Merge remote-tracking branch 'upstream/main' into add-host-ip-to-mesh…

…-gateway-deployment

.changelog/1770.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+control-plane: server ACL Init always appends both, the secrets from the serviceAccount's secretRefs and the one created by the Helm chart, to support Openshift secret handling.
+```

.changelog/1914.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+control-plane: fix issue where consul-connect-injector acl token was unintentionally being deleted and not recreated when a container was restarted due to a livenessProbe failure.
+```

.changelog/1920.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+helm: When the `global.acls.bootstrapToken` field is set and the content of the secret is empty, the bootstrap ACL token is written to that secret after bootstrapping ACLs. This applies to both the Vault and Consul secrets backends.
+```

.changelog/1934.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+control-plane: update alpine to 3.17 in the Docker image.
+```

.changelog/1953.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+helm: update `imageConsulDataplane` value to `hashicorp/consul-dataplane:1.1.0`.
+```

.changelog/1975.txt

@@ -0,0 +1,11 @@
+```release-note:security
+upgrade to use Go 1.19.6. This resolves vulnerabilities CVE-2022-41724 in crypto/tls and CVE-2022-41723 in net/http.
+```
+
+```release-note:improvement
+cli: update minimum go version for project to 1.19.
+```
+
+```release-note:improvement
+control-plane: update minimum go version for project to 1.19.
+```

.changelog/1976.txt

@@ -0,0 +1,3 @@
+```release-note:security
+upgrade to use Go 1.19.6. This resolves vulnerabilities CVE-2022-41724 in crypto/tls and CVE-2022-41723 in net/http.
+```

.changelog/2008.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+helm: Set default `limits.cpu` resource setting to `null` for `consul-connect-inject-init` container to speed up registration times when onboarding services onto the mesh during the init container lifecycle. 
+```

.changelog/2013.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+api-gateway: fix issue where specifying an external server SNI name while using client nodes resulted in a TLS verification error.
+```

.changelog/2029.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+api-gateway: fix ACL issue where when adminPartitions and ACLs are enabled, API Gateway Controller is unable to create a new namespace in Consul
+```

.changelog/2030.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+helm: add failover policy field to service resolver and proxy default CRDs
+```

.changelog/2068.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+sync-catalog: fix issue where the sync-catalog ACL token were set with an incorrect ENV VAR.
+```

.changelog/2078.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+cli: Add `consul-k8s config read` command that returns the helm configuration in yaml format.
+```

.changelog/2083.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+api-gateway: fix issue where the API Gateway controller is unable to start up successfully when Vault is configured as the secrets backend
+```

.changelog/2093.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+control-plane: set agent localities on Consul servers to the server node's `topology.kubernetes.io/region` label.
+```

.changelog/2100.txt

@@ -0,0 +1,3 @@
+```release-note:feature
+crd: Add `mutualTLSMode` to the ProxyDefaults and ServiceDefaults CRDs and `allowEnablingPermissiveMutualTLS` to the Mesh CRD to support configuring permissive mutual TLS.
+```

.changelog/2102.txt

@@ -0,0 +1,12 @@
+```release-note:security
+Upgrade to use Go 1.20.4.
+This resolves vulnerabilities [CVE-2023-24537](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`go/scanner`),
+[CVE-2023-24538](https://github.com/advisories/GHSA-v4m2-x4rp-hv22)(`html/template`),
+[CVE-2023-24534](https://github.com/advisories/GHSA-8v5j-pwr7-w5f8)(`net/textproto`) and
+[CVE-2023-24536](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`mime/multipart`).
+Also, `golang.org/x/net` has been updated to v0.7.0 to resolve CVEs [CVE-2022-41721
+](https://github.com/advisories/GHSA-fxg5-wq6x-vr4w
+), [CVE-2022-27664](https://github.com/advisories/GHSA-69cg-p879-7622) and [CVE-2022-41723
+](https://github.com/advisories/GHSA-vvpx-j8f3-3w6h
+.)
+```

.changelog/changelog.tmpl

@@ -0,0 +1,57 @@
+{{- if index .NotesByType "breaking-change" -}}
+BREAKING CHANGES:
+
+{{range index .NotesByType "breaking-change" -}}
+* {{ template "note" . }}
+{{ end -}}
+{{- end -}}
+
+{{- if .NotesByType.security }}
+SECURITY:
+
+{{range .NotesByType.security -}}
+* {{ template "note" . }}
+{{ end -}}
+{{- end -}}
+
+{{- if .NotesByType.feature }}
+FEATURES:
+
+{{range .NotesByType.feature -}}
+* {{ template "note" . }}
+{{ end -}}
+{{- end -}}
+
+{{- $improvements := combineTypes .NotesByType.improvement .NotesByType.enhancement -}}
+{{- if $improvements }}
+IMPROVEMENTS:
+
+{{range $improvements | sort -}}
+* {{ template "note" . }}
+{{ end -}}
+{{- end -}}
+
+{{- if .NotesByType.deprecation }}
+DEPRECATIONS:
+
+{{range .NotesByType.deprecation -}}
+* {{ template "note" . }}
+{{ end -}}
+{{- end -}}
+
+{{- if .NotesByType.bug }}
+BUG FIXES:
+
+{{range .NotesByType.bug -}}
+* {{ template "note" . }}
+{{ end -}}
+{{- end -}}
+
+{{- if .NotesByType.note }}
+NOTES:
+
+{{range .NotesByType.note -}}
+* {{ template "note" . }}
+{{ end -}}
+{{- end -}}
+

.changelog/note.tmpl

@@ -0,0 +1,3 @@
+{{- define "note" -}}
+{{.Body}}{{if not (stringHasPrefix .Issue "_")}} [[GH-{{- .Issue -}}](https://github.com/hashicorp/consul-k8s/issues/{{- .Issue -}})]{{end}}
+{{- end -}}