Releases: cloudfoundry/routing-release
Releases · cloudfoundry/routing-release
0.175.0
Release Highlights
- Operators can now configure the manifest property
router.sanitize_forwarded_proto: true
to sanitize the X-Forwarded-Proto HTTP header in a request when router.force_forwarded_proto_https
is set to false
. We recommend setting the property to true
if the Gorouter is the first component to terminate TLS, and setting it to false
when your load balancer is terminating TLS and setting the X-Forwarded-Proto header details
Bug fixes:
- Fixed an issue where the Gorouter was temporarily(for 30 seconds) removing backends from the pool of available backends when a downstream client closes the connection while the request is still being processed. This could lead to temporary application unavailability details
- Fixed a bug where
request_timeout_in_seconds
was being set per connection and not per request, leading to requests timing out while the request is still being processed details
- Fixed a bug where the router was temporarily(for 30 seconds) not removing a backend from the pool of available backends when a backend application instance was misbehaving (e.g. closing the connection or crashing). Operators would see
502
errors in the Gorouter logs details
Golang update:
- Gorouter and dependencies have been updated to Golang 1.10.1 details
Manifest Property Changes
0.174.0 |
0.175.0 |
Default Value |
did not exist |
router.sanitize_forwarded_proto |
false |
0.174.0
Release Highlights
- When a connection to a TLS enabled backend fails, Gorouter tries to send a request to another backend of the app before returning a response to the client. In an environment where some backends are TLS enabled and some are not, if the Gorouter first chooses a TLS enabled backend and fails, and if it subsequently chooses a non TLS backend, then it will appropriately use a plain text request. details
Manifest Property Changes
- No manifest property changes
0.173.0
Release Highlights
- Previously if an operator sets
router.disable_http: true
in the Gorouter manifest, requests for a route bound to a route service running as an app on the platform would return a 502. This has now been fixed, route services will work as expected when router.disable_http: true
details
- Golang version updated from 1.9.1 to 1.9.4 details
Manifest Property Changes
- No manifest property changes
0.171.0
Release Highlights
- Gorouter now supports websocket connections to backend applications for routes registered with tls_ports details
- routing-release now enables operators to expose available UAA clients via BOSH links in cf-deployment details
- We see a performance degradation in this release, on further investigation we are confident this is not related to routing-release changes or stemcell changes. This strongly suggests it might be due to underlying IaaS performance. We see a 10% decrease in peak latency from 4150 requests/s to 3750 requests/s and an increase in latency at throughput above 2750 requests/s.
Manifest Property Changes
- No manifest property changes
0.170.0
Release Highlights
- Fix for RATs failure with CF CLI 6.33.1 details
- The performance report included with this release shows a performance degradation since the last release. This can be attributed to the hypervisor patches on AWS and the BOSH stemcell patch for Meltdown. On our test environment we observed less than a 5% decrease in peak throughput from 4300 requests/s to 4150 requests/s, and latency increased marginally at throughput levels of 3500 requests/s and more.
Manifest Property Changes
- No manifest property changes
0.169.0
Release Highlights
- Gorouter now emits a metric
total_dropped_messages
that gives the total number of messages dropped by the NATs client details
- Gorouter now emits a metric
buffered_messages
that gives the size of the number of messages in the NATs client buffer details
- In 0.168.0 support was added to Gorouter for three configurable behaviors regarding validation of client certificates. In this release the default was changed from
none
to request
details
Manifest Property Changes
router
0.168.0 |
0.169.0 |
Default Value |
'router.client_cert_validation` |
default changed |
Changed to request from none |
0.168.0
Release Highlights
- Gorouter now immediately prunes backends registered with
tls_port
when TLS handshake fails because backend doesn't support TLS details
- Gorouter now supports three configurable behaviors regarding validation of client certificates: validation disabled, validate if present but not required, and client cert required details
Manifest Property Changes
router
0.167.0 |
0.168.0 |
Default Value |
did not exist |
router.client_cert_validation |
none . The default will be changed to request in the next version. |
0.167.0
Release Highlights
- Routing Acceptance Tests no longer leak verbose-level output details
- Routes registered with
tls_port
and server_cert_domain_san
are only pruned when validation of application identity (using server_cert_domain_san
) fails details
- Route registrar now supports registration of backends with TLS; this causes Gorouter to initiate TLS sessions with backends details
- README updated with documentation explaining log levels details
- Operator may now disable writing access logs locally using the
router.write_access_logs_locally
property details
- Gorouter now depends on the bosh logrotate cron job details
Manifest Property Changes
router
0.166.0 |
0.167.0 |
Default Value |
router.logrotate.freq_min |
removed |
|
router.logrotate.rotate |
removed |
|
router.logrotate.size |
removed |
|
did not exist |
router.write_access_logs_locally |
true |
route-registrar
0.166.0 |
0.167.0 |
Default Value |
route_registrar.routes |
Objects in the routes array now support optional fields tls_port and server_cert_domain_san |
|
0.166.0
Release Highlights
- Routing API can now be backed up and restored using BOSH Backup & Restore (epic)
- Routing API now supports TLS to database details
- Routing API no longer supports migration from etcd details
- Gorouter now logs a
499
status code when client connection disconnected before response sent details
- Route Integrity (In progress) (epic)
Manifest Property Changes
routing_api
0.165.0 |
0.166.0 |
Default Value |
routing_api.etcd.servers |
no longer supported |
|
routing_api.etcd.client_cert |
no longer supported |
|
routing_api.etcd.client_key |
no longer supported |
|
routing_api.etcd.ca_cert |
no longer supported |
|
routing_api.etcd.require_ssl |
no longer supported |
|
did not exist |
routing_api.sqldb.ca_cert |
|
did not exist |
routing_api.admin_port |
15897 |
did not exist |
release_level_backup |
false |