diff --git a/CHANGELOG.md b/CHANGELOG.md index 222af34026..931be4e158 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -## UNRELEASED +## 1.1.0 (February 27, 2023) BREAKING CHANGES: * Helm: @@ -17,6 +17,7 @@ BREAKING CHANGES: IMPROVEMENTS: * Helm: + * CNI: Add `connectInject.cni.namespace` stanza which allows the CNI plugin resources to be deployed in a namespace other than the namespace that Consul is installed. [[GH-1756](https://github.com/hashicorp/consul-k8s/pull/1756)] * Kubernetes v1.26 is now supported. Minimum tested version of Kubernetes is now v1.23. [[GH-1852](https://github.com/hashicorp/consul-k8s/pull/1852)] * Add a `global.extraLabels` stanza to allow setting global Kubernetes labels for all components deployed by the `consul-k8s` Helm chart. [[GH-1778](https://github.com/hashicorp/consul-k8s/pull/1778)] * Add the `accessLogs` field to the `ProxyDefaults` CRD. [[GH-1816](https://github.com/hashicorp/consul-k8s/pull/1816)] @@ -37,6 +38,10 @@ IMPROVEMENTS: BUG FIXES: * Control Plane * Don't incorrectly diff intention config entries when upgrading from Consul pre-1.12 to 1.12+ [[GH-1804](https://github.com/hashicorp/consul-k8s/pull/1804)] + * Add discover binary to control-plane image [[GH-1749](https://github.com/hashicorp/consul-k8s/pull/1749)] +* Helm: + * Don't pass in a CA file to the API Gateway controller when `externalServers.useSystemRoots` is `true`. [[GH-1743](https://github.com/hashicorp/consul-k8s/pull/1743)] + * Use the correct autogenerated cert for the API Gateway Controller when connecting to servers versus clients. [[GH-1753](https://github.com/hashicorp/consul-k8s/pull/1753)] * Security: * Upgrade to use Go 1.20.1 This resolves vulnerabilities [CVE-2022-41724](https://go.dev/issue/58001) in `crypto/tls` and [CVE-2022-41723](https://go.dev/issue/57855) in `net/http`. [[GH-1908](https://github.com/hashicorp/consul-k8s/pull/1908)] diff --git a/acceptance/tests/cli/cli_install_test.go b/acceptance/tests/cli/cli_install_test.go index d45093dd59..b6c52e9fc4 100644 --- a/acceptance/tests/cli/cli_install_test.go +++ b/acceptance/tests/cli/cli_install_test.go @@ -109,7 +109,7 @@ func TestInstall(t *testing.T) { proxyOut, err := cli.Run(t, ctx.KubectlOptions(t), "troubleshoot", "proxy", "-pod", clientPodName, "-upstream-ip", serverIP) require.NoError(t, err) - require.Regexp(t, "upstream resources are valid", string(proxyOut)) + require.Regexp(t, "Upstream resources are valid", string(proxyOut)) logger.Log(t, string(proxyOut)) } else { // With tproxy disabled and explicit upstreams we need the envoy-id of the server @@ -117,7 +117,7 @@ func TestInstall(t *testing.T) { proxyOut, err := cli.Run(t, ctx.KubectlOptions(t), "troubleshoot", "proxy", "-pod", clientPodName, "-upstream-envoy-id", "static-server") require.NoError(t, err) - require.Regexp(t, "upstream resources are valid", string(proxyOut)) + require.Regexp(t, "Upstream resources are valid", string(proxyOut)) logger.Log(t, string(proxyOut)) } diff --git a/charts/consul/Chart.yaml b/charts/consul/Chart.yaml index 41b95611e6..2c84dccc17 100644 --- a/charts/consul/Chart.yaml +++ b/charts/consul/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: consul -version: 