Merge branch 'main' into malizz-update-passive-health-check-crd

hashicorp · Sep 29, 2022 · 5d78465 · 5d78465
2 parents 30544f5 + cad7d10
commit 5d78465
Show file tree

Hide file tree

Showing 189 changed files with 12,537 additions and 13,287 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -38,16 +38,16 @@ commands:
             sudo tar -C /usr/local/bin -xzf gotestsum_1.6.4_linux_amd64.tar.gz
             rm gotestsum_1.6.4_linux_amd64.tar.gz
 
-            curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.14.0/kind-linux-amd64
+            curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.15.0/kind-linux-amd64
             chmod +x ./kind
             sudo mv ./kind /usr/local/bin/kind
 
             curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
             chmod +x ./kubectl
             sudo mv ./kubectl /usr/local/bin/kubectl
 
-            wget https://get.helm.sh/helm-v3.7.0-linux-amd64.tar.gz
-            tar -zxvf helm-v3.7.0-linux-amd64.tar.gz
+            wget https://get.helm.sh/helm-v3.9.4-linux-amd64.tar.gz
+            tar -zxvf helm-v3.9.4-linux-amd64.tar.gz
             sudo mv linux-amd64/helm /usr/local/bin/helm
   create-kind-clusters:
     parameters:
@@ -110,9 +110,10 @@ commands:
                   do
                     if ! gotestsum --no-summary=all --jsonfile=jsonfile-${pkg////-} -- $pkg -p 1 -timeout 2h -failfast \
                           << parameters.additional-flags >> \
-                          ${ENABLE_ENTERPRISE:+-enable-enterprise} \
                           -enable-multi-cluster \
+                          ${ENABLE_ENTERPRISE:+-enable-enterprise} \
                           -debug-directory="$TEST_RESULTS/debug" \
+                          -consul-image=hashicorppreview/consul-enterprise:1.14-dev \
                           -consul-k8s-image=<< parameters.consul-k8s-image >>
                     then
                       echo "Tests in ${pkg} failed, aborting early"
@@ -485,7 +486,7 @@ jobs:
 
   unit-test-helm-templates:
     docker:
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.11.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - checkout
@@ -506,7 +507,7 @@ jobs:
       - checkout
       - install-prereqs
       - create-kind-clusters:
-          version: "v1.24.0"
+          version: "v1.24.4"
       - restore_cache:
           keys:
             - consul-helm-modcache-v2-{{ checksum "acceptance/go.mod" }}
@@ -538,7 +539,7 @@ jobs:
       - checkout
       - install-prereqs
       - create-kind-clusters:
-          version: "v1.24.0"
+          version: "v1.24.4"
       - restore_cache:
           keys:
             - consul-helm-modcache-v2-{{ checksum "acceptance/go.mod" }}
@@ -570,7 +571,7 @@ jobs:
       - checkout
       - install-prereqs
       - create-kind-clusters:
-          version: "v1.24.0"
+          version: "v1.24.4"
       - restore_cache:
           keys:
             - consul-helm-modcache-v2-{{ checksum "acceptance/go.mod" }}
@@ -596,7 +597,7 @@ jobs:
   ##########################
   cleanup-gcp-resources:
     docker:
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.11.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
     steps:
       - run:
           name: cleanup leftover resources
@@ -614,7 +615,7 @@ jobs:
 
   cleanup-azure-resources:
     docker:
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.11.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
     steps:
       - run:
           name: cleanup leftover resources
@@ -632,7 +633,7 @@ jobs:
 
   cleanup-eks-resources:
     docker:
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.11.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
     steps:
       - checkout
       - run:
@@ -657,9 +658,10 @@ jobs:
     parallelism: 2
     environment:
       - TEST_RESULTS: /tmp/test-results
+      - USE_GKE_GCLOUD_AUTH_PLUGIN: true
     docker:
       # This image is built from test/docker/Test.dockerfile
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.11.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - run:
@@ -725,9 +727,10 @@ jobs:
     parallelism: 2
     environment:
       - TEST_RESULTS: /tmp/test-results
+      - USE_GKE_GCLOUD_AUTH_PLUGIN: true
     docker:
       # This image is built from test/docker/Test.dockerfile
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.11.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - run:
@@ -795,7 +798,7 @@ jobs:
       - TEST_RESULTS: /tmp/test-results
     docker:
       # This image is built from test/docker/Test.dockerfile
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.11.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - checkout
@@ -852,7 +855,7 @@ jobs:
       - TEST_RESULTS: /tmp/test-results
     docker:
       # This image is built from test/docker/Test.dockerfile
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.11.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - checkout
@@ -908,7 +911,7 @@ jobs:
       - TEST_RESULTS: /tmp/test-results
     docker:
       # This image is built from test/docker/Test.dockerfile
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.11.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - checkout
@@ -971,7 +974,7 @@ jobs:
       - TEST_RESULTS: /tmp/test-results
     docker:
       # This image is built from test/docker/Test.dockerfile
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.11.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - checkout
@@ -1034,7 +1037,7 @@ jobs:
     parallelism: 1
     docker:
       # This image is built from test/docker/Test.dockerfile
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.11.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - checkout
@@ -1217,14 +1220,14 @@ workflows:
           context: consul-ci
           requires:
             - dev-upload-docker
-      - acceptance-tproxy-cni:
-          context: consul-ci
-          requires:
-            - dev-upload-docker
-      - acceptance-tproxy:
-          context: consul-ci
-          requires:
-            - dev-upload-docker
+#      - acceptance-tproxy-cni:
+#          context: consul-ci
+#          requires:
+#            - dev-upload-docker
+#      - acceptance-tproxy:
+#          context: consul-ci
+#          requires:
+#            - dev-upload-docker
   nightly-acceptance-tests:
     triggers:
       - schedule:

diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -0,0 +1,21 @@
+---
+name: Backport Assistant Runner
+
+on:
+  pull_request:
+    types:
+      - closed
+      - labeled
+
+jobs:
+  backport:
+    if: github.event.pull_request.merged
+    runs-on: ubuntu-latest
+    container: hashicorpdev/backport-assistant:0.2.5
+    steps:
+      - name: Run Backport Assistant
+        run: backport-assistant backport -automerge -merge-method=squash
+        env:
+          BACKPORT_LABEL_REGEXP: "backport/(?P<target>\\d+\\.\\d+\\.x)"
+          BACKPORT_TARGET_TEMPLATE: "release/{{.target}}"
+          GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -74,7 +74,7 @@ jobs:
       - unit-helm-gen
     runs-on: ubuntu-latest
     container: 
-      image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.11.0
+      image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.12.0
       options: --user 1001
     steps:
       - name: Checkout code

diff --git a/.release/ci.hcl b/.release/ci.hcl
@@ -3,12 +3,15 @@ schema = "1"
 project "consul-k8s" {
   team = "consul-k8s"
   slack {
-    notification_channel = "CBXF3CGAF" # team-consul-kubernetes
+    notification_channel = "C0421KHNAV9" # feed-consul-k8s-ci
   }
   github {
     organization = "hashicorp"
     repository = "consul-k8s"
-    release_branches = ["main"]
+    release_branches = [
+      "main",
+      "release/**",
+    ]
   }
 }
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,28 @@
 ## UNRELEASED
 
+## 0.49.0 (September 29, 2022)
+
+FEATURES:
+* CLI:
+  * Add support for tab autocompletion [[GH-1437](https://github.com/hashicorp/consul-k8s/pull/1501)]
+* Consul CNI Plugin
+  * Support for OpenShift and Multus CNI plugin [[GH-1527](https://github.com/hashicorp/consul-k8s/pull/1527)]
+
+BUG FIXES:
+* Control plane
+  * Use global ACL auth method to provision ACL tokens for API Gateway in secondary datacenter [[GH-1481](https://github.com/hashicorp/consul-k8s/pull/1481)]
+  * Peering: pass new `use_auto_cert` value to gRPC TLS config when auto-encrypt is enabled. [[GH-1541](https://github.com/hashicorp/consul-k8s/pull/1541)]
+* Helm:
+  * Only create Federation Secret Job when server.updatePartition is 0 [[GH-1512](https://github.com/hashicorp/consul-k8s/pull/1512)]
+  * Fixes a typo in the templating of `global.connectInject.disruptionBudget.maxUnavailable`. [[GH-1530](https://github.com/hashicorp/consul-k8s/pull/1530)]
+
+IMPROVEMENTS:
+* Helm:
+  * API Gateway: Set primary datacenter flag when deploying controller into secondary datacenter with federation enabled [[GH-1511](https://github.com/hashicorp/consul-k8s/pull/1511)]
+  * API Gateway: Allow controller to create and update Secrets for storing Consul CA cert alongside gateway Deployments [[GH-1542](https://github.com/hashicorp/consul-k8s/pull/1542)]
+* Control-plane:
+  * Support escaped commas in service tag annotations for pods which use `consul.hashicorp.com/connect-service-tags` or `consul.hashicorp.com/service-tags`. [[GH-1532](https://github.com/hashicorp/consul-k8s/pull/1532)]
+
 ## 0.48.0 (September 01, 2022)
 
 FEATURES:

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -108,23 +108,17 @@ helm install consul --create-namespace -n consul -f ./values.dev.yaml ./charts/c
 
 ### Building and running the `consul-k8s` CLI
 
-Change directory into the `cli` folder where the golang code resides.
+Compile the `consul-k8s` CLI binary for your local machine:
 
 ```shell
-cd cli
+make cli-dev
 ```
+This will compile the `consul-k8s` binary into `cli/bin/consul-k8s` as well as your `$GOPATH`.
 
