Backport of correct prometheus port and scheme annotations if tls is enabled into release/1.0.x #2855
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* fix grammar in changelog checker * add backport checker
Support automatic ACL bootstrapping with the Vault secrets backend With the Vault secrets backend, server-acl-init now: * Runs the Vault agent as a sidecar * Bootstraps ACLs if the Vault bootstrap token is empty or not found, and writes the bootstrap token back to Vault via the Vault agent The Kubernetes backend will write the bootstrap token to the user-provided secret if that secret is empty. The Vault behavior is the same. The Vault backend writes to a default secret name if the secretName and secretKey are not set in the helm chart values. server-acl-init reads the secret directly from k8s or Vault. * Remove -bootstrap-token-file flag from server-acl-init and remove the * Remove the volume/mount for bootstrap token --------- Co-authored-by: Chris Thain <[email protected]>
* update charts to point to 1.15.1 * updated consul libraries to the latest
…roller Add SNI skip for client node configuration
…`null` to increase service registration times (#2008) * Update values.yaml
Clients are not required for ingress/terminating gateways.
Website has linting that errors when links have the developer.hashicorp.com prefix.
…shicorp/consul-k8s into bug/gateway-controller-incomplete-acl
[COMPLIANCE] add copyright headers to files
…lete-acl Update ACLs, add namespace.write permission
* Fix default Ent image tag in acceptance tests Rather than hard-coding the Docker repository and parsing the non-Ent image tag for a version, simply replace the image name and retain other coordinates. This is consistent with our tagging scheme introduced in hashicorp/consul#13541 and will allow for using `hashicorppreview` images seamlessly regardless of whether OSS or Ent is being tested. * Add make target for loading images in kind Complement other multi-cluster make targets by supporting image loading across kind clusters.
security: Upgrade Go and x/net Upgrade to Go 1.20.7 and `x/net` 1.13.0 to resolve [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) and [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978).
increase timeout while waiting for server to be ready and fix require.Equal check
* Increase the retries and add config entry retries
…ing on OpenShift (#2184) Co-authored-by: Melisa Griffin <[email protected]>
* Adds port mapping to Gateway Class Config to avoid running container on privileged ports Co-authored-by: Nathan Coleman <[email protected]>
* Implement validation of TLS options * Use constants for annotation keys * Add changelog entry * Implement TLS options translation * Update changelog entry * Add unit test coverage for TLS option validation * Code review feedback
* JWT auth basic acceptance test * Update to run only in enterprise mode, update comment to be correct * Remove usage of `testing.t` in retry block * Fixed last `t` in retry block in tests * Update acceptance/tests/api-gateway/api_gateway_test.go Co-authored-by: Nathan Coleman <[email protected]> * Update acceptance/tests/api-gateway/api_gateway_test.go Co-authored-by: Nathan Coleman <[email protected]> * Updating filenames for gw jwt cases and adding message about why this test is skipped --------- Co-authored-by: Nathan Coleman <[email protected]>
Apply K8s node locality to services and sidecars Locality-aware routing is based on proxy locality rather than the proxied service. Ensure we propagate locality to both when registering services.
* Set privileged to false unless on OpenShift without CNI
* added fixtures * removed fixtures - intentions only gets added now if acls are enabled - payment-service-resolver is only for locality aware which isn't in scope for this PR * updated sameness tests to include peering - refactored with some helper functions for members (now TestClusters) - made names more uniform, tend more towards the cluster-01-a/cluster-02-a/etc. nomenclature * added 4 clusters to cni make target * disable proxy lifecycle
…repeatedly-composed-whale
hc-github-team-consul-core
force-pushed
the
backport/NET-2276/prometheus-annotation-fix-https/repeatedly-composed-whale
branch
from
3830503
to
fe88a56
Compare
hc-github-team-consul-core
force-pushed
the
backport/NET-2276/prometheus-annotation-fix-https/repeatedly-composed-whale
branch
from
33fda46
to
7a0bb46
Compare
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes 16 out of 17 committers have signed the CLA.
Paul Glass seems not to be a GitHub user. Have you signed the CLA already but the status is still pending? Recheck it. |
auto-merge was automatically disabled
August 31, 2023 12:16
Pull request was closed
rigalGit
deleted the
backport/NET-2276/prometheus-annotation-fix-https/repeatedly-composed-whale
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This PR is auto-generated from #2782 to be assessed for backporting due to the inclusion of the label backport/1.0.x.
The below text is copied from the body of the original PR.
Changes proposed in this PR:
Fixing #1856
How I've tested this PR:
Created a local cluster using kind and checked prometheus annotations on consul-server pod using kubectl.
kubectl get pod consul-server-0 --namespace consul -o jsonpath='{.metadata.annotations}'
How I expect reviewers to test this PR:
Checklist:
Overview of commits