Skip to content

Commit

Permalink
Update Mesh and Ingress Gateway CRDs for 1.12
Browse files Browse the repository at this point in the history 
- Rearrange spec fields in CRDs to match order in Consul structs.
- Update controller-gen from 0.6.0 to 0.8.0 and update generate command
  accordingly.
- Update to latest Consul API and SDK version
- Update files that were autogenerated
  • Loading branch information
@thisisnotashwin
thisisnotashwin committed Apr 13, 2022
1 parent 444052c commit 821044a
Show file tree
Hide file tree
Showing 33 changed files with 934 additions and 194 deletions.
4 changes: 2 additions & 2 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ ifeq (, $(shell which controller-gen))
CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
cd $$CONTROLLER_GEN_TMP_DIR ;\
go mod init tmp ;\
go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.6.0 ;\
go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.8.0 ;\
rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
}
CONTROLLER_GEN=$(shell go env GOPATH)/bin/controller-gen
Expand All @@ -109,4 +109,4 @@ DEV_IMAGE?=consul-k8s-control-plane-dev
GIT_COMMIT?=$(shell git rev-parse --short HEAD)
GIT_DIRTY?=$(shell test -n "`git status --porcelain`" && echo "+CHANGES" || true)
GIT_DESCRIBE?=$(shell git describe --tags --always)
CRD_OPTIONS ?= "crd:trivialVersions=true,allowDangerousTypes=true"
CRD_OPTIONS ?= "crd:allowDangerousTypes=true"
4 changes: 2 additions & 2 deletions charts/consul/templates/crd-exportedservices.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: exportedservices.consul.hashicorp.com
labels:
Expand Down Expand Up @@ -55,7 +55,7 @@ spec:
metadata:
type: object
spec:
description: ExportedServicesSpec defines the desired state of ExportedServices
description: ExportedServicesSpec defines the desired state of ExportedServices.
properties:
services:
description: Services is a list of services to be exported and the
Expand Down
137 changes: 98 additions & 39 deletions charts/consul/templates/crd-ingressgateways.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: ingressgateways.consul.hashicorp.com
labels:
Expand Down Expand Up @@ -55,7 +55,7 @@ spec:
metadata:
type: object
spec:
description: IngressGatewaySpec defines the desired state of IngressGateway
description: IngressGatewaySpec defines the desired state of IngressGateway.
properties:
listeners:
description: Listeners declares what ports the ingress gateway should
Expand All @@ -64,25 +64,6 @@ spec:
description: IngressListener manages the configuration for a listener
on a specific port.
properties:
tls:
description: TLS config for this listener.
properties:
enabled:
description: Indicates that TLS should be enabled for this
gateway service.
type: boolean
sds:
description: SDS allows configuring TLS certificate from
an SDS service.
properties:
certResource:
type: string
clusterName:
type: string
type: object
required:
- enabled
type: object
port:
description: Port declares the port on which the ingress gateway
should listen for traffic.
Expand All @@ -95,28 +76,14 @@ spec:
values are: (tcp | http | http2 | grpc).'
type: string
services:
description: "Services declares the set of services to which
the listener forwards traffic. \n For \"tcp\" protocol listeners,
only a single service is allowed. For \"http\" listeners,
multiple services can be declared."
description: Services declares the set of services to which
the listener forwards traffic. For "tcp" protocol listeners,
only a single service is allowed. For "http" listeners, multiple
services can be declared.
items:
description: IngressService manages configuration for services
that are exposed to ingress traffic.
properties:
tls:
description: TLS allows specifying some TLS configuration
per listener.
properties:
sds:
description: SDS allows configuring TLS certificate
from an SDS service.
properties:
certResource:
type: string
clusterName:
type: string
type: object
type: object
hosts:
description: "Hosts is a list of hostnames which should
be associated to this service on the defined listener.
