From 9a8c47d589fe4125f552de1c9c1f0365faa46480 Mon Sep 17 00:00:00 2001 From: Derek Menteer <105233703+hashi-derek@users.noreply.github.com> Date: Fri, 18 Nov 2022 15:59:57 -0600 Subject: [PATCH] Add Consul 1.14.0 known issue. (#15469) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> --- CHANGELOG.md | 4 ++++ website/content/docs/upgrading/upgrade-specific.mdx | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa6b48c8d1..a97f383b9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ## 1.14.0 (November 15, 2022) +KNOWN ISSUES: + +* cli: `consul connect envoy` incorrectly enables TLS for gRPC connections when the HTTP API is TLS-enabled. + BREAKING CHANGES: * config: Add new `ports.grpc_tls` configuration option. diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx index ea23036642..d48e3eeaf0 100644 --- a/website/content/docs/upgrading/upgrade-specific.mdx +++ b/website/content/docs/upgrading/upgrade-specific.mdx @@ -29,6 +29,12 @@ earlier. If you operate Consul service mesh using Nomad 1.4.2 or earlier, do not [hashicorp/nomad#15266](https://github.com/hashicorp/nomad/issues/15266) is fixed. +For 1.14.0, there is a known issue with `consul connect envoy`. If the command is configured +to use TLS for contacting the HTTP API, it will also incorrectly enable TLS for gRPC. +Users should not upgrade to 1.14.0 if they are using plaintext gRPC connections in +conjunction with TLS-encrypted HTTP APIs. + + #### Changes to gRPC TLS configuration **Make configuration changes** if using [`ports.grpc`](/docs/agent/config/config-files#grpc_port) in conjunction with any of the following settings that enables encryption: