Backport of update service config crds, update passive health check into release/0.49.x #1559
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Added SecurityContextConstraints CRD so that CNI has the permissions to run on OpenShift and gave the consul-cni service account permissions to reach OpenShifts SCC CRD. * Added a --multus flag to the CNI installer so that the flag can be used by the CNI plugin. * When --multus flag is set, create a default Network Attachment Definition CRD for Multus to use. Note, Pods require an annotation in order for Multus to run the consul-cni plugin. Please see Multus documentation for more information about how to use Multus. * Fix: Fixed installer to rename .conf file .conflist file when consul-cni is added to a base plugin. * Improvement: The plugin is now more consistent at updating annotations.
* Allow the API Gateway controller to create and update Secrets * Add changelog entry * Update CHANGELOG.md
* README: bump Helm CLI requirement to 3.6+
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
* Register mesh-gateways using the endpoints controller. - Use consul-dataplane to configure the mesh-gateway proxy and remove envoy container. - Remove instances of client and auto-encrypt from the deployment. * Replace ioutil.ReadFile with os.ReadFile
…ager (#1502) * Introduce new set of Consul flags that will be used by all consul-k8s commands * Use consul-server-connection-manager to discover servers and use up-to-date server IP every time we need to make an API request.
- Added a `terminating-gateway-service.yaml` template. In order to register the deployment with the Endpoints Controller, a "dummy" service must exist so that a Kubernetes endpoint object is created, triggering the Endpoints Controller reconcile loop. - Modified the `terminating-gateway-deployment.yaml` template: - Added a "managed by" label. - Added annotations to configure the behavior of the Endpoints Controller during registration. - Removed the `copy-consul-bin` init container. - Changed the `terminating-gateway-init` init container to use `connect-init` instead of `acl-init` as the client `acl-init` talked to will no longer exist in agentless. - Removed the `preStop` hook from the `terminating-gateway` container. - Removed the `consul-sidecar` container in preparation for the blessings of the Consul Dataplane. - Removed BATS tests which covered features no longer present in agentless. - Added BATS tests for `terminating-gateway-service` and for Consul namespace handling in `terminating-gateway-deployment`. - Added annotation `consul.hashicorp.com/terminating-gateway-namespace` to configure which Consul namespace a terminating gateway will be placed in when using Consul Enterprise. - Modified the Endpoints Controller to register terminating gateways - Added a `switch` to the `createGatewayRegistrations` method which handles configuration of the endpoint particular to the terminating gateway. - Added unit tests which verify the registrations created by `createGatewayRegistrations` is correct. - Added a unit test to verify the the `Reconcile` method does register the endpoint. Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> Co-authored-by: Ashwin Venkatesh <ashwin.what@gmail.com> Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
… command (#1520) * Introduce new set of Consul flags that will be used by all consul-k8s commands * Use consul-server-connection-manager to discover servers and use up-to-date server IP every time we need to make an API request. Co-authored-by: Ashwin Venkatesh <ashwin.what@gmail.com>
* integrate partition-init job with consul-server-connection-manager * integrate controller with consul-server-connection-manager * modify partition token to be be able read all services so that it works with connection manager
- Use consul-dataplane instead of envoy.
* Revert "Rolling back helm upgrade in CLI back to 3.6.1 (#1492)" This reverts commit a448a75. * update ci job for helm 3.9.4 * setting nightly acceptance tests to run on this branch and only run TestConnectInject * Setting kubeconfig_api_version to client.authentication.k8s.io/v1beta1 in EKS module in terraform * disabling slac notifications * updating aws/eks terraform version * updating aws/eks terraform version to 17.24.0 * adding kubectl_api_version * updating the aws-iam-authenticator to (hopefully) match v1beta1 * using a dev image with the aws-iam-authenticator change * try setting KUBERNETES_EXEC_INFO * using a tagged image * trying kubernetes 1.22 * pulling down aws-iam-authenticator directly from github * updating CI to use consul-helm-test image with latest aws-iam-authenticator
…ings on GKE (#1553) * running TestBasicInstallation in GKE with gke-gcloud-auth-plugin * using current consul-helm-test image
* update service config crds, update passive health check * get latest type changes from consul api, address comments * Update control-plane/api/v1alpha1/servicedefaults_types_test.go Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com> * replace pointer func calls with library function * fix import Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
9075799 to
4d9d023
Compare
added 2 commits
September 29, 2022 08:19
4d9d023 to
64c1971
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This PR is auto-generated from #1484 to be assessed for backporting due to the inclusion of the label backport/0.49.x.
WARNING automatic cherry-pick of commits failed. Commits will require human attention.
The below text is copied from the body of the original PR.
Changes proposed in this PR:
How I've tested this PR:
How I expect reviewers to test this PR:
Checklist:
Overview of commits