remove`: Map of one or more string key-value pairs
-
-The following table describes how to configure values for response headers:
-
-| Rule | Description | Type |
-| --- | --- | --- |
-| `add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
-| `set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
-| `remove` | Defines an list of headers to remove. Consul removes only headers containing exact matches. Header names are not case-sensitive. | list of strings |
-
-#### Use variable placeholders
-
-For `add` and `set`, if the service is configured to use Envoy as the proxy, the value may contain variables to interpolate dynamic metadata into the value. For example, using the variable `%DOWNSTREAM_REMOTE_ADDRESS%` in your configuration entry allows you to pass a value that is generated when the split occurs.
-
-
-
-
-
-## Examples
-
-The following examples demonstrate common service splitter configuration patterns for specific use cases.
+## Sample Config Entries
### Two subsets of same service
Split traffic between two subsets of the same service:
-
-
-
+
```hcl
Kind = "service-splitter"
@@ -586,9 +65,18 @@ Splits = [
]
```
-
-
-
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ServiceSplitter
+metadata:
+ name: web
+spec:
+ splits:
+ - weight: 90
+ serviceSubset: v1
+ - weight: 10
+ serviceSubset: v2
+```
```json
{
@@ -607,34 +95,13 @@ Splits = [
}
```
-
-
-
-
-```yaml
-apiVersion: consul.hashicorp.com/v1alpha1
-kind: ServiceSplitter
-metadata:
- name: web
-spec:
- splits:
- - weight: 90
- serviceSubset: v1
- - weight: 10
- serviceSubset: v2
-```
-
-
-
-
+
### Two different services
Split traffic between two services:
-
-
-
+
```hcl
Kind = "service-splitter"
@@ -651,9 +118,18 @@ Splits = [
]
```
-
-
-
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ServiceSplitter
+metadata:
+ name: web
+spec:
+ splits:
+ - weight: 50
+ # will default to service with same name as config entry ("web")
+ - weight: 50
+ service: web-rewrite
+```
```json
{
@@ -671,35 +147,14 @@ Splits = [
}
```
-
-
-
-
-```yaml
-apiVersion: consul.hashicorp.com/v1alpha1
-kind: ServiceSplitter
-metadata:
- name: web
-spec:
- splits:
- - weight: 50
- # defaults to the service with same name as the configuration entry ("web")
- - weight: 50
- service: web-rewrite
-```
-
-
-
-
+
### Set HTTP Headers
Split traffic between two subsets with extra headers added so clients can tell
which version:
-
-
-
+
```hcl
Kind = "service-splitter"
@@ -726,9 +181,24 @@ Splits = [
]
```
-
-
-
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ServiceSplitter
+metadata:
+ name: web
+spec:
+ splits:
+ - weight: 90
+ serviceSubset: v1
+ responseHeaders:
+ set:
+ x-web-version: v1
+ - weight: 10
+ serviceSubset: v2
+ responseHeaders:
+ set:
+ x-web-version: v2
+```
```json
{
@@ -757,31 +227,136 @@ Splits = [
}
```
-
+
+## Available Fields
+',
+ yaml: false,
+ },
+ {
+ name: 'Namespace',
+ type: `string: "default"`,
+ enterprise: true,
+ description:
+ 'Specifies the namespace to which the configuration entry will apply.',
+ yaml: false,
+ },
+ {
+ name: 'Partition',
+ type: `string: "default"`,
+ enterprise: true,
+ description:
+ 'Specifies the admin partition to which the configuration entry will apply.',
+ yaml: false,
+ },
+ {
+ name: 'Meta',
+ type: 'map: nil',
+ description:
+ 'Specifies arbitrary KV metadata pairs. Added in Consul 1.8.4.',
+ yaml: false,
+ },
+ {
+ name: 'metadata',
+ children: [
+ {
+ name: 'name',
+ description: 'Set to the name of the service being configured.',
+ },
+ {
+ name: 'namespace',
+ description:
+ 'If running Consul Open Source, the namespace is ignored (see [Kubernetes Namespaces in Consul OSS](/consul/docs/k8s/crds#consul-oss)). If running Consul Enterprise see [Kubernetes Namespaces in Consul Enterprise](/consul/docs/k8s/crds#consul-enterprise) for more details.',
