-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backport of Mw/net 4260 add tproxy coverage into release/1.2.x #2783
Closed
hc-github-team-consul-core
wants to merge
122
commits into
release/1.2.x
from
backport/mw/net-4260-add-tproxy-coverage/illegally-ultimate-gopher
Closed
Backport of Mw/net 4260 add tproxy coverage into release/1.2.x #2783
hc-github-team-consul-core
wants to merge
122
commits into
release/1.2.x
from
backport/mw/net-4260-add-tproxy-coverage/illegally-ultimate-gopher
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Add FIPS builds for linux amd64 * add version check * fix CI labels and add local dev commands * fix ci version tagging * switch to ubuntu 20.04 * add CLI version tag * add gcompat for alpine glibc cgo compatibility * remove FIPS version check from connect-init * address comments
- making this trigger nightly until after 1.2.0 GA - leaving 0.49.x active until after 1.2.0 GA
* first run through, needs help * still need to make secure pass * left something uncommented * it works and also cleanup * fix acceptance tests
* [API Gateway] Add acceptance test for cluster peering * Fix linter * Fix random unrelated linter errors to get CI to run: revert later? * one more linter fix to later probably revert * more linter fixes * Revert "more linter fixes" This reverts commit 6210dff. * Revert "one more linter fix to later probably revert" This reverts commit 030c563. * Revert "Fix random unrelated linter errors to get CI to run: revert later?" This reverts commit fdeccab.
…ersion of kind and k8s 1.27 (#2304) * update cloud tests to use 1.24, 1.25 and 1.26 version of kubernetes for more coverage * updated readme for supported kubernetes versions * added changelog
* [API Gateway] WAN Federation test and fixes * Fix unit tests
* Fix when gateways are deleted before we get services populated into cache * a bit of cleanup
…assConfig are obeyed (#2272) * Add unit tests verifying that scaling parameters on GatewayClassConfig are obeyed * Add test case for scaling w/ no min or max configured
* Rename GatewayClassController to prevent name collision * Use gateway instead of gatewayclass in name * Use the constant in ownership checks * Change GatewayClass name to "consul" * Change GatewayClass name in cases * Change ApiGatewayClass back
* Fix SupportedKinds array to be what Conformance test expects * Fix cert validation status condition for listeners * Add programmed condition for listeners * Fix unit test --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
* first pass at halting: got httproute and api-gateway done * clean up test * Handle all set for infinite reconcile check * Add table tests for minimal setup * Added some odd field names to test normalization is handled correctly * Use funky casing http routes
* Added helm inputs for managing audit logs * Remove unwanted changes from values
* fix: use correct flag when translating namespaces * Use non-normalized namespace when deregistering services * Guard against namespace queries when namespaces not enabled in cache
* added imagePullPolicy for images in values.yaml * fix: renamed pullPolicy key according to image * fixed dafault always in tmpl * changed structure of image in yaml * revert changes * added global imagePullPolicy * fixed typo * added changelog file
This brings consul-k8s in line with consul. Most importantly, the backport assistant was updated to automatically assign created PRs to the author of the PR that is being backported.
* update changelog based on changes made to 1.2.x * fixed test cases - enterprise cases were in the OSS test cases
* trigger conformance tests nightly, squash * remove extra line * Update nightly-api-gateway-conformance.yml
making scripts more robust and removing changing helm chart
* Fix cache and service deletion issue * Add comments * add in acceptance test * Fix indentation * Fix unit test for deleting gateway w/ consul services * Remove redundant service deregistration code * Exit loop early once registration is found for service * Fix import blocking * Set status on pods added to test * Apply suggestions from code review * Reduce count of test gateways to 10 from 100 --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
* Adding support for weighted k8s service * Adding changelog * if per-app weight is 0 then pull the weight to 1 * Addressing review comments * Addressing review comments * Addressing review comments * Comment update * Comment update * Parameterized table test * Parameterized table test * fixing linting issue * fixing linting issue --------- Co-authored-by: srahul3 <rahulsharma@hashicorp.com>
* Bumping go-discover to the lastest version
* Fix default Ent image tag in acceptance tests Rather than hard-coding the Docker repository and parsing the non-Ent image tag for a version, simply replace the image name and retain other coordinates. This is consistent with our tagging scheme introduced in hashicorp/consul#13541 and will allow for using `hashicorppreview` images seamlessly regardless of whether OSS or Ent is being tested. * Add make target for loading images in kind Complement other multi-cluster make targets by supporting image loading across kind clusters.
security: Upgrade Go and x/net Upgrade to Go 1.20.7 and `x/net` 1.13.0 to resolve [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) and [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978).
increase timeout while waiting for server to be ready and fix require.Equal check
* Increase the retries and add config entry retries
…ing on OpenShift (#2184) Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com>
* Adds port mapping to Gateway Class Config to avoid running container on privileged ports Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
* Implement validation of TLS options * Use constants for annotation keys * Add changelog entry * Implement TLS options translation * Update changelog entry * Add unit test coverage for TLS option validation * Code review feedback
* JWT auth basic acceptance test * Update to run only in enterprise mode, update comment to be correct * Remove usage of `testing.t` in retry block * Fixed last `t` in retry block in tests * Update acceptance/tests/api-gateway/api_gateway_test.go Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update acceptance/tests/api-gateway/api_gateway_test.go Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Updating filenames for gw jwt cases and adding message about why this test is skipped --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Apply K8s node locality to services and sidecars Locality-aware routing is based on proxy locality rather than the proxied service. Ensure we propagate locality to both when registering services.
* Set privileged to false unless on OpenShift without CNI
* added fixtures * removed fixtures - intentions only gets added now if acls are enabled - payment-service-resolver is only for locality aware which isn't in scope for this PR * updated sameness tests to include peering - refactored with some helper functions for members (now TestClusters) - made names more uniform, tend more towards the cluster-01-a/cluster-02-a/etc. nomenclature * added 4 clusters to cni make target * disable proxy lifecycle
- this doesn't specify an upstream so that tproxy will be able to handle routing
- add control-flow to handle using the virtual host name when tproxy is enabled
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
…-ultimate-gopher
hc-github-team-consul-core
force-pushed
the
backport/mw/net-4260-add-tproxy-coverage/illegally-ultimate-gopher
branch
from
August 16, 2023 19:37
8e231d4
to
dd2e1d8
Compare
hc-github-team-consul-core
force-pushed
the
backport/mw/net-4260-add-tproxy-coverage/illegally-ultimate-gopher
branch
from
August 16, 2023 19:37
e3499a8
to
17ee4ac
Compare
auto-merge was automatically disabled
August 16, 2023 20:36
Pull request was closed
wilkermichael
deleted the
backport/mw/net-4260-add-tproxy-coverage/illegally-ultimate-gopher
branch
December 18, 2023 16:37
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This PR is auto-generated from #2776 to be assessed for backporting due to the inclusion of the label backport/1.2.x.
The below text is copied from the body of the original PR.
Changes proposed in this PR:
How I've tested this PR:
👀
How I expect reviewers to test this PR:
👀
Checklist:
Overview of commits