Backport of Set privileged to false unless on OpenShift without CNI into release/1.1.x #2762
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It's no longer required since hashicorp/consul-helm#1046
Update links to support DevDot
* update to the latest versions
* Added some go-changelog automations - added templates for go-changelog, pretty much copied from Consul - added a checker for missing changelog entries * added contributing doc information on new changelog * update prepare release to update the changelog - Prepare release now requires an additional LAST_RELEASE_GIT_TAG environment variable required by go-changelog - removed adding the unreleased tag to the Changelog as we will no longer be doing that. All changelog entries will be added at the time of release by the go-changelog tool
* fix grammar in changelog checker * add backport checker
Support automatic ACL bootstrapping with the Vault secrets backend With the Vault secrets backend, server-acl-init now: * Runs the Vault agent as a sidecar * Bootstraps ACLs if the Vault bootstrap token is empty or not found, and writes the bootstrap token back to Vault via the Vault agent The Kubernetes backend will write the bootstrap token to the user-provided secret if that secret is empty. The Vault behavior is the same. The Vault backend writes to a default secret name if the secretName and secretKey are not set in the helm chart values. server-acl-init reads the secret directly from k8s or Vault. * Remove -bootstrap-token-file flag from server-acl-init and remove the * Remove the volume/mount for bootstrap token --------- Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
* update charts to point to 1.15.1 * updated consul libraries to the latest
…roller Add SNI skip for client node configuration
…`null` to increase service registration times (#2008) * Update values.yaml
Clients are not required for ingress/terminating gateways.
Website has linting that errors when links have the developer.hashicorp.com prefix.
…shicorp/consul-k8s into bug/gateway-controller-incomplete-acl
…or for apiGateway (#2597) * Support multiline nodeSelector arg * Support multiline service annotations arg * Update test assertions * Add changelog entry
* add kustomize files - These reflect the different test cases - sameness.yaml defines the ordered list of failovers - static-server responds with a unique name so we can track failover order - static-client includes both DNS and CURL in the image used so we can exec in for testing * add sameness tests - We do a bunch of infra setup for peering and partitions, but after the initial setup only partitions are tested - We test service failover, dns failover and PQ failover scenarios * add 4 kind clusters to make target - The sameness tests require 4 kind clusters, so the make target will now spin up 4 kind clusters - not all tests need 4 kind clusters, but the entire suite of tests can be run with 4 * increase kubectl timeout to 90s - add variable for configuring timeout - timeout was triggering locally on intel mac machine, so this timeout should cover our devs lowest performing machines * add sameness test to test packages * Fix comments on partition connect test
* Added logLevel field for components * Add changelog * Fix tests * Rename 2298.txt to 2302.txt * Address comments * Fix tests * Fix helm tests * Address comments * Add client and server loglevels * Fix bats * Update changelog * Fix bats tests
- Add missing license headers.
* Bump golang.org/x/net to 0.12.0 in cni This was missed in 5b57e63 as part of a general upgrade of that dependency. * Bump server-connection-manager to v0.1.3 Tidying up following CVE dependency bumps, leading to a new release of this library.
* Fix default Ent image tag in acceptance tests Rather than hard-coding the Docker repository and parsing the non-Ent image tag for a version, simply replace the image name and retain other coordinates. This is consistent with our tagging scheme introduced in hashicorp/consul#13541 and will allow for using `hashicorppreview` images seamlessly regardless of whether OSS or Ent is being tested. * Add make target for loading images in kind Complement other multi-cluster make targets by supporting image loading across kind clusters.
security: Upgrade Go and x/net Upgrade to Go 1.20.7 and `x/net` 1.13.0 to resolve [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) and [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978).
increase timeout while waiting for server to be ready and fix require.Equal check
* Increase the retries and add config entry retries
…ing on OpenShift (#2184) Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com>
* Adds port mapping to Gateway Class Config to avoid running container on privileged ports Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
* Implement validation of TLS options * Use constants for annotation keys * Add changelog entry * Implement TLS options translation * Update changelog entry * Add unit test coverage for TLS option validation * Code review feedback
* JWT auth basic acceptance test * Update to run only in enterprise mode, update comment to be correct * Remove usage of `testing.t` in retry block * Fixed last `t` in retry block in tests * Update acceptance/tests/api-gateway/api_gateway_test.go Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update acceptance/tests/api-gateway/api_gateway_test.go Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Updating filenames for gw jwt cases and adding message about why this test is skipped --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Apply K8s node locality to services and sidecars Locality-aware routing is based on proxy locality rather than the proxied service. Ensure we propagate locality to both when registering services.
hc-github-team-consul-core
force-pushed
the
backport/privileged-false/severely-notable-monkey
branch
2 times, most recently
from
cdfe3df
to
14998fb
Compare
hc-github-team-consul-core
force-pushed
the
backport/privileged-false/severely-notable-monkey
branch
from
adf1456
to
659c439
Compare
auto-merge was automatically disabled
August 11, 2023 18:33
Pull request was closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This PR is auto-generated from #2755 to be assessed for backporting due to the inclusion of the label backport/1.1.x.
The below text is copied from the body of the original PR.
Changes proposed in this PR:
How I've tested this PR:
How I expect reviewers to test this PR:
👀
Checklist:
Overview of commits