Expand Down Expand Up @@ -201,13 +168,86 @@ spec:
any existing header values of the same name.
type: object
type: object
tls:
description: TLS allows specifying some TLS configuration
per listener.
properties:
sds:
description: SDS allows configuring TLS certificate
from an SDS service.
properties:
certResource:
description: CertResource is the SDS resource
name to request when fetching the certificate
from the SDS service.
type: string
clusterName:
description: ClusterName is the SDS cluster name
to connect to, to retrieve certificates. This
cluster must be specified in the Gateway's bootstrap
configuration.
type: string
type: object
type: object
type: object
type: array
tls:
description: TLS config for this listener.
properties:
cipherSuites:
description: Define a subset of cipher suites to restrict
Only applicable to connections negotiated via TLS 1.2
or earlier.
items:
type: string
type: array
enabled:
description: Indicates that TLS should be enabled for this
gateway service.
type: boolean
sds:
description: SDS allows configuring TLS certificate from
an SDS service.
properties:
certResource:
description: CertResource is the SDS resource name to
request when fetching the certificate from the SDS
service.
type: string
clusterName:
description: ClusterName is the SDS cluster name to
connect to, to retrieve certificates. This cluster
must be specified in the Gateway's bootstrap configuration.
type: string
type: object
tlsMaxVersion:
description: TLSMaxVersion sets the default maximum TLS
version supported. Must be greater than or equal to `TLSMinVersion`.
One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or
`TLSv1_3`. If unspecified, Envoy will default to TLS 1.3
as a max version for incoming connections.
type: string
tlsMinVersion:
description: TLSMinVersion sets the default minimum TLS
version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`,
`TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy v1.22.0
and newer will default to TLS 1.2 as a min version, while
older releases of Envoy default to TLS 1.0.
type: string
required:
- enabled
type: object
type: object
type: array
tls:
description: TLS holds the TLS configuration for this gateway.
properties:
cipherSuites:
description: Define a subset of cipher suites to restrict Only
applicable to connections negotiated via TLS 1.2 or earlier.
items:
type: string
type: array
enabled:
description: Indicates that TLS should be enabled for this gateway
service.
Expand All @@ -217,10 +257,29 @@ spec:
service.
properties:
certResource:
description: CertResource is the SDS resource name to request
when fetching the certificate from the SDS service.
type: string
clusterName:
description: ClusterName is the SDS cluster name to connect
to, to retrieve certificates. This cluster must be specified
in the Gateway's bootstrap configuration.
type: string
type: object
tlsMaxVersion:
description: TLSMaxVersion sets the default maximum TLS version
supported. Must be greater than or equal to `TLSMinVersion`.
One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`.
If unspecified, Envoy will default to TLS 1.3 as a max version
for incoming connections.
type: string
tlsMinVersion:
description: TLSMinVersion sets the default minimum TLS version
supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`,
or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will default
to TLS 1.2 as a min version, while older releases of Envoy default
to TLS 1.0.
type: string
required:
- enabled
type: object
Expand Down
76 changes: 73 additions & 3 deletions charts/consul/templates/crd-meshes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: meshes.consul.hashicorp.com
labels:
Expand Down Expand Up @@ -53,10 +53,80 @@ spec:
metadata:
type: object
spec:
description: MeshSpec defines the desired state of Mesh
description: MeshSpec defines the desired state of Mesh.
properties:
tls:
description: TLS defines the TLS configuration for the service mesh.
properties:
incoming:
description: Incoming defines the TLS configuration for inbound
mTLS connections targeting the public listener on Connect and
TerminatingGateway proxy kinds.
properties:
cipherSuites:
description: CipherSuites sets the default list of TLS cipher
suites to support when negotiating connections using TLS
1.2 or earlier. If unspecified, Envoy will use a default
server cipher list. The list of supported cipher suites
can be seen in https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169
and is dependent on underlying support in Envoy. Future
releases of Envoy may remove currently-supported but insecure
cipher suites, and future releases of Consul may add new
supported cipher suites if any are added to Envoy.
items:
type: string
type: array
tlsMaxVersion:
description: TLSMaxVersion sets the default maximum TLS version
supported. Must be greater than or equal to `TLSMinVersion`.
