Chart v0.32.+ : invalid config key "TransparentProxy" for proxy-defaults.yaml

[nikfot]

When filing a bug, please include the following headings if possible. Any example text in this template can be deleted.

Overview of the Issue

I following this guide to create a federation between two kubernetes clusters. One of the issues I came up across, was that the proxydefaults object would not get synced. If this is not a bug, but a configuration change, please update the corresponding guides.

Reproduction Steps

Steps to reproduce this issue, eg:

1. When running helm install with the following values.yml:

global:
  datacenter: PERF
  imageEnvoy: "envoyproxy/envoy-alpine:v1.18.3"
  federation:
     enabled: true
     createFederationSecret: true
  image: "consul:1.9.6"
  gossipEncryption:
    secretName: "consul-gossip-encryption-key"
    secretKey: "key"
  acls:
    manageSystemACLs: false
    createReplicationToken: false
  tls:
    enabled: true
    verify: true
    httpsOnly: true
    enableAutoEncrypt: true
    serverAdditionalDNSSANs: ["consul.test"]
    serverAdditionalIPSANs: ["10.xxx.xxx.xxx"]
ui:
  enabled: true
  service:
    type: 'ClusterIP'
  ingress:
    hosts:
      - consul.test
    annotations: |
     "some-annotations":"test"

meshGateway:
    enabled: true
    service:
      type: ClusterIP

connectInject:
  enabled: true

controller:
  enabled: true

client:
  enabled: true
  grpc: true
  updateStrategy: |
      type: OnDelete

dns:
  enabled: true

syncCatalog:
  enabled: true
  resources:
    requests:
      memory: "256Mi"
      cpu: "50m"
    limits:
      memory: "256Mi"
      cpu: "50m"

server:
  updatePartition: 3
  replicas: 3
  bootstrapExpect: 3
  disruptionBudget:
    enabled: true
    maxUnavailable: 0
  storageClass: somestorageclass
  resources:
    requests:
      memory: "256Mi"
      cpu: "100m"
    limits:
      memory: "256Mi"
      cpu: "100m"

service:
  name: perf-consul
  type: ClusterIP
  externalPort: 443
  internalPort: 8501

Then I applied the proxydefaults.yaml:

apiVersion: consul.hashicorp.com/v1alpha1
kind: ProxyDefaults
metadata:
  name: global
  spec:
    meshGateway:
       mode: local

Logs

ProxyDefaults object description:

kubectl get proxydefaults -o json               
{
    "apiVersion": "v1",
    "items": [
        {
            "apiVersion": "consul.hashicorp.com/v1alpha1",
            "kind": "ProxyDefaults",
            "metadata": {
                "annotations": {
                    "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"consul.hashicorp.com/v1alpha1\",\"kind\":\"ProxyDefaults\",\"metadata\":{\"annotations\":{},\"name\":\"global\",\"namespace\":\"service-discovery\"},\"spec\":{\"meshGateway\":{\"mode\":\"local\"}}}\n"
                },
                "creationTimestamp": "2021-07-02T10:52:00Z",
                "finalizers": [
                    "finalizers.consul.hashicorp.com"
                ],
                "generation": 2,
                "name": "global",
                "namespace": "service-discovery",
                "resourceVersion": "86678649",
                "selfLink": "/apis/consul.hashicorp.com/v1alpha1/namespaces/service-discovery/proxydefaults/global",
                "uid": "024e8284-6f4c-4f4b-b53f-9586c2423000"
            },
            "spec": {
                "expose": {},
                "meshGateway": {
                    "mode": "local"
                }
            },
            "status": {
                "conditions": [
                    {
                        "lastTransitionTime": "2021-07-02T10:53:51Z",
                        "message": "writing config entry to consul: Unexpected response code: 400 (Bad request: Request decoding failed: 1 error occurred:\n\t* invalid config key \"TransparentProxy\"\n\n)",
                        "reason": "ConsulAgentError",
                        "status": "False",
                        "type": "Synced"
                    }
                ]
            }
        }
    ],
    "kind": "List",
    "metadata": {
        "resourceVersion": "",
        "selfLink": ""
    }
}

Workaround

I tried both chart versions 0.32.0+ and could not make it work. It worked using version 0.31.0.

[thisisnotashwin]

Hey @nikfot !! The required version for the latest proxy default is consul 1.10. Looks like there is a bug where the latest helm chart has a version of ProxyDefaults that isnt backwards compatible. Additionally, I dont think the version of envoy specified in the chart is supported. Here is our compatibility matrix for the supported versions.

[lemonit-eric-mao]

@thisisnotashwin
Hello, the test I did in consumer version 1.10 created a federation between two kubernetes clusters, which also failed to connect. This is my test document
#1027