-Build the CLI binary using the following command
+Run the CLI as follows:
 
 ```shell
-go build -o bin/consul-k8s
-```
-
-Run the CLI as follows
-
-```shell
-./bin/consul-k8s version
-consul-k8s 0.36.0-dev
+consul-k8s version
 ```
 
 ### Making changes to consul-k8s
@@ -882,7 +876,7 @@ func TestExample(t *testing.T) {
 }
 ```
 
-Please see [mesh gateway tests](acceptance/tests/mesh-gateway/mesh_gateway_test.go)
+Please see [wan federation tests](acceptance/tests/wan-federation/wan_federation_test.go)
 for an example of how to use write a test that uses multiple contexts.
 
 #### Writing Assertions

diff --git a/Makefile b/Makefile
@@ -78,6 +78,11 @@ kind-cni:
 
 # ===========> CLI Targets
 
+cli-dev:
+	@echo "==> Installing consul-k8s CLI tool for ${GOOS}/${GOARCH}"
+	@cd cli; go build -o ./bin/consul-k8s; cp ./bin/consul-k8s ${GOPATH}/bin/
+
+
 cli-lint: ## Run linter in the control-plane directory.
 	cd cli; golangci-lint run -c ../.golangci.yml
 
@@ -138,13 +143,27 @@ prepare-release: ## Sets the versions, updates changelog to prepare this reposit
 ifndef RELEASE_VERSION
 	$(error RELEASE_VERSION is required)
 endif
-	source $(CURDIR)/control-plane/build-support/scripts/functions.sh; set_release_mode $(CURDIR) $(RELEASE_VERSION) "$(shell date +"%B %d, %Y")" $(PRERELEASE_VERSION)
+ifndef RELEASE_DATE
+	$(error RELEASE_DATE is required, use format <Month> <Day>, <Year> (ex. October 4, 2022))
+endif
+	source $(CURDIR)/control-plane/build-support/scripts/functions.sh; prepare_release $(CURDIR) $(RELEASE_VERSION) "$(RELEASE_DATE)" $(PRERELEASE_VERSION)
 
+prepare-dev:
+ifndef RELEASE_VERSION
+	$(error RELEASE_VERSION is required)
+endif
+ifndef RELEASE_DATE
+	$(error RELEASE_DATE is required, use format <Month> <Day>, <Year> (ex. October 4, 2022))
+endif
+ifndef NEXT_RELEASE_VERSION
+	$(error NEXT_RELEASE_VERSION is required)
+endif
+	source $(CURDIR)/control-plane/build-support/scripts/functions.sh; prepare_dev $(CURDIR) $(RELEASE_VERSION) "$(RELEASE_DATE)" $(NEXT_RELEASE_VERSION) $(PRERELEASE_VERSION)
 
 # ===========> Makefile config
 
 .DEFAULT_GOAL := help
-.PHONY: gen-helm-docs copy-crds-to-chart bats-tests help ci.aws-acceptance-test-cleanup version
+.PHONY: gen-helm-docs copy-crds-to-chart bats-tests help ci.aws-acceptance-test-cleanup version cli-dev prepare-dev prepare-release
 SHELL = bash
 GOOS?=$(shell go env GOOS)
 GOARCH?=$(shell go env GOARCH)

diff --git a/README.md b/README.md
@@ -66,7 +66,7 @@ use Consul with Kubernetes, please see the
 [Consul and Kubernetes documentation](https://www.consul.io/docs/platform/k8s/index.html).
 
 ### Prerequisites
-  * **Helm 3.2+** (Helm 2 is not supported)
+  * **Helm 3.6+** 
   * **Kubernetes 1.21-1.24** - This is the earliest version of Kubernetes tested.
     It is possible that this chart works with earlier versions, but it is
     untested.

diff --git a/acceptance/framework/consul/helm_cluster.go b/acceptance/framework/consul/helm_cluster.go
@@ -35,6 +35,10 @@ type HelmCluster struct {
 	// a bootstrap token from a Kubernetes secret stored in the cluster.
 	ACLToken string
 
+	// SkipCheckForPreviousInstallations is a toggle for skipping the check
+	// if there are any previous installations of this Helm chart in the cluster.
+	SkipCheckForPreviousInstallations bool
+
 	ctx                environment.TestContext
 	helmOptions        *helm.Options
 	releaseName        string
@@ -109,7 +113,9 @@ func (h *HelmCluster) Create(t *testing.T) {
 	})
 
 	// Fail if there are any existing installations of the Helm chart.
-	helpers.CheckForPriorInstallations(t, h.kubernetesClient, h.helmOptions, "consul-helm", "chart=consul-helm")
+	if !h.SkipCheckForPreviousInstallations {
+		helpers.CheckForPriorInstallations(t, h.kubernetesClient, h.helmOptions, "consul-helm", "chart=consul-helm")
+	}
 
 	chartName := config.HelmChartPath
 	if h.helmOptions.Version != config.HelmChartPath {
@@ -565,9 +571,8 @@ func configureSCCs(t *testing.T, client kubernetes.Interface, cfg *config.TestCo
 
 func defaultValues() map[string]string {
 	values := map[string]string{
-		"server.replicas":              "1",
-		"connectInject.envoyExtraArgs": "--log-level debug",
-		"connectInject.logLevel":       "debug",
+		"global.logLevel": "debug",
+		"server.replicas": "1",
 		// Disable DNS since enabling it changes the policy for the anonymous token,
 		// which could result in tests passing due to that token having privileges to read services
 		// (false positive).