From c330d98b6a583ae756eeaf50b80adfc44e975575 Mon Sep 17 00:00:00 2001 From: Evan Culver Date: Tue, 14 Jun 2022 12:04:38 -0700 Subject: [PATCH 1/3] Bump default Envoy version to 1.22.2 --- charts/consul/Chart.yaml | 2 +- charts/consul/templates/crd-ingressgateways.yaml | 4 ++-- charts/consul/templates/crd-meshes.yaml | 4 ++-- charts/consul/values.yaml | 2 +- control-plane/api/v1alpha1/ingressgateway_types.go | 2 +- control-plane/api/v1alpha1/mesh_types.go | 2 +- .../crd/bases/consul.hashicorp.com_ingressgateways.yaml | 4 ++-- .../config/crd/bases/consul.hashicorp.com_meshes.yaml | 4 ++-- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/consul/Chart.yaml b/charts/consul/Chart.yaml index e10e83e0e3..0829e7e95b 100644 --- a/charts/consul/Chart.yaml +++ b/charts/consul/Chart.yaml @@ -17,7 +17,7 @@ annotations: - name: consul-k8s-control-plane image: hashicorp/consul-k8s-control-plane:0.44.0 - name: envoy - image: envoyproxy/envoy:v1.22.0 + image: envoyproxy/envoy:v1.22.2 artifacthub.io/license: MPL-2.0 artifacthub.io/links: | - name: Documentation diff --git a/charts/consul/templates/crd-ingressgateways.yaml b/charts/consul/templates/crd-ingressgateways.yaml index f14789e83d..2054b1625a 100644 --- a/charts/consul/templates/crd-ingressgateways.yaml +++ b/charts/consul/templates/crd-ingressgateways.yaml @@ -230,7 +230,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, - `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy v1.22.0 + `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy v1.22.2 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string @@ -276,7 +276,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will default + or `TLSv1_3`. If unspecified, Envoy v1.22.2 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string diff --git a/charts/consul/templates/crd-meshes.yaml b/charts/consul/templates/crd-meshes.yaml index 565799d394..9da152fb6b 100644 --- a/charts/consul/templates/crd-meshes.yaml +++ b/charts/consul/templates/crd-meshes.yaml @@ -86,7 +86,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will + or `TLSv1_3`. If unspecified, Envoy v1.22.2 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string @@ -119,7 +119,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will + or `TLSv1_3`. If unspecified, Envoy v1.22.2 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml index 87cb977846..3974c9540f 100644 --- a/charts/consul/values.yaml +++ b/charts/consul/values.yaml @@ -606,7 +606,7 @@ global: # connect-injected sidecar proxies and mesh, terminating, and ingress gateways. # See https://www.consul.io/docs/connect/proxies/envoy for full compatibility matrix between Consul and Envoy. # @default: envoyproxy/envoy-alpine: - imageEnvoy: "envoyproxy/envoy:v1.22.0" + imageEnvoy: "envoyproxy/envoy:v1.22.2" # Configuration for running this Helm chart on the Red Hat OpenShift platform. # This Helm chart currently supports OpenShift v4.x+. diff --git a/control-plane/api/v1alpha1/ingressgateway_types.go b/control-plane/api/v1alpha1/ingressgateway_types.go index 7251608223..a99049e33a 100644 --- a/control-plane/api/v1alpha1/ingressgateway_types.go +++ b/control-plane/api/v1alpha1/ingressgateway_types.go @@ -66,7 +66,7 @@ type GatewayTLSConfig struct { SDS *GatewayTLSSDSConfig `json:"sds,omitempty"` // TLSMinVersion sets the default minimum TLS version supported. // One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. - // If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, + // If unspecified, Envoy v1.22.2 and newer will default to TLS 1.2 as a min version, // while older releases of Envoy default to TLS 1.0. TLSMinVersion string `json:"tlsMinVersion,omitempty"` // TLSMaxVersion sets the default maximum TLS version supported. Must be greater than or equal to `TLSMinVersion`. diff --git a/control-plane/api/v1alpha1/mesh_types.go b/control-plane/api/v1alpha1/mesh_types.go index 7c55fe96d9..d5b8c46696 100644 --- a/control-plane/api/v1alpha1/mesh_types.go +++ b/control-plane/api/v1alpha1/mesh_types.go @@ -72,7 +72,7 @@ type MeshTLSConfig struct { type MeshDirectionalTLSConfig struct { // TLSMinVersion sets the default minimum TLS version supported. // One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. - // If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, + // If unspecified, Envoy v1.22.2 and newer will default to TLS 1.2 as a min version, // while older releases of Envoy default to TLS 1.0. TLSMinVersion string `json:"tlsMinVersion,omitempty"` // TLSMaxVersion sets the default maximum TLS version supported. Must be greater than or equal to `TLSMinVersion`. diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml index 6378ee4213..a5090ab96f 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml @@ -223,7 +223,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, - `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy v1.22.0 + `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy v1.22.2 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string @@ -269,7 +269,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will default + or `TLSv1_3`. If unspecified, Envoy v1.22.2 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_meshes.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_meshes.yaml index 7700d480b5..bf5ac8a62b 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_meshes.