From 100219b49a1fb5a64cc2342e5dcc1f7a9a40df6d Mon Sep 17 00:00:00 2001
From: Curt Bushko <cbushko@gmail.com>
Date: Thu, 26 Oct 2023 14:17:33 -0400
Subject: [PATCH 1/2] Update kind to 1.28.0

Hardcode GKE version for now and update all clouds from 1.26 -> 1.28
---
 .changelog/3138.txt                           |  3 +++
 .github/workflows/pr.yml                      |  2 +-
 acceptance/ci-inputs/kind-inputs.yaml         |  2 +-
 charts/consul/test/terraform/aks/variables.tf |  2 +-
 charts/consul/test/terraform/eks/main.tf      |  2 +-
 charts/consul/test/terraform/gke/main.tf      | 17 +++++++++++++----
 charts/consul/test/terraform/gke/outputs.tf   |  4 ++++
 7 files changed, 24 insertions(+), 8 deletions(-)
 create mode 100644 .changelog/3138.txt

diff --git a/.changelog/3138.txt b/.changelog/3138.txt
new file mode 100644
index 0000000000..e79382f360
--- /dev/null
+++ b/.changelog/3138.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+helm: Kubernetes v1.28 is now supported. Minimum tested version of Kubernetes is now v1.26.
+```
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 38c4c368ae..2959554e21 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -19,6 +19,6 @@ jobs:
       with:
         workflow: test.yml
         repo: hashicorp/consul-k8s-workflows
-        ref: mw/1-18-parallel-tproxy
+        ref: main
         token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
         inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ env.SHA }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }'
diff --git a/acceptance/ci-inputs/kind-inputs.yaml b/acceptance/ci-inputs/kind-inputs.yaml
index ba21d2cdaf..9b047bdac6 100644
--- a/acceptance/ci-inputs/kind-inputs.yaml
+++ b/acceptance/ci-inputs/kind-inputs.yaml
@@ -2,5 +2,5 @@
 # SPDX-License-Identifier: MPL-2.0
 
 kindVersion: v0.19.0
-kindNodeImage: kindest/node:v1.27.1
+kindNodeImage: kindest/node:v1.28.0@sha256:dad5a6238c5e41d7cac405fae3b5eda2ad1de6f1190fa8bfc64ff5bb86173213
 kubectlVersion: v1.27.1
diff --git a/charts/consul/test/terraform/aks/variables.tf b/charts/consul/test/terraform/aks/variables.tf
index bb8d48251a..306532f85c 100644
--- a/charts/consul/test/terraform/aks/variables.tf
+++ b/charts/consul/test/terraform/aks/variables.tf
@@ -7,7 +7,7 @@ variable "location" {
 }
 
 variable "kubernetes_version" {
-  default     = "1.25"
+  default     = "1.26"
   description = "Kubernetes version supported on AKS"
 }
 
diff --git a/charts/consul/test/terraform/eks/main.tf b/charts/consul/test/terraform/eks/main.tf
index 3bc8b40451..739d4a5839 100644
--- a/charts/consul/test/terraform/eks/main.tf
+++ b/charts/consul/test/terraform/eks/main.tf
@@ -68,7 +68,7 @@ module "eks" {
   kubeconfig_api_version = "client.authentication.k8s.io/v1beta1"
 
   cluster_name    = "consul-k8s-${random_id.suffix[count.index].dec}"
-  cluster_version = "1.26"
+  cluster_version = "1.27"
   subnets         = module.vpc[count.index].private_subnets
   enable_irsa     = true
 
diff --git a/charts/consul/test/terraform/gke/main.tf b/charts/consul/test/terraform/gke/main.tf
index 34bb07906f..2bec2c6dde 100644
--- a/charts/consul/test/terraform/gke/main.tf
+++ b/charts/consul/test/terraform/gke/main.tf
@@ -4,7 +4,7 @@
 terraform {
   required_providers {
     google = {
-      version = "~> 4.58.0"
+      version = "~> 5.3.0"
     }
   }
 }
@@ -21,7 +21,7 @@ resource "random_id" "suffix" {
 
 data "google_container_engine_versions" "main" {
   location       = var.zone
-  version_prefix = "1.25.9"
+  version_prefix = "1.28."
 }
 
 # We assume that the subnets are already created to save time.
@@ -37,14 +37,23 @@ resource "google_container_cluster" "cluster" {
   project            = var.project
   initial_node_count = 3
   location           = var.zone
-  min_master_version = data.google_container_engine_versions.main.latest_master_version
-  node_version       = data.google_container_engine_versions.main.latest_master_version
+  # 2023-10-30 - There is a bug with the terraform provider where lastest_master_version is not being returned by the
+  # api. Hardcode GKE version for now.
+  #min_master_version = data.google_container_engine_versions.main.latest_master_version
+  #node_version       = data.google_container_engine_versions.main.latest_master_version
+  min_master_version = "1.28.2-gke.1157000"
+  node_version       = "1.28.2-gke.1157000"
   node_config {
     tags         = ["consul-k8s-${random_id.suffix[count.index].dec}"]
     machine_type = "e2-standard-8"
   }
   subnetwork      = data.google_compute_subnetwork.subnet.name
   resource_labels = var.labels
+
+  release_channel {
+    channel = "RAPID"
+  }
+  deletion_protection = false
 }
 
 resource "google_compute_firewall" "firewall-rules" {
diff --git a/charts/consul/test/terraform/gke/outputs.tf b/charts/consul/test/terraform/gke/outputs.tf
index a0ffac907f..b1c1343e9e 100644
--- a/charts/consul/test/terraform/gke/outputs.tf
+++ b/charts/consul/test/terraform/gke/outputs.tf
@@ -12,3 +12,7 @@ output "cluster_names" {
 output "kubeconfigs" {
   value = [for cl in google_container_cluster.cluster : format("$HOME/.kube/%s", cl.name)]
 }
+
+output "versions" {
+  value = data.google_container_engine_versions.main
+}

