Release Highlights
New Features
- The
tcp-routernow emits connection error metrics on a per app basis, to assist troubleshooting when apps start having connectivity issues - The
X-Cf-Router-Errorheader now contains more details forendpoint_failureerrors, to indicate what type of failure occurred 🎉 🎉 🎉 Thanks @thomas-kaltenbach for the PR! 🎉 🎉 🎉 - Backend TLS handshake timeouts are now configurable via the
tls_handshake_timeout_in_secondsproperty. 🎉 🎉 🎉 Thanks @ywei2017 for the PR! 🎉 🎉 🎉
X509 Subject Alt Name Requirements
The gorouter job will now fail to render its template on BOSH deploys if a tls_pem contains a cert_chain that does not have a SubjectAltName (SAN) extension on the certificate. This started being required in Golang 1.15, but we have been working around this using the golang.x509ignoreCN property. This property now defaults to false, so operators are made aware of any certs that need to be regenerated. When routing-release is built against golang 1.17, the golang.x509ignoreCN workaround will cease to function, and environments will need to have certs updated by then.
If encountered, the template rendering error will match: tls_pem[<cert index>].cert_chain must include a subjectAltName extension
For more information, see Golang 1.15's release notes
Bugfixes
- The gorouter template is now generated in a way that is compatible with BOSH Directors built with Ruby 3 (#225)
- Resolves an issue where a stale route for an app using route services with an out of date route-service URL could result in all requests going to the out-of-date route-service URL, and failing.
- Clarifies gorouter logs and routing tables to reflect
http1as the protocol when HTTP/2 is disabled, even if the route was registered indicating it supported HTTP/2.
Manifest Property Changes
| Job | Property | 0.225.0 | 0.226.0 |
|---|---|---|---|
gorouter
| tls_handshake_timeout_in_seconds
| does not exist | defaults to 10
|
gorouter
| golang.x509ignoreCN
| true | false |