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_meshes.yaml @@ -79,7 +79,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will + or `TLSv1_3`. If unspecified, Envoy v1.22.2 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string @@ -112,7 +112,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will + or `TLSv1_3`. If unspecified, Envoy v1.22.2 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string From 5ff5d1989f004b865d57b158997aab7e30123e97 Mon Sep 17 00:00:00 2001 From: Evan Culver Date: Tue, 14 Jun 2022 12:09:40 -0700 Subject: [PATCH 2/3] Add changelog entry --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9040b7bc0b..7dcb82c8a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ BUG FIXES: * Helm * Update client-snapshot-agent so that setting `client.snapshotAgent.caCert` no longer requires root access to modify the trust store. [[GH-1190](https://github.com/hashicorp/consul-k8s/pull/1190/)] * Add missing vault agent annotations to the `api-gateway-controller-deployment`. [[GH-1247](https://github.com/hashicorp/consul-k8s/pull/1247)] + * Bump default Envoy version to 1.22.2. [[GH-1276](https://github.com/hashicorp/consul-k8s/pull/1276)] ## 0.44.0 (May 17, 2022) From 12d7d194b7b571e98715fd241726cd56d6f8d0c5 Mon Sep 17 00:00:00 2001 From: Evan Culver Date: Wed, 15 Jun 2022 11:47:31 -0700 Subject: [PATCH 3/3] Revert 1.22.0 docstring update --- charts/consul/templates/crd-ingressgateways.yaml | 4 ++-- charts/consul/templates/crd-meshes.yaml | 4 ++-- control-plane/api/v1alpha1/ingressgateway_types.go | 2 +- control-plane/api/v1alpha1/mesh_types.go | 2 +- .../crd/bases/consul.hashicorp.com_ingressgateways.yaml | 4 ++-- .../config/crd/bases/consul.hashicorp.com_meshes.yaml | 4 ++-- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/charts/consul/templates/crd-ingressgateways.yaml b/charts/consul/templates/crd-ingressgateways.yaml index 2054b1625a..f14789e83d 100644 --- a/charts/consul/templates/crd-ingressgateways.yaml +++ b/charts/consul/templates/crd-ingressgateways.yaml @@ -230,7 +230,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, - `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy v1.22.2 + `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string @@ -276,7 +276,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.2 and newer will default + or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string diff --git a/charts/consul/templates/crd-meshes.yaml b/charts/consul/templates/crd-meshes.yaml index 9da152fb6b..565799d394 100644 --- a/charts/consul/templates/crd-meshes.yaml +++ b/charts/consul/templates/crd-meshes.yaml @@ -86,7 +86,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.2 and newer will + or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string @@ -119,7 +119,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.2 and newer will + or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string diff --git a/control-plane/api/v1alpha1/ingressgateway_types.go b/control-plane/api/v1alpha1/ingressgateway_types.go index a99049e33a..7251608223 100644 --- a/control-plane/api/v1alpha1/ingressgateway_types.go +++ b/control-plane/api/v1alpha1/ingressgateway_types.go @@ -66,7 +66,7 @@ type GatewayTLSConfig struct { SDS *GatewayTLSSDSConfig `json:"sds,omitempty"` // TLSMinVersion sets the default minimum TLS version supported. // One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. - // If unspecified, Envoy v1.22.2 and newer will default to TLS 1.2 as a min version, + // If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, // while older releases of Envoy default to TLS 1.0. TLSMinVersion string `json:"tlsMinVersion,omitempty"` // TLSMaxVersion sets the default maximum TLS version supported. Must be greater than or equal to `TLSMinVersion`. diff --git a/control-plane/api/v1alpha1/mesh_types.go b/control-plane/api/v1alpha1/mesh_types.go index d5b8c46696..7c55fe96d9 100644 --- a/control-plane/api/v1alpha1/mesh_types.go +++ b/control-plane/api/v1alpha1/mesh_types.go @@ -72,7 +72,7 @@ type MeshTLSConfig struct { type MeshDirectionalTLSConfig struct { // TLSMinVersion sets the default minimum TLS version supported. // One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. - // If unspecified, Envoy v1.22.2 and newer will default to TLS 1.2 as a min version, + // If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, // while older releases of Envoy default to TLS 1.0. TLSMinVersion string `json:"tlsMinVersion,omitempty"` // TLSMaxVersion sets the default maximum TLS version supported. Must be greater than or equal to `TLSMinVersion`. diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml index a5090ab96f..6378ee4213 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml @@ -223,7 +223,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, - `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy v1.22.2 + `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string @@ -269,7 +269,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.2 and newer will default + or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_meshes.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_meshes.yaml index bf5ac8a62b..7700d480b5 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_meshes.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_meshes.yaml @@ -79,7 +79,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.2 and newer will + or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string @@ -112,7 +112,7 @@ spec: tlsMinVersion: description: TLSMinVersion sets the default minimum TLS version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.2 and newer will + or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, while older releases of Envoy default to TLS 1.0. type: string