1.1.0-dev -appVersion: 1.14.4 -kubeVersion: ">=1.21.0-0" +version: 1.1.0 +appVersion: 1.15.0 +kubeVersion: ">=1.22.0-0" description: Official HashiCorp Consul Chart home: https://www.consul.io icon: https://raw.githubusercontent.com/hashicorp/consul-k8s/main/assets/icon.png @@ -10,16 +10,16 @@ sources: - https://github.com/hashicorp/consul - https://github.com/hashicorp/consul-k8s annotations: - artifacthub.io/prerelease: true + artifacthub.io/prerelease: false artifacthub.io/images: | - name: consul - image: hashicorp/consul:1.14.4 + image: hashicorp/consul:1.15.0 - name: consul-k8s-control-plane - image: docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane:1.1.0-dev + image: hashicorp/consul-k8s-control-plane:1.1.0 - name: consul-dataplane - image: hashicorp/consul-dataplane:1.0.1 + image: hashicorp/consul-dataplane:1.1.0 - name: envoy - image: envoyproxy/envoy:v1.23.1 + image: envoyproxy/envoy:v1.25.1 artifacthub.io/license: MPL-2.0 artifacthub.io/links: | - name: Documentation diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml index 8b5055572a..b275ed2a7a 100644 --- a/charts/consul/values.yaml +++ b/charts/consul/values.yaml @@ -63,7 +63,7 @@ global: # image: "hashicorp/consul-enterprise:1.10.0-ent" # ``` # @default: hashicorp/consul: - image: "hashicorp/consul:1.14.4" + image: "hashicorp/consul:1.15.0" # Array of objects containing image pull secret names that will be applied to each service account. # This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image. @@ -83,7 +83,7 @@ global: # image that is used for functionality such as catalog sync. # This can be overridden per component. # @default: hashicorp/consul-k8s-control-plane: - imageK8S: docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane:1.1.0-dev + imageK8S: hashicorp/consul-k8s-control-plane:1.1.0 # The name of the datacenter that the agents should # register as. This can't be changed once the Consul cluster is up and running @@ -544,7 +544,7 @@ global: # The name (and tag) of the consul-dataplane Docker image used for the # connect-injected sidecar proxies and mesh, terminating, and ingress gateways. # @default: hashicorp/consul-dataplane: - imageConsulDataplane: "hashicorp/consul-dataplane:1.0.1" + imageConsulDataplane: "hashicorp/consul-dataplane:1.1.0" # Configuration for running this Helm chart on the Red Hat OpenShift platform. # This Helm chart currently supports OpenShift v4.x+. @@ -2858,7 +2858,7 @@ apiGateway: # The name (and tag) of the Envoy Docker image used for the # apiGateway. For other Consul compoenents, imageEnvoy has been replaced with Consul Dataplane. # @default: envoyproxy/envoy: - imageEnvoy: "envoyproxy/envoy:v1.23.1" + imageEnvoy: "envoyproxy/envoy:v1.25.1" # Override global log verbosity level for api-gateway-controller pods. One of "debug", "info", "warn", or "error". # @type: string diff --git a/cli/cmd/troubleshoot/proxy/proxy.go b/cli/cmd/troubleshoot/proxy/proxy.go index d17c491f5d..8e0793eecd 100644 --- a/cli/cmd/troubleshoot/proxy/proxy.go +++ b/cli/cmd/troubleshoot/proxy/proxy.go @@ -228,8 +228,8 @@ func (c *ProxyCommand) Troubleshoot() error { c.UI.Output(o.Message, terminal.WithSuccessStyle()) } else { c.UI.Output(o.Message, terminal.WithErrorStyle()) - if o.PossibleActions != "" { - c.UI.Output(fmt.Sprintf("possible actions: %v", o.PossibleActions), terminal.WithInfoStyle()) + for _, action := range o.PossibleActions { + c.UI.Output(fmt.Sprintf("-> %v", action), terminal.WithInfoStyle()) } } } diff --git a/cli/cmd/troubleshoot/upstreams/upstreams.go b/cli/cmd/troubleshoot/upstreams/upstreams.go index c11a82ac6e..7cc1cc0acf 100644 --- a/cli/cmd/troubleshoot/upstreams/upstreams.go +++ b/cli/cmd/troubleshoot/upstreams/upstreams.go @@ -118,7 +118,6 @@ func (c *UpstreamsCommand) Run(args []string) int { // validateFlags ensures that the flags passed in by the can be used. func (c *UpstreamsCommand) validateFlags() error { - if c.flagPod == "" { return fmt.Errorf("-pod flag is required") } @@ -196,7 +195,7 @@ func (c *UpstreamsCommand) Troubleshoot() error { return fmt.Errorf("error getting upstreams: %v", err) } - c.UI.Output(fmt.Sprintf("Envoy Identifiers (explicit upstreams only) (%v)", len(envoyIDs)), terminal.WithHeaderStyle()) + c.UI.Output(fmt.Sprintf("Upstreams (explicit upstreams only) (%v)", len(envoyIDs)), terminal.WithHeaderStyle()) for _, e := range envoyIDs { c.UI.Output(e) } @@ -204,10 +203,20 @@ func (c *UpstreamsCommand) Troubleshoot() error { c.UI.Output(fmt.Sprintf("Upstream IPs (transparent proxy only) (%v)", len(upstreamIPs)), terminal.WithHeaderStyle()) table := terminal.NewTable("IPs ", "Virtual ", "Cluster Names") for _, u := range upstreamIPs { - table.AddRow([]string{formatIPs(u.IPs), strconv.FormatBool(u.IsVirtual), formatClusterNames(u.ClusterNames)}, []string{}) + table.AddRow( + []string{formatIPs(u.IPs), strconv.FormatBool(u.IsVirtual), formatClusterNames(u.ClusterNames)}, + []string{}, + ) } c.UI.Table(table) + c.UI.Output("\nIf you cannot find the upstream address or cluster for a transparent proxy upstream:", terminal.WithInfoStyle()) + c.UI.Output("-> Check intentions: Transparent proxy upstreams are configured based on intentions. Make sure you "+ + "have configured intentions to allow traffic to your upstream.", terminal.WithInfoStyle()) + c.UI.Output("-> To check that the right cluster is being dialed, run a DNS lookup "+ + "for the upstream you are dialing. For example, run `dig backend.svc.consul` to return the IP address for the `backend` service. If the address you get from that is missing "+ + "from the upstream IPs, it means that your proxy may be misconfigured.", terminal.WithInfoStyle()) + return nil } diff --git a/cli/go.mod b/cli/go.mod index 4563450755..0dee1c18a7 100644 --- a/cli/go.mod +++ b/cli/go.mod @@ -8,7 +8,7 @@ require ( github.com/fatih/color v1.13.0 github.com/google/go-cmp v0.5.8 github.com/hashicorp/consul-k8s/charts v0.0.0-00010101000000-000000000000 - github.com/hashicorp/consul/troubleshoot v0.0.0-20230210154717-4f2ce606547b + github.com/hashicorp/consul/troubleshoot v0.1.1 github.com/hashicorp/go-hclog v1.2.1 github.com/hashicorp/hcp-sdk-go v0.23.1-0.20220921131124-49168300a7dc github.com/kr/text v0.2.0 @@ -99,8 +99,8 @@ require ( github.com/gorilla/mux v1.8.0 // indirect github.com/gosuri/uitable v0.0.4 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect - github.com/hashicorp/consul/api