Allow setting TLS for gRPC with deprecated options [1.13.x] #14668
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Replaces #14644.
This PR is only being merged against
release/1.13.x
because it is not needed in Consul 1.14.Once 1.14 is released we will drop support for configuring TLS for gRPC using the flags available in Consul 1.11.
Description
Currently TLS for gRPC can only be enabled using the options nested in the tls.grpc configuration stanza.
That leads to a breaking change where the TLS options deprecated in 1.12 cannot be used to enable TLS for gRPC.
This commit updates the logic for determining whether TLS should be used on the public gRPC port: If the 1.12 tls stanza is not specified we default to the original behavior, which is to enable TLS for gRPC if the HTTPS port is set.
The change allows for consul-k8s to continue to use TLS flags compatible with 1.11 until 1.14 is released.
Testing & Reproduction steps
Links
Related to:
PR Checklist