Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Envoy #8216

Merged
merged 1 commit into from
Jul 13, 2020
Merged

Update Envoy #8216

merged 1 commit into from
Jul 13, 2020

Conversation

hanshasselberg
Copy link
Member

@hanshasselberg hanshasselberg commented Jun 30, 2020
edited by rboyer
Loading

The new envoy versions are fixing a couple of CVEs: https://www.envoyproxy.io/docs/envoy/latest/version_history/v1.14.4.

Checklist

  • Run the full Envoy integration test using the new versions:
make test-envoy-integ ENVOY_VERSIONS="1.14.4"
make test-envoy-integ ENVOY_VERSIONS="1.13.4"
make test-envoy-integ ENVOY_VERSIONS="1.12.6"
  • Update ENVOY_VERSION in test/integration/connect/envoy/run-tests.sh to the latest version
  • Update the CI jobs in .circleci/config.yml
    • There are multiple jobs named envoy-integration-test-* where the oldest has a full definition while the others are aliases that just change the version number.
    • Update the list of envoy-integration-test-* jobs in the test-integrations workflow to match the new job names changes above.
  • Update -envoy-version to the latest version in website/pages/docs/commands/connect/envoy.mdx and defaultEnvoyVersion in command/connect/envoy/envoy.go
  • Update agent/xds/clusters_test.go: supportedEnvoyVersions
  • Update the supported versions list in the docs in website/pages/docs/connect/proxies/envoy.mdx
  • Regenerate testdata:
    • go test ./command/connect/envoy -update
    • go test ./agent/xds -update
  • Create an issue consul-k8s to update the default Envoy image to be the latest supported version. It's currently here: https://github.com/hashicorp/consul-k8s/blob/f75b6f559fae9f96667820796edd47c0c7a3824b/connect-inject/handler.go#L23 but probably worth checking the code base and updating this list if there are other references: Consul 1.8.1 will ship with support for envoy 1.14.4: Envoy 1.14.4 consul-k8s#287
  • Create an issue for consul-helm to update the default Envoy image. Currently https://github.com/hashicorp/consul-helm/blob/master/values.yaml#L609 but again grep and sanity check: Envoy 1.14.4 consul-helm#525.
  • Create an issue for Nomad to update the default Envoy docker image they use in their integration with a link to the PR and information about the version we will make the change in and the expected timeline for release: Consul will support envoy 1.14.4 with Consul 1.8 nomad#7665 (comment).

@hanshasselberg
Copy link
Member Author

Fails with envoyproxy/envoy:v1.12.5 atm.

@hanshasselberg
Copy link
Member Author

envoyproxy/envoy#11838

@jsosulska jsosulska added theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies theme/envoy/xds Related to Envoy support theme/testing Testing, and related enhancements labels Jul 2, 2020
This was referenced Jul 3, 2020
Closed
Closed
@rboyer
Copy link
Member

rboyer commented Jul 8, 2020

On 7/8 v1.14.4, v1.13.4, and v1.12.6 are now available.

@rboyer
Copy link
Member

rboyer commented Jul 8, 2020

This should probably wait until the #8222 (and backports) land.

rboyer
rboyer reviewed Jul 9, 2020
View reviewed changes
agent/xds/clusters_test.go
@@ -742,8 +742,8 @@ func setupTLSRootsAndLeaf(t *testing.T, snap *proxycfg.ConfigSnapshot) {
//
// see: https://www.consul.io/docs/connect/proxies/envoy#supported-versions
var supportedEnvoyVersions = []string{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is new with the new version sniffing logic. I rebased this entire PR.

@rboyer
Copy link
Member

rboyer commented Jul 9, 2020
edited
Loading

I've rebased the PR on master (with my version sniffing PR merged) and also bumped all of the versions to the extra double plus latest patch releases.

rboyer
rboyer approved these changes Jul 10, 2020
View reviewed changes
Copy link
Member

@rboyer rboyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

freddygv
freddygv approved these changes Jul 13, 2020
View reviewed changes
Copy link
Contributor

@freddygv freddygv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rboyer rboyer merged commit 496fb5f into master Jul 13, 2020
@rboyer rboyer deleted the update_envoy branch July 13, 2020 20:44
@dependabot dependabot bot mentioned this pull request Mar 14, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@freddygv freddygv freddygv approved these changes

@rboyer rboyer rboyer approved these changes

Assignees
No one assigned
Labels
theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies theme/envoy/xds Related to Envoy support theme/testing Testing, and related enhancements
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hanshasselberg @rboyer @freddygv @jsosulska