Skip to content

0.286.0

Choose a tag to compare

View all tags
@tas-runtime-bot tas-runtime-bot released this 10 Jan 21:27
· 3815 commits to develop since this release
v0.286.0
28e8a70

BREAKING CHANGES

  • The deprecated /varz and /healthz endpoints for gorouter on port 8080 have been removed - Thanks @ameowlia and @geofffranks!
  • The /routes endpoint on gorouter's port 8080 has been moved to port 8082, and is available only on localhost - Thanks @ameowlia and @geofffranks!
  • TLS certificates for gorouter + tcp_router's health endpoints are now required to deploy. Fortunately this is provided automatically in cf-deployment - Thanks @ameowlia and @geofffranks!

Changes

Bosh Job Spec changes:

diff --git a/jobs/gorouter/spec b/jobs/gorouter/spec
index 35576742..8fc23a78 100644
--- a/jobs/gorouter/spec
+++ b/jobs/gorouter/spec
@@ -57,11 +57,21 @@ properties:
     default: router-status
   router.status.password:
     description: "Password for HTTP basic auth to the /varz and /routes endpoints."
+  router.status.enable_nontls_health_checks:
+    description: "Toggles whether or not gorouter will listen on a non-tls endpoint for load balancer health checks."
+    default: true
+  router.status.enable_deprecated_varz_healthz_endpoints:
+    description: |
+      Toggles whether or not gorouter will respond to the deprecated /healthz,
+      /varz, and /routes endpoints on its non-tls load balancer status port.
+      Requires 'router.status.enable_nontls_health_checks' to be true.
+    default: false
   router.status.routes.port:
     description: "Port used for the /routes endpoint (available on localhost-only)"
     default: 8082
   router.status.tls.port:
     description: "Port used for the TLS listener of the LB healthcheck endpoint"
+    default: 8443
   router.status.tls.certificate:
     description: "TLS Certificate used for the TLS listener of the LB healthcheck endpoint"
   router.status.tls.key:
diff --git a/jobs/tcp_router/spec b/jobs/tcp_router/spec
index dd3b8a4e..44fbb41a 100644
--- a/jobs/tcp_router/spec
+++ b/jobs/tcp_router/spec
@@ -10,6 +10,7 @@ templates:
   routing_api_client_certificate.crt.erb: config/certs/routing-api/client.crt
   routing_api_client_private.key.erb: config/keys/routing-api/client.key
   routing_api_ca_certificate.crt.erb: config/certs/routing-api/ca_cert.crt
+  tcp_router_health_check_certificate.pem.erb: config/certs/health.pem
   haproxy.conf.erb: config/haproxy.conf
   haproxy.conf.template.erb: config/haproxy.conf.template
   bpm.yml.erb: config/bpm.yml
@@ -66,9 +67,20 @@ properties:
   tcp_router.request_timeout_in_seconds:
     description: "Server and client timeouts in seconds"
     default: 300
+
+  tcp_router.enable_nontls_health_checks:
+    description: "Toggles on/off whether or not to listen for load balancer health check requests on the non-tls `tcp_router.health_check_port` port"
+    default: true
   tcp_router.health_check_port:
     description: "Load balancer in front of TCP Routers should be configured to check the health of TCP Router instances by establishing a TCP connection on this port"
     default: 80
+  tcp_router.tls_health_check_port:
+    description: "Load balancer in front of TCP Routers should be configured to check the health of TCP Router instances by establishing a TLS connection on this port"
+    default: 443
+  tcp_router.tls_health_check_cert:
+    description: "TLS certificate to use on the TCP Router's TLS health check port"
+  tcp_router.tls_health_check_key:
+    description: "TLS private key to use on the TCP Router's TLS health check port"
 
   tcp_router.fail_on_router_port_conflicts:
     description: "Fail the tcp router if routing_api.reserved_system_component_ports conflict with ports in existing router groups."

✨ Built with go 1.21.6

Full Changelog: v0.285.0...v0.286.0

Resources

Contributors

marc, peanball, and 4 other contributors
Assets 3
Loading