+ },
+ ],
+ hcl: false,
+ },
+ {
+ name: 'Splits',
+ type: 'array',
+ description:
+ 'Defines how much traffic to send to which set of service instances during a traffic split. The sum of weights across all splits must add up to 100.',
+ children: [
+ {
+ name: 'weight',
+ type: 'float32: 0',
+ description:
+ 'A value between 0 and 100 reflecting what portion of traffic should be directed to this split. The smallest representable weight is 1/10000 or .01%',
+ },
+ {
+ name: 'Service',
+ type: 'string: ""',
+ description: 'The service to resolve instead of the default.',
+ },
+ {
+ name: 'ServiceSubset',
+ type: 'string: ""',
+ description: {
+ hcl:
+ "A named subset of the given service to resolve instead of one defined as that service's `DefaultSubset`. If empty the default subset is used.",
+ yaml:
+ "A named subset of the given service to resolve instead of one defined as that service's `defaultSubset`. If empty the default subset is used.",
+ },
+ },
+ {
+ name: 'Namespace',
+ enterprise: true,
+ type: 'string: ""',
+ description:
+ 'The namespace to resolve the service from instead of the current namespace. If empty, the current namespace is used.',
+ },
+ {
+ name: 'Partition',
+ enterprise: true,
+ type: 'string: ""',
+ description:
+ 'The admin partition to resolve the service from instead of the current partition. If empty, the current partition is used.',
+ },
+ {
+ name: 'RequestHeaders',
+ type: 'HTTPHeaderModifiers: ',
+ description: `A set of [HTTP-specific header modification rules](/consul/docs/connect/config-entries/service-router#httpheadermodifiers)
+ that will be applied to requests routed to this split.
+ This cannot be used with a \`tcp\` listener.`,
+ },
+ {
+ name: 'ResponseHeaders',
+ type: 'HTTPHeaderModifiers: ',
+ description: `A set of [HTTP-specific header modification rules](/consul/docs/connect/config-entries/service-router#httpheadermodifiers)
+ that will be applied to responses from this split.
+ This cannot be used with a \`tcp\` listener.`,
+ },
+ ],
+ },
+ ]}
+/>
-
+## ACLs
-```yaml
-apiVersion: consul.hashicorp.com/v1alpha1
-kind: ServiceSplitter
-metadata:
- name: web
-spec:
- splits:
- - weight: 90
- serviceSubset: v1
- responseHeaders:
- set:
- x-web-version: v1
- - weight: 10
- serviceSubset: v2
- responseHeaders:
- set:
- x-web-version: v2
-```
+Configuration entries may be protected by [ACLs](/consul/docs/security/acl).
+
+Reading a `service-splitter` config entry requires `service:read` on the resource.
-
+Creating, updating, or deleting a `service-splitter` config entry requires
+`service:write` on the resource and `service:read` on any other service referenced by
+name in these fields:
-
\ No newline at end of file
+- [`Splits[].Service`](#service)
diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx
index b47639dc765e..19e98a136765 100644
--- a/website/content/docs/connect/proxies/envoy.mdx
+++ b/website/content/docs/connect/proxies/envoy.mdx
@@ -39,7 +39,6 @@ Consul supports **four major Envoy releases** at the beginning of each major Con
| Consul Version | Compatible Envoy Versions |
| ------------------- | -----------------------------------------------------------------------------------|
-| 1.15.x | 1.25.1, 1.24.2, 1.23.4, 1.22.5 |
| 1.14.x | 1.24.0, 1.23.1, 1.22.5, 1.21.5 |
| 1.13.x | 1.23.1, 1.22.5, 1.21.5, 1.20.7 |
| 1.12.x | 1.22.5, 1.21.5, 1.20.7, 1.19.5 |
@@ -53,7 +52,6 @@ Consul Dataplane is a feature introduced in Consul v1.14. Because each version o
| Consul Version | Consul Dataplane Version | Bundled Envoy Version |
| ------------------- | ------------------------ | ---------------------- |
-| 1.15.x | 1.1.x | 1.25.x |
| 1.14.x | 1.0.x | 1.24.x |
## Getting Started