From 622daf9673b6d466ace369d37b48de93551efbc9 Mon Sep 17 00:00:00 2001
From: Curt Bushko <cbushko@gmail.com>
Date: Mon, 30 Oct 2023 15:55:19 -0400
Subject: [PATCH 2/2] reset nightly

test 1.25 to 1.28
---
 .changelog/3138.txt                           |  2 +-
 README.md                                     |  2 +-
 charts/consul/test/terraform/aks/variables.tf |  2 +-
 charts/consul/test/terraform/eks/main.tf      |  2 +-
 charts/consul/test/terraform/gke/main.tf      | 16 +++++-----------
 5 files changed, 9 insertions(+), 15 deletions(-)

diff --git a/.changelog/3138.txt b/.changelog/3138.txt
index e79382f360..2eefd6b616 100644
--- a/.changelog/3138.txt
+++ b/.changelog/3138.txt
@@ -1,3 +1,3 @@
 ```release-note:improvement
-helm: Kubernetes v1.28 is now supported. Minimum tested version of Kubernetes is now v1.26.
+helm: Kubernetes v1.28 is now supported. Minimum tested version of Kubernetes is now v1.25.
 ```
diff --git a/README.md b/README.md
index a52b2bcbf7..52e909741b 100644
--- a/README.md
+++ b/README.md
@@ -56,7 +56,7 @@ by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
 
 The following pre-requisites must be met before installing Consul on Kubernetes. 
 
-  * **Kubernetes 1.24.x - 1.27.x** - This represents the earliest versions of Kubernetes tested.
+  * **Kubernetes 1.25.x - 1.28.x** - This represents the earliest versions of Kubernetes tested.
     It is possible that this chart works with earlier versions, but it is
     untested.
   * Helm install
diff --git a/charts/consul/test/terraform/aks/variables.tf b/charts/consul/test/terraform/aks/variables.tf
index 306532f85c..bb8d48251a 100644
--- a/charts/consul/test/terraform/aks/variables.tf
+++ b/charts/consul/test/terraform/aks/variables.tf
@@ -7,7 +7,7 @@ variable "location" {
 }
 
 variable "kubernetes_version" {
-  default     = "1.26"
+  default     = "1.25"
   description = "Kubernetes version supported on AKS"
 }
 
diff --git a/charts/consul/test/terraform/eks/main.tf b/charts/consul/test/terraform/eks/main.tf
index 739d4a5839..3bc8b40451 100644
--- a/charts/consul/test/terraform/eks/main.tf
+++ b/charts/consul/test/terraform/eks/main.tf
@@ -68,7 +68,7 @@ module "eks" {
   kubeconfig_api_version = "client.authentication.k8s.io/v1beta1"
 
   cluster_name    = "consul-k8s-${random_id.suffix[count.index].dec}"
-  cluster_version = "1.27"
+  cluster_version = "1.26"
   subnets         = module.vpc[count.index].private_subnets
   enable_irsa     = true
 
diff --git a/charts/consul/test/terraform/gke/main.tf b/charts/consul/test/terraform/gke/main.tf
index 2bec2c6dde..800aca5246 100644
--- a/charts/consul/test/terraform/gke/main.tf
+++ b/charts/consul/test/terraform/gke/main.tf
@@ -21,7 +21,7 @@ resource "random_id" "suffix" {
 
 data "google_container_engine_versions" "main" {
   location       = var.zone
-  version_prefix = "1.28."
+  version_prefix = "1.27."
 }
 
 # We assume that the subnets are already created to save time.
@@ -39,20 +39,14 @@ resource "google_container_cluster" "cluster" {
   location           = var.zone
   # 2023-10-30 - There is a bug with the terraform provider where lastest_master_version is not being returned by the
   # api. Hardcode GKE version for now.
-  #min_master_version = data.google_container_engine_versions.main.latest_master_version
-  #node_version       = data.google_container_engine_versions.main.latest_master_version
-  min_master_version = "1.28.2-gke.1157000"
-  node_version       = "1.28.2-gke.1157000"
+  min_master_version = data.google_container_engine_versions.main.latest_master_version
+  node_version       = data.google_container_engine_versions.main.latest_master_version
   node_config {
     tags         = ["consul-k8s-${random_id.suffix[count.index].dec}"]
     machine_type = "e2-standard-8"
   }
-  subnetwork      = data.google_compute_subnetwork.subnet.name
-  resource_labels = var.labels
-
-  release_channel {
-    channel = "RAPID"
-  }
+  subnetwork          = data.google_compute_subnetwork.subnet.name
+  resource_labels     = var.labels
   deletion_protection = false
 }