From e279e3fbb9d43fadeadef32fb4b22e0714de6637 Mon Sep 17 00:00:00 2001 From: jm96441n Date: Fri, 6 Sep 2024 18:03:32 +0000 Subject: [PATCH 1/3] backport of commit 79f171bfedc5f3f2b73638e174258f5e7063f78a --- charts/consul/values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml index 117108f2fd..382afcdee0 100644 --- a/charts/consul/values.yaml +++ b/charts/consul/values.yaml @@ -2733,6 +2733,7 @@ connectInject: # By default, we exclude kube-system since usually users won't # want those pods injected and local-path-storage and openebs so that # Kind (Kubernetes In Docker) and [OpenEBS](https://openebs.io/) respectively can provision Pods used to create PVCs. + # We also exclude gmp-system and gke-managed-cim namespaces that are used by GKE for managing the cluster. # Note that this exclusion is only supported in Kubernetes v1.21.1+. # # Example: @@ -2747,7 +2748,7 @@ connectInject: matchExpressions: - key: "kubernetes.io/metadata.name" operator: "NotIn" - values: ["kube-system","local-path-storage","openebs"] + values: ["kube-system","local-path-storage","openebs", "gmp-system", "gke-managed-cim"] # List of k8s namespaces to allow Connect sidecar # injection in. If a k8s namespace is not included or is listed in `k8sDenyNamespaces`, From 2bdd21e92648310b1cdd23c246d3abf6744d2196 Mon Sep 17 00:00:00 2001 From: jm96441n Date: Tue, 17 Sep 2024 19:59:13 +0000 Subject: [PATCH 2/3] backport of commit 7d2782ec1673d57fcdb17ba123e8e18c82d14171 --- .changelog/4333.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/4333.txt diff --git a/.changelog/4333.txt b/.changelog/4333.txt new file mode 100644 index 0000000000..bf9ff0167a --- /dev/null +++ b/.changelog/4333.txt @@ -0,0 +1,3 @@ +```release-note:improvement +helm: Exclude gke namespaces from being connect-injected when the connect-inject: default: true value is set. +``` From 41736196180df29920e87491115e096c4adc5828 Mon Sep 17 00:00:00 2001 From: jm96441n Date: Wed, 18 Sep 2024 15:35:31 -0400 Subject: [PATCH 3/3] remove spaces --- charts/consul/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml index 382afcdee0..132ca9b049 100644 --- a/charts/consul/values.yaml +++ b/charts/consul/values.yaml @@ -2748,7 +2748,7 @@ connectInject: matchExpressions: - key: "kubernetes.io/metadata.name" operator: "NotIn" - values: ["kube-system","local-path-storage","openebs", "gmp-system", "gke-managed-cim"] + values: ["kube-system","local-path-storage","openebs","gmp-system","gke-managed-cim"] # List of k8s namespaces to allow Connect sidecar # injection in. If a k8s namespace is not included or is listed in `k8sDenyNamespaces`,