v1.10.1-0.20230209203402-db2bd404bf72 // indirect - github.com/hashicorp/consul/envoyextensions v0.0.0-20230210154717-4f2ce606547b // indirect + github.com/hashicorp/consul/api v1.19.1 // indirect + github.com/hashicorp/consul/envoyextensions v0.1.1 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect diff --git a/cli/go.sum b/cli/go.sum index d736c0176a..b7645a6cf1 100644 --- a/cli/go.sum +++ b/cli/go.sum @@ -437,14 +437,14 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWet github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/api v1.10.1-0.20230209203402-db2bd404bf72 h1:O+z5m5kNtu6NHBMwMsRb1S0P7giqNu5vBBeCzgiAesg= -github.com/hashicorp/consul/api v1.10.1-0.20230209203402-db2bd404bf72/go.mod h1:c1u8FzGHcavbEtRW/p1YditvfMgn4QsKNgz2rnCDF7c= -github.com/hashicorp/consul/envoyextensions v0.0.0-20230210154717-4f2ce606547b h1:T+El0UxZP7h2mGL+EPBJejS4gKM/w0KAYOSpTs7hrbY= -github.com/hashicorp/consul/envoyextensions v0.0.0-20230210154717-4f2ce606547b/go.mod h1:oJKG0zAMtq6ZmZNYQyeKh6kIJmi01rZSZDSgnjzZ15w= +github.com/hashicorp/consul/api v1.19.1 h1:GLeK1WD4VIRvt4wRhQKHFudztEkRb8pDs+uRiJgNwes= +github.com/hashicorp/consul/api v1.19.1/go.mod h1:jAt316eYgWGNLJtxkMQrcqRpuDE/kFJdqkEFwRXFv8U= +github.com/hashicorp/consul/envoyextensions v0.1.1 h1:tkeKsuKtDT6fSFni0GwZpSsrueuICIHe/jCrT8k/tJc= +github.com/hashicorp/consul/envoyextensions v0.1.1/go.mod h1:w/aroSgF9LR0ZKGYIW+yoykYQf+iKYiG57toTGE2KOs= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/consul/sdk v0.13.0 h1:lce3nFlpv8humJL8rNrrGHYSKc3q+Kxfeg3Ii1m6ZWU= -github.com/hashicorp/consul/troubleshoot v0.0.0-20230210154717-4f2ce606547b h1:I5zDW3o7KwW4cX5kkerhm7bZOEknlSjdnIgtxnhBxOk= -github.com/hashicorp/consul/troubleshoot v0.0.0-20230210154717-4f2ce606547b/go.mod h1:rskvju2tK8XvHYTAILHjO7lpV1/uViHs3Q3mg9Rkwlg= +github.com/hashicorp/consul/sdk v0.13.1 h1:EygWVWWMczTzXGpO93awkHFzfUka6hLYJ0qhETd+6lY= +github.com/hashicorp/consul/troubleshoot v0.1.1 h1:XN1850AbZewsLTIxs8/Nd/Wj77goWnERy23E83Qh9BY= +github.com/hashicorp/consul/troubleshoot v0.1.1/go.mod h1:U6+4dQt4hbNvpTPOPpZwv/Z315XcV/LRoA7YyWK2cJs= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= diff --git a/cli/version/version.go b/cli/version/version.go index 933f072f35..3ce0f55bc5 100644 --- a/cli/version/version.go +++ b/cli/version/version.go @@ -19,7 +19,7 @@ var ( // A pre-release marker for the version. If this is "" (empty string) // then it means that it is a final release. Otherwise, this is a pre-release // such as "dev" (in development), "beta", "rc1", etc. - VersionPrerelease = "dev" + VersionPrerelease = "" ) // GetHumanVersion composes the parts of the version in a way that's suitable diff --git a/control-plane/version/version.go b/control-plane/version/version.go index 933f072f35..3ce0f55bc5 100644 --- a/control-plane/version/version.go +++ b/control-plane/version/version.go @@ -19,7 +19,7 @@ var ( // A pre-release marker for the version. If this is "" (empty string) // then it means that it is a final release. Otherwise, this is a pre-release // such as "dev" (in development), "beta", "rc1", etc. - VersionPrerelease = "dev" + VersionPrerelease = "" ) // GetHumanVersion composes the parts of the version in a way that's suitable