From 0c846fa19b2dc777dd218f792854106a357df8a1 Mon Sep 17 00:00:00 2001 From: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> Date: Mon, 17 Apr 2023 19:41:31 -0400 Subject: [PATCH] docs: update docs related to GH-16779 (#17020) --- CHANGELOG.md | 2 +- .../docs/release-notes/consul/v1_15_x.mdx | 16 +++++++--------- .../content/docs/upgrading/upgrade-specific.mdx | 13 ++++--------- 3 files changed, 12 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bbf3d0aff9..c1ea14f6fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -109,7 +109,7 @@ BUG FIXES: KNOWN ISSUES: -* connect: An issue with leaf certificate rotation can cause some service instances to lose their ability to communicate in the mesh after 72 hours (LeafCertTTL). This issue is not consistently reproducible. We are working to address this issue in an upcoming patch release. To err on the side of caution, service mesh deployments should not upgrade to Consul v1.15 at this time. Refer to [[GH-16779](https://github.com/hashicorp/consul/issues/16779)] for the latest information. +* connect: A race condition can cause some service instances to lose their ability to communicate in the mesh after 72 hours (LeafCertTTL) due to a problem with leaf certificate rotation. This bug is fixed in Consul v1.15.2 by [GH-16818](https://github.com/hashicorp/consul/issues/16818). BREAKING CHANGES: diff --git a/website/content/docs/release-notes/consul/v1_15_x.mdx b/website/content/docs/release-notes/consul/v1_15_x.mdx index 5611caf33c..06513080ae 100644 --- a/website/content/docs/release-notes/consul/v1_15_x.mdx +++ b/website/content/docs/release-notes/consul/v1_15_x.mdx @@ -68,14 +68,11 @@ For more detailed information, please refer to the [upgrade details page](/consu The following issues are known to exist in the v1.15.x releases: -- All current 1.15.x versions are under investigation for a not-consistently-reproducible - issue that can cause some service instances to lose their ability to communicate in the mesh after +- v1.15.0 - v1.15.1 contain a race condition that can cause + some service instances to lose their ability to communicate in the mesh after [72 hours (LeafCertTTL)](/consul/docs/connect/ca/consul#leafcertttl) due to a problem with leaf certificate rotation. - We will update this section with more information as our investigation continues, - including the target availability for a fix. - Refer to [GH-16779](https://github.com/hashicorp/consul/issues/16779) - for the latest information. + This is resolved in Consul v1.15.2. - For v1.15.0, Consul is reporting newer releases of Envoy (for example, v1.25.1) as not supported, even though these versions are listed as valid in the [Envoy compatilibity matrix](/consul/docs/connect/proxies/envoy#envoy-and-consul-client-agent). The following error would result for newer versions of Envoy: @@ -83,15 +80,16 @@ The following issues are known to exist in the v1.15.x releases: Envoy version 1.25.1 is not supported. If there is a reason you need to use this version of envoy use the ignore-envoy-compatibility flag. Using an unsupported version of Envoy is not recommended and your experience may vary. ``` - The workaround to resolve this issue until Consul v1.15.1 would be to run the client agents with the new `ingore-envoy-compatiblity` flag: + To workaround this issue on Consul v1.15.0, launch sidecar proxies + with the `ignore-envoy-compatiblity` flag: ```shell-session $ consul connect envoy --ignore-envoy-compatibility ``` -- For v1.15.0, there is a known issue where `consul acl token read -self` requires an `-accessor-id`. This is resolved in the uppcoming Consul v1.15.1 patch release. +- For v1.15.0, there is a known issue where `consul acl token read -self` requires an `-accessor-id`. This is resolved in Consul v1.15.1. -- For v1.15.0, there is a known issue where search filters produced errors and resulted in lists not showing full results until being interacted with. This is resolved in the upcoming Consul v1.15.1 patch release. +- For v1.15.0, there is a known issue where search filters produced errors and resulted in lists not showing full results until being interacted with. This is resolved in Consul v1.15.1. ## Changelogs diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx index c8e6c583c1..08d80984f5 100644 --- a/website/content/docs/upgrading/upgrade-specific.mdx +++ b/website/content/docs/upgrading/upgrade-specific.mdx @@ -24,21 +24,16 @@ This change removes the backward-compatibility behavior introduced in Consul 1.1 ## Consul 1.15.x -#### Service mesh known issue +#### Service mesh compatibility ((#service-mesh-compatibility-1-15)) -To err on the side of caution, -service mesh deployments should not upgrade to Consul v1.15 at this time. +Upgrade to **Consul version 1.15.2 or later**. -We are currently investigating a not-consistently-reproducible issue that can cause +Consul versions 1.15.0 - 1.15.1 contain a race condition that can cause some service instances to lose their ability to communicate in the mesh after [72 hours (LeafCertTTL)](/consul/docs/connect/ca/consul#leafcertttl) due to a problem with leaf certificate rotation. -We will update this section with more information as our investigation continues, -including the target availability for a fix. -If you are already operating Consul v1.15, refer to discussion of this issue on -[GH-16779](https://github.com/hashicorp/consul/issues/16779) -for potential workarounds and to share your observations. +This bug is fixed in Consul versions 1.15.2 and newer. #### Removing configuration options