One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`.
If unspecified, Envoy will default to TLS 1.3 as a max version
for incoming connections.
type: string
tlsMinVersion:
description: TLSMinVersion sets the default minimum TLS version
supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`,
or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will
default to TLS 1.2 as a min version, while older releases
of Envoy default to TLS 1.0.
type: string
type: object
outgoing:
description: Outgoing defines the TLS configuration for outbound
mTLS connections dialing upstreams from Connect and IngressGateway
proxy kinds.
properties:
cipherSuites:
description: CipherSuites sets the default list of TLS cipher
suites to support when negotiating connections using TLS
1.2 or earlier. If unspecified, Envoy will use a default
server cipher list. The list of supported cipher suites
can be seen in https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169
and is dependent on underlying support in Envoy. Future
releases of Envoy may remove currently-supported but insecure
cipher suites, and future releases of Consul may add new
supported cipher suites if any are added to Envoy.
items:
type: string
type: array
tlsMaxVersion:
description: TLSMaxVersion sets the default maximum TLS version
supported. Must be greater than or equal to `TLSMinVersion`.
One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`.
If unspecified, Envoy will default to TLS 1.3 as a max version
for incoming connections.
type: string
tlsMinVersion:
description: TLSMinVersion sets the default minimum TLS version
supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`,
or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will
default to TLS 1.2 as a min version, while older releases
of Envoy default to TLS 1.0.
type: string
type: object
type: object
transparentProxy:
description: TransparentProxyMeshConfig controls configuration specific
description: TransparentProxy controls the configuration specific
to proxies in "transparent" mode. Added in v1.10.0.
properties:
meshDestinationsOnly:
Expand Down
4 changes: 2 additions & 2 deletions charts/consul/templates/crd-proxydefaults.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: proxydefaults.consul.hashicorp.com
labels:
Expand Down Expand Up @@ -55,7 +55,7 @@ spec:
metadata:
type: object
spec:
description: ProxyDefaultsSpec defines the desired state of ProxyDefaults
description: ProxyDefaultsSpec defines the desired state of ProxyDefaults.
properties:
config:
description: Config is an arbitrary map of configuration values used
Expand Down
4 changes: 2 additions & 2 deletions charts/consul/templates/crd-servicedefaults.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: servicedefaults.consul.hashicorp.com
labels:
Expand Down Expand Up @@ -55,7 +55,7 @@ spec:
metadata:
type: object
spec:
description: ServiceDefaultsSpec defines the desired state of ServiceDefaults
description: ServiceDefaultsSpec defines the desired state of ServiceDefaults.
properties:
expose:
description: Expose controls the default expose path configuration
Expand Down
4 changes: 2 additions & 2 deletions charts/consul/templates/crd-serviceintentions.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: serviceintentions.consul.hashicorp.com
labels:
Expand Down Expand Up @@ -55,7 +55,7 @@ spec:
metadata:
type: object
spec:
description: ServiceIntentionsSpec defines the desired state of ServiceIntentions
description: ServiceIntentionsSpec defines the desired state of ServiceIntentions.
properties:
destination:
description: Destination is the intention destination that will have
Expand Down
4 changes: 2 additions & 2 deletions charts/consul/templates/crd-serviceresolvers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: serviceresolvers.consul.hashicorp.com
labels:
Expand Down Expand Up @@ -55,7 +55,7 @@ spec:
metadata:
type: object
spec:
description: ServiceResolverSpec defines the desired state of ServiceResolver
description: ServiceResolverSpec defines the desired state of ServiceResolver.
properties:
connectTimeout:
description: ConnectTimeout is the timeout for establishing new network
Expand Down
Loading

0 comments on commit 821044a

Please sign in to comment.